RubyGems - omniauth-azure-activedirectory - Versions diffs - 1.0.0 - Mend

omniauth-azure-activedirectory 1.0.0

Files changed (77) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3bf9c2318f06c5ca2724b68b565c5e4b2857284f
+  data.tar.gz: a8307ba3e6ea99ad223e941753f9d2520659989b
+SHA512:
+  metadata.gz: 615968e81a0cf472d85ca48bce50e2956698b2e64da84e8f4c4c020348c0ad7c8c69650e8902e6c810da78b5dfcc390fe4b613e916cb66982dae36ae66fb0305
+  data.tar.gz: 0acbfa64ee9616433f446755934673799abcee69144498cb27ec4945af7612803e3241f55304c02f85276086598ff1bd336cb223601037238ceb4c2a15ac6b63

data/.gitignore ADDED

@@ -0,0 +1,9 @@
+*.gem
+*.log
+.bundle
+coverage
+.powenv
+.rspec
+Gemfile.lock
+pkg/*
+tmp

data/.rubocop.yml ADDED

@@ -0,0 +1,8 @@
+inherit_from: .rubocop_todo.yml
+AllCops:
+  Exclude:
+    - 'spec/fixtures/**/*'
+Style/Encoding:
+  Enabled: false

data/.rubocop_todo.yml ADDED

@@ -0,0 +1,20 @@
+# This configuration was generated by `rubocop --auto-gen-config`
+# on 2015-08-06 14:09:24 -0700 using RuboCop version 0.32.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+# Offense count: 2
+Metrics/AbcSize:
+  Max: 19
+# Offense count: 1
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 118
+# Offense count: 1
+# Configuration parameters: Exclude.
+Style/FileName:
+  Enabled: false

data/.travis.yml ADDED

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.1
+  - 2.2
+script: bundle exec rake spec

data/Gemfile ADDED

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt ADDED

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2015 Micorosft Corporation
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,98 @@
+# OmniAuth Azure Active Directory
+OmniAuth strategy to authenticate to Azure Active Directory via OpenId Connect.
+Before starting, set up a tenant and register a Web Application at [https://manage.windowsazure.com](https://manage.windowsazure.com). Note your client id and tenant for later.
+# Installation
+Add to your Gemfile:
+```ruby
+gem 'omniauth-azure-activedirectory'
+```
+# Usage
+If you are already using OmniAuth, adding AzureAD is as simple as adding a new provider to your `OmniAuth::Builder`. The provider requires your AzureAD client id and your AzureAD tenant.
+For example, in Rails you would add this in `config/initializers/omniauth.rb`:
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
+  # other providers here
+end
+```
+If you are using Sinatra or something else that requires you to configure Rack yourself, you should add this to your `config.ru`:
+```ruby
+use OmniAuth::Builder do
+  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
+end
+```
+When you want to authenticate the user, simply redirect them to `/auth/azureactivedirectory`. From there, OmniAuth will takeover. Once the user authenticates (or fails to authenticate), they will be redirected to `/auth/azureactivedirectory/callback` or `/auth/azureactivedirectory/failure`. The authentication result is available in `request.env['omniauth.auth']`.
+If you are supporting multiple OmniAuth providers, you will likely have something like this in your code:
+```ruby
+%w(get post).each do |method|
+  send(method, '/auth/:provider/callback') do
+    auth = request.env['omniauth.auth']
+    # Do what you see fit with your newly authenticated user.
+  end
+end
+```
+# Auth Hash
+OmniAuth AzureAD tries to be consistent with the auth hash schema recommended by OmniAuth. [https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema).
+Here's an example of an authentication hash available in the callback. You can access this hash as `request.env['omniauth.auth']`.
+```
+  :provider => "azureactivedirectory",
+  :uid => "123456abcdef",
+  :info => {
+    :name => "John Smith",
+    :email => "jsmith@contoso.net",
+    :first_name => "John",
+    :last_name => "Smith"
+  },
+  :credentials => {
+    :code => "ffdsjap9fdjw893-rt2wj8r9r32jnkdsflaofdsa9"
+  },
+  :extra => {
+    :session_state => '532fgdsgtfera32',
+    :raw_info => {
+      :id_token => "fjeri9wqrfe98r23.fdsaf121435rt.f42qfdsaf",
+      :id_token_claims => {
+        "aud" => "fdsafdsa-fdsafd-fdsa-sfdasfds",
+        "iss" => "https://sts.windows.net/fdsafdsa-fdsafdsa/",
+        "iat" => 53315113,
+        "nbf" => 53143215,
+        "exp" => 53425123,
+        "ver" => "1.0",
+        "tid" => "5ffdsa2f-dsafds-sda-sds",
+        "oid" => "fdsafdsaafdsa",
+        "upn" => "jsmith@contoso.com",
+        "sub" => "123456abcdef",
+        "nonce" => "fdsaf342rfdsafdsafsads"
+      },
+      :id_token_header => {
+        "typ" => "JWT",
+        "alg" => "RS256",
+        "x5t" => "fdsafdsafdsafdsa4t4er32",
+        "kid" => "tjiofpjd8ap9fgdsa44"
+      }
+    }
+  }
+```
+# License
+Copyright (c) Microsoft Corporation. Licensed under the MIT License.

data/Rakefile ADDED

@@ -0,0 +1,22 @@
+#!/usr/bin/env rake
+require 'rake'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+# This can be run with `bundle exec rake spec`.
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = `git ls-files`.split("\n").select { |f| f.end_with? 'spec.rb' }
+  t.rspec_opts = '--format documentation'
+end
+# This can be run with `bundle exec rake rubocop`.
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.patterns = `git ls-files`.split("\n").select do |f|
+    f.end_with?('.rb') && !f.start_with?('examples')
+  end
+  t.fail_on_error = false
+end
+task default: :spec

data/examples/rails-todo-list-app/.gitignore ADDED

@@ -0,0 +1,25 @@
+*.rbc
+capybara-*.html
+rspec
+/log
+/tmp
+/public/system
+/coverage/
+/spec/tmp
+**.orig
+rerun.txt
+pickle-email-*.html
+config/secrets.yml
+config/initializers/secret_token.rb
+/vendor/bundle
+.rvmrc
+/vendor/assets/bower_components
+*.bowerrc
+bower.json
+.powenv
+/.bundle
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/log/*
+!/log/.keep
+/tmp

data/examples/rails-todo-list-app/Gemfile ADDED

@@ -0,0 +1,33 @@
+source 'https://rubygems.org'
+gem 'rails', '4.2.1'
+# Stores the todo list.
+gem 'sqlite3'
+# Templating library for views.
+gem 'haml'
+# The actual web server.
+gem 'thin'
+# Rack middleware authentication framework.
+gem 'omniauth'
+# AzureAD specific strategy for OmniAuth.
+gem 'omniauth-azure-activedirectory'
+# Loads configurations from .env into ENV hash.
+gem 'dotenv'
+# Acquires access tokens for resources.
+gem 'adal'
+# For the front end.
+gem 'sass-rails', '~> 5.0'
+gem 'uglifier', '>= 1.3.0'
+gem 'coffee-rails', '~> 4.1.0'
+gem 'jquery-rails'
+gem 'jbuilder', '~> 2.0'
+gem 'sdoc', '~> 0.4.0', group: :doc
+gem 'turbolinks'

data/examples/rails-todo-list-app/README.md ADDED

@@ -0,0 +1,83 @@
+Rails, OmniAuth and Graph API
+=============================
+This is a sample MVC web application that demonstrates user authentication with OmniAuth for Azure Active Directory and RESTful calls to the AzureAD Graph API with ADAL Ruby.
+## How to run this sample
+To run this sample you will need
+- [Ruby](https://www.ruby-lang.org/en/documentation/installation/)
+- [Bundler](http://bundler.io)
+- An internet connection
+- An Azure subscription (a free trial is sufficient)
+### Step 1 - Install ADAL from source
+Note: This can and should be removed once ADAL is available on RubyGems. After that point ADAL will be installed along with the other dependencies in step 3.
+```
+git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby
+cd azure-activedirectory-library-for-ruby
+gem build adal.gemspec
+gem install adal
+```
+### Step 2 - Install OmniAuth AzureAD from source
+Note: This can and should be removed once ADAL is available on RubyGems. After that point ADAL will be installed along with the other dependencies in step 3.
+```
+git clone git@github.com:AzureAD/omniauth-azure-activedirectory-priv
+cd omniauth-azure-activedirectory-priv
+gem build omniauth-azure-activedirectory.gemspec
+gem install omniauth-azure-activedirectory
+```
+### Step 3 - Install the sample dependencies
+```
+cd examples/rails-todo-list-app
+bundle
+```
+### Step 4 - Set up the database
+```
+rake db:schema:load
+```
+Note: Depending on your host environment, you may need to install a Javascript runtime. We suggest Node.js. Installation will differ by platform.
+### Step 5 - Configure the app
+Open `config/environment.rb` and replace the `CLIENT_ID`, `CLIENT_SECRET` and `TENANT` with your values.
+### Step 6 - Set up SSL
+This step is optional to get the sample running and varies across platform and choice of webserver. Here we will present one set of instructions to accomplish this, but there are many others.
+Generate a self-signed certificate.
+```
+openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
+```
+Get your machine/browser to trust the certificate. This varies wildly by platform.
+On OSX with Safari or Chrome, double click on `server.crt` in Finder to add it to the keychain and then select 'Trust Always'. In Firefox go to Preferences > Advanced > View Certificates > Import and add `server.crt`.
+### Step 7 - Start up Rails
+This sample uses the Thin webserver to host the app on port 9292.
+If you generated a certificate in Step 6
+```
+bundle exec thin start --port 9292 --ssl --ssl-key-file server.key --ssl-cert-file server.crt
+```
+If you want to skip SSL verification (shame!)
+```
+bundle exec thing start --port 9292 --ssl --ssl-disable-verify
+```
+You may now proceed to https://localhost:9292 to view the application. You may get a warning about the self-signed certificate. This is nothing to worry about, as in production you will not be using self-signed certs.

data/examples/rails-todo-list-app/Rakefile ADDED

@@ -0,0 +1,3 @@
+require File.expand_path('../config/application', __FILE__)
+Rails.application.load_tasks

data/examples/rails-todo-list-app/app/assets/javascripts/application.js ADDED

@@ -0,0 +1,4 @@
+//= require jquery
+//= require jquery_ujs
+//= require turbolinks
+//= require_tree .

data/examples/rails-todo-list-app/app/assets/stylesheets/application.css ADDED

	@@ -0,0 +1,2 @@
1	+ //= require_tree .
2	+ //= require_self

data/examples/rails-todo-list-app/app/controllers/application_controller.rb ADDED

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+ protect_from_forgery with: :exception
+end

data/examples/rails-todo-list-app/app/controllers/home_controller.rb ADDED

	@@ -0,0 +1,2 @@
1	+ class HomeController < ApplicationController
2	+ end

data/examples/rails-todo-list-app/app/controllers/profile_controller.rb ADDED

@@ -0,0 +1,20 @@
+class ProfileController < SignedInController
+  # If we have the user's ADAL credentials, then we can get an access token.
+  # Otherwise we need to do the auth code flow dance.
+  def index
+    @profile = user_data_hash(current_user.graph_access_token)
+    super
+  rescue ADAL::TokenRequest::UserCredentialError
+    redirect_to User.authorization_request_url.to_s
+  end
+  # @return Hash
+  def user_data_hash(access_token)
+    headers = { 'authorization' => access_token }
+    me_endpt = URI('https://graph.windows.net/me?api-version=1.5')
+    http = Net::HTTP.new(me_endpt.hostname, me_endpt.port)
+    http.use_ssl = true
+    JSON.parse(http.get(me_endpt, headers).body)
+  end
+end

data/examples/rails-todo-list-app/app/controllers/sessions_controller.rb ADDED

@@ -0,0 +1,28 @@
+class SessionsController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+  def new
+    redirect_to '/auth/azureactivedirectory'
+  end
+  def create
+    # If the session expires, they still access the same todo list next time
+    # that they log in with omniauth.
+    user = User.find_by_provider_and_uid(auth_hash['provider'],
+                                         auth_hash['uid'])
+    user ||= User.from_omniauth(auth_hash)
+    session['user_id'] = user.id
+    redirect_to tasks_path
+  end
+  def destroy
+    reset_session
+    redirect_to root_url
+  end
+  protected
+  def auth_hash
+    request.env['omniauth.auth']
+  end
+end

data/examples/rails-todo-list-app/app/controllers/signed_in_controller.rb ADDED

@@ -0,0 +1,25 @@
+# Any controllers that require users to sign in should extend this class.
+class SignedInController < ApplicationController
+  before_filter :require_sign_in
+  skip_before_filter :verify_authenticity_token
+  def index
+    @current_user = current_user
+    render :index
+  end
+  def require_sign_in
+    redirect_to root_path if current_user.nil?
+  end
+  def add_auth
+    current_user.redeem_code(
+      params['code'],
+      'https://localhost:9292/authorize')
+    redirect_to profile_index_path
+  end
+  def current_user
+    User.find_by_id(session['user_id'])
+  end
+end