omniauth-aai 0.2 → 0.3

data/Gemfile.lock

@@ -8,7 +8,7 @@ GIT
 PATH
   remote: .
   specs:
-    omniauth-aai (0.1)
+    omniauth-aai (0.2)
       omniauth-shibboleth
 
 GEM

data/README.md

@@ -40,9 +40,31 @@ Fields are provided in the Env as request.env["omniauth.auth"]["info"]["name"] a
 
 ### How to authenticate users
 
-In your application, simply direct users to '/auth/aai' to have them sign in via your organizations's AAI SP and IdP. '/auth/aai' url simply redirect users to '/auth/aai/callback', so thus you must protect '/auth/aai/callback' by SWITCHaai SP.
+In your application, simply direct users to '/auth/aai' to have them sign in via your organizations's AAI SP and IdP. '/auth/aai' url simply redirect users to '/auth/aai/callback', so thus you must protect '/auth/aai/callback' with something like devise.
 
-SWITCHaai strategy just checks the existence of Shib-Session-ID or Shib-Application-ID.
+SWITCHaai strategy only checks the existence of Shib-Session-ID or Shib-Application-ID, not anything else. See devise or the genrator for further libraries to authenticate user.
+
+### Generator
+
+    rails generate aai:install
+
+This will generate some basic authenthication objects for rails: 
+
+* config/omniauth.rb
+* app/controller/session_controller.rb
+* app/models/user.rb
+* db/migrate/create_users_adapt_and_copy_to_migration.rb
+
+You'll need to configure at least the `db/migrate/create_users_adapt_and_copy_to_migration.rb` file. Just run `rails g migration createUsersTable` copy the content of `create_users_adapt_and_copy_to_migration.rb` and delete it. 
+
+You can run it with `--presist false` if you don't want to persist the user to the local db. 
+
+If you want more than just the uid presisted, change the `user.rb` and override the `aai=` method to do so and the migration to add the columns.
+
+    def aai=(aai)
+      self.email = auth_hash[:info][:email]
+      @aai = aai
+    end
 
 ### Development Mode
 

data/lib/generators/aai/USAGE

@@ -0,0 +1,12 @@
+Description:
+    Create Config / User / Session / Migration for Omniauth Aai Authentication
+
+Example:
+    rails generate aai:install [--persist]
+
+    This will create:
+      config/omniauth.rb
+      app/controller/session_controller.rb
+      app/models/user.rb
+      db/migrate/create_users_adapt_and_copy_to_migration.rb #configure this
+

data/lib/generators/aai/install_generator.rb

@@ -0,0 +1,30 @@
+module Aai
+  class InstallGenerator < Rails::Generators::Base
+    desc "Generate Config Files / User / Session and Routes"
+
+    class_option :persist, :type => :boolean, :default => true, :desc => "Set to false if you don't want persistent User"
+
+    def self.source_root
+      @source_root ||= File.join(File.dirname(__FILE__), 'templates')
+    end
+
+    def copy_initializer_file
+      copy_file "omniauth.rb", "config/initializers/omniauth.rb"
+    end
+
+    def copy_session_controller_file
+      if true
+        copy_file "session_controller.rb", "app/controllers/session_controller.rb"
+        route("match '/auth/:provider/callback', :to => 'session#create', :as => 'auth_callback'")
+        route("match '/auth/failure', :to => 'session#failure', :as => 'auth_failure'")
+        route("match '/auth/logout',  :to => 'session#destroy', :as => 'logout'")
+      end
+    end
+
+    def copy_user_file
+      template "user.rb", "app/models/user.rb"
+      copy_file "migration.rb", "db/migrate/create_users_adapt_and_copy_to_migration.rb" if options[:persist]
+    end
+
+  end
+end

data/lib/generators/aai/templates/migration.rb

@@ -0,0 +1,10 @@
+class AaiCreateUser < ActiveRecord::Migration
+  def change
+    create_table(:users) do |t|
+      t.string :uid
+      t.timestamps
+    end
+
+    add_index :users, :uid, :unique => true
+  end
+end

data/lib/generators/aai/templates/omniauth.rb

@@ -0,0 +1,33 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  if Rails.env.development?
+    provider :developer, {
+      :uid_field => :'persistent-id',
+      :fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
+      :extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
+    } 
+  else
+    provider :aai
+  end
+end
+
+class ApplicationController < ActionController::Base
+  # Get the current user
+  def current_user() session[:current_user]; end
+  # Set the current user
+  def current_user=(user) session[:current_user] = user; end
+  # Authenticate User
+  def authenticate!
+    return if authenticated?
+    session[:return_to] = request.url
+    if Rails.env.development?
+      redirect_to "/auth/developer"
+    else
+      redirect_to "/auth/aai"
+    end
+  end
+  # User authenticated?
+  def authenticated?
+    return true if self.current_user
+    return false
+  end
+end

data/lib/generators/aai/templates/session_controller.rb

@@ -0,0 +1,41 @@
+class SessionController < ApplicationController
+
+  def create
+    auth_hash[:info][:uid] = auth_hash[:info][:email] if Rails.env.development?
+
+    if User.superclass == ActiveRecord::Base
+      self.current_user = User.find_or_create_by_uid(
+        :uid => auth_hash[:info][:uid]
+      )
+    else
+      self.current_user = User.new
+      self.current_user.uid = auth_hash[:info][:uid]
+    end
+
+    # SET HERE ADDITIONAL ATTRIBUTES TO PERSIST
+
+    self.current_user.aai = auth_hash
+
+    flash[:notice] = "Login successful"
+    redirect_to(session[:return_to] || root_path)
+  end
+
+  def failure
+    flash[:error] = "Login failed"
+    redirect_to(root_path)
+  end
+
+  def destroy
+    self.current_user = nil
+    flash[:notice] = "Logout successful"
+    redirect_to(root_path)
+  end
+
+
+  protected
+
+  def auth_hash
+    request.env['omniauth.auth']
+  end
+  
+end

data/lib/generators/aai/templates/user.rb

@@ -0,0 +1,22 @@
+class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
+  attr_accessible :uid
+
+  attr_accessor :aai
+
+  def name
+    aai[:info][:name]
+  rescue
+    nil
+  end
+
+  def email
+    auth_hash[:info][:email]
+  rescue
+    nil
+  end
+
+  #def ship_session_id
+  #  aai["extra"]["raw_info"]['Shib-Session-ID']
+  #end
+  #
+end

data/lib/omniauth-aai.rb

@@ -1,5 +1,6 @@
 require "omniauth-aai/version"
 require "omniauth"
+require "generators/aai/install_generator"
 
 module OmniAuth
   module Strategies

data/lib/omniauth-aai/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Aai
-    VERSION = "0.2"
+    VERSION = "0.3"
   end
 end

data/spec/example_rails_app/.gitignore

@@ -0,0 +1,15 @@
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile ~/.gitignore_global
+
+# Ignore bundler config
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+
+# Ignore all logfiles and tempfiles.
+/log/*.log
+/tmp

data/spec/example_rails_app/Gemfile

@@ -0,0 +1,39 @@
+source 'https://rubygems.org'
+
+gem 'rails', '3.2.6'
+
+# Bundle edge Rails instead:
+# gem 'rails', :git => 'git://github.com/rails/rails.git'
+
+gem 'sqlite3'
+
+gem 'omniauth-aai', :git => 'git://github.com/switch-ch/omniauth-aai'
+
+# Gems used only for assets and not required
+# in production environments by default.
+group :assets do
+  gem 'sass-rails',   '~> 3.2.3'
+  gem 'coffee-rails', '~> 3.2.1'
+
+  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
+  # gem 'therubyracer', :platforms => :ruby
+
+  gem 'uglifier', '>= 1.0.3'
+end
+
+gem 'jquery-rails'
+
+# To use ActiveModel has_secure_password
+# gem 'bcrypt-ruby', '~> 3.0.0'
+
+# To use Jbuilder templates for JSON
+# gem 'jbuilder'
+
+# Use unicorn as the app server
+# gem 'unicorn'
+
+# Deploy with Capistrano
+# gem 'capistrano'
+
+# To use debugger
+# gem 'debugger'

data/spec/example_rails_app/Gemfile.lock

@@ -0,0 +1,125 @@
+GIT
+  remote: git://github.com/switch-ch/omniauth-aai
+  revision: e10ff9c9ceacec8a798130d157003f20440599b6
+  specs:
+    omniauth-aai (0.1)
+      omniauth-shibboleth
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.6)
+      actionpack (= 3.2.6)
+      mail (~> 2.4.4)
+    actionpack (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+    activerecord (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+    activesupport (3.2.6)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.0)
+    coffee-rails (3.2.2)
+      coffee-script (>= 2.2.0)
+      railties (~> 3.2.0)
+    coffee-script (2.2.0)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.3.3)
+    erubis (2.7.0)
+    execjs (1.4.0)
+      multi_json (~> 1.0)
+    hashie (1.2.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.4)
+    jquery-rails (2.0.2)
+      railties (>= 3.2.0, < 5.0)
+      thor (~> 0.14)
+    json (1.7.3)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.19)
+    multi_json (1.3.6)
+    omniauth (1.1.0)
+      hashie (~> 1.2)
+      rack
+    omniauth-shibboleth (1.0.6)
+      omniauth (>= 1.0.0)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.6)
+      actionmailer (= 3.2.6)
+      actionpack (= 3.2.6)
+      activerecord (= 3.2.6)
+      activeresource (= 3.2.6)
+      activesupport (= 3.2.6)
+      bundler (~> 1.0)
+      railties (= 3.2.6)
+    railties (3.2.6)
+      actionpack (= 3.2.6)
+      activesupport (= 3.2.6)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sass (3.1.20)
+    sass-rails (3.2.5)
+      railties (~> 3.2.0)
+      sass (>= 3.1.10)
+      tilt (~> 1.3)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.6)
+    thor (0.15.4)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+    uglifier (1.2.6)
+      execjs (>= 0.3.0)
+      multi_json (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  coffee-rails (~> 3.2.1)
+  jquery-rails
+  omniauth-aai!
+  rails (= 3.2.6)
+  sass-rails (~> 3.2.3)
+  sqlite3
+  uglifier (>= 1.0.3)

data/spec/example_rails_app/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.