rack-auth-kerberos 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGES +3 -0
- data/README +3 -0
- data/lib/rack/auth/kerberos.rb +13 -2
- data/rack-auth-kerberos.gemspec +2 -2
- data/test/test_rack_auth_kerberos.rb +1 -1
- metadata +3 -2
data/CHANGES
CHANGED
data/README
CHANGED
|
@@ -26,6 +26,9 @@ and env['AUTH_FAIL'] is set to an error message explaining what went wrong.
|
|
|
26
26
|
Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the
|
|
27
27
|
request is forwarded normally.
|
|
28
28
|
|
|
29
|
+
Some details are logged in env['AUTH_LOG'], primarily for debugging purposes,
|
|
30
|
+
if needed.
|
|
31
|
+
|
|
29
32
|
= TODO
|
|
30
33
|
Handle other types of authentication, e.g. HTTP basic auth with a username
|
|
31
34
|
and password are submitted, instead of only looking in request params.
|
data/lib/rack/auth/kerberos.rb
CHANGED
|
@@ -4,7 +4,11 @@ module Rack
|
|
|
4
4
|
module Auth
|
|
5
5
|
class Kerberos
|
|
6
6
|
# The version of the rack-auth-kerberos library.
|
|
7
|
-
VERSION = '0.2.
|
|
7
|
+
VERSION = '0.2.2'
|
|
8
|
+
|
|
9
|
+
def log(msg)
|
|
10
|
+
@log << "\n #{msg}"
|
|
11
|
+
end
|
|
8
12
|
|
|
9
13
|
# Creates a new Rack::Kerberos object. The +user_field+ and +password_field+
|
|
10
14
|
# are the params looked for in the call method. The defaults are 'username'
|
|
@@ -28,6 +32,7 @@ module Rack
|
|
|
28
32
|
else
|
|
29
33
|
@realm = @kerberos.get_default_realm
|
|
30
34
|
end
|
|
35
|
+
@log = "Initializing Rack::Auth::Kerberos"
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
# The call method we've defined first checks to see if the AUTH_USER
|
|
@@ -57,6 +62,7 @@ module Rack
|
|
|
57
62
|
user = request.params[@user_field]
|
|
58
63
|
password = request.params[@password_field]
|
|
59
64
|
|
|
65
|
+
log "Kerberos user: #{user}, password length: #{password.nil? ? 'nil' : password.size}"
|
|
60
66
|
# Only authenticate user if both the username and password fields are present
|
|
61
67
|
unless user && password
|
|
62
68
|
return @app.call(env)
|
|
@@ -65,7 +71,8 @@ module Rack
|
|
|
65
71
|
# Automatically append the realm if not already present
|
|
66
72
|
user_with_realm = user.dup
|
|
67
73
|
user_with_realm += "@#{@realm}" unless user.include?('@')
|
|
68
|
-
|
|
74
|
+
log "Kerberos user_with_realm: #{user_with_realm}"
|
|
75
|
+
|
|
69
76
|
# Do not authenticate if either one of these is set
|
|
70
77
|
if env['AUTH_USER'] || env['AUTH_FAIL']
|
|
71
78
|
return @app.call(env)
|
|
@@ -80,6 +87,7 @@ module Rack
|
|
|
80
87
|
when /integrity check failed/i
|
|
81
88
|
msg = "Invalid password for '#{user}'"
|
|
82
89
|
else
|
|
90
|
+
log "Krb5Auth::Krb5::Exception: #{err.message}"
|
|
83
91
|
msg = "Error attempting to validate userid and password"
|
|
84
92
|
end
|
|
85
93
|
|
|
@@ -87,6 +95,7 @@ module Rack
|
|
|
87
95
|
env['AUTH_FAIL'] = msg
|
|
88
96
|
rescue => err
|
|
89
97
|
env.delete('AUTH_USER')
|
|
98
|
+
log "Kerberos Unexpected Error: #{err.message}"
|
|
90
99
|
env['AUTH_FAIL'] = "Unexpected failure during Kerberos authentication"
|
|
91
100
|
else
|
|
92
101
|
env.delete('AUTH_FAIL')
|
|
@@ -100,6 +109,8 @@ module Rack
|
|
|
100
109
|
@kerberos.close
|
|
101
110
|
end
|
|
102
111
|
|
|
112
|
+
log "Kerberos sign in results: AUTH_TYPE_USER=#{env['AUTH_TYPE_USER']}, AUTH_FAIL=#{env['AUTH_FAIL']}"
|
|
113
|
+
env['AUTH_LOG'] = @log
|
|
103
114
|
@app.call(env)
|
|
104
115
|
end
|
|
105
116
|
end
|
data/rack-auth-kerberos.gemspec
CHANGED
|
@@ -2,8 +2,8 @@ require 'rubygems'
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |gem|
|
|
4
4
|
gem.name = 'rack-auth-kerberos'
|
|
5
|
-
gem.version = '0.2.
|
|
6
|
-
gem.authors = ["Daniel Berger", "Charlie O'Keefe"]
|
|
5
|
+
gem.version = '0.2.2'
|
|
6
|
+
gem.authors = ["Daniel Berger", "Charlie O'Keefe", "Marty Haught"]
|
|
7
7
|
gem.email = 'dberger@globe.gov'
|
|
8
8
|
gem.homepage = 'http://www.github.com/rack-kerberos'
|
|
9
9
|
gem.summary = 'A Rack library that authenticates people using Kerberos'
|
metadata
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-auth-kerberos
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Berger
|
|
8
8
|
- Charlie O'Keefe
|
|
9
|
+
- Marty Haught
|
|
9
10
|
autorequire:
|
|
10
11
|
bindir: bin
|
|
11
12
|
cert_chain: []
|
|
12
13
|
|
|
13
|
-
date:
|
|
14
|
+
date: 2010-01-13 00:00:00 -07:00
|
|
14
15
|
default_executable:
|
|
15
16
|
dependencies:
|
|
16
17
|
- !ruby/object:Gem::Dependency
|