omniauth-kerberos-clearlyip 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/lib/omniauth/strategies/kerberos.rb +85 -0
  3. data/lib/omniauth-kerberos-clearlyip.rb +1 -0
  4. data/spec/omniauth/strategy/kerberos_spec.rb +46 -0
  5. data/spec/spec_helper.rb +28 -0
  6. metadata +77 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 99d0d597eddcc85b378ae2a885cb628b7dc6760e45acf2c0e23b66121445fde7
4
+ data.tar.gz: 98910c230fa09dcff9bea9f21b37d74156ea931cda7e849c1adb5ea54ca708c5
5
+ SHA512:
6
+ metadata.gz: 432b319f7f2578e344e8536911b580c351d1cdc1c7593de590014ba40204305ff1e00064e2526563168d935bdceac2b04217c3e826883a94966528870f233232
7
+ data.tar.gz: 6aaf7e7a30598a43dda9eb01efba7b75a7c205696ee47c6466bfe9388a94e4dda30736ec875d5938830c64734ac01db960445d59fc70d2cd67f2a3f1b0f2e1c5
data/lib/omniauth/strategies/kerberos.rb ADDED
@@ -0,0 +1,85 @@
1
+ # omniauth-kerberos2/lib/omniauth/strategies/kerberos.rb
2
+ require 'omniauth'
3
+ require 'krb5_auth'
4
+
5
+ module OmniAuth
6
+ module Strategies
7
+ class Kerberos
8
+ include OmniAuth::Strategy
9
+
10
+ option :title, "Kerberos Authentication @#{::Krb5Auth::Krb5.new.get_default_realm.downcase}"
11
+ option :name, 'kerberos'
12
+ option :fields, %i[username password]
13
+ uid { username }
14
+
15
+ def initialize(app, *args, &block)
16
+ super
17
+ @krb5 = ::Krb5Auth::Krb5.new
18
+ end
19
+
20
+ def username_id
21
+ options[:fields][0]&.to_s || 'username'
22
+ end
23
+
24
+ def password_id
25
+ options[:fields][1]&.to_s || 'password'
26
+ end
27
+
28
+ def username
29
+ @username || request&.params[username_id]&.to_s
30
+ end
31
+
32
+ def password
33
+ request&.params[password_id]
34
+ end
35
+
36
+ def init_authenticator(request, env, username)
37
+ @request = request
38
+ @env = env
39
+ @username = username
40
+ end
41
+
42
+ def callback_phase
43
+ if authenticate(username, password)
44
+ super
45
+ else
46
+ fail!(:invalid_credentials)
47
+ end
48
+ end
49
+
50
+ def request_phase
51
+ form = OmniAuth::Form.build(title: options.title, url: callback_url) do |f|
52
+ f.text_field 'Username', username_id
53
+ f.password_field 'Password', password_id
54
+ end
55
+ form.to_response
56
+ end
57
+
58
+ def other_phase
59
+ if on_request_path?
60
+ request_phase
61
+ else
62
+ call_app!
63
+ end
64
+ end
65
+
66
+ info do
67
+ {
68
+ username: username,
69
+ email: "#{username}@#{@krb5.get_default_realm.downcase}"
70
+ }
71
+ end
72
+
73
+ private
74
+
75
+ def authenticate(username, password)
76
+ @krb5.get_init_creds_password(username, password)
77
+ true
78
+ rescue ::Krb5Auth::Krb5::Exception
79
+ false
80
+ end
81
+ end
82
+ end
83
+ end
84
+
85
+ OmniAuth.config.add_camelization 'kerberos', 'Kerberos'
data/lib/omniauth-kerberos-clearlyip.rb ADDED
@@ -0,0 +1 @@
1
+ require 'omniauth/strategies/kerberos'
data/spec/omniauth/strategy/kerberos_spec.rb ADDED
@@ -0,0 +1,46 @@
1
+ require 'spec_helper'
2
+ require 'rack/test'
3
+
4
+ describe OmniAuth::Strategies::Kerberos do
5
+ include Rack::Test::Methods
6
+
7
+ before do
8
+ fake = double 'krb5'
9
+ allow(::Krb5Auth::Krb5).to receive(:new).and_return fake
10
+
11
+ allow(fake).to receive(:get_default_realm).and_return 'example.org'
12
+
13
+ allow(fake).to receive(:get_init_creds_password) do |username, password|
14
+ if username == 'john' && password == 'secret'
15
+ true
16
+ else
17
+ fail ::Krb5Auth::Krb5::Exception
18
+ end
19
+ end
20
+ end
21
+
22
+ let(:app) do
23
+ Rack::Builder.new do
24
+ use OmniAuth::Test::PhonySession
25
+ use OmniAuth::Strategies::Kerberos
26
+ run ->(env) { [404, {}, [env['omniauth.auth']['uid'].to_s]] }
27
+ end.to_app
28
+ end
29
+
30
+ it 'shows login FORM' do
31
+ get '/auth/kerberos'
32
+ expect(last_response.body).to include '<form'
33
+ end
34
+
35
+ it 'redirect on wrong password' do
36
+ post '/auth/kerberos/callback', username: 'paul', password: 'wrong'
37
+ expect(last_response).to be_redirect
38
+ expect(last_response.headers['Location']).to eq \
39
+ '/auth/failure?message=invalid_credentials&strategy=kerberos'
40
+ end
41
+
42
+ it 'authenticates with password' do
43
+ post '/auth/kerberos/callback', username: 'john', password: 'secret'
44
+ expect(last_response.body).to eq 'john'
45
+ end
46
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,28 @@
1
+ require 'rspec'
2
+
3
+ if ENV['CI'] || (defined?(:RUBY_ENGINE) && RUBY_ENGINE != 'rbx')
4
+ begin
5
+ require 'simplecov'
6
+ SimpleCov.start
7
+ rescue LoadError
8
+ end
9
+ end
10
+
11
+ require 'omniauth-kerberos-clearlyip'
12
+
13
+ Dir[File.expand_path('spec/support/**/*.rb')].each { |f| require f }
14
+
15
+ # Disable omniauth logger
16
+ class NullLogger < Logger
17
+ def initialize(*_args)
18
+ end
19
+
20
+ def add(*_args, &_block)
21
+ end
22
+ end
23
+
24
+ OmniAuth.config.logger = NullLogger.new
25
+
26
+ RSpec.configure do |config|
27
+ config.order = 'random'
28
+ end
metadata ADDED
@@ -0,0 +1,77 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-kerberos-clearlyip
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Julien Chabanon
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2024-07-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: omniauth
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: timfel-krb5-auth
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ description: An OmniAuth strategy for Kerberos that works with OmniAuth 2.0
42
+ email:
43
+ - julien@chabanon.me
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - lib/omniauth-kerberos-clearlyip.rb
49
+ - lib/omniauth/strategies/kerberos.rb
50
+ - spec/omniauth/strategy/kerberos_spec.rb
51
+ - spec/spec_helper.rb
52
+ homepage: https://github.com/julienchabanon/omniauth-kerberos-clearlyip
53
+ licenses:
54
+ - MIT
55
+ metadata: {}
56
+ post_install_message:
57
+ rdoc_options: []
58
+ require_paths:
59
+ - lib
60
+ required_ruby_version: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: 2.5.0
65
+ required_rubygems_version: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ requirements: []
71
+ rubygems_version: 3.5.15
72
+ signing_key:
73
+ specification_version: 4
74
+ summary: An OmniAuth strategy for Kerberos.
75
+ test_files:
76
+ - spec/omniauth/strategy/kerberos_spec.rb
77
+ - spec/spec_helper.rb