omniauth-openam 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 71ed832328a1df617f419bf5f5e0e23adf8b0ed1
+  data.tar.gz: c236892a2cf3462468d01e6991f870bcc97d3144
+SHA512:
+  metadata.gz: 6d72000930d6641e04406d708a7ee5dceda5d0b1609dc370bc98b61b598b3f8d26316af21b94a8632f1e7bd6b80cc0c2239ce5fbc24460526743a9847ce84ac8
+  data.tar.gz: cfc6ba82cedada1ba53148c53c610920df925e933478e08889e6f033691e17891f8466d975c4c737de365feed040a88c7cbc7e30bedb7e966429963571a26e1b

data/.gitignore

@@ -0,0 +1,44 @@
+.ruby-version
+.ruby-gemset
+# rcov generated
+coverage
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+
+# jeweler generated
+pkg
+
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+#
+#.DS_Store
+#
+# For TextMate
+#*.tmproj
+#tmtags
+#
+# For emacs:
+#*~
+#\#*
+#.\#*
+#
+# For vim:
+*.swp

data/.travis.yml

@@ -0,0 +1,4 @@
+rvm:
+  - 2.0.0
+  - 2.1.0
+  - ruby-head

data/Gemfile

@@ -0,0 +1,4 @@
+source 'http://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-github.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,53 @@
+PATH
+  remote: .
+  specs:
+    omniauth-openam (1.0.0)
+      faraday
+      omniauth (~> 1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.3.5)
+    crack (0.4.2)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.2.5)
+    docile (1.1.2)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.4.3)
+    multi_json (1.8.4)
+    multipart-post (2.0.0)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.7)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.5)
+    safe_yaml (1.0.1)
+    simplecov (0.8.2)
+      docile (~> 1.1.0)
+      multi_json
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    webmock (1.17.2)
+      addressable (>= 2.2.7)
+      crack (>= 0.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-openam!
+  rack-test
+  rspec (~> 2.7)
+  simplecov
+  webmock

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2014 Rahul Ghose, 2015 MAK IT
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,58 @@
+# OmniAuth OpenAM
+
+[![Continuous Integration status](https://secure.travis-ci.org/mak-it/omniauth-openam.png)](http://travis-ci.org/mak-it/omniauth-openam)
+
+OmniAuth strategy for authenticating to [OpenAM](https://www.forgerock.com/products/access-management/).
+
+## Installation
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-openam'
+```
+
+## Usage
+
+Here's a quick example, adding the middleware to a Rails app
+in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :openam, 'https://example.com/opensso'
+end
+```
+
+## Auth Hash
+
+Here's an example Auth Hash available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  provider: "openam",
+  uid: "bjensen",
+  info: {
+    email: "bjensen@example.com",
+    first_name: "Barbara",
+    last_name: "Jensen",
+    name: "Babs Jensen",
+    username: "bjensen",
+  },
+  credentials: {
+    token: "AQIC5wM2LY4SfcxuxIP0VnP2lVjs7ypEM6VDx6srk56CN1Q.*AAJTSQACMDE.*"
+  },
+  extra: {
+    raw_info: {
+      token: "AQIC5wM2LY4SfcxuxIP0VnP2lVjs7ypEM6VDx6srk56CN1Q.*AAJTSQACMDE.*",
+      cn: ["Babs Jensen", "Barbara Jensen"],
+      dn: ["uid=bjensen,ou=people,dc=example,dc=com"],
+      givenname: ["Barbara"],
+      mail: ["bjensen@example.com"],
+      objectclass: ["organizationalPerson", "person", "inetOrgPerson", "top"],
+      sn: ["Jensen"],
+      telephonenumber: ["+1 408 555 1862"],
+      uid: ["bjensen"]
+    }
+  }
+}
+```

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc 'Run specs'
+task :default => :spec

data/lib/omniauth-openam.rb

@@ -0,0 +1 @@
+require 'omniauth/strategies/openam'

data/lib/omniauth-openam/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Openam
+    VERSION = "1.0.0"
+  end
+end

data/lib/omniauth/strategies/openam.rb

@@ -0,0 +1,92 @@
+require 'omniauth'
+require 'faraday'
+
+module OmniAuth
+  module Strategies
+    class OpenAM
+      include OmniAuth::Strategy
+
+      option :cookie_name, 'iPlanetDirectoryPro'
+
+      args [:auth_url]
+
+      attr_reader :token
+
+      uid do
+        raw_info['uid'][0]
+      end
+
+      info do
+        {
+          username:   raw_info['uid'][0],
+          email:      raw_info['mail'][0],
+          first_name: raw_info['givenname'][0],
+          last_name:  raw_info['sn'][0],
+          name:       raw_info['cn'][0]
+        }
+      end
+
+      credentials do
+        {
+          token: token
+        }
+      end
+
+      extra do
+        {
+          raw_info: raw_info
+        }
+      end
+
+      protected
+
+      def request_phase
+        redirect "#{options[:auth_url]}?goto=#{callback_url}"
+      end
+
+      def callback_phase
+        @token = request.cookies[options[:cookie_name]]
+        if token.nil?
+          e = RuntimeError.new("#{options[:cookie_name]} cookie is missing")
+          return fail!(:invalid_credentials, e)
+        end
+        if raw_info.empty?
+          e = RuntimeError.new("Identity attributes are empty")
+          return fail!(:invalid_credentials, e)
+        end
+        super
+      end
+
+      def raw_info
+        @raw_info ||= begin
+          conn = Faraday.new(url: options[:auth_url]) do |faraday|
+            faraday.request  :url_encoded
+            faraday.response :logger, OmniAuth.logger
+            faraday.adapter Faraday.default_adapter
+          end
+          response = conn.post(
+            "#{URI(options[:auth_url]).path}/identity/attributes",
+            subjectid: token
+          )
+          attributes = Hash.new{ |h,k| h[k] = [] }
+          name = nil
+          lines = response.body.split("\n")
+          lines.each do |line|
+            key, value = line.split("=", 2)
+            case key
+            when 'userdetails.token.id'
+              attributes['token'] = value
+            when 'userdetails.attribute.name'
+              name = value
+            when 'userdetails.attribute.value'
+              attributes[name] << value
+            end
+          end
+          attributes
+        end
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'openam', 'OpenAM'

data/omniauth-openam.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth-openam/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors = ["Edgars Beigarts"]
+  gem.email = ["edgars.beigarts@gmail.com"]
+  gem.description = "This is an OmniAuth provider for OpenAM's REST API"
+  gem.summary = "An OmniAuth provider for OpenAM REST API"
+  gem.homepage = "https://github.com/mak-it/omniauth-openam"
+  gem.license = "MIT"
+
+  gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name = "omniauth-openam"
+  gem.require_paths = ["lib"]
+  gem.version = OmniAuth::Openam::VERSION
+
+  gem.add_dependency 'omniauth', '~> 1.0'
+  gem.add_dependency 'faraday'
+
+  gem.add_development_dependency 'rspec', '~> 2.7'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
+end

data/spec/fixtures/identity_attributes.txt

@@ -0,0 +1,21 @@
+userdetails.token.id=AQIC5wM2LY4SfcxuxIP0VnP2lVjs7ypEM6VDx6srk56CN1Q.*AAJTSQACMDE.*
+userdetails.attribute.name=uid
+userdetails.attribute.value=bjensen
+userdetails.attribute.name=mail
+userdetails.attribute.value=bjensen@example.com
+userdetails.attribute.name=sn
+userdetails.attribute.value=Jensen
+userdetails.attribute.name=cn
+userdetails.attribute.value=Babs Jensen
+userdetails.attribute.value=Barbara Jensen
+userdetails.attribute.name=givenname
+userdetails.attribute.value=Barbara
+userdetails.attribute.name=dn
+userdetails.attribute.value=uid=bjensen,ou=people,dc=example,dc=com
+userdetails.attribute.name=telephonenumber
+userdetails.attribute.value=+1 408 555 1862
+userdetails.attribute.name=objectclass
+userdetails.attribute.value=organizationalPerson
+userdetails.attribute.value=person
+userdetails.attribute.value=inetOrgPerson
+userdetails.attribute.value=top

data/spec/omniauth/strategies/openam_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+RSpec.describe OmniAuth::Strategies::OpenAM, type: :strategy do
+  include OmniAuth::Test::StrategyTestCase
+
+  let :token do
+    "AQIC5wM2LY4SfcxuxIP0VnP2lVjs7ypEM6VDx6srk56CN1Q.*AAJTSQACMDE.*"
+  end
+
+  def strategy
+    [OmniAuth::Strategies::OpenAM, "https://example.com/opensso"]
+  end
+
+  describe '/auth/openam' do
+    it 'redirects to OpenAM login page' do
+      get '/auth/openam'
+      expect(last_response).to be_redirect
+      expect(last_response.headers['Location']).to \
+        eq(
+          'https://example.com/opensso'\
+          '?goto=http://example.org/auth/openam/callback'
+        )
+    end
+  end
+
+  describe '/auth/openam/callback' do
+    before do
+      stub_request(:post, "https://example.com/opensso/identity/attributes").
+        with(body: { subjectid: token }).
+        to_return(body: File.read(
+            File.expand_path(
+              '../../../fixtures/identity_attributes.txt', __FILE__
+            )
+          )
+        )
+    end
+
+    it 'retrieves identity attributes' do
+      get '/auth/openam/callback',
+        {},
+        { "HTTP_COOKIE" => "iPlanetDirectoryPro=#{token}" }
+      auth = last_request.env['omniauth.auth']
+      puts auth.inspect
+      expect(auth[:credentials][:token]).to eq(token)
+      expect(auth[:uid]).to eq('bjensen')
+      expect(auth[:info][:email]).to eq('bjensen@example.com')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-openam'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+end

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-openam
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Edgars Beigarts
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-11-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This is an OmniAuth provider for OpenAM's REST API
+email:
+- edgars.beigarts@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-openam.rb
+- lib/omniauth-openam/version.rb
+- lib/omniauth/strategies/openam.rb
+- omniauth-openam.gemspec
+- spec/fixtures/identity_attributes.txt
+- spec/omniauth/strategies/openam_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/mak-it/omniauth-openam
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: An OmniAuth provider for OpenAM REST API
+test_files:
+- spec/fixtures/identity_attributes.txt
+- spec/omniauth/strategies/openam_spec.rb
+- spec/spec_helper.rb