puavo_authentication 0.0.11 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/lib/puavo/authentication.rb
CHANGED
|
@@ -10,7 +10,7 @@ module Puavo
|
|
|
10
10
|
logger.debug "uid: #{login}"
|
|
11
11
|
|
|
12
12
|
begin
|
|
13
|
-
user =
|
|
13
|
+
user = self.find(:first, :attribute => "uid", :value => login)
|
|
14
14
|
|
|
15
15
|
if user.bind(password)
|
|
16
16
|
host = LdapBase.configuration[:host]
|
|
@@ -18,6 +18,11 @@ module Puavo
|
|
|
18
18
|
user.remove_connection
|
|
19
19
|
LdapBase.ldap_setup_connection(host, base, user.dn, password)
|
|
20
20
|
|
|
21
|
+
# Allow authentication always if logged in user is ExteralService object
|
|
22
|
+
if user.class == ExternalService
|
|
23
|
+
return user
|
|
24
|
+
end
|
|
25
|
+
|
|
21
26
|
# Allow authetication only if user is School Admin in the some School or organisation owner.
|
|
22
27
|
if School.find( :first, :attribute => "puavoSchoolAdmin", :value => user.dn ) ||
|
|
23
28
|
LdapOrganisation.first.owner.include?(user.dn)
|
|
@@ -27,7 +27,11 @@ module PuavoAuthentication
|
|
|
27
27
|
password = ""
|
|
28
28
|
|
|
29
29
|
user = authenticate_with_http_basic do |login, password|
|
|
30
|
-
|
|
30
|
+
if login.match(/^service\//)
|
|
31
|
+
ExternalService.authenticate(login.match(/^service\/(.*)/)[1], password)
|
|
32
|
+
else
|
|
33
|
+
User.authenticate(login, password)
|
|
34
|
+
end
|
|
31
35
|
end
|
|
32
36
|
logger.debug "Basic Auth User: " + user.inspect
|
|
33
37
|
if user
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puavo_authentication
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 5
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 13
|
|
10
|
+
version: 0.0.13
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Jouni Korhonen
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-09-07 00:00:00 +03:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|
|
@@ -40,7 +40,6 @@ files:
|
|
|
40
40
|
- lib/puavo/authorization.rb
|
|
41
41
|
- lib/puavo/connection.rb
|
|
42
42
|
- lib/puavo_authentication.rb
|
|
43
|
-
- lib/puavo_authentication/controllers/#helpers.rb#
|
|
44
43
|
- lib/puavo_authentication/controllers/helpers.rb
|
|
45
44
|
- lib/tasks/puavo_ldap_auth.rake
|
|
46
45
|
- lib/user_error.rb
|
|
@@ -1,97 +0,0 @@
|
|
|
1
|
-
module PuavoAuthentication
|
|
2
|
-
module Controllers
|
|
3
|
-
module Helpers
|
|
4
|
-
def current_user
|
|
5
|
-
unless session[:dn].nil?
|
|
6
|
-
unless @current_user.nil?
|
|
7
|
-
return @current_user
|
|
8
|
-
else
|
|
9
|
-
begin
|
|
10
|
-
return @current_user = User.find(session[:dn]) # REST/OAuth?
|
|
11
|
-
rescue
|
|
12
|
-
logger.info "Session's user not found! User is removed from ldap server."
|
|
13
|
-
logger.info "session[:dn]: #{session[:dn]}"
|
|
14
|
-
# Delete ldap connection informations from session.
|
|
15
|
-
session.delete :password_plaintext
|
|
16
|
-
session.delete :dn
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
return nil
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def login_required
|
|
24
|
-
case request.format
|
|
25
|
-
when !current_user && Mime::JSON
|
|
26
|
-
logger.debug "Using HTTP basic authentication"
|
|
27
|
-
password = ""
|
|
28
|
-
|
|
29
|
-
user = authenticate_with_http_basic do |login, password|
|
|
30
|
-
User.authenticate(login, password)
|
|
31
|
-
end
|
|
32
|
-
logger.debug "Basic Auth User: " + user.inspect
|
|
33
|
-
if user
|
|
34
|
-
session[:dn] = user.dn
|
|
35
|
-
session[:password_plaintext] = password
|
|
36
|
-
logger.debug "Logged in with http basic authentication"
|
|
37
|
-
else
|
|
38
|
-
request_http_basic_authentication
|
|
39
|
-
end
|
|
40
|
-
else
|
|
41
|
-
unless current_user
|
|
42
|
-
store_location
|
|
43
|
-
flash[:notice] = t('must_be_logged_in')
|
|
44
|
-
redirect_to login_path
|
|
45
|
-
return false
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def store_location
|
|
51
|
-
session[:return_to] = request.request_uri
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
def redirect_back_or_default(default)
|
|
55
|
-
redirect_to(session[:return_to] || default)
|
|
56
|
-
session[:return_to] = nil
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def ldap_setup_connection
|
|
60
|
-
host = ""
|
|
61
|
-
base = ""
|
|
62
|
-
default_ldap_configuration = ActiveLdap::Base.ensure_configuration
|
|
63
|
-
unless session[:organisation].nil?
|
|
64
|
-
host = session[:organisation].ldap_host
|
|
65
|
-
base = session[:organisation].ldap_base
|
|
66
|
-
end
|
|
67
|
-
if session[:dn]
|
|
68
|
-
dn = session[:dn]
|
|
69
|
-
password = session[:password_plaintext]
|
|
70
|
-
else
|
|
71
|
-
dn = default_ldap_configuration["bind_dn"]
|
|
72
|
-
password = default_ldap_configuration["password"]
|
|
73
|
-
end
|
|
74
|
-
logger.debug "Set host, bind_dn, base and password by user:"
|
|
75
|
-
logger.debug "host: #{host}"
|
|
76
|
-
2 logger.debug "base: #{base}"
|
|
77
|
-
logger.debug "dn: #{session[:dn]}"
|
|
78
|
-
#logger.debug "password: #{session[:password_plaintext]}"
|
|
79
|
-
LdapBase.ldap_setup_connection(host, base, dn, password)
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
def remove_ldap_connection
|
|
83
|
-
ActiveLdap::Base.active_connections.keys.each do |connection_name|
|
|
84
|
-
ActiveLdap::Base.remove_connection(connection_name)
|
|
85
|
-
end
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
def organisation_owner?
|
|
89
|
-
Puavo::Authorization.organisation_owner?
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
def set_authorization_user
|
|
93
|
-
Puavo::Authorization.current_user = current_user if current_user
|
|
94
|
-
end
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
end
|