rack-auth-ldap 0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ODg4YmYwN2IxMTUwMzNkN2E3NWIyZTY3ODAwZTg0NzQ2MmZkYTZhYw==
+  data.tar.gz: !binary |-
+    NjYwMjBlMmZmZDQxYjc2OWYxMGVhODFiNzEyMWMyNzU2ZTNhZWQ2Mg==
+SHA512:
+  metadata.gz: !binary |-
+    YWNjNjg4MzliN2M1MmZhNzJlMTE2NTYyODM1ZTVhMWJjZWMxMTA4ZTlkODUw
+    OTAyZWM0OGVlY2QwNjUzMjkzZjAyMzFhYTk2MWUwMGU0NTE1NTI0Njc3NDU3
+    YjAxNTYxNDI4Mjg5N2VjMGFkYzVjODQyYjFhNTk4Zjc0ZmMzMWM=
+  data.tar.gz: !binary |-
+    ODMyZWI1MTc1YTFhYWYyZjdjZTY0MTVhN2YxOGFlOWRhODhjODE4N2MzZjZk
+    N2IxYmY1MjViNGFhMTExMWE3MmZhMmEzOTYyODAxYzIzYWJmYTExNTRiNGE5
+    MTBlMzczYTA0MjJlMzU2NWRiOWRjYjQyNjE4ZjgwNDM5M2Q3NGM=

data/COPYRIGHT

@@ -0,0 +1,23 @@
+rack-auth-ldap Copyright (c) 2014 Ultragreen Software, Romain GEORGES
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE

data/README.rdoc

@@ -0,0 +1,7 @@
+= rack-auth-ldap
+
+Rack Middleware LDAP authentication
+
+== Copyright
+
+Copyright (c) 2014 Romain GEORGES. See COPYRIGHT for details.

data/Rakefile

@@ -0,0 +1,60 @@
+require "bundler/gem_tasks"
+require 'rubygems'
+require 'rspec'
+require 'rake'
+require "rake/clean"
+require "rubygems/package_task"
+require "rdoc/task"
+require 'code_statistics'
+require 'rspec/core/rake_task'
+require 'yard'
+require 'yard/rake/yardoc_task.rb'
+require "rake/tasklib"
+require "roodi"
+require "roodi_task"
+
+
+RoodiTask.new() do | t |
+t.patterns = %w(lib/**/*.rb)
+end
+
+
+CLEAN.include('*.tmp','*.old')
+CLOBBER.include('*.tmp', 'build/*','#*#')
+
+
+content = File::readlines(File.join(File.dirname(__FILE__), 'rack-auth-ldap.gemspec')).join
+spec = eval(content)
+
+RSpec::Core::RakeTask.new('spec')
+
+YARD::Rake::YardocTask.new do |t|
+  t.files   = [ 'lib/**/*.rb', '-', 'doc/**/*','spec/**/*_spec.rb']
+  t.options += ['--title', "Gem Documentation"]
+  t.options += ['-o', "yardoc"]
+  t.options += ['-r', "doc/manual.rdoc"]
+end
+YARD::Config.load_plugin('yard-rspec')
+
+namespace :yardoc do
+  task :clobber do
+    rm_r "yardoc" rescue nil
+    rm_r ".yardoc" rescue nil
+  end
+end
+task :clobber => "yardoc:clobber"
+
+
+Gem::PackageTask.new(spec) do |pkg|
+  pkg.need_tar = true
+  pkg.need_zip = true
+end
+
+Rake::RDocTask.new('rdoc') do |d|
+  d.rdoc_files.include('doc/**/*','bin/*')
+  d.main = 'doc/manual.rdoc'
+  d.title = 'Dorsal : Yard'
+  d.options << '--line-numbers' << '--diagram' << '-SHN'
+end
+
+task :default => [:gem]

data/examples/config.ru

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'rack'
+gem 'rack-auth-ldap'
+require 'rack/auth/ldap'
+require 'yaml'
+
+require File.dirname(__FILE__) + '/sinatra_example'
+
+use Rack::Auth::Ldap
+run Sinatra::Application

data/examples/ldap.yml

@@ -0,0 +1,15 @@
+production: &ldap_defaults
+  hostname: localhost
+  basedn: ou=groups,dc=domain,dc=tld
+  rootdn: cn=admin,dc=domain,dc=tld
+  passdn: secret
+  auth: true
+  port: 389
+  username_ldap_attribut: uid
+
+
+test:
+  <<: *ldap_defults
+
+development:
+  <<: *ldap_defults

data/examples/sinatra_example.rb

@@ -0,0 +1,21 @@
+require 'rubygems'
+require 'sinatra'
+
+require 'haml'
+
+
+
+get '/' do
+ haml :index
+end
+
+
+enable :inline_templates
+
+__END__
+
+@@ index 
+%h1 Rack::Auth::Ldap test 
+%p= "Hello #{request.env['REMOTE_USER']} !"
+ 
+

data/lib/rack/auth/ldap/version.rb

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby                                                                                                                                                                 
+# -*- coding: utf-8 -*-                                                                                                                                                                            
+# Author : Romain GEORGES                                                                                                                                                                        
+
+module Rack
+  module Auth
+    module Ldap
+      VERSION = "0.1"
+    end
+  end
+end

data/lib/rack/auth/ldap.rb

@@ -0,0 +1,126 @@
+require 'rack'
+require 'ldap'
+require 'rack/auth/abstract/handler'
+require 'rack/auth/abstract/request'
+
+module Rack
+  module Auth
+
+    class Config
+      def initialize(options = {})
+        @values = defaults
+        config_options = YAML.load_file(::File.expand_path('ldap.yml', Dir.pwd))[ENV['RACK_ENV']]          
+        config_options.keys.each do |key|
+          config_options[key.to_sym] = config_options.delete(key)
+        end
+        @values.merge! options
+        @values.merge! config_options
+        @values.keys.each do |meth|
+          bloc = Proc.new  {@values[meth] } 
+            self.class.send :define_method, meth, &bloc  
+        end                                
+      end
+      
+      private 
+      def defaults
+        return {
+          :hostname => 'localhost',
+          :basedn => 'dc=domain,dc=tld',
+          :rootdn => '',
+          :passdn => '',
+          :auth => false,
+          :port => 389,
+          :scope => :subtree,
+          :username_ldap_attribute => 'uid',
+        }
+      end
+
+
+    end
+
+
+    class Ldap < AbstractHandler
+
+      attr_reader :config
+
+      def initialize(app, config_options = {})
+        super(app)
+        @config = Config.new(config_options)
+      end
+
+
+      def call(env)
+        auth = Ldap::Request.new(env)
+        return unauthorized unless auth.provided?
+        return bad_request unless auth.basic?
+        if valid?(auth)
+          env['REMOTE_USER'] = auth.username
+          return @app.call(env)
+        end
+        unauthorized
+      end
+
+
+      private
+
+      def challenge
+        'Basic realm="%s"' % realm
+      end
+
+      def valid?(auth)        
+        dn = ''
+        conn = LDAP::Conn.new(@config.hostname, @config.port)
+        conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
+        conn.simple_bind(@config.rootdn,@config.passdn) if @config.auth 
+        filter = "(#{@config.username_ldap_attribute}=#{auth.username})"
+        conn.search(@config.basedn, ldap_scope(@config.scope), filter) do |entry|
+          dn = entry.dn
+        end
+        return false if dn.empty?
+        conn.unbind
+        conn = LDAP::Conn.new(@config.hostname, @config.port)
+        conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
+        begin
+          return conn.simple_bind(dn, auth.password)
+        rescue LDAP::ResultError
+          return false
+        end
+      end
+
+      private
+      def ldap_scope(_scope)
+        res = {
+          :subtree => ::LDAP::LDAP_SCOPE_SUBTREE,
+          :one => ::LDAP::LDAP_SCOPE_ONELEVEL
+        }
+        return res[_scope]
+      end
+
+
+
+
+      class Request < Auth::AbstractRequest
+        def basic?
+          !parts.first.nil? && "basic" == scheme
+        end
+
+        def credentials
+          @credentials ||= params.unpack("m*").first.split(/:/, 2)
+        end
+
+        def username
+          credentials.first
+        end
+
+        def password
+          credentials.last
+        end
+
+      end
+
+    end
+  end
+end
+
+
+

data/rack-auth-ldap.gemspec

@@ -0,0 +1,23 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack/auth/ldap/version'
+
+
+Gem::Specification.new do |s|
+  s.name = "rack-auth-ldap"
+  s.summary = %Q{Rack middleware providing LDAP authentication}
+  s.email = "romain@ultragreen.net" 
+  s.homepage = "http://www.github.com/lecid/rack-auth-ldap"
+  s.authors = ["Romain GEORGES"]
+  s.version = Rack::Auth::Ldap::VERSION
+  s.date = "2014-04-29"
+  s.rubyforge_project = 'nowarning'
+  s.description = %q{rack-auth-ldap : provide LDAP authentication for Rack middelware}
+  s.has_rdoc = true
+  s.required_ruby_version = '>= 1.9.0'
+  s.license       = "BSD"   
+  s.files         = `git ls-files`.split($/)
+end
+
+
+

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: rack-auth-ldap
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Romain GEORGES
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-29 00:00:00.000000000 Z
+dependencies: []
+description: ! 'rack-auth-ldap : provide LDAP authentication for Rack middelware'
+email: romain@ultragreen.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- COPYRIGHT
+- README.rdoc
+- Rakefile
+- examples/config.ru
+- examples/ldap.yml
+- examples/sinatra_example.rb
+- lib/rack/auth/ldap.rb
+- lib/rack/auth/ldap/version.rb
+- rack-auth-ldap.gemspec
+homepage: http://www.github.com/lecid/rack-auth-ldap
+licenses:
+- BSD
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: nowarning
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Rack middleware providing LDAP authentication
+test_files: []
+has_rdoc: true