oa-enterprise 0.2.0.beta2 → 0.2.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +1 -1
- data/lib/omniauth/strategies/cas.rb +1 -1
- data/lib/omniauth/strategies/ldap.rb +7 -3
- data/lib/omniauth/strategies/ldap/adaptor.rb +28 -12
- metadata +6 -59
data/README.rdoc
CHANGED
|
@@ -25,7 +25,7 @@ See OmniAuth::Strategies::CAS::Configuration for more configuration options.
|
|
|
25
25
|
|
|
26
26
|
== LDAP
|
|
27
27
|
|
|
28
|
-
Use the LDAP strategy as a middleware in your
|
|
28
|
+
Use the LDAP strategy as a middleware in your application:
|
|
29
29
|
|
|
30
30
|
require 'omniauth/enterprise'
|
|
31
31
|
use OmniAuth::Strategies::LDAP,
|
|
@@ -9,7 +9,7 @@ module OmniAuth
|
|
|
9
9
|
autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
|
|
10
10
|
|
|
11
11
|
def initialize(app, options = {}, &block)
|
|
12
|
-
super(app, options
|
|
12
|
+
super(app, options[:name] || :cas, options.dup, &block)
|
|
13
13
|
@configuration = OmniAuth::Strategies::CAS::Configuration.new(options)
|
|
14
14
|
end
|
|
15
15
|
|
|
@@ -55,7 +55,11 @@ module OmniAuth
|
|
|
55
55
|
begin
|
|
56
56
|
creds = session.delete 'omniauth.ldap'
|
|
57
57
|
@ldap_user_info = {}
|
|
58
|
-
|
|
58
|
+
begin
|
|
59
|
+
(@adaptor.bind(:allow_anonymous => true) unless @adaptor.bound?)
|
|
60
|
+
rescue Exception => e
|
|
61
|
+
puts "failed to bind with the default credentials: " + e.message
|
|
62
|
+
end
|
|
59
63
|
@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
|
|
60
64
|
bind_dn = creds['username']
|
|
61
65
|
bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
|
|
@@ -65,10 +69,10 @@ module OmniAuth
|
|
|
65
69
|
|
|
66
70
|
@env['omniauth.auth'] = auth_hash
|
|
67
71
|
|
|
68
|
-
call_app!
|
|
69
72
|
rescue Exception => e
|
|
70
|
-
fail!(:invalid_credentials, e)
|
|
73
|
+
return fail!(:invalid_credentials, e)
|
|
71
74
|
end
|
|
75
|
+
call_app!
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def auth_hash
|
|
@@ -15,7 +15,7 @@ module OmniAuth
|
|
|
15
15
|
class ConnectionError < StandardError; end
|
|
16
16
|
|
|
17
17
|
VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password,
|
|
18
|
-
:try_sasl, :sasl_mechanisms, :uid, :base]
|
|
18
|
+
:try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]
|
|
19
19
|
|
|
20
20
|
MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
|
|
21
21
|
|
|
@@ -33,15 +33,17 @@ module OmniAuth
|
|
|
33
33
|
@disconnected = false
|
|
34
34
|
@bound = false
|
|
35
35
|
@configuration = configuration.dup
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
36
|
+
@configuration[:allow_anonymous] ||= false
|
|
37
|
+
@logger = @configuration.delete(:logger)
|
|
38
|
+
message = []
|
|
39
|
+
MUST_HAVE_KEYS.each do |name|
|
|
40
|
+
message << name if configuration[name].nil?
|
|
41
|
+
end
|
|
42
|
+
raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
|
|
42
43
|
VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
|
|
43
44
|
instance_variable_set("@#{name}", configuration[name])
|
|
44
45
|
end
|
|
46
|
+
|
|
45
47
|
end
|
|
46
48
|
|
|
47
49
|
def connect(options={})
|
|
@@ -81,14 +83,21 @@ module OmniAuth
|
|
|
81
83
|
|
|
82
84
|
bind_dn = (options[:bind_dn] || @bind_dn).to_s
|
|
83
85
|
try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
|
|
84
|
-
|
|
86
|
+
if options.has_key?(:allow_anonymous)
|
|
87
|
+
allow_anonymous = options[:allow_anonymous]
|
|
88
|
+
else
|
|
89
|
+
allow_anonymous = @allow_anonymous
|
|
90
|
+
end
|
|
85
91
|
# Rough bind loop:
|
|
86
92
|
# Attempt 1: SASL if available
|
|
87
93
|
# Attempt 2: SIMPLE with credentials if password block
|
|
94
|
+
# Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail and allow anonymous is set to true
|
|
88
95
|
if try_sasl and sasl_bind(bind_dn, options)
|
|
89
|
-
puts "
|
|
96
|
+
puts "bound with sasl"
|
|
90
97
|
elsif simple_bind(bind_dn, options)
|
|
91
|
-
puts "
|
|
98
|
+
puts "bound with simple"
|
|
99
|
+
elsif allow_anonymous and bind_as_anonymous(options)
|
|
100
|
+
puts "bound as anonymous"
|
|
92
101
|
else
|
|
93
102
|
message = yield if block_given?
|
|
94
103
|
message ||= ('All authentication methods for %s exhausted.') % target
|
|
@@ -242,12 +251,19 @@ module OmniAuth
|
|
|
242
251
|
args = {
|
|
243
252
|
:method => :simple,
|
|
244
253
|
:username => bind_dn,
|
|
245
|
-
:password => options[:password]||@password,
|
|
254
|
+
:password => (options[:password]||@password).to_s,
|
|
246
255
|
}
|
|
256
|
+
begin
|
|
247
257
|
execute(:bind, args)
|
|
248
258
|
true
|
|
259
|
+
rescue Exception
|
|
260
|
+
false
|
|
249
261
|
end
|
|
250
|
-
|
|
262
|
+
end
|
|
263
|
+
def bind_as_anonymous(options={})
|
|
264
|
+
execute(:bind, {:method => :anonymous})
|
|
265
|
+
true
|
|
266
|
+
end
|
|
251
267
|
def construct_uri(host, port, ssl)
|
|
252
268
|
protocol = ssl ? "ldaps" : "ldap"
|
|
253
269
|
URI.parse("#{protocol}://#{host}:#{port}").to_s
|
metadata
CHANGED
|
@@ -1,13 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oa-enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
prerelease:
|
|
5
|
-
|
|
6
|
-
- 0
|
|
7
|
-
- 2
|
|
8
|
-
- 0
|
|
9
|
-
- beta2
|
|
10
|
-
version: 0.2.0.beta2
|
|
4
|
+
prerelease: 6
|
|
5
|
+
version: 0.2.0.beta3
|
|
11
6
|
platform: ruby
|
|
12
7
|
authors:
|
|
13
8
|
- James A. Rosen
|
|
@@ -16,7 +11,7 @@ autorequire:
|
|
|
16
11
|
bindir: bin
|
|
17
12
|
cert_chain: []
|
|
18
13
|
|
|
19
|
-
date: 2011-
|
|
14
|
+
date: 2011-02-03 00:00:00 -06:00
|
|
20
15
|
default_executable:
|
|
21
16
|
dependencies:
|
|
22
17
|
- !ruby/object:Gem::Dependency
|
|
@@ -26,12 +21,7 @@ dependencies:
|
|
|
26
21
|
requirements:
|
|
27
22
|
- - "="
|
|
28
23
|
- !ruby/object:Gem::Version
|
|
29
|
-
|
|
30
|
-
- 0
|
|
31
|
-
- 2
|
|
32
|
-
- 0
|
|
33
|
-
- beta2
|
|
34
|
-
version: 0.2.0.beta2
|
|
24
|
+
version: 0.2.0.beta3
|
|
35
25
|
type: :runtime
|
|
36
26
|
prerelease: false
|
|
37
27
|
version_requirements: *id001
|
|
@@ -42,10 +32,6 @@ dependencies:
|
|
|
42
32
|
requirements:
|
|
43
33
|
- - ~>
|
|
44
34
|
- !ruby/object:Gem::Version
|
|
45
|
-
segments:
|
|
46
|
-
- 1
|
|
47
|
-
- 4
|
|
48
|
-
- 2
|
|
49
35
|
version: 1.4.2
|
|
50
36
|
type: :runtime
|
|
51
37
|
prerelease: false
|
|
@@ -57,10 +43,6 @@ dependencies:
|
|
|
57
43
|
requirements:
|
|
58
44
|
- - ~>
|
|
59
45
|
- !ruby/object:Gem::Version
|
|
60
|
-
segments:
|
|
61
|
-
- 0
|
|
62
|
-
- 1
|
|
63
|
-
- 1
|
|
64
46
|
version: 0.1.1
|
|
65
47
|
type: :runtime
|
|
66
48
|
prerelease: false
|
|
@@ -72,10 +54,6 @@ dependencies:
|
|
|
72
54
|
requirements:
|
|
73
55
|
- - ~>
|
|
74
56
|
- !ruby/object:Gem::Version
|
|
75
|
-
segments:
|
|
76
|
-
- 0
|
|
77
|
-
- 1
|
|
78
|
-
- 1
|
|
79
57
|
version: 0.1.1
|
|
80
58
|
type: :runtime
|
|
81
59
|
prerelease: false
|
|
@@ -87,11 +65,6 @@ dependencies:
|
|
|
87
65
|
requirements:
|
|
88
66
|
- - ~>
|
|
89
67
|
- !ruby/object:Gem::Version
|
|
90
|
-
segments:
|
|
91
|
-
- 0
|
|
92
|
-
- 0
|
|
93
|
-
- 3
|
|
94
|
-
- 1
|
|
95
68
|
version: 0.0.3.1
|
|
96
69
|
type: :runtime
|
|
97
70
|
prerelease: false
|
|
@@ -103,8 +76,6 @@ dependencies:
|
|
|
103
76
|
requirements:
|
|
104
77
|
- - ">="
|
|
105
78
|
- !ruby/object:Gem::Version
|
|
106
|
-
segments:
|
|
107
|
-
- 0
|
|
108
79
|
version: "0"
|
|
109
80
|
type: :development
|
|
110
81
|
prerelease: false
|
|
@@ -116,10 +87,6 @@ dependencies:
|
|
|
116
87
|
requirements:
|
|
117
88
|
- - ~>
|
|
118
89
|
- !ruby/object:Gem::Version
|
|
119
|
-
segments:
|
|
120
|
-
- 0
|
|
121
|
-
- 0
|
|
122
|
-
- 8
|
|
123
90
|
version: 0.0.8
|
|
124
91
|
type: :development
|
|
125
92
|
prerelease: false
|
|
@@ -131,10 +98,6 @@ dependencies:
|
|
|
131
98
|
requirements:
|
|
132
99
|
- - ~>
|
|
133
100
|
- !ruby/object:Gem::Version
|
|
134
|
-
segments:
|
|
135
|
-
- 1
|
|
136
|
-
- 3
|
|
137
|
-
- 0
|
|
138
101
|
version: 1.3.0
|
|
139
102
|
type: :development
|
|
140
103
|
prerelease: false
|
|
@@ -146,10 +109,6 @@ dependencies:
|
|
|
146
109
|
requirements:
|
|
147
110
|
- - ~>
|
|
148
111
|
- !ruby/object:Gem::Version
|
|
149
|
-
segments:
|
|
150
|
-
- 1
|
|
151
|
-
- 3
|
|
152
|
-
- 4
|
|
153
112
|
version: 1.3.4
|
|
154
113
|
type: :development
|
|
155
114
|
prerelease: false
|
|
@@ -161,10 +120,6 @@ dependencies:
|
|
|
161
120
|
requirements:
|
|
162
121
|
- - ~>
|
|
163
122
|
- !ruby/object:Gem::Version
|
|
164
|
-
segments:
|
|
165
|
-
- 0
|
|
166
|
-
- 5
|
|
167
|
-
- 4
|
|
168
123
|
version: 0.5.4
|
|
169
124
|
type: :development
|
|
170
125
|
prerelease: false
|
|
@@ -176,10 +131,6 @@ dependencies:
|
|
|
176
131
|
requirements:
|
|
177
132
|
- - ~>
|
|
178
133
|
- !ruby/object:Gem::Version
|
|
179
|
-
segments:
|
|
180
|
-
- 1
|
|
181
|
-
- 4
|
|
182
|
-
- 3
|
|
183
134
|
version: 1.4.3
|
|
184
135
|
type: :development
|
|
185
136
|
prerelease: false
|
|
@@ -215,7 +166,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
215
166
|
requirements:
|
|
216
167
|
- - ">="
|
|
217
168
|
- !ruby/object:Gem::Version
|
|
218
|
-
hash: -
|
|
169
|
+
hash: -3005094770643845587
|
|
219
170
|
segments:
|
|
220
171
|
- 0
|
|
221
172
|
version: "0"
|
|
@@ -224,15 +175,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
175
|
requirements:
|
|
225
176
|
- - ">"
|
|
226
177
|
- !ruby/object:Gem::Version
|
|
227
|
-
segments:
|
|
228
|
-
- 1
|
|
229
|
-
- 3
|
|
230
|
-
- 1
|
|
231
178
|
version: 1.3.1
|
|
232
179
|
requirements: []
|
|
233
180
|
|
|
234
181
|
rubyforge_project:
|
|
235
|
-
rubygems_version: 1.
|
|
182
|
+
rubygems_version: 1.5.0
|
|
236
183
|
signing_key:
|
|
237
184
|
specification_version: 3
|
|
238
185
|
summary: Enterprise strategies for OmniAuth.
|