omniauth 0.2.6 → 0.3.0.rc3

data/oa-core/spec/spec_helper.rb

@@ -1,12 +0,0 @@
-require 'simplecov'
-SimpleCov.start
-require 'rspec'
-require 'rack/test'
-require 'omniauth/core'
-require 'omniauth/test'
-
-RSpec.configure do |config|
-  config.include Rack::Test::Methods
-  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
-end
-

data/oa-enterprise/Gemfile

@@ -1,7 +0,0 @@
-source 'http://rubygems.org'
-
-platforms :jruby do
-  gem 'jruby-openssl', '~> 0.7'
-end
-
-gemspec

data/oa-enterprise/LICENSE

@@ -1,19 +0,0 @@
-Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/oa-enterprise/README.rdoc

@@ -1,82 +0,0 @@
-= OmniAuth::Enterprise
-
-OmniAuth strategies for use in your intranet.
-
-== Installation
-
-To get just enterprise functionality:
-
-    gem install oa-enterprise
-    
-For the full auth suite:
-
-    gem install omniauth
-
-== CAS
-
-Use the CAS strategy as a middleware in your application:
-
-    require 'omniauth/enterprise'
-    
-    use OmniAuth::Strategies::CAS, :server => 'http://cas.mycompany.com/cas'
-    
-Then simply direct users to '/auth/cas' to have them sign in via your company's CAS server.
-See OmniAuth::Strategies::CAS::Configuration for more configuration options.
-
-== LDAP
-
-Use the LDAP strategy as a middleware in your application:
-
-    require 'omniauth/enterprise'
-    use OmniAuth::Strategies::LDAP, 
-        :title => "My LDAP", 
-        :host => '10.101.10.1',
-        :port => 389,
-        :method => :plain,
-        :base => 'dc=intridea, dc=com',
-        :uid => 'sAMAccountName',
-        :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
-        :bind_dn => 'default_bind_dn'
-        :password => 'password'
-
-All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
-Allowed values of :method are: :plain, :ssl, :tls.
-
-:bind_dn and :password are used to perform the initial binding if user lookup is
-needed. If the user lookup returns result, the DN attribute from the result set is used
-to perform the final binding. This is needed only when the LDAP server requires 
-DN to be used for binding and you may only want user to using email or username
-in the login form.
-
-:uid is the LDAP attribute name for the user name in the login form. typically
-AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
-You can also use 'dn', if your user choose the put in the dn in the login form
-(but usually is too long for user to remember or know).
-
-:name_proc allows you to match the user name entered with the format of the
-:uid attributes. For example, value of 'sAMAccountName' in AD contains only the
-windows user name. If your user prefers use email to login, a name_proc as
-above will trim the email string down to just the windows name. In summary,
-:name_proc helps you to fill the gap between the authentication and user lookup
-process.
- 
-:try_sasl and :sasl_mechanisms are optional. Use them to initialize a SASL
-connection to server. Allowed values are 'DIGEST-MD5' and 'GSS-SPNEGO'. If you
-are not familiar with these authentication methods, please just avoid them.
-
-Direct users to '/auth/ldap' to have them authenticated via your
-company's LDAP server.
-    
-== Multiple Strategies
-
-If you're using multiple strategies together, use OmniAuth's Builder. That's
-what it's there for:
-
-    require 'omniauth/enterprise'
-    require 'omniauth/oauth'  # for Campfire
-    require 'openid/store/filesystem'
-    
-    use OmniAuth::Builder do
-      provider :cas, :server => 'http://cas.mycompany.com/cas'
-      provider :campfire
-    end

data/oa-enterprise/Rakefile

@@ -1,6 +0,0 @@
-require 'bundler'
-Bundler::GemHelper.install_tasks
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
-task :default => :spec
-task :test => :spec

data/oa-enterprise/lib/oa-enterprise.rb

@@ -1 +0,0 @@
-require 'omniauth/enterprise'

data/oa-enterprise/lib/omniauth/enterprise.rb

@@ -1,8 +0,0 @@
-require 'omniauth/core'
-
-module OmniAuth
-  module Strategies
-    autoload :CAS, 'omniauth/strategies/cas'
-    autoload :LDAP, 'omniauth/strategies/ldap'
-  end
-end

data/oa-enterprise/lib/omniauth/strategies/cas.rb

@@ -1,47 +0,0 @@
-require 'omniauth/enterprise'
-
-module OmniAuth
-  module Strategies
-    class CAS
-      include OmniAuth::Strategy
-
-      autoload :Configuration, 'omniauth/strategies/cas/configuration'
-      autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
-
-      def initialize(app, options = {}, &block)
-        super(app, options[:name] || :cas, options.dup, &block)
-        @configuration = OmniAuth::Strategies::CAS::Configuration.new(options)
-      end
-
-      protected
-
-      def request_phase
-        [
-          302,
-          {
-            'Location' => @configuration.login_url(callback_url),
-            'Content-Type' => 'text/plain'
-          },
-          ["You are being redirected to CAS for sign-in."]
-        ]
-      end
-
-      def callback_phase
-        ticket = request.params['ticket']
-        return fail!(:no_ticket, 'No CAS Ticket') unless ticket
-        validator = ServiceTicketValidator.new(@configuration, callback_url, ticket)
-        @user_info = validator.user_info
-        return fail!(:invalid_ticket, 'Invalid CAS Ticket') if @user_info.nil? || @user_info.empty?
-        super
-      end
-
-      def auth_hash
-        OmniAuth::Utils.deep_merge(super, {
-          'uid' => @user_info.delete('user'),
-          'extra' => @user_info
-        })
-      end
-
-    end
-  end
-end

data/oa-enterprise/lib/omniauth/strategies/cas/configuration.rb

@@ -1,98 +0,0 @@
-require 'rack'
-
-module OmniAuth
-  module Strategies
-    class CAS
-      class Configuration
-
-        DEFAULT_LOGIN_URL = "%s/login"
-
-        DEFAULT_SERVICE_VALIDATE_URL = "%s/serviceValidate"
-
-        # @param [Hash] params configuration options
-        # @option params [String, nil] :cas_server the CAS server root URL; probably something like
-        #         `http://cas.mycompany.com` or `http://cas.mycompany.com/cas`; optional.
-        # @option params [String, nil] :cas_login_url (:cas_server + '/login') the URL to which to
-        #         redirect for logins; options if `:cas_server` is specified,
-        #         required otherwise.
-        # @option params [String, nil] :cas_service_validate_url (:cas_server + '/serviceValidate') the
-        #         URL to use for validating service tickets; optional if `:cas_server` is
-        #         specified, requred otherwise.
-        # @option params [Boolean, nil] :disable_ssl_verification disable verification for SSL cert,
-        #         helpful when you developing with a fake cert.
-        def initialize(params)
-          parse_params params
-        end
-
-        # Build a CAS login URL from +service+.
-        #
-        # @param [String] service the service (a.k.a. return-to) URL
-        #
-        # @return [String] a URL like `http://cas.mycompany.com/login?service=...`
-        def login_url(service)
-          append_service @login_url, service
-        end
-
-        # Build a service-validation URL from +service+ and +ticket+.
-        # If +service+ has a ticket param, first remove it. URL-encode
-        # +service+ and add it and the +ticket+ as paraemters to the
-        # CAS serviceValidate URL.
-        #
-        # @param [String] service the service (a.k.a. return-to) URL
-        # @param [String] ticket the ticket to validate
-        #
-        # @return [String] a URL like `http://cas.mycompany.com/serviceValidate?service=...&ticket=...`
-        def service_validate_url(service, ticket)
-          service = service.sub(/[?&]ticket=[^?&]+/, '')
-          url = append_service(@service_validate_url, service)
-          url << '&ticket=' << Rack::Utils.escape(ticket)
-        end
-
-        def disable_ssl_verification?
-          @disable_ssl_verification
-        end
-
-        private
-
-        def parse_params(params)
-          if params[:cas_server].nil? && params[:cas_login_url].nil?
-            raise ArgumentError.new(":cas_server or :cas_login_url MUST be provided")
-          end
-          @login_url   = params[:cas_login_url]
-          @login_url ||= DEFAULT_LOGIN_URL % params[:cas_server]
-          validate_is_url 'login URL', @login_url
-
-          if params[:cas_server].nil? && params[:cas_service_validate_url].nil?
-            raise ArgumentError.new(":cas_server or :cas_service_validate_url MUST be provided")
-          end
-          @service_validate_url   = params[:cas_service_validate_url]
-          @service_validate_url ||= DEFAULT_SERVICE_VALIDATE_URL % params[:cas_server]
-          validate_is_url 'service-validate URL', @service_validate_url
-
-          @disable_ssl_verification = params[:disable_ssl_verification]
-        end
-
-        IS_NOT_URL_ERROR_MESSAGE = "%s is not a valid URL"
-
-        def validate_is_url(name, possibly_a_url)
-          url = URI.parse(possibly_a_url) rescue nil
-          raise ArgumentError.new(IS_NOT_URL_ERROR_MESSAGE % name) unless url.kind_of?(URI::HTTP)
-        end
-
-        # Adds +service+ as an URL-escaped parameter to +base+.
-        #
-        # @param [String] base the base URL
-        # @param [String] service the service (a.k.a. return-to) URL.
-        #
-        # @return [String] the new joined URL.
-        def append_service(base, service)
-          result = base.dup
-          result << (result.include?('?') ? '&' : '?')
-          result << 'service='
-          result << Rack::Utils.escape(service)
-        end
-
-      end
-    end
-  end
-end

data/oa-enterprise/lib/omniauth/strategies/cas/service_ticket_validator.rb

@@ -1,91 +0,0 @@
-require 'net/http'
-require 'net/https'
-require 'nokogiri'
-
-module OmniAuth
-  module Strategies
-    class CAS
-      class ServiceTicketValidator
-
-        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }
-
-        # Build a validator from a +configuration+, a
-        # +return_to+ URL, and a +ticket+.
-        #
-        # @param [OmniAuth::Strategies::CAS::Configuration] configuration the CAS configuration
-        # @param [String] return_to_url the URL of this CAS client service
-        # @param [String] ticket the service ticket to validate
-        def initialize(configuration, return_to_url, ticket)
-          @configuration = configuration
-          @uri = URI.parse(@configuration.service_validate_url(return_to_url, ticket))
-        end
-
-        # Request validation of the ticket from the CAS server's
-        # serviceValidate (CAS 2.0) function.
-        #
-        # Swallows all XML parsing errors (and returns +nil+ in those cases).
-        #
-        # @return [Hash, nil] a user information hash if the response is valid; +nil+ otherwise.
-        #
-        # @raise any connection errors encountered.
-        def user_info
-          parse_user_info(find_authentication_success(get_service_response_body))
-        end
-
-        private
-
-        # turns an `<cas:authenticationSuccess>` node into a Hash;
-        # returns nil if given nil
-        def parse_user_info(node)
-          return nil if node.nil?
-          hash = {}
-          node.children.each do |e|
-            unless e.kind_of?(Nokogiri::XML::Text) ||
-                   e.name == 'cas:proxies' ||
-                   e.name == 'proxies'
-              # There are no child elements
-              if e.element_children.count == 0
-                hash[e.name.sub(/^cas:/, '')] = e.content
-              elsif e.element_children.count
-                hash[e.name.sub(/^cas:/, '')] = [] if hash[e.name.sub(/^cas:/, '')].nil?
-                hash[e.name.sub(/^cas:/, '')].push parse_user_info e
-              end
-            end
-          end
-          hash
-        end
-
-        # finds an `<cas:authenticationSuccess>` node in
-        # a `<cas:serviceResponse>` body if present; returns nil
-        # if the passed body is nil or if there is no such node.
-        def find_authentication_success(body)
-          return nil if body.nil? || body == ''
-          begin
-            doc = Nokogiri::XML(body)
-            begin
-              doc.xpath('/cas:serviceResponse/cas:authenticationSuccess')
-            rescue Nokogiri::XML::XPath::SyntaxError
-              doc.xpath('/serviceResponse/authenticationSuccess')
-            end
-          rescue Nokogiri::XML::XPath::SyntaxError
-            nil
-          end
-        end
-
-        # retrieves the `<cas:serviceResponse>` XML from the CAS server
-        def get_service_response_body
-          result = ''
-          http = ::Net::HTTP.new(@uri.host, @uri.port)
-          http.use_ssl = @uri.port == 443 || @uri.instance_of?(URI::HTTPS)
-          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl? && @configuration.disable_ssl_verification?
-          http.start do |c|
-            response = c.get "#{@uri.path}?#{@uri.query}", VALIDATION_REQUEST_HEADERS.dup
-            result = response.body
-          end
-          result
-        end
-
-      end
-    end
-  end
-end

data/oa-enterprise/lib/omniauth/strategies/ldap.rb

@@ -1,111 +0,0 @@
-require 'omniauth/enterprise'
-require 'net/ldap'
-require 'sasl/base'
-require 'sasl'
-
-module OmniAuth
-  module Strategies
-    class LDAP
-      include OmniAuth::Strategy
-
-      autoload :Adaptor, 'omniauth/strategies/ldap/adaptor'
-      @@config   = {'name' => 'cn',
-                    'first_name' => 'givenName',
-                    'last_name' => 'sn',
-                    'email' => ['mail', "email", 'userPrincipalName'],
-					'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
-					'mobile_number' => ['mobile', 'mobileTelephoneNumber'],
-					'nickname' => ['uid', 'userid', 'sAMAccountName'],
-					'title' => 'title',
-					'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
-					'uid' => 'dn',
-					'url' => ['wwwhomepage'],
-					'image' => 'jpegPhoto',
-					'description' => 'description'}
-
-      # Initialize the LDAP Middleware
-      #
-      # @param [Rack Application] app Standard Rack middleware argument.
-      # @option options [String, 'LDAP Authentication'] :title A title for the authentication form.
-      def initialize(app, options = {}, &block)
-        super(app, options[:name] || :ldap, options.dup, &block)
-        @name_proc = (@options.delete(:name_proc) || Proc.new {|name| name})
-        @adaptor = OmniAuth::Strategies::LDAP::Adaptor.new(options)
-      end
-
-      protected
-
-      def request_phase
-        if env['REQUEST_METHOD'] == 'GET'
-          get_credentials
-        else
-          session['omniauth.ldap'] = {'username' => request['username'], 'password' => request['password']}
-          redirect callback_path
-        end
-      end
-
-  	  def get_credentials
-        OmniAuth::Form.build(:title => (options[:title] || "LDAP Authentication")) do
-          text_field 'Login', 'username'
-          password_field 'Password', 'password'
-        end.to_response
-      end
-
-      def callback_phase
-      	begin
-        creds = session['omniauth.ldap']
-        session.delete 'omniauth.ldap'
-				@ldap_user_info = {}
-        begin
-        	(@adaptor.bind(:allow_anonymous => true) unless @adaptor.bound?)
-        rescue Exception => e
-        	puts "failed to bind with the default credentials: " + e.message
-       	end
-        @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
-				bind_dn = creds['username']
-				bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
-        @adaptor.bind(:bind_dn => bind_dn, :password => creds['password'])
-        @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @ldap_user_info.empty?
-    	  @user_info = self.class.map_user(@@config, @ldap_user_info)
-
-        @env['omniauth.auth'] = auth_hash
-
-      	rescue Exception => e
-      	  return fail!(:invalid_credentials, e)
-      	end
-	      call_app!
-      end
-
-      def auth_hash
-        OmniAuth::Utils.deep_merge(super, {
-          'uid' => @user_info["uid"],
-          'user_info' => @user_info,
-          'extra' => @ldap_user_info
-        })
-      end
-
-	  def self.map_user(mapper, object)
-		user = {}
-		mapper.each do |key, value|
-		  case value
-		  when String
-		    user[key] = object[value.downcase.to_sym].to_s if object[value.downcase.to_sym]
-		  when Array
-		    value.each {|v| (user[key] = object[v.downcase.to_sym].to_s; break;) if object[v.downcase.to_sym]}
-		  when Hash
-		    value.map do |key1, value1|
-			  pattern = key1.dup
-			  value1.each_with_index do |v,i|
-			    part = '';
-			    v.each {|v1| (part = object[v1.downcase.to_sym].to_s; break;) if object[v1.downcase.to_sym]}
-			    pattern.gsub!("%#{i}",part||'')
-			  end
-			  user[key] = pattern
-		    end
-		  end
-		end
-		user
-	  end
-    end
-  end
-end