openam_auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9cf4acae2226611b478dd5bf2f992b71372f94e9
+  data.tar.gz: 98d65914ba32096233b213bbcc80501aa1478429
+SHA512:
+  metadata.gz: 6d102e557c3cf6fa977581859e7ef67a4a7f5d48dc0af78af711eb45f652aac57c22ff8738beda6b30a1fca9c1dd75db5440bdc94104416958cc19bed3bfce94
+  data.tar.gz: 5df3aeaf18e671355783c058e3c1666c784e5e9dee2d4a52ef6dc44187b56c6474a72d1dc821ff6c20a91381bb3c12ed9d6f229180f885b24b3cb63d56c188ef

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in openam_auth.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 sameera207
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,106 @@
+# OpenamAuth
+
+ruby authentication client for forgerock OpenAM server (http://forgerock.com/products/open-identity-stack/openam/), this ruby client will work with OpenAM Policy Agent for Nginx https://bitbucket.org/hamano/nginx-mod-am
+
+Read more about OpenAM REST api
+
+https://wikis.forgerock.org/confluence/display/openam/Use+OpenAM+RESTful+Services
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'openam_auth'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install openam_auth
+    
+## Running tests
+  
+    rspec
+
+## Usage
+
+### Using with Devise
+
+1. install the gem (as described above)
+2. create a file in `config/initializers`
+
+```ruby
+    #config/initializers/openam_config.rb
+    OpenamConfig.config do
+      openam_url <Path to your openam server>
+    end
+```
+3. **openam_auth assumes** you have a `User` model in you project and it has the following two methods implemented
+
+
+```ruby
+   
+   class User 
+     
+     # sends the token (from openam server) as a parameter
+     def self.existing_user_by_token(token)
+       # this method should return a user object, if matching record found
+       # or nil if there are not matching record found
+     end
+     
+     # authentication token from OpenAm server
+     # user hash 
+     # ex: { "sn" => ["admin"] }
+     # NOTE: hash will have the key and value array
+     def self.update_openam_user(token, hash)
+       #this method should either update the existing user token, if user found
+       #or create a new user and return that user
+     end
+     
+   end
+
+```
+
+**Note**, you may want to add some more columns for the existing `users` table to accomodate the values passed by the hash. Read the section *3.5. Token Validation, Attribute Retrieval*  http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/#rest-api-auth for more info.
+
+
+
+
+4.  in your controller , `Ex: ApplicationController`, include the `OpenamAuth::Authenticate` module
+
+```ruby
+   class ApplicationController < ActionController::Base
+      include OpenamAuth::Authenticate
+   end
+```
+
+5 . Finally implement the before_filter for `authenticate_user!`
+
+```ruby
+   before_filter :authenticate_user!    
+```
+6 . For `logout` you could  use `openam_logout` with current user token from your controller
+
+```ruby
+  openam_logout(<current user token>)
+```
+
+### Special thanks :)   
+
+https://github.com/tychobrailleur/openam-sample
+
+http://speakmy.name/2011/05/29/simple-configuration-for-ruby-apps/
+
+http://say26.com/rspec-testing-controllers-outside-of-a-rails-application
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/openam_auth/authenticate.rb

@@ -0,0 +1,46 @@
+module OpenamAuth
+  module Authenticate
+    module ClassMethods ; end
+
+    module InstanceMethods
+
+      def authenticate_user!
+        status = false
+        openam = OpenamAuth::Openam.new
+        cookie_name = openam.cookie_name
+        token = openam.token_cookie(request, cookie_name)
+
+        #The following class  method shold be implemented by the parent application
+        user = User.existing_user_by_token(token)
+
+        unless user
+          if openam.valid_token?(token)
+            response = openam.openam_user(cookie_name, token)
+            user_hash = openam.user_hash(response.body)
+            #following class method should be implemented by the parent application
+            user = User.update_openam_user(token, user_hash)
+          end
+        end
+        if user
+          session[:user_id] = user.id
+          status = true
+        end
+        status ? true : (redirect_to openam.login_url)
+      end
+    end
+
+    def openam_logout(token)
+      OpenamAuth::Openam.new.logout(token)
+    end
+
+    def current_user
+      User.where(id: session[:user_id]).first
+    end
+
+    def self.included(receiver)
+      receiver.extend         ClassMethods
+      receiver.send :include, InstanceMethods
+    end
+  end
+end
+

data/lib/openam_auth/openam.rb

@@ -0,0 +1,64 @@
+require 'httparty'
+
+module OpenamAuth
+  class Openam
+    include HTTParty
+
+    COOKIE_NAME_FOR_TOKEN = "/identity/getCookieNameForToken"
+    IS_TOKEN_VALID = "/identity/isTokenValid"
+    USER_ATTRIBUTES = "/identity/attributes"
+    LOGIN_URL = "/UI/Login?goto="
+    LOGOUT_URL = "/identity/logout"
+
+
+    def initialize
+      @base_url = OpenamConfig.openam_url
+    end
+
+    def cookie_name
+      response = self.class.post("#{@base_url}#{COOKIE_NAME_FOR_TOKEN}", {})
+      response.body.split('=').last.strip
+    end
+
+    def token_cookie(request, cookie_name)
+      token_cookie = CGI.unescape(request.cookies.fetch(cookie_name, nil).to_s.gsub('+', '%2B'))
+      token_cookie != '' ? token_cookie : nil
+    end
+
+    def valid_token?(token)
+      response = self.class.get("#{@base_url}#{IS_TOKEN_VALID}?tokenid=#{token}", {})
+      response.body.split('=').last.strip == 'true'
+    end
+
+    def openam_user(token_cookie_name, token)
+      self.class.cookies({ token_cookie_name => token })
+      self.class.post("#{@base_url}#{USER_ATTRIBUTES}", {:subjectid => token})
+    end
+
+    def login_url
+      "#{@base_url}#{LOGIN_URL}"
+    end
+
+    def logout(token)
+      self.class.get("#{@base_url}#{LOGOUT_URL}?subjectid=#{token}", {})
+    end
+
+    def user_hash(response)
+      opensso_user = Hash.new{ |h,k| h[k] = Array.new }
+      attribute_name = ''
+      lines = response.split(/\n/)
+      lines.each do |line|
+        line = line.strip
+        if line.match(/^userdetails.attribute.name=/)
+          attribute_name = line.gsub(/^userdetails.attribute.name=/, '').strip
+        elsif line.match(/^userdetails.attribute.value=/)
+          opensso_user[attribute_name] << line.gsub(/^userdetails.attribute.value=/, '').strip
+        end
+      end
+      opensso_user
+    end
+
+
+  end
+end
+

data/lib/openam_auth/openam_config.rb

@@ -0,0 +1,23 @@
+module OpenamConfig
+  extend self
+
+  def parameter(*names)
+    names.each do |name|
+      attr_accessor name
+
+      define_method name do |*values|
+        value = values.first
+        value ? self.send("#{name}=", value) : instance_variable_get("@#{name}")
+      end
+    end
+  end
+
+  def config(&block)
+    instance_eval &block
+  end
+
+end
+
+OpenamConfig.config do
+  parameter :openam_url
+end

data/lib/openam_auth/version.rb

@@ -0,0 +1,3 @@
+module OpenamAuth
+  VERSION = "0.0.1"
+end

data/lib/openam_auth.rb

@@ -0,0 +1,5 @@
+require "openam_auth/version"
+require "openam_auth/openam"
+require "openam_auth/authenticate"
+require "openam_auth/openam_config"
+

data/openam_auth.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'openam_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "openam_auth"
+  spec.version       = OpenamAuth::VERSION
+  spec.authors       = ["sameera207"]
+  spec.email         = ["sameera207@gmail.com"]
+  spec.description   = %q{ruby authentication client for OpenAm}
+  spec.summary       = %q{ruby authentication client for forgerock OpenAM}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "webmock"
+  spec.add_development_dependency "actionpack"
+  spec.add_development_dependency "activesupport"
+  spec.add_development_dependency "httparty"
+end

data/spec/fixtures/application.rb

@@ -0,0 +1,22 @@
+require 'active_support/all'
+require 'action_controller'
+require 'action_dispatch'
+
+module Rails
+  class App
+    def env_config; {} end
+    def routes
+      return @routes if defined?(@routes)
+      @routes = ActionDispatch::Routing::RouteSet.new
+      @routes.draw do
+        resources :posts
+      end
+      @routes
+    end
+  end
+
+  def self.application
+    @app ||= App.new
+  end
+end
+

data/spec/fixtures/controllers.rb

@@ -0,0 +1,29 @@
+require 'openam_auth'
+
+class User
+
+  attr_accessor :id, :name
+
+  def self.existing_user_by_token(token)
+    nil
+  end
+
+  def self.update_openam_user(token, user_hash)
+    User.new
+  end
+
+end
+
+class ApplicationController < ActionController::Base
+  include Rails.application.routes.url_helpers
+
+  def render(*attributes); end
+end
+
+class PostsController < ApplicationController
+  include OpenamAuth::Authenticate
+
+  before_filter :authenticate_user!
+
+  def index; end
+end

data/spec/openam_auth_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+require 'openam_auth'
+
+describe OpenamAuth do
+
+  let(:token) { '121212121' }
+  let!(:openam_url) { OpenamConfig.config do
+                        openam_url 'http://server.openam.com'
+                      end }
+
+  describe OpenamAuth, "#get cookie name"  do
+    before do
+      stub_request(:post, "#{openam_url}/identity/getCookieNameForToken").
+        to_return(:status => 200, :body => "string=iPlanetDirectoryPro\n", :headers => {})
+    end
+
+    it "should return the correct cookie name" do
+      OpenamAuth::Openam.new.cookie_name.should eq("iPlanetDirectoryPro")
+    end
+  end
+
+  describe OpenamAuth, "#validating token" do
+
+    before do
+      stub_request(:get, "#{openam_url}/identity/isTokenValid?tokenid=#{token}").
+        to_return(:status => 200, :body => "boolean=true\n", :headers => {})
+    end
+
+    it "should be a valid token" do
+      OpenamAuth::Openam.new.valid_token?(token).should be_true
+    end
+  end
+
+  describe OpenamAuth, "#openam user" do
+    let(:response) {  <<EOF
+    userdetails.token.id=#{token}
+    userdetails.attribute.name=mail
+    userdetails.attribute.name=sunidentitymsisdnnumber
+    userdetails.attribute.name=sn
+    userdetails.attribute.value=amAdmin
+EOF
+    }
+
+    before do
+      stub_request(:post, "#{openam_url}/identity/attributes").
+        with(:headers => {"Cookie"=>"iPlanetDirectoryPro=#{token}"}).
+        to_return(:status => 200, :body => response, :headers => {})
+    end
+
+    it "should return openam user string" do
+      OpenamAuth::Openam.new.openam_user('iPlanetDirectoryPro',token).to_s.should eq(response)
+    end
+
+    it "should parse response" do
+      OpenamAuth::Openam.new.user_hash(response).should eq({"sn" => ["amAdmin"] })
+    end
+
+  end
+
+end

data/spec/posts_controller_spec.rb

@@ -0,0 +1,72 @@
+require 'fixtures/application'
+require 'fixtures/controllers'
+require 'rspec/rails'
+require 'spec_helper'
+
+describe PostsController, type: :controller do
+
+  let(:token) { '123456' }
+  let!(:openam_url) { OpenamConfig.config do
+                         openam_url 'http://server.openam.com'
+                      end }
+  let(:response) {  <<EOF
+    userdetails.token.id=#{token}
+    userdetails.attribute.name=mail
+    userdetails.attribute.name=sunidentitymsisdnnumber
+    userdetails.attribute.name=sn
+    userdetails.attribute.value=amAdmin
+EOF
+}
+
+  before { OpenamAuth::Openam.any_instance.stub(:token_cookie).and_return(token) }
+
+  describe "#index, authenticate by the openam server" do
+
+    before do
+      stub_request(:post, "#{openam_url}/identity/getCookieNameForToken").
+        to_return(:status => 200, :body => "string=iPlanetDirectoryPro\n", :headers => {})
+    end
+
+    subject { OpenamAuth::Openam.new }
+
+    describe PostsController, "#when the token is valid"  do
+
+      before do
+        stub_request(:get, "#{openam_url}/identity/isTokenValid?tokenid=#{token}").
+          to_return(:status => 200, :body => "boolean=true\n", :headers => {})
+        stub_request(:post, "#{openam_url}/identity/attributes").
+          with(:headers => {"Cookie"=>"iPlanetDirectoryPro=#{token}"}).
+          to_return(:status => 200, :body => response, :headers => {})
+      end
+
+      it "should authenticate the request" do
+        subject.cookie_name.should eq('iPlanetDirectoryPro')
+        subject.token_cookie.should eq(token)
+        User.existing_user_by_token(token).should be_nil
+        subject.valid_token?(token).should be_true
+        subject.openam_user('iPlanetDirectoryPro', token).to_s.should eq(response)
+        subject.user_hash(subject.openam_user('iPlanetDirectoryPro', token)).should eq({ "sn" => ["amAdmin"] })
+
+        get :index
+        response.should be_true
+      end
+
+    end
+
+    describe PostsController, "#when the token is invalid"  do
+
+      before do
+        stub_request(:get, "#{openam_url}/identity/isTokenValid?tokenid=#{token}").
+        to_return(:status => 200, :body => "boolean=false\n", :headers => {})
+      end
+
+      it "should authenticate the request" do
+        get :index
+        response.should redirect_to "#{openam_url}/UI/Login?goto="
+      end
+
+    end
+
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+require 'webmock/rspec'
+
+WebMock.disable_net_connect!(allow_localhost: true)
+

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: openam_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- sameera207
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ruby authentication client for OpenAm
+email:
+- sameera207@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/openam_auth.rb
+- lib/openam_auth/authenticate.rb
+- lib/openam_auth/openam.rb
+- lib/openam_auth/openam_config.rb
+- lib/openam_auth/version.rb
+- openam_auth.gemspec
+- spec/fixtures/application.rb
+- spec/fixtures/controllers.rb
+- spec/openam_auth_spec.rb
+- spec/posts_controller_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.11
+signing_key: 
+specification_version: 4
+summary: ruby authentication client for forgerock OpenAM
+test_files:
+- spec/fixtures/application.rb
+- spec/fixtures/controllers.rb
+- spec/openam_auth_spec.rb
+- spec/posts_controller_spec.rb
+- spec/spec_helper.rb