omniauth 0.2.6 → 0.3.0.rc3

data/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb

@@ -1,279 +0,0 @@
-#this code boughts pieces from activeldap and net-ldap
-
-require 'rack'
-require 'net/ldap'
-require 'net/ntlm'
-require 'uri'
-
-module OmniAuth
-  module Strategies
-    class LDAP
-      class Adaptor
-        class LdapError < StandardError; end
-        class ConfigurationError < StandardError; end
-        class AuthenticationError < StandardError; end
-        class ConnectionError < StandardError; end
-
-        VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password,
-	                                        :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]
-
-        MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
-
-        METHOD = {
-	        :ssl => :simple_tls,
-	        :tls => :start_tls,
-          :plain => nil,
-        }
-
-        attr_accessor :bind_dn, :password
-        attr_reader :connection, :uid, :base
-
-        def initialize(configuration={})
-          @connection = nil
-          @disconnected = false
-          @bound = false
-          @configuration = configuration.dup
-          @configuration[:allow_anonymous] ||= false
-          @logger = @configuration.delete(:logger)
-          message = []
-          MUST_HAVE_KEYS.each do |name|
-              message << name if configuration[name].nil?
-          end
-          raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
-          VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
-            instance_variable_set("@#{name}", configuration[name])
-          end
-        end
-
-        def connect(options={})
-          host = options[:host] || @host
-          method = ensure_method(options[:method] || @method || :plain)
-          port = options[:port] || @port || ensure_port(method)
-          @disconnected = false
-          @bound = false
-          @bind_tried = false
-
-          config = {
-            :host => host,
-            :port => port,
-          }
-
-          config[:encryption] = {:method => method} if method
-
-          @connection, @uri, @with_start_tls = begin
-            uri = construct_uri(host, port, method == :simple_tls)
-            with_start_tls = method == :start_tls
-            puts ({:uri => uri, :with_start_tls => with_start_tls}).inspect
-            [Net::LDAP::Connection.new(config), uri, with_start_tls]
-          rescue Net::LDAP::LdapError
-            raise ConnectionError, $!.message
-          end
-        end
-
-        def unbind(options={})
-          @connection.close # Net::LDAP doesn't implement unbind.
-        end
-
-        def bind(options={})
-          connect(options) unless connecting?
-          begin
-          @bind_tried = true
-
-          bind_dn = (options[:bind_dn] || @bind_dn).to_s
-          try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
-          if options.has_key?(:allow_anonymous)
-            allow_anonymous = options[:allow_anonymous]
-          else
-            allow_anonymous = @allow_anonymous
-          end
-          # Rough bind loop:
-          # Attempt 1: SASL if available
-          # Attempt 2: SIMPLE with credentials if password block
-          # Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail and allow anonymous is set to true
-          if try_sasl and sasl_bind(bind_dn, options)
-              puts "bound with sasl"
-          elsif simple_bind(bind_dn, options)
-              puts "bound with simple"
-          elsif allow_anonymous and bind_as_anonymous(options)
-            puts "bound as anonymous"
-          else
-            message = yield if block_given?
-            message ||= ('All authentication methods for %s exhausted.') % target
-            raise AuthenticationError, message
-          end
-          @bound = true
-          rescue Net::LDAP::LdapError
-            raise AuthenticationError, $!.message
-          end
-        end
-
-        def disconnect!(options={})
-          unbind(options)
-          @connection = @uri = @with_start_tls = nil
-          @disconnected = true
-        end
-
-        def rebind(options={})
-          unbind(options) if bound?
-          connect(options)
-        end
-
-        def connecting?
-          !@connection.nil? and !@disconnected
-        end
-
-        def bound?
-          connecting? and @bound
-        end
-
-        def search(options={}, &block)
-          base = options[:base]
-          filter = options[:filter]
-          limit = options[:limit]
-
-          args = {
-            :base => @base,
-            :filter => filter,
-            :size => limit
-          }
-
-          attributes = {}
-          execute(:search, args) do |entry|
-            entry.attribute_names.each do |name|
-              attributes[name] = entry[name]
-            end
-          end
-          attributes
-        end
-
-        private
-
-        def execute(method, *args, &block)
-          result = @connection.send(method, *args, &block)
-          message = nil
-
-          if result.is_a?(Hash)
-            message = result[:errorMessage]
-            result = result[:resultCode]
-          end
-
-          unless result.zero?
-            message = [Net::LDAP.result2string(result), message].compact.join(": ")
-            raise LdapError, message
-          end
-        end
-
-        def ensure_port(method)
-          if method == :ssl
-            URI::LDAPS::DEFAULT_PORT
-          else
-            URI::LDAP::DEFAULT_PORT
-          end
-        end
-
-        def prepare_connection(options)
-        end
-
-        def ensure_method(method)
-            method ||= "plain"
-            normalized_method = method.to_s.downcase.to_sym
-            return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
-
-            available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
-            format = "%s is not one of the available connect methods: %s"
-            raise ConfigurationError, format % [method.inspect, available_methods]
-        end
-
-        def sasl_bind(bind_dn, options={})
-          sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
-            sasl_mechanisms.each do |mechanism|
-              begin
-                normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
-                sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
-                next unless respond_to?(sasl_bind_setup, true)
-                initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
-
-                args = {
-                  :method => :sasl,
-                  :initial_credential => initial_credential,
-                  :mechanism => mechanism,
-                  :challenge_response => challenge_response,
-                }
-
-                info = {
-                  :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
-                }
-
-                execute(:bind, args)
-                return true
-
-              rescue Exception => e
-                puts e.message
-              end
-            end
-          false
-        end
-
-        def sasl_bind_setup_digest_md5(bind_dn, options)
-          initial_credential = ""
-          challenge_response = Proc.new do |cred|
-            pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
-            sasl = SASL.new("DIGEST-MD5", pref)
-            response = sasl.receive("challenge", cred)
-            response[1]
-          end
-          [initial_credential, challenge_response]
-        end
-
-        def sasl_bind_setup_gss_spnego(bind_dn, options)
-          puts options.inspect
-          user,psw = [bind_dn, options[:password]||@password]
-          raise LdapError.new( "invalid binding information" ) unless (user && psw)
-
-          nego = proc {|challenge|
-            t2_msg = Net::NTLM::Message.parse( challenge )
-            user, domain = user.split('\\').reverse
-            t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
-            t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
-            t3_msg.serialize
-          }
-          [Net::NTLM::Message::Type1.new.serialize, nego]
-        end
-
-        def simple_bind(bind_dn, options={})
-          args = {
-            :method => :simple,
-            :username => bind_dn,
-            :password => (options[:password]||@password).to_s,
-          }
-          begin
-            raise AuthenticationError if args[:password] == ""
-            execute(:bind, args)
-            true
-          rescue Exception
-            false
-          end
-        end
-
-        def bind_as_anonymous(options={})
-          execute(:bind, {:method => :anonymous})
-          true
-        end
-
-        def construct_uri(host, port, ssl)
-          protocol = ssl ? "ldaps" : "ldap"
-          URI.parse("#{protocol}://#{host}:#{port}").to_s
-        end
-
-        def target
-          return nil if @uri.nil?
-          if @with_start_tls
-            "#{@uri}(StartTLS)"
-          else
-            @uri
-          end
-        end
-      end
-    end
-  end
-end

data/oa-enterprise/lib/omniauth/version.rb

@@ -1,19 +0,0 @@
-module OmniAuth
-  module Version
-    unless defined?(::OmniAuth::Version::MAJOR)
-      MAJOR = 0
-    end
-    unless defined?(::OmniAuth::Version::MINOR)
-      MINOR = 2
-    end
-    unless defined?(::OmniAuth::Version::PATCH)
-      PATCH = 6
-    end
-    unless defined?(::OmniAuth::Version::PRE)
-      PRE   = nil
-    end
-    unless defined?(::OmniAuth::Version::STRING)
-      STRING = [MAJOR, MINOR, PATCH, PRE].compact.join('.')
-    end
-  end
-end

data/oa-enterprise/oa-enterprise.gemspec

@@ -1,31 +0,0 @@
-# -*- encoding: utf-8 -*-
-require File.expand_path('../lib/omniauth/version', __FILE__)
-
-Gem::Specification.new do |gem|
-  gem.add_runtime_dependency 'addressable', '2.2.4'
-  gem.add_runtime_dependency 'nokogiri', '~> 1.4.2'
-  gem.add_runtime_dependency 'net-ldap', '~> 0.2.2'
-  gem.add_runtime_dependency 'oa-core', OmniAuth::Version::STRING
-  gem.add_runtime_dependency 'pyu-ruby-sasl', '~> 0.0.3.1'
-  gem.add_runtime_dependency 'rubyntlm', '~> 0.1.1'
-  gem.add_development_dependency 'maruku', '~> 0.6'
-  gem.add_development_dependency 'simplecov', '~> 0.4'
-  gem.add_development_dependency 'rack-test', '~> 0.5'
-  gem.add_development_dependency 'rake', '~> 0.8'
-  gem.add_development_dependency 'rspec', '~> 2.5'
-  gem.add_development_dependency 'webmock', '~> 1.6'
-  gem.add_development_dependency 'yard', '~> 0.7'
-  gem.add_development_dependency 'ZenTest', '~> 4.5'
-  gem.name = 'oa-enterprise'
-  gem.version = OmniAuth::Version::STRING
-  gem.description = %q{Enterprise strategies for OmniAuth.}
-  gem.summary = gem.description
-  gem.email = ['james.a.rosen@gmail.com', 'ping@intridea.com', 'michael@intridea.com', 'sferik@gmail.com']
-  gem.homepage = 'http://github.com/intridea/omniauth'
-  gem.authors = ['James A. Rosen', 'Ping Yu', 'Michael Bleigh', 'Erik Michaels-Ober']
-  gem.executables = `git ls-files -- bin/*`.split("\n").map{|f| File.basename(f)}
-  gem.files = `git ls-files`.split("\n")
-  gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
-  gem.require_paths = ['lib']
-  gem.required_rubygems_version = Gem::Requirement.new('>= 1.3.6') if gem.respond_to? :required_rubygems_version=
-end

data/oa-enterprise/spec/fixtures/cas_failure.xml

@@ -1,4 +0,0 @@
-<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
-  <cas:authenticationFailure>
-  </cas:authenticationFailure>
-</cas:serviceResponse>

data/oa-enterprise/spec/fixtures/cas_success.xml

@@ -1,8 +0,0 @@
-<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
-  <cas:authenticationSuccess>
-    <cas:user>psegel</cas:user>
-    <cas:first-name>Peter</cas:first-name>
-    <cas:last-name>Segel</cas:last-name>
-    <hire-date>2004-07-13</hire-date>
-  </cas:authenticationSuccess>
-</cas:serviceResponse>

data/oa-enterprise/spec/omniauth/strategies/cas_spec.rb

@@ -1,94 +0,0 @@
-require File.expand_path('../../../spec_helper', __FILE__)
-require 'cgi'
-
-describe OmniAuth::Strategies::CAS, :type => :strategy do
-
-  include OmniAuth::Test::StrategyTestCase
-
-  def strategy
-    @cas_server ||= 'https://cas.example.org'
-    [OmniAuth::Strategies::CAS, {:cas_server => @cas_server}]
-  end
-
-  describe 'GET /auth/cas' do
-    before do
-      get '/auth/cas'
-    end
-
-    it 'should redirect to the CAS server' do
-      last_response.should be_redirect
-      return_to = CGI.escape(last_request.url + '/callback')
-      last_response.headers['Location'].should == @cas_server + '/login?service=' + return_to
-    end
-  end
-
-  describe 'GET /auth/cas/callback without a ticket' do
-    before do
-      get '/auth/cas/callback'
-    end
-    it 'should fail' do
-      last_response.should be_redirect
-      last_response.headers['Location'].should =~ /no_ticket/
-    end
-  end
-
-  describe 'GET /auth/cas/callback with an invalid ticket' do
-    before do
-      stub_request(:get, /^https:\/\/cas.example.org(:443)?\/serviceValidate\?([^&]+&)?ticket=9391d/).
-         to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'cas_failure.xml')))
-      get '/auth/cas/callback?ticket=9391d'
-    end
-    it 'should fail' do
-      last_response.should be_redirect
-      last_response.headers['Location'].should =~ /invalid_ticket/
-    end
-  end
-
-  describe 'GET /auth/cas/callback with a valid ticket' do
-    before do
-      stub_request(:get, /^https:\/\/cas.example.org(:443)?\/serviceValidate\?([^&]+&)?ticket=593af/).
-         with { |request| @request_uri = request.uri.to_s }.
-         to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'cas_success.xml')))
-      get '/auth/cas/callback?ticket=593af'
-    end
-
-    it 'should strip the ticket parameter from the callback URL before sending it to the CAS server' do
-      @request_uri.scan('ticket=').length.should == 1
-    end
-
-    sets_an_auth_hash
-    sets_provider_to 'cas'
-    sets_uid_to 'psegel'
-
-    it 'should set additional user information' do
-      extra = (last_request.env['omniauth.auth'] || {})['extra']
-      extra.should be_kind_of(Hash)
-      extra['first-name'].should == 'Peter'
-      extra['last-name'].should == 'Segel'
-      extra['hire-date'].should == '2004-07-13'
-    end
-
-    it 'should call through to the master app' do
-      last_response.body.should == 'true'
-    end
-  end
-
-  unless RUBY_VERSION =~ /^1\.8\.\d$/
-    describe 'GET /auth/cas/callback with a valid ticket and gzipped response from the server on ruby >1.8' do
-      before do
-        zipped = StringIO.new
-        Zlib::GzipWriter.wrap zipped do |io|
-          io.write File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'cas_success.xml'))
-        end
-        stub_request(:get, /^https:\/\/cas.example.org(:443)?\/serviceValidate\?([^&]+&)?ticket=593af/).
-           with { |request| @request_uri = request.uri.to_s }.
-           to_return(:body => zipped.string, :headers => { 'content-encoding' => 'gzip' })
-        get '/auth/cas/callback?ticket=593af'
-      end
-
-      it 'should call through to the master app when response is gzipped' do
-          last_response.body.should == 'true'
-      end
-    end
-  end
-end

data/oa-enterprise/spec/omniauth/strategies/ldap_spec.rb

@@ -1,41 +0,0 @@
-require File.expand_path('../../../spec_helper', __FILE__)
-require 'cgi'
-
-describe OmniAuth::Strategies::LDAP, :type => :strategy do
-
-  include OmniAuth::Test::StrategyTestCase
-
-  def strategy
-    @ldap_server ||= 'ldap.example.org'
-    [OmniAuth::Strategies::LDAP, {
-      :host => @ldap_server,
-      :port => 636,
-      :method => :ssl,
-      :uid => 'jeremyf',
-      :base => 'o="University of OmniAuth", st=Sublime, c=RubyNation',
-    }]
-  end
-
-  describe 'GET /auth/ldap' do
-    before do
-      get '/auth/ldap'
-    end
-
-    # TODO: Add checks that page has authentication form; I attempted
-    # to use `should have_tag` but that was not working.
-    it 'should get authentication page' do
-      last_response.status.should == 200
-    end
-  end
-
-  describe 'POST /auth/ldap' do
-    before do
-      post '/auth/ldap', {:username => 'jeremy', :password => 'valid_password' }
-    end
-
-    it 'should redirect us to /auth/ldap/callback' do
-      last_response.should be_redirect
-      last_response.location.should == '/auth/ldap/callback'
-    end
-  end
-end