oa-enterprise 0.2.0.beta1 → 0.2.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- data/{LICENSE.rdoc → LICENSE} +2 -2
- data/README.rdoc +10 -2
- data/lib/omniauth/strategies/ldap.rb +14 -16
- data/lib/omniauth/strategies/ldap/adaptor.rb +65 -66
- metadata +51 -65
- data/CHANGELOG.rdoc +0 -0
data/{LICENSE.rdoc → LICENSE}
RENAMED
@@ -1,4 +1,4 @@
|
|
1
|
-
Copyright (c) 2010
|
1
|
+
Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
|
2
2
|
|
3
3
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
of this software and associated documentation files (the "Software"), to deal
|
@@ -16,4 +16,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
16
16
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
17
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
18
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
-
THE SOFTWARE.
|
19
|
+
THE SOFTWARE.
|
data/README.rdoc
CHANGED
@@ -35,11 +35,19 @@ Use the LDAP strategy as a middleware in your applicaiton:
|
|
35
35
|
:method => :plain,
|
36
36
|
:base => 'dc=intridea, dc=com',
|
37
37
|
:uid => 'sAMAccountName',
|
38
|
-
:name_proc => Proc.new {|name| name.gsub(/@.*$/,''}
|
38
|
+
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
|
39
|
+
:bind_dn => 'default_bind_dn'
|
40
|
+
:password => 'password'
|
39
41
|
|
40
|
-
All of the listed options are required, with the exception of :name_proc
|
42
|
+
All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
|
41
43
|
Allowed values of :method are: :plain, :ssl, :tls.
|
42
44
|
|
45
|
+
:bind_dn and :password are used to perform the initial binding if user lookup is
|
46
|
+
needed. If the user lookup returns result, the DN attribute from the result set is used
|
47
|
+
to perform the final binding. This is needed only when the LDAP server requires
|
48
|
+
DN to be used for binding and you may only want user to using email or username
|
49
|
+
in the login form.
|
50
|
+
|
43
51
|
:uid is the LDAP attribute name for the user name in the login form. typically
|
44
52
|
AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
|
45
53
|
You can also use 'dn', if your user choose the put in the dn in the login form
|
@@ -39,39 +39,37 @@ module OmniAuth
|
|
39
39
|
if env['REQUEST_METHOD'] == 'GET'
|
40
40
|
get_credentials
|
41
41
|
else
|
42
|
-
|
42
|
+
session['omniauth.ldap'] = {'username' => request['username'], 'password' => request['password']}
|
43
|
+
redirect callback_path
|
43
44
|
end
|
44
45
|
end
|
45
46
|
|
46
|
-
|
47
|
+
def get_credentials
|
47
48
|
OmniAuth::Form.build(options[:title] || "LDAP Authentication") do
|
48
49
|
text_field 'Login', 'username'
|
49
50
|
password_field 'Password', 'password'
|
50
51
|
end.to_response
|
51
52
|
end
|
52
53
|
|
53
|
-
def
|
54
|
+
def callback_phase
|
54
55
|
begin
|
55
|
-
|
56
|
-
|
56
|
+
creds = session.delete 'omniauth.ldap'
|
57
|
+
@ldap_user_info = {}
|
58
|
+
(@adaptor.bind unless @adaptor.bound?) rescue puts "failed to bind with the default credentials"
|
59
|
+
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
|
60
|
+
bind_dn = creds['username']
|
61
|
+
bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
|
62
|
+
@adaptor.bind(:bind_dn => bind_dn, :password => creds['password'])
|
63
|
+
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @ldap_user_info.empty?
|
64
|
+
@user_info = self.class.map_user(@@config, @ldap_user_info)
|
57
65
|
|
58
|
-
|
59
|
-
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1)
|
60
|
-
@user_info = self.class.map_user(@@config, @ldap_user_info)
|
61
|
-
|
62
|
-
@env['omniauth.auth'] = auth_hash
|
63
|
-
@env['REQUEST_METHOD'] = 'GET'
|
64
|
-
@env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
|
66
|
+
@env['omniauth.auth'] = auth_hash
|
65
67
|
|
66
68
|
call_app!
|
67
69
|
rescue Exception => e
|
68
70
|
fail!(:invalid_credentials, e)
|
69
71
|
end
|
70
72
|
end
|
71
|
-
|
72
|
-
def callback_phase
|
73
|
-
fail!(:invalid_request)
|
74
|
-
end
|
75
73
|
|
76
74
|
def auth_hash
|
77
75
|
OmniAuth::Utils.deep_merge(super, {
|
@@ -25,7 +25,7 @@ module OmniAuth
|
|
25
25
|
:plain => nil
|
26
26
|
}
|
27
27
|
|
28
|
-
|
28
|
+
attr_accessor :bind_dn, :password
|
29
29
|
attr_reader :connection, :uid, :base
|
30
30
|
|
31
31
|
def initialize(configuration={})
|
@@ -46,9 +46,8 @@ module OmniAuth
|
|
46
46
|
|
47
47
|
def connect(options={})
|
48
48
|
host = options[:host] || @host
|
49
|
-
method = options[:method] || @method || :plain
|
49
|
+
method = ensure_method(options[:method] || @method || :plain)
|
50
50
|
port = options[:port] || @port || ensure_port(method)
|
51
|
-
method = ensure_method(method)
|
52
51
|
@disconnected = false
|
53
52
|
@bound = false
|
54
53
|
@bind_tried = false
|
@@ -179,65 +178,65 @@ module OmniAuth
|
|
179
178
|
available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
|
180
179
|
format = "%s is not one of the available connect methods: %s"
|
181
180
|
raise ConfigurationError, format % [method.inspect, available_methods]
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
181
|
+
end
|
182
|
+
|
183
|
+
def sasl_bind(bind_dn, options={})
|
184
|
+
sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
|
185
|
+
sasl_mechanisms.each do |mechanism|
|
186
|
+
begin
|
187
|
+
normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
|
188
|
+
sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
|
189
|
+
next unless respond_to?(sasl_bind_setup, true)
|
190
|
+
initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
|
192
191
|
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
192
|
+
args = {
|
193
|
+
:method => :sasl,
|
194
|
+
:initial_credential => initial_credential,
|
195
|
+
:mechanism => mechanism,
|
196
|
+
:challenge_response => challenge_response,
|
197
|
+
}
|
198
|
+
|
199
|
+
info = {
|
200
|
+
:name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
|
201
|
+
}
|
202
|
+
puts info.inspect
|
204
203
|
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
end
|
204
|
+
execute(:bind, args)
|
205
|
+
return true
|
206
|
+
|
207
|
+
rescue Exception => e
|
208
|
+
puts e.message
|
211
209
|
end
|
210
|
+
end
|
212
211
|
|
213
|
-
|
214
|
-
|
212
|
+
false
|
213
|
+
end
|
215
214
|
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
end
|
224
|
-
[initial_credential, challenge_response]
|
215
|
+
def sasl_bind_setup_digest_md5(bind_dn, options)
|
216
|
+
initial_credential = ""
|
217
|
+
challenge_response = Proc.new do |cred|
|
218
|
+
pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
|
219
|
+
sasl = SASL.new("DIGEST-MD5", pref)
|
220
|
+
response = sasl.receive("challenge", cred)
|
221
|
+
response[1]
|
225
222
|
end
|
223
|
+
[initial_credential, challenge_response]
|
224
|
+
end
|
226
225
|
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
226
|
+
def sasl_bind_setup_gss_spnego(bind_dn, options)
|
227
|
+
puts options.inspect
|
228
|
+
user,psw = [bind_dn, options[:password]||@password]
|
229
|
+
raise LdapError.new( "invalid binding information" ) unless (user && psw)
|
231
230
|
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
231
|
+
nego = proc {|challenge|
|
232
|
+
t2_msg = Net::NTLM::Message.parse( challenge )
|
233
|
+
user, domain = user.split('\\').reverse
|
234
|
+
t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
|
235
|
+
t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
|
236
|
+
t3_msg.serialize
|
237
|
+
}
|
238
|
+
[Net::NTLM::Message::Type1.new.serialize, nego]
|
239
|
+
end
|
241
240
|
|
242
241
|
def simple_bind(bind_dn, options={})
|
243
242
|
args = {
|
@@ -249,19 +248,19 @@ module OmniAuth
|
|
249
248
|
true
|
250
249
|
end
|
251
250
|
|
252
|
-
|
253
|
-
|
254
|
-
|
251
|
+
def construct_uri(host, port, ssl)
|
252
|
+
protocol = ssl ? "ldaps" : "ldap"
|
253
|
+
URI.parse("#{protocol}://#{host}:#{port}").to_s
|
254
|
+
end
|
255
|
+
|
256
|
+
def target
|
257
|
+
return nil if @uri.nil?
|
258
|
+
if @with_start_tls
|
259
|
+
"#{@uri}(StartTLS)"
|
260
|
+
else
|
261
|
+
@uri
|
255
262
|
end
|
256
|
-
|
257
|
-
def target
|
258
|
-
return nil if @uri.nil?
|
259
|
-
if @with_start_tls
|
260
|
-
"#{@uri}(StartTLS)"
|
261
|
-
else
|
262
|
-
@uri
|
263
|
-
end
|
264
|
-
end
|
263
|
+
end
|
265
264
|
end
|
266
265
|
end
|
267
266
|
end
|
metadata
CHANGED
@@ -1,14 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oa-enterprise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash: -1848230051
|
5
4
|
prerelease: true
|
6
5
|
segments:
|
7
6
|
- 0
|
8
7
|
- 2
|
9
8
|
- 0
|
10
|
-
-
|
11
|
-
version: 0.2.0.
|
9
|
+
- beta2
|
10
|
+
version: 0.2.0.beta2
|
12
11
|
platform: ruby
|
13
12
|
authors:
|
14
13
|
- James A. Rosen
|
@@ -17,185 +16,174 @@ autorequire:
|
|
17
16
|
bindir: bin
|
18
17
|
cert_chain: []
|
19
18
|
|
20
|
-
date:
|
19
|
+
date: 2011-01-14 00:00:00 -06:00
|
21
20
|
default_executable:
|
22
21
|
dependencies:
|
23
22
|
- !ruby/object:Gem::Dependency
|
24
|
-
|
23
|
+
name: oa-core
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
25
|
none: false
|
26
26
|
requirements:
|
27
27
|
- - "="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
hash: -1848230051
|
30
29
|
segments:
|
31
30
|
- 0
|
32
31
|
- 2
|
33
32
|
- 0
|
34
|
-
-
|
35
|
-
version: 0.2.0.
|
36
|
-
requirement: *id001
|
37
|
-
name: oa-core
|
38
|
-
prerelease: false
|
33
|
+
- beta2
|
34
|
+
version: 0.2.0.beta2
|
39
35
|
type: :runtime
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: *id001
|
40
38
|
- !ruby/object:Gem::Dependency
|
41
|
-
|
39
|
+
name: nokogiri
|
40
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
42
41
|
none: false
|
43
42
|
requirements:
|
44
43
|
- - ~>
|
45
44
|
- !ruby/object:Gem::Version
|
46
|
-
hash: 3
|
47
45
|
segments:
|
48
46
|
- 1
|
49
47
|
- 4
|
50
48
|
- 2
|
51
49
|
version: 1.4.2
|
52
|
-
requirement: *id002
|
53
|
-
name: nokogiri
|
54
|
-
prerelease: false
|
55
50
|
type: :runtime
|
51
|
+
prerelease: false
|
52
|
+
version_requirements: *id002
|
56
53
|
- !ruby/object:Gem::Dependency
|
57
|
-
|
54
|
+
name: net-ldap
|
55
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
58
56
|
none: false
|
59
57
|
requirements:
|
60
58
|
- - ~>
|
61
59
|
- !ruby/object:Gem::Version
|
62
|
-
hash: 25
|
63
60
|
segments:
|
64
61
|
- 0
|
65
62
|
- 1
|
66
63
|
- 1
|
67
64
|
version: 0.1.1
|
68
|
-
requirement: *id003
|
69
|
-
name: net-ldap
|
70
|
-
prerelease: false
|
71
65
|
type: :runtime
|
66
|
+
prerelease: false
|
67
|
+
version_requirements: *id003
|
72
68
|
- !ruby/object:Gem::Dependency
|
73
|
-
|
69
|
+
name: rubyntlm
|
70
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
74
71
|
none: false
|
75
72
|
requirements:
|
76
73
|
- - ~>
|
77
74
|
- !ruby/object:Gem::Version
|
78
|
-
hash: 25
|
79
75
|
segments:
|
80
76
|
- 0
|
81
77
|
- 1
|
82
78
|
- 1
|
83
79
|
version: 0.1.1
|
84
|
-
requirement: *id004
|
85
|
-
name: rubyntlm
|
86
|
-
prerelease: false
|
87
80
|
type: :runtime
|
81
|
+
prerelease: false
|
82
|
+
version_requirements: *id004
|
88
83
|
- !ruby/object:Gem::Dependency
|
89
|
-
|
84
|
+
name: pyu-ruby-sasl
|
85
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
90
86
|
none: false
|
91
87
|
requirements:
|
92
88
|
- - ~>
|
93
89
|
- !ruby/object:Gem::Version
|
94
|
-
hash: 65
|
95
90
|
segments:
|
96
91
|
- 0
|
97
92
|
- 0
|
98
93
|
- 3
|
99
94
|
- 1
|
100
95
|
version: 0.0.3.1
|
101
|
-
requirement: *id005
|
102
|
-
name: pyu-ruby-sasl
|
103
|
-
prerelease: false
|
104
96
|
type: :runtime
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: *id005
|
105
99
|
- !ruby/object:Gem::Dependency
|
106
|
-
|
100
|
+
name: rake
|
101
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
107
102
|
none: false
|
108
103
|
requirements:
|
109
104
|
- - ">="
|
110
105
|
- !ruby/object:Gem::Version
|
111
|
-
hash: 3
|
112
106
|
segments:
|
113
107
|
- 0
|
114
108
|
version: "0"
|
115
|
-
requirement: *id006
|
116
|
-
name: rake
|
117
|
-
prerelease: false
|
118
109
|
type: :development
|
110
|
+
prerelease: false
|
111
|
+
version_requirements: *id006
|
119
112
|
- !ruby/object:Gem::Dependency
|
120
|
-
|
113
|
+
name: mg
|
114
|
+
requirement: &id007 !ruby/object:Gem::Requirement
|
121
115
|
none: false
|
122
116
|
requirements:
|
123
117
|
- - ~>
|
124
118
|
- !ruby/object:Gem::Version
|
125
|
-
hash: 15
|
126
119
|
segments:
|
127
120
|
- 0
|
128
121
|
- 0
|
129
122
|
- 8
|
130
123
|
version: 0.0.8
|
131
|
-
requirement: *id007
|
132
|
-
name: mg
|
133
|
-
prerelease: false
|
134
124
|
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: *id007
|
135
127
|
- !ruby/object:Gem::Dependency
|
136
|
-
|
128
|
+
name: rspec
|
129
|
+
requirement: &id008 !ruby/object:Gem::Requirement
|
137
130
|
none: false
|
138
131
|
requirements:
|
139
132
|
- - ~>
|
140
133
|
- !ruby/object:Gem::Version
|
141
|
-
hash: 27
|
142
134
|
segments:
|
143
135
|
- 1
|
144
136
|
- 3
|
145
137
|
- 0
|
146
138
|
version: 1.3.0
|
147
|
-
requirement: *id008
|
148
|
-
name: rspec
|
149
|
-
prerelease: false
|
150
139
|
type: :development
|
140
|
+
prerelease: false
|
141
|
+
version_requirements: *id008
|
151
142
|
- !ruby/object:Gem::Dependency
|
152
|
-
|
143
|
+
name: webmock
|
144
|
+
requirement: &id009 !ruby/object:Gem::Requirement
|
153
145
|
none: false
|
154
146
|
requirements:
|
155
147
|
- - ~>
|
156
148
|
- !ruby/object:Gem::Version
|
157
|
-
hash: 19
|
158
149
|
segments:
|
159
150
|
- 1
|
160
151
|
- 3
|
161
152
|
- 4
|
162
153
|
version: 1.3.4
|
163
|
-
requirement: *id009
|
164
|
-
name: webmock
|
165
|
-
prerelease: false
|
166
154
|
type: :development
|
155
|
+
prerelease: false
|
156
|
+
version_requirements: *id009
|
167
157
|
- !ruby/object:Gem::Dependency
|
168
|
-
|
158
|
+
name: rack-test
|
159
|
+
requirement: &id010 !ruby/object:Gem::Requirement
|
169
160
|
none: false
|
170
161
|
requirements:
|
171
162
|
- - ~>
|
172
163
|
- !ruby/object:Gem::Version
|
173
|
-
hash: 3
|
174
164
|
segments:
|
175
165
|
- 0
|
176
166
|
- 5
|
177
167
|
- 4
|
178
168
|
version: 0.5.4
|
179
|
-
requirement: *id010
|
180
|
-
name: rack-test
|
181
|
-
prerelease: false
|
182
169
|
type: :development
|
170
|
+
prerelease: false
|
171
|
+
version_requirements: *id010
|
183
172
|
- !ruby/object:Gem::Dependency
|
184
|
-
|
173
|
+
name: json
|
174
|
+
requirement: &id011 !ruby/object:Gem::Requirement
|
185
175
|
none: false
|
186
176
|
requirements:
|
187
177
|
- - ~>
|
188
178
|
- !ruby/object:Gem::Version
|
189
|
-
hash: 1
|
190
179
|
segments:
|
191
180
|
- 1
|
192
181
|
- 4
|
193
182
|
- 3
|
194
183
|
version: 1.4.3
|
195
|
-
requirement: *id011
|
196
|
-
name: json
|
197
|
-
prerelease: false
|
198
184
|
type: :development
|
185
|
+
prerelease: false
|
186
|
+
version_requirements: *id011
|
199
187
|
description: Enterprise strategies for OmniAuth.
|
200
188
|
email: james.a.rosen@gmail.com
|
201
189
|
executables: []
|
@@ -212,8 +200,7 @@ files:
|
|
212
200
|
- lib/omniauth/strategies/ldap/adaptor.rb
|
213
201
|
- lib/omniauth/strategies/ldap.rb
|
214
202
|
- README.rdoc
|
215
|
-
- LICENSE
|
216
|
-
- CHANGELOG.rdoc
|
203
|
+
- LICENSE
|
217
204
|
has_rdoc: true
|
218
205
|
homepage: http://github.com/intridea/omniauth
|
219
206
|
licenses: []
|
@@ -228,7 +215,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
228
215
|
requirements:
|
229
216
|
- - ">="
|
230
217
|
- !ruby/object:Gem::Version
|
231
|
-
hash:
|
218
|
+
hash: -2545476122295701716
|
232
219
|
segments:
|
233
220
|
- 0
|
234
221
|
version: "0"
|
@@ -237,7 +224,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
237
224
|
requirements:
|
238
225
|
- - ">"
|
239
226
|
- !ruby/object:Gem::Version
|
240
|
-
hash: 25
|
241
227
|
segments:
|
242
228
|
- 1
|
243
229
|
- 3
|
data/CHANGELOG.rdoc
DELETED
File without changes
|