omniauth-aai 0.4 → 0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +108 -14
- data/README.md +55 -38
- data/lib/action_controller/has_current_user.rb +44 -0
- data/lib/generators/aai/install_generator.rb +13 -2
- data/lib/generators/aai/templates/omniauth.rb +1 -23
- data/lib/generators/aai/templates/session_controller.rb +12 -13
- data/lib/generators/aai/templates/user.rb +42 -2
- data/lib/omniauth-aai/version.rb +1 -1
- data/lib/omniauth-aai.rb +1 -1
- data/omniauth-aai-0.4.gem +0 -0
- data/omniauth-aai.gemspec +3 -0
- data/spec/example_rails_app/Gemfile +2 -25
- data/spec/example_rails_app/Rakefile +1 -1
- data/spec/example_rails_app/app/assets/stylesheets/welcome.css.scss +1 -1
- data/spec/example_rails_app/app/controllers/application_controller.rb +0 -23
- data/spec/example_rails_app/app/controllers/welcome_controller.rb +2 -3
- data/spec/example_rails_app/app/views/layouts/application.html.erb +1 -1
- data/spec/example_rails_app/app/views/welcome/index.html.erb +2 -2
- data/spec/example_rails_app/app/views/welcome/protected.html.erb +2 -2
- data/spec/example_rails_app/change_application_controller.rb +5 -0
- data/spec/example_rails_app/config/application.rb +1 -1
- data/spec/example_rails_app/config/environment.rb +1 -1
- data/spec/example_rails_app/config/environments/development.rb +1 -1
- data/spec/example_rails_app/config/environments/production.rb +1 -1
- data/spec/example_rails_app/config/environments/test.rb +1 -1
- data/spec/example_rails_app/config/initializers/secret_token.rb +1 -1
- data/spec/example_rails_app/config/initializers/session_store.rb +2 -2
- data/spec/example_rails_app/config/routes.rb +2 -6
- data/spec/example_rails_app/config.ru +1 -1
- data/spec/example_rails_app/test/functional/welcome_controller_test.rb +0 -5
- data/spec/omniauth/strategies/brute_force_spec.rb +62 -0
- metadata +46 -63
- data/.DS_Store +0 -0
- data/lib/.DS_Store +0 -0
- data/lib/generators/.DS_Store +0 -0
- data/lib/generators/aai/.DS_Store +0 -0
- data/lib/omniauth/.DS_Store +0 -0
- data/lib/omniauth/strategies/.DS_Store +0 -0
- data/spec/example_rails_app/Gemfile.lock +0 -124
- data/spec/example_rails_app/README.rdoc +0 -261
- data/spec/example_rails_app/app/controllers/session_controller.rb +0 -22
- data/spec/example_rails_app/app/models/user.rb +0 -12
- data/spec/example_rails_app/app/views/welcome/other_protected.html.erb +0 -2
- data/spec/example_rails_app/config/initializers/omniauth.rb +0 -12
- data/spec/example_rails_app/db/.DS_Store +0 -0
- data/spec/example_rails_app/db/development.sqlite3 +0 -0
- data/spec/example_rails_app/db/migrate/.DS_Store +0 -0
- data/spec/example_rails_app/log/development.log +0 -652
- data/spec/example_rails_app/tmp/cache/assets/C26/690/sprockets%2F93708cb34051f3000884905e8669d74a +0 -0
- data/spec/example_rails_app/tmp/cache/assets/C83/640/sprockets%2F3233432f81669b9bd10ef726c526d348 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/CA2/0F0/sprockets%2Fa928bf973636d2399692f97f454b5c09 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/CD0/AB0/sprockets%2F2211190fb757d05874e2b25fc37a31ad +0 -0
- data/spec/example_rails_app/tmp/cache/assets/CD8/370/sprockets%2F357970feca3ac29060c1e3861e2c0953 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/CE2/AD0/sprockets%2Fbd71546009ab5e606b3f27b4c6a79856 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D14/000/sprockets%2Fffd7643b7c429e23bdb2281097a5e096 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D32/A10/sprockets%2F13fe41fee1fe35b49d145bcc06610705 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D4E/1B0/sprockets%2Ff7cbd26ba1d28d48de824f0e94586655 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D57/A10/sprockets%2Fbb59d79df830866d39acc49495c25a8c +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D5A/EA0/sprockets%2Fd771ace226fc8215a3572e0aa35bb0d6 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D5E/170/sprockets%2F2f2229c70dcf195564d4d0fd6a12ac1a +0 -0
- data/spec/example_rails_app/tmp/cache/assets/D93/130/sprockets%2F85e96cfbd0056066c4fdeb246aa10ab6 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/DDC/400/sprockets%2Fcffd775d018f68ce5dba1ee0d951a994 +0 -0
- data/spec/example_rails_app/tmp/cache/assets/DFB/5E0/sprockets%2Fe0480a75c9ef1c7efa2fc0d776a8a4aa +0 -0
- data/spec/example_rails_app/tmp/cache/assets/E04/890/sprockets%2F2f5173deea6c795b8fdde723bb4b63af +0 -0
- data/spec/example_rails_app/tmp/cache/sass/44d095475c20f924faa7ec65cd6b8fcf1bcb8197/welcome.css.scssc +0 -0
data/Gemfile.lock
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
GIT
|
2
2
|
remote: git://github.com/switch-ch/omniauth-shibboleth.git
|
3
|
-
revision:
|
3
|
+
revision: ea3922a8ee98b7a892f26440b8e37bd3ec3fc03d
|
4
4
|
specs:
|
5
5
|
omniauth-shibboleth (1.0.6)
|
6
6
|
omniauth (>= 1.0.0)
|
@@ -8,53 +8,147 @@ GIT
|
|
8
8
|
PATH
|
9
9
|
remote: .
|
10
10
|
specs:
|
11
|
-
omniauth-aai (0.
|
11
|
+
omniauth-aai (0.5)
|
12
12
|
omniauth-shibboleth
|
13
13
|
|
14
14
|
GEM
|
15
15
|
remote: http://rubygems.org/
|
16
16
|
specs:
|
17
|
+
actionmailer (3.2.8)
|
18
|
+
actionpack (= 3.2.8)
|
19
|
+
mail (~> 2.4.4)
|
20
|
+
actionpack (3.2.8)
|
21
|
+
activemodel (= 3.2.8)
|
22
|
+
activesupport (= 3.2.8)
|
23
|
+
builder (~> 3.0.0)
|
24
|
+
erubis (~> 2.7.0)
|
25
|
+
journey (~> 1.0.4)
|
26
|
+
rack (~> 1.4.0)
|
27
|
+
rack-cache (~> 1.2)
|
28
|
+
rack-test (~> 0.6.1)
|
29
|
+
sprockets (~> 2.1.3)
|
30
|
+
activemodel (3.2.8)
|
31
|
+
activesupport (= 3.2.8)
|
32
|
+
builder (~> 3.0.0)
|
33
|
+
activerecord (3.2.8)
|
34
|
+
activemodel (= 3.2.8)
|
35
|
+
activesupport (= 3.2.8)
|
36
|
+
arel (~> 3.0.2)
|
37
|
+
tzinfo (~> 0.3.29)
|
38
|
+
activeresource (3.2.8)
|
39
|
+
activemodel (= 3.2.8)
|
40
|
+
activesupport (= 3.2.8)
|
41
|
+
activesupport (3.2.8)
|
42
|
+
i18n (~> 0.6)
|
43
|
+
multi_json (~> 1.0)
|
44
|
+
addressable (2.3.2)
|
45
|
+
arel (3.0.2)
|
46
|
+
builder (3.0.4)
|
47
|
+
capybara (1.1.3)
|
48
|
+
mime-types (>= 1.16)
|
49
|
+
nokogiri (>= 1.3.3)
|
50
|
+
rack (>= 1.0.0)
|
51
|
+
rack-test (>= 0.5.4)
|
52
|
+
selenium-webdriver (~> 2.0)
|
53
|
+
xpath (~> 0.1.4)
|
54
|
+
childprocess (0.3.6)
|
55
|
+
ffi (~> 1.0, >= 1.0.6)
|
17
56
|
diff-lcs (1.1.3)
|
18
|
-
|
19
|
-
|
57
|
+
erubis (2.7.0)
|
58
|
+
ffi (1.1.5)
|
59
|
+
guard (1.3.2)
|
20
60
|
listen (>= 0.4.2)
|
21
61
|
thor (>= 0.14.6)
|
22
|
-
guard-rspec (1.1
|
62
|
+
guard-rspec (1.2.1)
|
23
63
|
guard (>= 1.1)
|
24
64
|
hashie (1.2.0)
|
65
|
+
hike (1.2.1)
|
66
|
+
i18n (0.6.1)
|
67
|
+
journey (1.0.4)
|
68
|
+
json (1.7.5)
|
69
|
+
libwebsocket (0.1.5)
|
70
|
+
addressable
|
25
71
|
listen (0.4.7)
|
26
72
|
rb-fchange (~> 0.0.5)
|
27
73
|
rb-fsevent (~> 0.9.1)
|
28
74
|
rb-inotify (~> 0.8.8)
|
29
|
-
|
75
|
+
mail (2.4.4)
|
76
|
+
i18n (>= 0.4.0)
|
77
|
+
mime-types (~> 1.16)
|
78
|
+
treetop (~> 1.4.8)
|
79
|
+
mime-types (1.19)
|
80
|
+
multi_json (1.3.7)
|
81
|
+
nokogiri (1.5.5)
|
82
|
+
omniauth (1.1.1)
|
30
83
|
hashie (~> 1.2)
|
31
84
|
rack
|
85
|
+
polyglot (0.3.3)
|
32
86
|
rack (1.4.1)
|
87
|
+
rack-cache (1.2)
|
88
|
+
rack (>= 0.4)
|
89
|
+
rack-ssl (1.3.2)
|
90
|
+
rack
|
33
91
|
rack-test (0.6.1)
|
34
92
|
rack (>= 1.0)
|
93
|
+
rails (3.2.8)
|
94
|
+
actionmailer (= 3.2.8)
|
95
|
+
actionpack (= 3.2.8)
|
96
|
+
activerecord (= 3.2.8)
|
97
|
+
activeresource (= 3.2.8)
|
98
|
+
activesupport (= 3.2.8)
|
99
|
+
bundler (~> 1.0)
|
100
|
+
railties (= 3.2.8)
|
101
|
+
railties (3.2.8)
|
102
|
+
actionpack (= 3.2.8)
|
103
|
+
activesupport (= 3.2.8)
|
104
|
+
rack-ssl (~> 1.3.2)
|
105
|
+
rake (>= 0.8.7)
|
106
|
+
rdoc (~> 3.4)
|
107
|
+
thor (>= 0.14.6, < 2.0)
|
35
108
|
rake (0.9.2.2)
|
36
109
|
rb-fchange (0.0.5)
|
37
110
|
ffi
|
38
111
|
rb-fsevent (0.9.1)
|
39
112
|
rb-inotify (0.8.8)
|
40
113
|
ffi (>= 0.5.0)
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
rspec-
|
45
|
-
|
46
|
-
|
114
|
+
rdoc (3.12)
|
115
|
+
json (~> 1.4)
|
116
|
+
rspec (2.11.0)
|
117
|
+
rspec-core (~> 2.11.0)
|
118
|
+
rspec-expectations (~> 2.11.0)
|
119
|
+
rspec-mocks (~> 2.11.0)
|
120
|
+
rspec-core (2.11.1)
|
121
|
+
rspec-expectations (2.11.2)
|
47
122
|
diff-lcs (~> 1.1.3)
|
48
|
-
rspec-mocks (2.
|
49
|
-
|
123
|
+
rspec-mocks (2.11.2)
|
124
|
+
rubyzip (0.9.9)
|
125
|
+
selenium-webdriver (2.26.0)
|
126
|
+
childprocess (>= 0.2.5)
|
127
|
+
libwebsocket (~> 0.1.3)
|
128
|
+
multi_json (~> 1.0)
|
129
|
+
rubyzip
|
130
|
+
sprockets (2.1.3)
|
131
|
+
hike (~> 1.2)
|
132
|
+
rack (~> 1.0)
|
133
|
+
tilt (~> 1.1, != 1.3.0)
|
134
|
+
thor (0.16.0)
|
135
|
+
tilt (1.3.3)
|
136
|
+
treetop (1.4.12)
|
137
|
+
polyglot
|
138
|
+
polyglot (>= 0.3.1)
|
139
|
+
tzinfo (0.3.35)
|
140
|
+
xpath (0.1.4)
|
141
|
+
nokogiri (~> 1.3)
|
50
142
|
|
51
143
|
PLATFORMS
|
52
144
|
ruby
|
53
145
|
|
54
146
|
DEPENDENCIES
|
147
|
+
capybara
|
55
148
|
guard-rspec
|
56
149
|
omniauth-aai!
|
57
150
|
omniauth-shibboleth!
|
58
151
|
rack-test
|
152
|
+
rails
|
59
153
|
rake
|
60
154
|
rspec (~> 2.8)
|
data/README.md
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
# OmniAuth AAI strategy
|
2
2
|
|
3
|
-
OmniAuth Shibboleth AAI strategy is an OmniAuth strategy for authenticating through SWITCHaai.
|
3
|
+
OmniAuth Shibboleth AAI strategy is an OmniAuth strategy for authenticating through SWITCHaai.
|
4
4
|
|
5
5
|
- OmniAuth: https://github.com/intridea/omniauth/wiki
|
6
6
|
- Shibboleth: https://wiki.shibboleth.net/
|
7
7
|
- SWITCHaai: http://www.switch.ch/aai/index.html
|
8
8
|
|
9
|
-
Most functionallity is
|
9
|
+
Most functionallity is based on https://github.com/toyokazu/omniauth-shibboleth
|
10
10
|
|
11
11
|
## Getting Started
|
12
12
|
|
@@ -16,18 +16,36 @@ Install as a gem via Gemfile or with
|
|
16
16
|
|
17
17
|
% gem install omniauth-aai
|
18
18
|
|
19
|
-
### Setup SWITCHaai Strategy
|
20
19
|
|
21
|
-
|
20
|
+
### Generator
|
22
21
|
|
22
|
+
rails generate aai:install
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
This will generate some basic authenthication objects for rails:
|
25
|
+
|
26
|
+
* config/omniauth.rb
|
27
|
+
* app/controller/session_controller.rb
|
28
|
+
* app/models/user.rb
|
29
|
+
* db/migrate/create_users_adapt_and_copy_to_migration.rb
|
30
|
+
|
31
|
+
You'll need to configure at least the 'db/migrate/create_users_adapt_and_copy_to_migration.rb' file. Just run 'rails g migration createUsersTable' copy the content of 'create_users_adapt_and_copy_to_migration.rb' and delete it.
|
32
|
+
|
33
|
+
You can run it with '--persist false' if you don't want to persist the user to the local db.
|
34
|
+
|
35
|
+
If you want more than just the uid persisted, change the 'user.rb' and override the 'aai=' method to do so and the migration to add the columns.
|
36
|
+
|
37
|
+
```ruby
|
38
|
+
def aai=(aai)
|
39
|
+
self.email = auth_hash[:info][:email]
|
40
|
+
@aai = aai
|
27
41
|
end
|
42
|
+
```
|
28
43
|
|
29
|
-
|
44
|
+
### Additional Shibboleth attributes
|
30
45
|
|
46
|
+
By default, you will get all the standard SWITCHaai values, or you can configure it via options:
|
47
|
+
|
48
|
+
```ruby
|
31
49
|
# config/initializer/omniauth.rb
|
32
50
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
33
51
|
provider :aai,{
|
@@ -35,58 +53,57 @@ You will get by default all the standard SWITCHaai values, or you can configure
|
|
35
53
|
:fields => [:name, :email, :swiss_ep_uid],
|
36
54
|
:extra_fields => [:'Shib-Authentication-Instant']# See lib/omniauth/strategies/aai.rb for full list.
|
37
55
|
}
|
56
|
+
```
|
38
57
|
|
39
58
|
Fields are provided in the Env as request.env["omniauth.auth"]["info"]["name"] and extra_fields attributes are provided as ['extra']['raw_info']['Shib-Authentication-Instant'].
|
40
59
|
|
60
|
+
|
41
61
|
### How to authenticate users
|
42
62
|
|
43
|
-
In your application,
|
63
|
+
Setup your web server to request a valid shibboleth session for the Location/Directory /auth/aai. In your application, send users to '/auth/aai' to have them sign in via the WAYF and your organizations' IdP. After successful login the user gets redirected to '/auth/aai/callback', from where your application should take over again.
|
44
64
|
|
45
65
|
SWITCHaai strategy only checks the existence of Shib-Session-ID or Shib-Application-ID, not anything else. See devise or the genrator for further libraries to authenticate user.
|
46
66
|
|
47
|
-
### Generator
|
48
|
-
|
49
|
-
rails generate aai:install
|
50
|
-
|
51
|
-
This will generate some basic authenthication objects for rails:
|
52
|
-
|
53
|
-
* config/omniauth.rb
|
54
|
-
* app/controller/session_controller.rb
|
55
|
-
* app/models/user.rb
|
56
|
-
* db/migrate/create_users_adapt_and_copy_to_migration.rb
|
57
|
-
|
58
|
-
You'll need to configure at least the `db/migrate/create_users_adapt_and_copy_to_migration.rb` file. Just run `rails g migration createUsersTable` copy the content of `create_users_adapt_and_copy_to_migration.rb` and delete it.
|
59
|
-
|
60
|
-
You can run it with `--presist false` if you don't want to persist the user to the local db.
|
61
|
-
|
62
|
-
If you want more than just the uid presisted, change the `user.rb` and override the `aai=` method to do so and the migration to add the columns.
|
63
|
-
|
64
|
-
def aai=(aai)
|
65
|
-
self.email = auth_hash[:info][:email]
|
66
|
-
@aai = aai
|
67
|
-
end
|
68
67
|
|
69
68
|
### Development Mode
|
70
69
|
|
71
|
-
In development
|
70
|
+
In development/local mode or in cases where you don't have a SWITCHaai Service Provider (SP) installed and configured, you can use the following mock (with default SWITCHaai values):
|
72
71
|
|
72
|
+
```ruby
|
73
73
|
# config/initializer/omniauth.rb
|
74
74
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
75
|
+
if Rails.env.development?
|
76
|
+
provider :developer, {
|
77
|
+
:uid_field => :'persistent-id',
|
78
|
+
:fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
|
79
|
+
:extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
|
80
|
+
}
|
81
|
+
end
|
80
82
|
end
|
83
|
+
````
|
81
84
|
|
82
85
|
### Debug Mode
|
83
86
|
|
84
|
-
When you deploy a new application, you may want to confirm the assumed attributes are correctly provided by SWITCHaai SP. OmniAuth SWITCHaai strategy provides a confirmation option :debug. If you set :debug true, you can see the environment variables provided at the /auth/aai/callback uri.
|
87
|
+
When you deploy a new application, you may want to confirm the assumed attributes are correctly provided by SWITCHaai SP. OmniAuth SWITCHaai strategy provides a confirmation option :debug. If you set :debug to true, you can see the environment variables provided at the /auth/aai/callback uri.
|
85
88
|
|
89
|
+
```ruby
|
86
90
|
# config/initializer/omniauth.rb
|
87
91
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
88
92
|
provider :aai, { :debug => true }
|
89
93
|
end
|
94
|
+
```
|
95
|
+
|
96
|
+
### Current User
|
97
|
+
|
98
|
+
If you want to use the build in User object and the 'current_user' functionality, you can use the magic call 'has_current_user'
|
99
|
+
|
100
|
+
```ruby
|
101
|
+
class ApplicationController < ActionController::Base
|
102
|
+
protect_from_forgery
|
103
|
+
has_current_user
|
104
|
+
end
|
105
|
+
```
|
106
|
+
|
90
107
|
|
91
108
|
## License (MIT License)
|
92
109
|
|
@@ -108,4 +125,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
108
125
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
109
126
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
110
127
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
111
|
-
THE SOFTWARE.
|
128
|
+
THE SOFTWARE.
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module HasCurrentUser
|
2
|
+
def has_current_user
|
3
|
+
helper_method :current_user
|
4
|
+
include InstanceMethods
|
5
|
+
end
|
6
|
+
module InstanceMethods
|
7
|
+
@user = nil
|
8
|
+
|
9
|
+
def current_user
|
10
|
+
return nil unless @user.present? || session[:current_user].present?
|
11
|
+
@user = @user || User.unmarshal( session[:current_user] )
|
12
|
+
@user
|
13
|
+
end
|
14
|
+
|
15
|
+
# Set the current user
|
16
|
+
def current_user=(user)
|
17
|
+
@user = user
|
18
|
+
session[:current_user] = @user.marshal unless @user.nil?
|
19
|
+
end
|
20
|
+
|
21
|
+
# Authenticate User
|
22
|
+
def authenticate!
|
23
|
+
return if authenticated?
|
24
|
+
session[:return_to] = request.url
|
25
|
+
if Rails.env.development?
|
26
|
+
redirect_to "/auth/developer"
|
27
|
+
else
|
28
|
+
redirect_to "/auth/aai"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
# User authenticated?
|
33
|
+
def authenticated?
|
34
|
+
return true if self.current_user.present? && self.current_user.uid.present?
|
35
|
+
return false
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
begin
|
41
|
+
ActionController::Base.extend HasCurrentUser
|
42
|
+
rescue NameError => e
|
43
|
+
puts "ActionController undefined"
|
44
|
+
end
|
@@ -1,5 +1,10 @@
|
|
1
|
+
require 'rails/generators'
|
2
|
+
require 'rails/generators/migration'
|
3
|
+
|
1
4
|
module Aai
|
2
5
|
class InstallGenerator < Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
|
3
8
|
desc "Generate Config Files / User / Session and Routes"
|
4
9
|
|
5
10
|
class_option :persist, :type => :boolean, :default => true, :desc => "Set to false if you don't want persistent User"
|
@@ -14,7 +19,7 @@ module Aai
|
|
14
19
|
|
15
20
|
def copy_session_controller_file
|
16
21
|
if true
|
17
|
-
|
22
|
+
template "session_controller.rb", "app/controllers/session_controller.rb"
|
18
23
|
route("match '/auth/:provider/callback', :to => 'session#create', :as => 'auth_callback'")
|
19
24
|
route("match '/auth/failure', :to => 'session#failure', :as => 'auth_failure'")
|
20
25
|
route("match '/auth/logout', :to => 'session#destroy', :as => 'logout'")
|
@@ -23,8 +28,14 @@ module Aai
|
|
23
28
|
|
24
29
|
def copy_user_file
|
25
30
|
template "user.rb", "app/models/user.rb"
|
26
|
-
|
31
|
+
migration_template "migration.rb", "db/migrate/aai_create_user.rb" if options[:persist]
|
27
32
|
end
|
28
33
|
|
34
|
+
|
35
|
+
def self.next_migration_number(dirname)
|
36
|
+
orm = Rails.configuration.generators.options[:rails][:orm]
|
37
|
+
require "rails/generators/#{orm}"
|
38
|
+
"#{orm.to_s.camelize}::Generators::Base".constantize.next_migration_number(dirname)
|
39
|
+
end
|
29
40
|
end
|
30
41
|
end
|
@@ -1,33 +1,11 @@
|
|
1
1
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
2
2
|
if Rails.env.development?
|
3
3
|
provider :developer, {
|
4
|
-
:uid_field => :'persistent-id',
|
4
|
+
:uid_field => :swiss_ep_uid, #:'persistent-id', swiss_ep_uid
|
5
5
|
:fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
|
6
6
|
:extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
|
7
7
|
}
|
8
8
|
else
|
9
9
|
provider :aai
|
10
10
|
end
|
11
|
-
end
|
12
|
-
|
13
|
-
class ApplicationController < ActionController::Base
|
14
|
-
# Get the current user
|
15
|
-
def current_user() session[:current_user]; end
|
16
|
-
# Set the current user
|
17
|
-
def current_user=(user) session[:current_user] = user; end
|
18
|
-
# Authenticate User
|
19
|
-
def authenticate!
|
20
|
-
return if authenticated?
|
21
|
-
session[:return_to] = request.url
|
22
|
-
if Rails.env.development?
|
23
|
-
redirect_to "/auth/developer"
|
24
|
-
else
|
25
|
-
redirect_to "/auth/aai"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
# User authenticated?
|
29
|
-
def authenticated?
|
30
|
-
return true if self.current_user
|
31
|
-
return false
|
32
|
-
end
|
33
11
|
end
|
@@ -1,23 +1,22 @@
|
|
1
1
|
class SessionController < ApplicationController
|
2
2
|
|
3
3
|
def create
|
4
|
-
auth_hash[:info][:uid] = auth_hash[:info][:email] if Rails.env.development?
|
5
|
-
|
6
|
-
if User.superclass == ActiveRecord::Base
|
7
|
-
self.current_user = User.find_or_create_by_uid(
|
8
|
-
:uid => auth_hash[:info][:uid]
|
9
|
-
)
|
10
|
-
else
|
11
|
-
self.current_user = User.new
|
12
|
-
self.current_user.uid = auth_hash[:info][:uid]
|
13
|
-
end
|
14
|
-
|
15
|
-
# SET HERE ADDITIONAL ATTRIBUTES TO PERSIST
|
16
4
|
|
5
|
+
<% if options[:persist] %>
|
6
|
+
#Add whatever fields you want to save
|
7
|
+
self.current_user = User.find_or_create_by_uid( auth_hash[:uid] )
|
8
|
+
#Auth Hash is not persistent
|
17
9
|
self.current_user.aai = auth_hash
|
10
|
+
<% else %>
|
11
|
+
user = User.new
|
12
|
+
user.uid = auth_hash[:uid]
|
13
|
+
user.aai = auth_hash
|
14
|
+
self.current_user = user
|
15
|
+
<% end %>
|
18
16
|
|
19
17
|
flash[:notice] = "Login successful"
|
20
|
-
|
18
|
+
|
19
|
+
redirect_to(session.delete( :return_to ) || root_path)
|
21
20
|
end
|
22
21
|
|
23
22
|
def failure
|
@@ -1,7 +1,12 @@
|
|
1
1
|
class User <%= options[:persist] ? "< ActiveRecord::Base" : "" %>
|
2
|
+
<% if options[:persist] %>
|
2
3
|
attr_accessible :uid
|
3
|
-
|
4
4
|
attr_accessor :aai
|
5
|
+
PERSISTENT = true
|
6
|
+
<% else %>
|
7
|
+
attr_accessor :aai, :uid
|
8
|
+
PERSISTENT = false
|
9
|
+
<% end %>
|
5
10
|
|
6
11
|
def name
|
7
12
|
aai[:info][:name]
|
@@ -10,11 +15,46 @@ class User <%= options[:persist] ? "< ActiveRecord::Base" : "" %>
|
|
10
15
|
end
|
11
16
|
|
12
17
|
def email
|
13
|
-
|
18
|
+
aai[:info][:email]
|
14
19
|
rescue
|
15
20
|
nil
|
16
21
|
end
|
17
22
|
|
23
|
+
<% if options[:persist] %>
|
24
|
+
|
25
|
+
def marshal
|
26
|
+
self.uid
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.unmarshal(session_data)
|
30
|
+
user = User.find_by_uid(session_data)
|
31
|
+
end
|
32
|
+
|
33
|
+
def unmarshal(session_data)
|
34
|
+
self.reload
|
35
|
+
end
|
36
|
+
|
37
|
+
<% else %>
|
38
|
+
def marshal
|
39
|
+
{
|
40
|
+
id: self.uid,
|
41
|
+
aai: aai.present? ? aai[:info] : {}
|
42
|
+
}
|
43
|
+
end
|
44
|
+
|
45
|
+
def self.unmarshal(session_data)
|
46
|
+
user = User.new
|
47
|
+
user.unmarshal(session_data)
|
48
|
+
return user
|
49
|
+
end
|
50
|
+
|
51
|
+
def unmarshal(session_data)
|
52
|
+
self.uid = session_data[:id]
|
53
|
+
self.aai = session_data[:aai]
|
54
|
+
end
|
55
|
+
|
56
|
+
<% end %>
|
57
|
+
|
18
58
|
#def ship_session_id
|
19
59
|
# aai["extra"]["raw_info"]['Shib-Session-ID']
|
20
60
|
#end
|
data/lib/omniauth-aai/version.rb
CHANGED
data/lib/omniauth-aai.rb
CHANGED
Binary file
|
data/omniauth-aai.gemspec
CHANGED
@@ -8,6 +8,9 @@ Gem::Specification.new do |gem|
|
|
8
8
|
gem.add_development_dependency 'rake'
|
9
9
|
gem.add_development_dependency 'rspec', '~> 2.8'
|
10
10
|
gem.add_development_dependency 'guard-rspec'
|
11
|
+
gem.add_development_dependency 'rails'
|
12
|
+
gem.add_development_dependency 'capybara'
|
13
|
+
#gem.add_development_dependency 'sqlite3'
|
11
14
|
|
12
15
|
gem.authors = ["Claudio Beffa"]
|
13
16
|
gem.email = ["claudio@beffa.ch"]
|
@@ -1,39 +1,16 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'rails', '3.2.
|
4
|
-
|
5
|
-
# Bundle edge Rails instead:
|
6
|
-
# gem 'rails', :git => 'git://github.com/rails/rails.git'
|
7
|
-
|
3
|
+
gem 'rails', '3.2.8'
|
8
4
|
gem 'sqlite3'
|
9
5
|
|
10
|
-
gem 'omniauth-aai', :path =>
|
6
|
+
gem 'omniauth-aai', :path => "../../../omniauth-aai"
|
11
7
|
|
12
|
-
# Gems used only for assets and not required
|
13
|
-
# in production environments by default.
|
14
8
|
group :assets do
|
15
9
|
gem 'sass-rails', '~> 3.2.3'
|
16
10
|
gem 'coffee-rails', '~> 3.2.1'
|
17
|
-
|
18
|
-
# See https://github.com/sstephenson/execjs#readme for more supported runtimes
|
19
|
-
# gem 'therubyracer', :platforms => :ruby
|
20
|
-
|
21
11
|
gem 'uglifier', '>= 1.0.3'
|
22
12
|
end
|
23
13
|
|
24
14
|
gem 'jquery-rails'
|
25
15
|
|
26
|
-
# To use ActiveModel has_secure_password
|
27
|
-
# gem 'bcrypt-ruby', '~> 3.0.0'
|
28
|
-
|
29
|
-
# To use Jbuilder templates for JSON
|
30
|
-
# gem 'jbuilder'
|
31
|
-
|
32
|
-
# Use unicorn as the app server
|
33
|
-
# gem 'unicorn'
|
34
|
-
|
35
|
-
# Deploy with Capistrano
|
36
|
-
# gem 'capistrano'
|
37
16
|
|
38
|
-
# To use debugger
|
39
|
-
# gem 'debugger'
|
@@ -1,26 +1,3 @@
|
|
1
1
|
class ApplicationController < ActionController::Base
|
2
2
|
protect_from_forgery
|
3
|
-
|
4
|
-
def current_user
|
5
|
-
session[:user]
|
6
|
-
end
|
7
|
-
|
8
|
-
def current_user=(user)
|
9
|
-
session[:user] = user
|
10
|
-
end
|
11
|
-
|
12
|
-
|
13
|
-
def authenticate!
|
14
|
-
if self.current_user.blank?
|
15
|
-
session[:return_to] = request.url
|
16
|
-
if Rails.env == 'development'
|
17
|
-
redirect_to"/auth/developer"
|
18
|
-
else
|
19
|
-
redirect_to "/auth/aai"
|
20
|
-
end
|
21
|
-
else
|
22
|
-
return true
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
3
|
end
|
@@ -1,3 +1,3 @@
|
|
1
1
|
<h1>Welcome#index</h1>
|
2
|
-
|
3
|
-
<%= link_to "
|
2
|
+
<p><%= current_user.inspect %></p>
|
3
|
+
<%= link_to "protected", welcome_protected_path()%>
|
@@ -1,2 +1,2 @@
|
|
1
|
-
<h1>
|
2
|
-
<p
|
1
|
+
<h1>AAI Views</h1>
|
2
|
+
<p><%= current_user.inspect %></p>
|