omniauth_crowd 2.0.1 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +10 -10
- data/lib/omniauth/strategies/crowd.rb +1 -1
- data/lib/omniauth/strategies/crowd/configuration.rb +24 -10
- data/lib/omniauth/strategies/crowd/crowd_validator.rb +46 -21
- data/lib/omniauth_crowd.rb +0 -1
- data/lib/omniauth_crowd/version.rb +1 -1
- data/spec/fixtures/groups.xml +8 -0
- data/spec/omniauth/strategies/crowd_spec.rb +4 -1
- metadata +38 -37
- data/VERSION +0 -1
data/Gemfile.lock
CHANGED
@@ -1,30 +1,30 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
omniauth_crowd (2.
|
4
|
+
omniauth_crowd (2.1.0)
|
5
5
|
nokogiri (>= 1.4.4)
|
6
6
|
omniauth (~> 1.0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: http://rubygems.org/
|
10
10
|
specs:
|
11
|
-
addressable (2.2.
|
12
|
-
crack (0.1
|
13
|
-
diff-lcs (1.1.
|
11
|
+
addressable (2.2.7)
|
12
|
+
crack (0.3.1)
|
13
|
+
diff-lcs (1.1.3)
|
14
14
|
hashie (1.2.0)
|
15
|
-
nokogiri (1.5.
|
16
|
-
omniauth (1.0.
|
15
|
+
nokogiri (1.5.2)
|
16
|
+
omniauth (1.0.3)
|
17
17
|
hashie (~> 1.2)
|
18
18
|
rack
|
19
|
-
rack (1.
|
20
|
-
rack-test (0.
|
19
|
+
rack (1.4.1)
|
20
|
+
rack-test (0.6.1)
|
21
21
|
rack (>= 1.0)
|
22
|
-
rake (0.
|
22
|
+
rake (0.9.2.2)
|
23
23
|
rspec (2.5.0)
|
24
24
|
rspec-core (~> 2.5.0)
|
25
25
|
rspec-expectations (~> 2.5.0)
|
26
26
|
rspec-mocks (~> 2.5.0)
|
27
|
-
rspec-core (2.5.
|
27
|
+
rspec-core (2.5.2)
|
28
28
|
rspec-expectations (2.5.0)
|
29
29
|
diff-lcs (~> 1.1.2)
|
30
30
|
rspec-mocks (2.5.0)
|
@@ -4,7 +4,12 @@ module OmniAuth
|
|
4
4
|
module Strategies
|
5
5
|
class Crowd
|
6
6
|
class Configuration
|
7
|
-
|
7
|
+
DEFAULT_AUTHENTICATION_URL = "%s/rest/usermanagement/latest/authentication"
|
8
|
+
DEFAULT_USER_GROUP_URL = "%s/rest/usermanagement/latest/user/group/direct"
|
9
|
+
attr_reader :crowd_application_name, :crowd_password, :disable_ssl_verification, :include_users_groups
|
10
|
+
|
11
|
+
alias :"disable_ssl_verification?" :disable_ssl_verification
|
12
|
+
alias :"include_users_groups?" :include_users_groups
|
8
13
|
|
9
14
|
# @param [Hash] params configuration options
|
10
15
|
# @option params [String, nil] :crowd_server_url the Crowd server root URL; probably something like
|
@@ -15,7 +20,11 @@ module OmniAuth
|
|
15
20
|
# @option params [String, nil] :application_name the application name specified in Crowd for this application, required.
|
16
21
|
# @option params [String, nil] :application_password the application password specified in Crowd for this application, required.
|
17
22
|
# @option params [Boolean, nil] :disable_ssl_verification disable verification for SSL cert,
|
18
|
-
#
|
23
|
+
# helpful when you developing with a fake cert.
|
24
|
+
# @option params [Boolean, true] : include a list of user groups when getting information ont he user
|
25
|
+
# @option params [String, nil] :crowd_user_group_url (:crowd_server_url + '/rest/usermanagement/latest/user/group/direct') the URL to which to
|
26
|
+
# use for retrieving users groups optional if `:crowd_server_url` is specified, or if `:include_user_groups` is false
|
27
|
+
# required otherwise.
|
19
28
|
def initialize(params)
|
20
29
|
parse_params params
|
21
30
|
end
|
@@ -24,31 +33,36 @@ module OmniAuth
|
|
24
33
|
#
|
25
34
|
# @param [String] username the username to validate
|
26
35
|
#
|
27
|
-
# @return [String] a URL like `
|
36
|
+
# @return [String] a URL like `https://crowd.myhost.com/crowd/rest/usermanagement/latest/authentication?username=USERNAME`
|
28
37
|
def authentication_url(username)
|
29
38
|
append_username @authentication_url, username
|
30
39
|
end
|
31
|
-
|
32
|
-
def
|
33
|
-
@
|
40
|
+
|
41
|
+
def user_group_url(username)
|
42
|
+
@user_group_url.nil? ? nil : append_username( @user_group_url, username)
|
34
43
|
end
|
35
44
|
|
36
45
|
private
|
37
|
-
DEFAULT_AUTHENTICATION_URL = "%s/rest/usermanagement/latest/authentication"
|
38
46
|
def parse_params(options)
|
47
|
+
options= {:include_user_groups => true}.merge(options || {})
|
39
48
|
%w(application_name application_password).each do |opt|
|
40
|
-
raise ArgumentError.new(":#{opt} MUST be provided") if options[opt.to_sym]
|
49
|
+
raise ArgumentError.new(":#{opt} MUST be provided") if options[opt.to_sym] == ""
|
41
50
|
end
|
42
51
|
@crowd_application_name = options[:application_name]
|
43
52
|
@crowd_password = options[:application_password]
|
44
53
|
|
45
|
-
unless options.include?(:crowd_server_url)
|
54
|
+
unless options.include?(:crowd_server_url) || options.include?(:crowd_authentication_url)
|
46
55
|
raise ArgumentError.new("Either :crowd_server_url or :crowd_authentication_url MUST be provided")
|
47
56
|
end
|
48
57
|
@authentication_url = options[:crowd_authentication_url] || DEFAULT_AUTHENTICATION_URL % options[:crowd_server_url]
|
49
58
|
validate_is_url 'authentication URL', @authentication_url
|
50
|
-
|
51
59
|
@disable_ssl_verification = options[:disable_ssl_verification]
|
60
|
+
@include_users_groups = options[:include_user_groups]
|
61
|
+
if @include_users_groups
|
62
|
+
@user_group_url = options[:crowd_user_group_url] || DEFAULT_USER_GROUP_URL % options[:crowd_server_url]
|
63
|
+
validate_is_url 'user group URL', @user_group_url
|
64
|
+
end
|
65
|
+
|
52
66
|
end
|
53
67
|
|
54
68
|
IS_NOT_URL_ERROR_MESSAGE = "%s is not a valid URL"
|
@@ -6,44 +6,69 @@ module OmniAuth
|
|
6
6
|
module Strategies
|
7
7
|
class Crowd
|
8
8
|
class CrowdValidator
|
9
|
+
AUTHENTICATION_REQUEST_BODY = "<password><value>%s</value></password>"
|
9
10
|
def initialize(configuration, username, password)
|
10
11
|
@configuration, @username, @password = configuration, username, password
|
11
|
-
@
|
12
|
+
@authentiction_uri = URI.parse(@configuration.authentication_url(@username))
|
13
|
+
@user_group_uri = @configuration.include_users_groups? ? URI.parse(@configuration.user_group_url(@username)) : nil
|
12
14
|
end
|
13
15
|
|
14
16
|
def user_info
|
15
|
-
|
16
|
-
|
17
|
+
user_info_hash = retrieve_user_info!
|
18
|
+
if user_info_hash && @configuration.include_users_groups?
|
19
|
+
add_user_groups(user_info_hash)
|
17
20
|
else
|
18
21
|
nil
|
19
22
|
end
|
20
23
|
end
|
21
24
|
|
22
25
|
private
|
23
|
-
def
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
"first_name" => doc.xpath("//user/first-name/text()").to_s,
|
31
|
-
"last_name" => doc.xpath("//user/last-name/text()").to_s,
|
32
|
-
"email" => doc.xpath("//user/email/text()").to_s
|
33
|
-
}
|
26
|
+
def add_user_groups(user_info_hash)
|
27
|
+
response, body = make_user_group_request
|
28
|
+
unless response.code.to_i != 200 || body.nil? || body == ''
|
29
|
+
doc = Nokogiri::XML(body)
|
30
|
+
user_info_hash["groups"] = doc.xpath("//groups/group/@name").map(&:to_s)
|
31
|
+
end
|
32
|
+
user_info_hash
|
34
33
|
end
|
35
|
-
|
36
|
-
def
|
37
|
-
|
38
|
-
|
34
|
+
|
35
|
+
def retrieve_user_info!
|
36
|
+
response, body = make_authorization_request
|
37
|
+
unless response.code.to_i != 200 || body.nil? || body == ''
|
38
|
+
doc = Nokogiri::XML(body)
|
39
|
+
{
|
40
|
+
"user" => doc.xpath("//user/@name").to_s,
|
41
|
+
"name" => doc.xpath("//user/display-name/text()").to_s,
|
42
|
+
"first_name" => doc.xpath("//user/first-name/text()").to_s,
|
43
|
+
"last_name" => doc.xpath("//user/last-name/text()").to_s,
|
44
|
+
"email" => doc.xpath("//user/email/text()").to_s
|
45
|
+
}
|
46
|
+
else
|
47
|
+
nil
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def make_user_group_request
|
52
|
+
http = Net::HTTP.new(@user_group_uri.host, @user_group_uri.port)
|
53
|
+
http.use_ssl = @user_group_uri.port == 443 || @user_group_uri.instance_of?(URI::HTTPS)
|
54
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl? && @configuration.disable_ssl_verification?
|
55
|
+
http.start do |c|
|
56
|
+
req = Net::HTTP::Get.new("#{@user_group_uri.path}?#{@user_group_uri.query}")
|
57
|
+
req.basic_auth @configuration.crowd_application_name, @configuration.crowd_password
|
58
|
+
http.request(req)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
def make_authorization_request
|
63
|
+
http = Net::HTTP.new(@authentiction_uri.host, @authentiction_uri.port)
|
64
|
+
http.use_ssl = @authentiction_uri.port == 443 || @authentiction_uri.instance_of?(URI::HTTPS)
|
39
65
|
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl? && @configuration.disable_ssl_verification?
|
40
66
|
http.start do |c|
|
41
|
-
req = Net::HTTP::Post.new("#{@
|
67
|
+
req = Net::HTTP::Post.new("#{@authentiction_uri.path}?#{@authentiction_uri.query}")
|
42
68
|
req.body = AUTHENTICATION_REQUEST_BODY % @password
|
43
69
|
req.basic_auth @configuration.crowd_application_name, @configuration.crowd_password
|
44
70
|
req.add_field 'Content-Type', 'text/xml'
|
45
|
-
|
46
|
-
@response.code.to_i == 200
|
71
|
+
http.request(req)
|
47
72
|
end
|
48
73
|
end
|
49
74
|
end
|
data/lib/omniauth_crowd.rb
CHANGED
@@ -0,0 +1,8 @@
|
|
1
|
+
<groups expand="group">
|
2
|
+
<group name="Developers">
|
3
|
+
<link rel="self" href="http://crowd.bogus.com/crowd/rest/usermanagement/latest/group?groupname=Developers"/>
|
4
|
+
</group>
|
5
|
+
<group name="jira-users">
|
6
|
+
<link rel="self" href="http://crowd.bogus.com/crowd/rest/usermanagement/latest/group?groupname=jira-users"/>
|
7
|
+
</group>
|
8
|
+
</groups>
|
@@ -26,7 +26,7 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
|
|
26
26
|
|
27
27
|
it 'should redirect to callback' do
|
28
28
|
last_response.should be_redirect
|
29
|
-
last_response.headers['Location'].should == '/auth/crowd/callback'
|
29
|
+
last_response.headers['Location'].should == 'http://example.org/auth/crowd/callback'
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
@@ -44,6 +44,8 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
|
|
44
44
|
before do
|
45
45
|
stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo").
|
46
46
|
to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'success.xml')))
|
47
|
+
stub_request(:get, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/user/group/direct?username=foo").
|
48
|
+
to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'groups.xml')))
|
47
49
|
get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}}
|
48
50
|
end
|
49
51
|
it 'should call through to the master app' do
|
@@ -57,6 +59,7 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
|
|
57
59
|
auth = last_request.env['omniauth.auth']['provider'].should == :crowd
|
58
60
|
auth = last_request.env['omniauth.auth']['uid'].should == 'foo'
|
59
61
|
auth = last_request.env['omniauth.auth']['user_info'].should be_kind_of(Hash)
|
62
|
+
auth = last_request.env['omniauth.auth']['user_info']['groups'].sort.should == ["Developers", "jira-users"].sort
|
60
63
|
end
|
61
64
|
end
|
62
65
|
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth_crowd
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 11
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 2
|
8
|
-
- 0
|
9
8
|
- 1
|
10
|
-
|
9
|
+
- 0
|
10
|
+
version: 2.1.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Robert Di Marco
|
@@ -15,12 +15,10 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date:
|
18
|
+
date: 2012-03-24 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
|
-
|
22
|
-
prerelease: false
|
23
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
21
|
+
version_requirements: &id001 !ruby/object:Gem::Requirement
|
24
22
|
none: false
|
25
23
|
requirements:
|
26
24
|
- - ~>
|
@@ -30,12 +28,12 @@ dependencies:
|
|
30
28
|
- 1
|
31
29
|
- 0
|
32
30
|
version: "1.0"
|
31
|
+
requirement: *id001
|
33
32
|
type: :runtime
|
34
|
-
version_requirements: *id001
|
35
|
-
- !ruby/object:Gem::Dependency
|
36
|
-
name: nokogiri
|
37
33
|
prerelease: false
|
38
|
-
|
34
|
+
name: omniauth
|
35
|
+
- !ruby/object:Gem::Dependency
|
36
|
+
version_requirements: &id002 !ruby/object:Gem::Requirement
|
39
37
|
none: false
|
40
38
|
requirements:
|
41
39
|
- - ">="
|
@@ -46,12 +44,12 @@ dependencies:
|
|
46
44
|
- 4
|
47
45
|
- 4
|
48
46
|
version: 1.4.4
|
47
|
+
requirement: *id002
|
49
48
|
type: :runtime
|
50
|
-
version_requirements: *id002
|
51
|
-
- !ruby/object:Gem::Dependency
|
52
|
-
name: rack
|
53
49
|
prerelease: false
|
54
|
-
|
50
|
+
name: nokogiri
|
51
|
+
- !ruby/object:Gem::Dependency
|
52
|
+
version_requirements: &id003 !ruby/object:Gem::Requirement
|
55
53
|
none: false
|
56
54
|
requirements:
|
57
55
|
- - ">="
|
@@ -60,12 +58,12 @@ dependencies:
|
|
60
58
|
segments:
|
61
59
|
- 0
|
62
60
|
version: "0"
|
61
|
+
requirement: *id003
|
63
62
|
type: :development
|
64
|
-
version_requirements: *id003
|
65
|
-
- !ruby/object:Gem::Dependency
|
66
|
-
name: rake
|
67
63
|
prerelease: false
|
68
|
-
|
64
|
+
name: rack
|
65
|
+
- !ruby/object:Gem::Dependency
|
66
|
+
version_requirements: &id004 !ruby/object:Gem::Requirement
|
69
67
|
none: false
|
70
68
|
requirements:
|
71
69
|
- - ">="
|
@@ -74,12 +72,12 @@ dependencies:
|
|
74
72
|
segments:
|
75
73
|
- 0
|
76
74
|
version: "0"
|
75
|
+
requirement: *id004
|
77
76
|
type: :development
|
78
|
-
version_requirements: *id004
|
79
|
-
- !ruby/object:Gem::Dependency
|
80
|
-
name: rack-test
|
81
77
|
prerelease: false
|
82
|
-
|
78
|
+
name: rake
|
79
|
+
- !ruby/object:Gem::Dependency
|
80
|
+
version_requirements: &id005 !ruby/object:Gem::Requirement
|
83
81
|
none: false
|
84
82
|
requirements:
|
85
83
|
- - ">="
|
@@ -88,12 +86,12 @@ dependencies:
|
|
88
86
|
segments:
|
89
87
|
- 0
|
90
88
|
version: "0"
|
89
|
+
requirement: *id005
|
91
90
|
type: :development
|
92
|
-
version_requirements: *id005
|
93
|
-
- !ruby/object:Gem::Dependency
|
94
|
-
name: rspec
|
95
91
|
prerelease: false
|
96
|
-
|
92
|
+
name: rack-test
|
93
|
+
- !ruby/object:Gem::Dependency
|
94
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
97
95
|
none: false
|
98
96
|
requirements:
|
99
97
|
- - ~>
|
@@ -104,12 +102,12 @@ dependencies:
|
|
104
102
|
- 5
|
105
103
|
- 0
|
106
104
|
version: 2.5.0
|
105
|
+
requirement: *id006
|
107
106
|
type: :development
|
108
|
-
version_requirements: *id006
|
109
|
-
- !ruby/object:Gem::Dependency
|
110
|
-
name: webmock
|
111
107
|
prerelease: false
|
112
|
-
|
108
|
+
name: rspec
|
109
|
+
- !ruby/object:Gem::Dependency
|
110
|
+
version_requirements: &id007 !ruby/object:Gem::Requirement
|
113
111
|
none: false
|
114
112
|
requirements:
|
115
113
|
- - ~>
|
@@ -120,12 +118,12 @@ dependencies:
|
|
120
118
|
- 3
|
121
119
|
- 4
|
122
120
|
version: 1.3.4
|
121
|
+
requirement: *id007
|
123
122
|
type: :development
|
124
|
-
version_requirements: *id007
|
125
|
-
- !ruby/object:Gem::Dependency
|
126
|
-
name: bundler
|
127
123
|
prerelease: false
|
128
|
-
|
124
|
+
name: webmock
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
version_requirements: &id008 !ruby/object:Gem::Requirement
|
129
127
|
none: false
|
130
128
|
requirements:
|
131
129
|
- - ~>
|
@@ -136,8 +134,10 @@ dependencies:
|
|
136
134
|
- 0
|
137
135
|
- 0
|
138
136
|
version: 1.0.0
|
137
|
+
requirement: *id008
|
139
138
|
type: :development
|
140
|
-
|
139
|
+
prerelease: false
|
140
|
+
name: bundler
|
141
141
|
description: This is an OmniAuth provider for Atlassian Crowd's REST API. It allows you to easily integrate your Rack application in with Atlassian Crowd.
|
142
142
|
email:
|
143
143
|
- rob@innovationontherun.com
|
@@ -155,13 +155,13 @@ files:
|
|
155
155
|
- LICENSE.txt
|
156
156
|
- README.rdoc
|
157
157
|
- Rakefile
|
158
|
-
- VERSION
|
159
158
|
- lib/omniauth/strategies/crowd.rb
|
160
159
|
- lib/omniauth/strategies/crowd/configuration.rb
|
161
160
|
- lib/omniauth/strategies/crowd/crowd_validator.rb
|
162
161
|
- lib/omniauth_crowd.rb
|
163
162
|
- lib/omniauth_crowd/version.rb
|
164
163
|
- omniauth_crowd.gemspec
|
164
|
+
- spec/fixtures/groups.xml
|
165
165
|
- spec/fixtures/success.xml
|
166
166
|
- spec/omniauth/strategies/crowd_spec.rb
|
167
167
|
- spec/spec_helper.rb
|
@@ -199,6 +199,7 @@ signing_key:
|
|
199
199
|
specification_version: 3
|
200
200
|
summary: An OmniAuth provider for Atlassian Crowd REST API
|
201
201
|
test_files:
|
202
|
+
- spec/fixtures/groups.xml
|
202
203
|
- spec/fixtures/success.xml
|
203
204
|
- spec/omniauth/strategies/crowd_spec.rb
|
204
205
|
- spec/spec_helper.rb
|
data/VERSION
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
1.0.1
|