oa-enterprise 0.2.0.beta1 → 0.2.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,4 +1,4 @@
1
- Copyright (c) 2010 James A. Rosen
1
+ Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining a copy
4
4
  of this software and associated documentation files (the "Software"), to deal
@@ -16,4 +16,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
16
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
17
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
18
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
- THE SOFTWARE.
19
+ THE SOFTWARE.
@@ -35,11 +35,19 @@ Use the LDAP strategy as a middleware in your applicaiton:
35
35
  :method => :plain,
36
36
  :base => 'dc=intridea, dc=com',
37
37
  :uid => 'sAMAccountName',
38
- :name_proc => Proc.new {|name| name.gsub(/@.*$/,''}}
38
+ :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
39
+ :bind_dn => 'default_bind_dn'
40
+ :password => 'password'
39
41
 
40
- All of the listed options are required, with the exception of :name_proc.
42
+ All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
41
43
  Allowed values of :method are: :plain, :ssl, :tls.
42
44
 
45
+ :bind_dn and :password are used to perform the initial binding if user lookup is
46
+ needed. If the user lookup returns result, the DN attribute from the result set is used
47
+ to perform the final binding. This is needed only when the LDAP server requires
48
+ DN to be used for binding and you may only want user to using email or username
49
+ in the login form.
50
+
43
51
  :uid is the LDAP attribute name for the user name in the login form. typically
44
52
  AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
45
53
  You can also use 'dn', if your user choose the put in the dn in the login form
@@ -39,39 +39,37 @@ module OmniAuth
39
39
  if env['REQUEST_METHOD'] == 'GET'
40
40
  get_credentials
41
41
  else
42
- perform
42
+ session['omniauth.ldap'] = {'username' => request['username'], 'password' => request['password']}
43
+ redirect callback_path
43
44
  end
44
45
  end
45
46
 
46
- def get_credentials
47
+ def get_credentials
47
48
  OmniAuth::Form.build(options[:title] || "LDAP Authentication") do
48
49
  text_field 'Login', 'username'
49
50
  password_field 'Password', 'password'
50
51
  end.to_response
51
52
  end
52
53
 
53
- def perform
54
+ def callback_phase
54
55
  begin
55
- bind_dn = "#{@adaptor.uid}=#{request.POST['username']}"
56
- bind_dn << ",#{@adaptor.base}" unless @adaptor.base == ''
56
+ creds = session.delete 'omniauth.ldap'
57
+ @ldap_user_info = {}
58
+ (@adaptor.bind unless @adaptor.bound?) rescue puts "failed to bind with the default credentials"
59
+ @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
60
+ bind_dn = creds['username']
61
+ bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
62
+ @adaptor.bind(:bind_dn => bind_dn, :password => creds['password'])
63
+ @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @ldap_user_info.empty?
64
+ @user_info = self.class.map_user(@@config, @ldap_user_info)
57
65
 
58
- @adaptor.bind(:bind_dn => bind_dn, :password => request.POST['password'])
59
- @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1)
60
- @user_info = self.class.map_user(@@config, @ldap_user_info)
61
-
62
- @env['omniauth.auth'] = auth_hash
63
- @env['REQUEST_METHOD'] = 'GET'
64
- @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
66
+ @env['omniauth.auth'] = auth_hash
65
67
 
66
68
  call_app!
67
69
  rescue Exception => e
68
70
  fail!(:invalid_credentials, e)
69
71
  end
70
72
  end
71
-
72
- def callback_phase
73
- fail!(:invalid_request)
74
- end
75
73
 
76
74
  def auth_hash
77
75
  OmniAuth::Utils.deep_merge(super, {
@@ -25,7 +25,7 @@ module OmniAuth
25
25
  :plain => nil
26
26
  }
27
27
 
28
- attr_accessor :bind_dn, :password
28
+ attr_accessor :bind_dn, :password
29
29
  attr_reader :connection, :uid, :base
30
30
 
31
31
  def initialize(configuration={})
@@ -46,9 +46,8 @@ module OmniAuth
46
46
 
47
47
  def connect(options={})
48
48
  host = options[:host] || @host
49
- method = options[:method] || @method || :plain
49
+ method = ensure_method(options[:method] || @method || :plain)
50
50
  port = options[:port] || @port || ensure_port(method)
51
- method = ensure_method(method)
52
51
  @disconnected = false
53
52
  @bound = false
54
53
  @bind_tried = false
@@ -179,65 +178,65 @@ module OmniAuth
179
178
  available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
180
179
  format = "%s is not one of the available connect methods: %s"
181
180
  raise ConfigurationError, format % [method.inspect, available_methods]
182
- end
183
-
184
- def sasl_bind(bind_dn, options={})
185
- sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
186
- sasl_mechanisms.each do |mechanism|
187
- begin
188
- normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
189
- sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
190
- next unless respond_to?(sasl_bind_setup, true)
191
- initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
181
+ end
182
+
183
+ def sasl_bind(bind_dn, options={})
184
+ sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
185
+ sasl_mechanisms.each do |mechanism|
186
+ begin
187
+ normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
188
+ sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
189
+ next unless respond_to?(sasl_bind_setup, true)
190
+ initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
192
191
 
193
- args = {
194
- :method => :sasl,
195
- :initial_credential => initial_credential,
196
- :mechanism => mechanism,
197
- :challenge_response => challenge_response,
198
- }
199
-
200
- info = {
201
- :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
202
- }
203
- puts info.inspect
192
+ args = {
193
+ :method => :sasl,
194
+ :initial_credential => initial_credential,
195
+ :mechanism => mechanism,
196
+ :challenge_response => challenge_response,
197
+ }
198
+
199
+ info = {
200
+ :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
201
+ }
202
+ puts info.inspect
204
203
 
205
- execute(:bind, args)
206
- return true
207
-
208
- rescue Exception => e
209
- puts e.message
210
- end
204
+ execute(:bind, args)
205
+ return true
206
+
207
+ rescue Exception => e
208
+ puts e.message
211
209
  end
210
+ end
212
211
 
213
- false
214
- end
212
+ false
213
+ end
215
214
 
216
- def sasl_bind_setup_digest_md5(bind_dn, options)
217
- initial_credential = ""
218
- challenge_response = Proc.new do |cred|
219
- pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
220
- sasl = SASL.new("DIGEST-MD5", pref)
221
- response = sasl.receive("challenge", cred)
222
- response[1]
223
- end
224
- [initial_credential, challenge_response]
215
+ def sasl_bind_setup_digest_md5(bind_dn, options)
216
+ initial_credential = ""
217
+ challenge_response = Proc.new do |cred|
218
+ pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
219
+ sasl = SASL.new("DIGEST-MD5", pref)
220
+ response = sasl.receive("challenge", cred)
221
+ response[1]
225
222
  end
223
+ [initial_credential, challenge_response]
224
+ end
226
225
 
227
- def sasl_bind_setup_gss_spnego(bind_dn, options)
228
- puts options.inspect
229
- user,psw = [bind_dn, options[:password]||@password]
230
- raise LdapError.new( "invalid binding information" ) unless (user && psw)
226
+ def sasl_bind_setup_gss_spnego(bind_dn, options)
227
+ puts options.inspect
228
+ user,psw = [bind_dn, options[:password]||@password]
229
+ raise LdapError.new( "invalid binding information" ) unless (user && psw)
231
230
 
232
- nego = proc {|challenge|
233
- t2_msg = Net::NTLM::Message.parse( challenge )
234
- user, domain = user.split('\\').reverse
235
- t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
236
- t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
237
- t3_msg.serialize
238
- }
239
- [Net::NTLM::Message::Type1.new.serialize, nego]
240
- end
231
+ nego = proc {|challenge|
232
+ t2_msg = Net::NTLM::Message.parse( challenge )
233
+ user, domain = user.split('\\').reverse
234
+ t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
235
+ t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
236
+ t3_msg.serialize
237
+ }
238
+ [Net::NTLM::Message::Type1.new.serialize, nego]
239
+ end
241
240
 
242
241
  def simple_bind(bind_dn, options={})
243
242
  args = {
@@ -249,19 +248,19 @@ module OmniAuth
249
248
  true
250
249
  end
251
250
 
252
- def construct_uri(host, port, ssl)
253
- protocol = ssl ? "ldaps" : "ldap"
254
- URI.parse("#{protocol}://#{host}:#{port}").to_s
251
+ def construct_uri(host, port, ssl)
252
+ protocol = ssl ? "ldaps" : "ldap"
253
+ URI.parse("#{protocol}://#{host}:#{port}").to_s
254
+ end
255
+
256
+ def target
257
+ return nil if @uri.nil?
258
+ if @with_start_tls
259
+ "#{@uri}(StartTLS)"
260
+ else
261
+ @uri
255
262
  end
256
-
257
- def target
258
- return nil if @uri.nil?
259
- if @with_start_tls
260
- "#{@uri}(StartTLS)"
261
- else
262
- @uri
263
- end
264
- end
263
+ end
265
264
  end
266
265
  end
267
266
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oa-enterprise
3
3
  version: !ruby/object:Gem::Version
4
- hash: -1848230051
5
4
  prerelease: true
6
5
  segments:
7
6
  - 0
8
7
  - 2
9
8
  - 0
10
- - beta1
11
- version: 0.2.0.beta1
9
+ - beta2
10
+ version: 0.2.0.beta2
12
11
  platform: ruby
13
12
  authors:
14
13
  - James A. Rosen
@@ -17,185 +16,174 @@ autorequire:
17
16
  bindir: bin
18
17
  cert_chain: []
19
18
 
20
- date: 2010-11-29 00:00:00 -06:00
19
+ date: 2011-01-14 00:00:00 -06:00
21
20
  default_executable:
22
21
  dependencies:
23
22
  - !ruby/object:Gem::Dependency
24
- version_requirements: &id001 !ruby/object:Gem::Requirement
23
+ name: oa-core
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
25
  none: false
26
26
  requirements:
27
27
  - - "="
28
28
  - !ruby/object:Gem::Version
29
- hash: -1848230051
30
29
  segments:
31
30
  - 0
32
31
  - 2
33
32
  - 0
34
- - beta1
35
- version: 0.2.0.beta1
36
- requirement: *id001
37
- name: oa-core
38
- prerelease: false
33
+ - beta2
34
+ version: 0.2.0.beta2
39
35
  type: :runtime
36
+ prerelease: false
37
+ version_requirements: *id001
40
38
  - !ruby/object:Gem::Dependency
41
- version_requirements: &id002 !ruby/object:Gem::Requirement
39
+ name: nokogiri
40
+ requirement: &id002 !ruby/object:Gem::Requirement
42
41
  none: false
43
42
  requirements:
44
43
  - - ~>
45
44
  - !ruby/object:Gem::Version
46
- hash: 3
47
45
  segments:
48
46
  - 1
49
47
  - 4
50
48
  - 2
51
49
  version: 1.4.2
52
- requirement: *id002
53
- name: nokogiri
54
- prerelease: false
55
50
  type: :runtime
51
+ prerelease: false
52
+ version_requirements: *id002
56
53
  - !ruby/object:Gem::Dependency
57
- version_requirements: &id003 !ruby/object:Gem::Requirement
54
+ name: net-ldap
55
+ requirement: &id003 !ruby/object:Gem::Requirement
58
56
  none: false
59
57
  requirements:
60
58
  - - ~>
61
59
  - !ruby/object:Gem::Version
62
- hash: 25
63
60
  segments:
64
61
  - 0
65
62
  - 1
66
63
  - 1
67
64
  version: 0.1.1
68
- requirement: *id003
69
- name: net-ldap
70
- prerelease: false
71
65
  type: :runtime
66
+ prerelease: false
67
+ version_requirements: *id003
72
68
  - !ruby/object:Gem::Dependency
73
- version_requirements: &id004 !ruby/object:Gem::Requirement
69
+ name: rubyntlm
70
+ requirement: &id004 !ruby/object:Gem::Requirement
74
71
  none: false
75
72
  requirements:
76
73
  - - ~>
77
74
  - !ruby/object:Gem::Version
78
- hash: 25
79
75
  segments:
80
76
  - 0
81
77
  - 1
82
78
  - 1
83
79
  version: 0.1.1
84
- requirement: *id004
85
- name: rubyntlm
86
- prerelease: false
87
80
  type: :runtime
81
+ prerelease: false
82
+ version_requirements: *id004
88
83
  - !ruby/object:Gem::Dependency
89
- version_requirements: &id005 !ruby/object:Gem::Requirement
84
+ name: pyu-ruby-sasl
85
+ requirement: &id005 !ruby/object:Gem::Requirement
90
86
  none: false
91
87
  requirements:
92
88
  - - ~>
93
89
  - !ruby/object:Gem::Version
94
- hash: 65
95
90
  segments:
96
91
  - 0
97
92
  - 0
98
93
  - 3
99
94
  - 1
100
95
  version: 0.0.3.1
101
- requirement: *id005
102
- name: pyu-ruby-sasl
103
- prerelease: false
104
96
  type: :runtime
97
+ prerelease: false
98
+ version_requirements: *id005
105
99
  - !ruby/object:Gem::Dependency
106
- version_requirements: &id006 !ruby/object:Gem::Requirement
100
+ name: rake
101
+ requirement: &id006 !ruby/object:Gem::Requirement
107
102
  none: false
108
103
  requirements:
109
104
  - - ">="
110
105
  - !ruby/object:Gem::Version
111
- hash: 3
112
106
  segments:
113
107
  - 0
114
108
  version: "0"
115
- requirement: *id006
116
- name: rake
117
- prerelease: false
118
109
  type: :development
110
+ prerelease: false
111
+ version_requirements: *id006
119
112
  - !ruby/object:Gem::Dependency
120
- version_requirements: &id007 !ruby/object:Gem::Requirement
113
+ name: mg
114
+ requirement: &id007 !ruby/object:Gem::Requirement
121
115
  none: false
122
116
  requirements:
123
117
  - - ~>
124
118
  - !ruby/object:Gem::Version
125
- hash: 15
126
119
  segments:
127
120
  - 0
128
121
  - 0
129
122
  - 8
130
123
  version: 0.0.8
131
- requirement: *id007
132
- name: mg
133
- prerelease: false
134
124
  type: :development
125
+ prerelease: false
126
+ version_requirements: *id007
135
127
  - !ruby/object:Gem::Dependency
136
- version_requirements: &id008 !ruby/object:Gem::Requirement
128
+ name: rspec
129
+ requirement: &id008 !ruby/object:Gem::Requirement
137
130
  none: false
138
131
  requirements:
139
132
  - - ~>
140
133
  - !ruby/object:Gem::Version
141
- hash: 27
142
134
  segments:
143
135
  - 1
144
136
  - 3
145
137
  - 0
146
138
  version: 1.3.0
147
- requirement: *id008
148
- name: rspec
149
- prerelease: false
150
139
  type: :development
140
+ prerelease: false
141
+ version_requirements: *id008
151
142
  - !ruby/object:Gem::Dependency
152
- version_requirements: &id009 !ruby/object:Gem::Requirement
143
+ name: webmock
144
+ requirement: &id009 !ruby/object:Gem::Requirement
153
145
  none: false
154
146
  requirements:
155
147
  - - ~>
156
148
  - !ruby/object:Gem::Version
157
- hash: 19
158
149
  segments:
159
150
  - 1
160
151
  - 3
161
152
  - 4
162
153
  version: 1.3.4
163
- requirement: *id009
164
- name: webmock
165
- prerelease: false
166
154
  type: :development
155
+ prerelease: false
156
+ version_requirements: *id009
167
157
  - !ruby/object:Gem::Dependency
168
- version_requirements: &id010 !ruby/object:Gem::Requirement
158
+ name: rack-test
159
+ requirement: &id010 !ruby/object:Gem::Requirement
169
160
  none: false
170
161
  requirements:
171
162
  - - ~>
172
163
  - !ruby/object:Gem::Version
173
- hash: 3
174
164
  segments:
175
165
  - 0
176
166
  - 5
177
167
  - 4
178
168
  version: 0.5.4
179
- requirement: *id010
180
- name: rack-test
181
- prerelease: false
182
169
  type: :development
170
+ prerelease: false
171
+ version_requirements: *id010
183
172
  - !ruby/object:Gem::Dependency
184
- version_requirements: &id011 !ruby/object:Gem::Requirement
173
+ name: json
174
+ requirement: &id011 !ruby/object:Gem::Requirement
185
175
  none: false
186
176
  requirements:
187
177
  - - ~>
188
178
  - !ruby/object:Gem::Version
189
- hash: 1
190
179
  segments:
191
180
  - 1
192
181
  - 4
193
182
  - 3
194
183
  version: 1.4.3
195
- requirement: *id011
196
- name: json
197
- prerelease: false
198
184
  type: :development
185
+ prerelease: false
186
+ version_requirements: *id011
199
187
  description: Enterprise strategies for OmniAuth.
200
188
  email: james.a.rosen@gmail.com
201
189
  executables: []
@@ -212,8 +200,7 @@ files:
212
200
  - lib/omniauth/strategies/ldap/adaptor.rb
213
201
  - lib/omniauth/strategies/ldap.rb
214
202
  - README.rdoc
215
- - LICENSE.rdoc
216
- - CHANGELOG.rdoc
203
+ - LICENSE
217
204
  has_rdoc: true
218
205
  homepage: http://github.com/intridea/omniauth
219
206
  licenses: []
@@ -228,7 +215,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
228
215
  requirements:
229
216
  - - ">="
230
217
  - !ruby/object:Gem::Version
231
- hash: 3
218
+ hash: -2545476122295701716
232
219
  segments:
233
220
  - 0
234
221
  version: "0"
@@ -237,7 +224,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
237
224
  requirements:
238
225
  - - ">"
239
226
  - !ruby/object:Gem::Version
240
- hash: 25
241
227
  segments:
242
228
  - 1
243
229
  - 3
File without changes