omniauth-azure-activedirectory 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (77) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.rubocop.yml +8 -0
  4. data/.rubocop_todo.yml +20 -0
  5. data/.travis.yml +7 -0
  6. data/Gemfile +3 -0
  7. data/LICENSE.txt +21 -0
  8. data/README.md +98 -0
  9. data/Rakefile +22 -0
  10. data/examples/rails-todo-list-app/.gitignore +25 -0
  11. data/examples/rails-todo-list-app/Gemfile +33 -0
  12. data/examples/rails-todo-list-app/README.md +83 -0
  13. data/examples/rails-todo-list-app/Rakefile +3 -0
  14. data/examples/rails-todo-list-app/app/assets/javascripts/application.js +4 -0
  15. data/examples/rails-todo-list-app/app/assets/stylesheets/application.css +2 -0
  16. data/examples/rails-todo-list-app/app/controllers/application_controller.rb +3 -0
  17. data/examples/rails-todo-list-app/app/controllers/home_controller.rb +2 -0
  18. data/examples/rails-todo-list-app/app/controllers/profile_controller.rb +20 -0
  19. data/examples/rails-todo-list-app/app/controllers/sessions_controller.rb +28 -0
  20. data/examples/rails-todo-list-app/app/controllers/signed_in_controller.rb +25 -0
  21. data/examples/rails-todo-list-app/app/controllers/tasks_controller.rb +33 -0
  22. data/examples/rails-todo-list-app/app/models/task.rb +10 -0
  23. data/examples/rails-todo-list-app/app/models/user.rb +58 -0
  24. data/examples/rails-todo-list-app/app/views/home/index.html.haml +4 -0
  25. data/examples/rails-todo-list-app/app/views/layouts/application.html.haml +12 -0
  26. data/examples/rails-todo-list-app/app/views/layouts/signed_in.html.haml +18 -0
  27. data/examples/rails-todo-list-app/app/views/profile/index.html.haml +13 -0
  28. data/examples/rails-todo-list-app/app/views/tasks/index.html.haml +11 -0
  29. data/examples/rails-todo-list-app/bin/bundle +3 -0
  30. data/examples/rails-todo-list-app/bin/rails +4 -0
  31. data/examples/rails-todo-list-app/bin/rake +4 -0
  32. data/examples/rails-todo-list-app/bin/setup +29 -0
  33. data/examples/rails-todo-list-app/config.ru +4 -0
  34. data/examples/rails-todo-list-app/config/application.rb +29 -0
  35. data/examples/rails-todo-list-app/config/boot.rb +3 -0
  36. data/examples/rails-todo-list-app/config/database.yml +25 -0
  37. data/examples/rails-todo-list-app/config/environment.rb +13 -0
  38. data/examples/rails-todo-list-app/config/environments/development.rb +41 -0
  39. data/examples/rails-todo-list-app/config/environments/production.rb +79 -0
  40. data/examples/rails-todo-list-app/config/environments/test.rb +42 -0
  41. data/examples/rails-todo-list-app/config/initializers/assets.rb +11 -0
  42. data/examples/rails-todo-list-app/config/initializers/backtrace_silencers.rb +7 -0
  43. data/examples/rails-todo-list-app/config/initializers/cookies_serializer.rb +3 -0
  44. data/examples/rails-todo-list-app/config/initializers/filter_parameter_logging.rb +4 -0
  45. data/examples/rails-todo-list-app/config/initializers/inflections.rb +16 -0
  46. data/examples/rails-todo-list-app/config/initializers/mime_types.rb +4 -0
  47. data/examples/rails-todo-list-app/config/initializers/omniauth.rb +3 -0
  48. data/examples/rails-todo-list-app/config/initializers/session_store.rb +3 -0
  49. data/examples/rails-todo-list-app/config/initializers/wrap_parameters.rb +14 -0
  50. data/examples/rails-todo-list-app/config/routes.rb +22 -0
  51. data/examples/rails-todo-list-app/db/schema.rb +35 -0
  52. data/examples/rails-todo-list-app/public/404.html +67 -0
  53. data/examples/rails-todo-list-app/public/422.html +67 -0
  54. data/examples/rails-todo-list-app/public/500.html +66 -0
  55. data/examples/rails-todo-list-app/public/favicon.ico +0 -0
  56. data/examples/sinatra-multiple-providers-app/.env +11 -0
  57. data/examples/sinatra-multiple-providers-app/Gemfile +8 -0
  58. data/examples/sinatra-multiple-providers-app/README.md +13 -0
  59. data/examples/sinatra-multiple-providers-app/app.rb +51 -0
  60. data/examples/sinatra-multiple-providers-app/config.ru +45 -0
  61. data/lib/omniauth-azure-activedirectory.rb +23 -0
  62. data/lib/omniauth/azure_activedirectory.rb +24 -0
  63. data/lib/omniauth/azure_activedirectory/version.rb +28 -0
  64. data/lib/omniauth/strategies/azure_activedirectory.rb +329 -0
  65. data/omniauth-azure-activedirectory.gemspec +25 -0
  66. data/spec/fixtures/id_token.txt +1 -0
  67. data/spec/fixtures/id_token_bad_audience.txt +1 -0
  68. data/spec/fixtures/id_token_bad_chash.txt +1 -0
  69. data/spec/fixtures/id_token_bad_issuer.txt +1 -0
  70. data/spec/fixtures/id_token_bad_kid.txt +1 -0
  71. data/spec/fixtures/id_token_bad_nonce.txt +1 -0
  72. data/spec/fixtures/id_token_no_alg.txt +1 -0
  73. data/spec/fixtures/x5c.txt +1 -0
  74. data/spec/fixtures/x5c_different.txt +1 -0
  75. data/spec/omniauth/strategies/azure_activedirectory_spec.rb +222 -0
  76. data/spec/spec_helper.rb +44 -0
  77. metadata +217 -0
@@ -0,0 +1,33 @@
1
+ class TasksController < SignedInController
2
+
3
+ def index
4
+ @new_task = Task.new
5
+ @tasks = (current_user.tasks if current_user.respond_to? :tasks) || {}
6
+ super
7
+ end
8
+
9
+ def create
10
+ return unless params['task']['description'] # We don't store empty tasks.
11
+ task = Task.create!(description: params['task']['description'],
12
+ user_id: current_user.id,
13
+ user: current_user)
14
+ current_user.tasks.append task
15
+ task.save!
16
+ redirect_to tasks_path
17
+ end
18
+
19
+ def destroy
20
+ Task.find(params[:id]).destroy
21
+ redirect_to tasks_path
22
+ end
23
+
24
+ private
25
+
26
+ def current_user
27
+ User.find_by_id(session['user_id'])
28
+ end
29
+
30
+ def task_params
31
+ params.require(:task).permit(:description)
32
+ end
33
+ end
@@ -0,0 +1,10 @@
1
+ class Task < ActiveRecord::Base
2
+ belongs_to :user
3
+ validates :user_id, :description, presence: true
4
+
5
+ # When a task is completed, we remove it from the database.
6
+ # This cannot be undone.
7
+ def complete
8
+ Task.find(id).destroy
9
+ end
10
+ end
@@ -0,0 +1,58 @@
1
+ class User < ActiveRecord::Base
2
+ has_many :tasks
3
+ validates :provider, :uid, presence: true
4
+
5
+ AUTH_CTX = ADAL::AuthenticationContext.new(
6
+ 'login.windows.net', ENV['TENANT'])
7
+ CLIENT_CRED = ADAL::ClientCredential.new(ENV['CLIENT_ID'], ENV['CLIENT_SECRET'])
8
+ GRAPH_RESOURCE = 'https://graph.windows.net'
9
+
10
+ def self.from_omniauth(auth_hash)
11
+ user = User.where(provider: auth_hash[:provider],
12
+ uid: auth_hash[:uid]).first_or_create
13
+ user.name = auth_hash[:info]['name']
14
+ user.email = auth_hash[:info]['email']
15
+
16
+ # Note that this is the first part that is AAD specific.
17
+ if auth_hash[:credentials]['code']
18
+ user.redeem_code(
19
+ auth_hash[:credentials]['code'],
20
+ 'https://localhost:9292/auth/azureactivedirectory/callback')
21
+ end
22
+ user.save!
23
+ user
24
+ end
25
+
26
+ def graph_access_token
27
+ AUTH_CTX.acquire_token_for_user(GRAPH_RESOURCE, CLIENT_CRED, adal_user_identifier).access_token
28
+ end
29
+
30
+ def redeem_code(auth_code, reply_url)
31
+ adal_user = AUTH_CTX.acquire_token_with_authorization_code(
32
+ auth_code,
33
+ reply_url,
34
+ CLIENT_CRED,
35
+ GRAPH_RESOURCE
36
+ ).user_info
37
+ self.adal_unique_id = adal_user.unique_id
38
+ self.adal_displayable_id = adal_user.displayable_id
39
+ self.save!
40
+ end
41
+
42
+ def self.authorization_request_url
43
+ AUTH_CTX.authorization_request_url(
44
+ GRAPH_RESOURCE,
45
+ ENV['CLIENT_ID'],
46
+ 'https://localhost:9292/authorize')
47
+ end
48
+
49
+ private
50
+
51
+ def adal_user_identifier
52
+ if adal_displayable_id
53
+ ADAL::UserIdentifier.new(adal_displayable_id, :DISPLAYABLE_ID)
54
+ else
55
+ ADAL::UserIdentifier.new(adal_unique_id, :UNIQUE_ID)
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,4 @@
1
+ %p
2
+ To use this Todo List Manager, you will need to sign in with your Azure Active Directory credentials
3
+
4
+ = link_to "Sign in", sign_in_path
@@ -0,0 +1,12 @@
1
+ !!!
2
+ %html
3
+ %head
4
+ %title RailsTodoListApp
5
+ = stylesheet_link_tag "application", media: "all"
6
+ = javascript_include_tag "application"
7
+ = csrf_meta_tags
8
+ %body
9
+ %h1
10
+ Todo List
11
+ #main
12
+ = yield
@@ -0,0 +1,18 @@
1
+ !!!
2
+ %html
3
+ %head
4
+ %title RailsTodoListApp
5
+ = stylesheet_link_tag "application", media: "all"
6
+ = javascript_include_tag "application"
7
+ = csrf_meta_tags
8
+ %body
9
+ %h1
10
+ Todo List
11
+ %p
12
+ #{@current_user.name} &lt#{@current_user.email}&gt.
13
+ %br
14
+ = link_to "Todo List", tasks_path
15
+ = link_to "Profile", profile_index_path
16
+ = link_to "Sign out", session_path, method: :delete
17
+ #main
18
+ = yield
@@ -0,0 +1,13 @@
1
+ %h4 This is your personal information from the AzureAD graph
2
+ %br
3
+ = label_tag :name, "Name: #{@profile['displayName']}"
4
+ %br
5
+ = label_tag :phone, "Phone: #{@profile['mobile']}"
6
+ %br
7
+ = label_tag :position, "Position: #{@profile['jobTitle']}"
8
+ %br
9
+ = label_tag :address, "Address: #{@profile['streetAddress']}"
10
+ %br
11
+ = label_tag :postal_code, "Postal code: #{@profile['postalCode']}"
12
+ %br
13
+ = label_tag :country, "Country: #{@profile['country']}"
@@ -0,0 +1,11 @@
1
+ #task_index
2
+ %h3 Add a new task
3
+ = form_for(@new_task) do |form|
4
+ = form.text_field :description
5
+ = form.submit
6
+
7
+ %h3 Your tasks
8
+ - @tasks.each do |task|
9
+ %li.task
10
+ = button_to 'Delete', task_path(task), method: :delete, data: { confirm: 'Are you sure?' }, form: { style: 'display:inline-block;' }
11
+ = label :description, task.description
@@ -0,0 +1,3 @@
1
+ #!/usr/bin/env ruby
2
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
3
+ load Gem.bin_path('bundler', 'bundle')
@@ -0,0 +1,4 @@
1
+ #!/usr/bin/env ruby
2
+ APP_PATH = File.expand_path('../../config/application', __FILE__)
3
+ require_relative '../config/boot'
4
+ require 'rails/commands'
@@ -0,0 +1,4 @@
1
+ #!/usr/bin/env ruby
2
+ require_relative '../config/boot'
3
+ require 'rake'
4
+ Rake.application.run
@@ -0,0 +1,29 @@
1
+ #!/usr/bin/env ruby
2
+ require 'pathname'
3
+
4
+ # path to your application root.
5
+ APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
6
+
7
+ Dir.chdir APP_ROOT do
8
+ # This script is a starting point to setup your application.
9
+ # Add necessary setup steps to this file:
10
+
11
+ puts "== Installing dependencies =="
12
+ system "gem install bundler --conservative"
13
+ system "bundle check || bundle install"
14
+
15
+ # puts "\n== Copying sample files =="
16
+ # unless File.exist?("config/database.yml")
17
+ # system "cp config/database.yml.sample config/database.yml"
18
+ # end
19
+
20
+ puts "\n== Preparing database =="
21
+ system "bin/rake db:setup"
22
+
23
+ puts "\n== Removing old logs and tempfiles =="
24
+ system "rm -f log/*"
25
+ system "rm -rf tmp/cache"
26
+
27
+ puts "\n== Restarting application server =="
28
+ system "touch tmp/restart.txt"
29
+ end
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run Rails.application
@@ -0,0 +1,29 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ require 'rails/all'
4
+
5
+ # Require the gems listed in Gemfile, including any gems
6
+ # you've limited to :test, :development, or :production.
7
+ Bundler.require(*Rails.groups)
8
+
9
+ module RailsTodoListApp
10
+ class Application < Rails::Application
11
+ # Settings in config/environments/* take precedence over those specified here.
12
+ # Application configuration should go into files in config/initializers
13
+ # -- all .rb files in that directory are automatically loaded.
14
+
15
+ # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
16
+ # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
17
+ # config.time_zone = 'Central Time (US & Canada)'
18
+
19
+ # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
20
+ # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
21
+ # config.i18n.default_locale = :de
22
+
23
+ # Do not swallow errors in after_commit/after_rollback callbacks.
24
+ config.active_record.raise_in_transactional_callbacks = true
25
+
26
+ # All traffic must be HTTPS.
27
+ config.force_ssl = true
28
+ end
29
+ end
@@ -0,0 +1,3 @@
1
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
2
+
3
+ require 'bundler/setup' # Set up gems listed in the Gemfile.
@@ -0,0 +1,25 @@
1
+ # SQLite version 3.x
2
+ # gem install sqlite3
3
+ #
4
+ # Ensure the SQLite 3 gem is defined in your Gemfile
5
+ # gem 'sqlite3'
6
+ #
7
+ default: &default
8
+ adapter: sqlite3
9
+ pool: 5
10
+ timeout: 5000
11
+
12
+ development:
13
+ <<: *default
14
+ database: db/development.sqlite3
15
+
16
+ # Warning: The database defined as "test" will be erased and
17
+ # re-generated from your development database when you run "rake".
18
+ # Do not set this db to the same as development or production.
19
+ test:
20
+ <<: *default
21
+ database: db/test.sqlite3
22
+
23
+ production:
24
+ <<: *default
25
+ database: db/production.sqlite3
@@ -0,0 +1,13 @@
1
+ # You may want to specify these keys separately for production and test
2
+ # environments.
3
+ ENV['CLIENT_ID'] = 'YOUR CLIENT ID HERE'
4
+ ENV['CLIENT_SECRET'] = 'YOUR CLIENT SECRET HERE'
5
+ ENV['TENANT'] ='YOUR TENANT HERE'
6
+
7
+ # Load the Rails application.
8
+ require File.expand_path('../application', __FILE__)
9
+
10
+ ADAL::Logging.log_level = ADAL::Logger::VERBOSE
11
+
12
+ # Initialize the Rails application.
13
+ Rails.application.initialize!
@@ -0,0 +1,41 @@
1
+ Rails.application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb.
3
+
4
+ # In the development environment your application's code is reloaded on
5
+ # every request. This slows down response time but is perfect for development
6
+ # since you don't have to restart the web server when you make code changes.
7
+ config.cache_classes = false
8
+
9
+ # Do not eager load code on boot.
10
+ config.eager_load = false
11
+
12
+ # Show full error reports and disable caching.
13
+ config.consider_all_requests_local = true
14
+ config.action_controller.perform_caching = false
15
+
16
+ # Don't care if the mailer can't send.
17
+ config.action_mailer.raise_delivery_errors = false
18
+
19
+ # Print deprecation notices to the Rails logger.
20
+ config.active_support.deprecation = :log
21
+
22
+ # Raise an error on page load if there are pending migrations.
23
+ config.active_record.migration_error = :page_load
24
+
25
+ # Debug mode disables concatenation and preprocessing of assets.
26
+ # This option may cause significant delays in view rendering with a large
27
+ # number of complex assets.
28
+ config.assets.debug = true
29
+
30
+ # Asset digests allow you to set far-future HTTP expiration dates on all assets,
31
+ # yet still be able to expire them through the digest params.
32
+ config.assets.digest = true
33
+
34
+ # Adds additional error checking when serving assets at runtime.
35
+ # Checks for improperly declared sprockets dependencies.
36
+ # Raises helpful error messages.
37
+ config.assets.raise_runtime_errors = true
38
+
39
+ # Raises error for missing translations
40
+ # config.action_view.raise_on_missing_translations = true
41
+ end
@@ -0,0 +1,79 @@
1
+ Rails.application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb.
3
+
4
+ # Code is not reloaded between requests.
5
+ config.cache_classes = true
6
+
7
+ # Eager load code on boot. This eager loads most of Rails and
8
+ # your application in memory, allowing both threaded web servers
9
+ # and those relying on copy on write to perform better.
10
+ # Rake tasks automatically ignore this option for performance.
11
+ config.eager_load = true
12
+
13
+ # Full error reports are disabled and caching is turned on.
14
+ config.consider_all_requests_local = false
15
+ config.action_controller.perform_caching = true
16
+
17
+ # Enable Rack::Cache to put a simple HTTP cache in front of your application
18
+ # Add `rack-cache` to your Gemfile before enabling this.
19
+ # For large-scale production use, consider using a caching reverse proxy like
20
+ # NGINX, varnish or squid.
21
+ # config.action_dispatch.rack_cache = true
22
+
23
+ # Disable serving static files from the `/public` folder by default since
24
+ # Apache or NGINX already handles this.
25
+ config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
26
+
27
+ # Compress JavaScripts and CSS.
28
+ config.assets.js_compressor = :uglifier
29
+ # config.assets.css_compressor = :sass
30
+
31
+ # Do not fallback to assets pipeline if a precompiled asset is missed.
32
+ config.assets.compile = false
33
+
34
+ # Asset digests allow you to set far-future HTTP expiration dates on all assets,
35
+ # yet still be able to expire them through the digest params.
36
+ config.assets.digest = true
37
+
38
+ # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
39
+
40
+ # Specifies the header that your server uses for sending files.
41
+ # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
42
+ # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
43
+
44
+ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
45
+ # config.force_ssl = true
46
+
47
+ # Use the lowest log level to ensure availability of diagnostic information
48
+ # when problems arise.
49
+ config.log_level = :debug
50
+
51
+ # Prepend all log lines with the following tags.
52
+ # config.log_tags = [ :subdomain, :uuid ]
53
+
54
+ # Use a different logger for distributed setups.
55
+ # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
56
+
57
+ # Use a different cache store in production.
58
+ # config.cache_store = :mem_cache_store
59
+
60
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server.
61
+ # config.action_controller.asset_host = 'http://assets.example.com'
62
+
63
+ # Ignore bad email addresses and do not raise email delivery errors.
64
+ # Set this to true and configure the email server for immediate delivery to raise delivery errors.
65
+ # config.action_mailer.raise_delivery_errors = false
66
+
67
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
68
+ # the I18n.default_locale when a translation cannot be found).
69
+ config.i18n.fallbacks = true
70
+
71
+ # Send deprecation notices to registered listeners.
72
+ config.active_support.deprecation = :notify
73
+
74
+ # Use default logging formatter so that PID and timestamp are not suppressed.
75
+ config.log_formatter = ::Logger::Formatter.new
76
+
77
+ # Do not dump schema after migrations.
78
+ config.active_record.dump_schema_after_migration = false
79
+ end
@@ -0,0 +1,42 @@
1
+ Rails.application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb.
3
+
4
+ # The test environment is used exclusively to run your application's
5
+ # test suite. You never need to work with it otherwise. Remember that
6
+ # your test database is "scratch space" for the test suite and is wiped
7
+ # and recreated between test runs. Don't rely on the data there!
8
+ config.cache_classes = true
9
+
10
+ # Do not eager load code on boot. This avoids loading your whole application
11
+ # just for the purpose of running a single test. If you are using a tool that
12
+ # preloads Rails for running tests, you may have to set it to true.
13
+ config.eager_load = false
14
+
15
+ # Configure static file server for tests with Cache-Control for performance.
16
+ config.serve_static_files = true
17
+ config.static_cache_control = 'public, max-age=3600'
18
+
19
+ # Show full error reports and disable caching.
20
+ config.consider_all_requests_local = true
21
+ config.action_controller.perform_caching = false
22
+
23
+ # Raise exceptions instead of rendering exception templates.
24
+ config.action_dispatch.show_exceptions = false
25
+
26
+ # Disable request forgery protection in test environment.
27
+ config.action_controller.allow_forgery_protection = false
28
+
29
+ # Tell Action Mailer not to deliver emails to the real world.
30
+ # The :test delivery method accumulates sent emails in the
31
+ # ActionMailer::Base.deliveries array.
32
+ config.action_mailer.delivery_method = :test
33
+
34
+ # Randomize the order test cases are executed.
35
+ config.active_support.test_order = :random
36
+
37
+ # Print deprecation notices to the stderr.
38
+ config.active_support.deprecation = :stderr
39
+
40
+ # Raises error for missing translations
41
+ # config.action_view.raise_on_missing_translations = true
42
+ end