rack-auth-ldap 0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/COPYRIGHT +23 -0
- data/README.rdoc +7 -0
- data/Rakefile +60 -0
- data/examples/config.ru +10 -0
- data/examples/ldap.yml +15 -0
- data/examples/sinatra_example.rb +21 -0
- data/lib/rack/auth/ldap/version.rb +11 -0
- data/lib/rack/auth/ldap.rb +126 -0
- data/rack-auth-ldap.gemspec +23 -0
- metadata +53 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
ODg4YmYwN2IxMTUwMzNkN2E3NWIyZTY3ODAwZTg0NzQ2MmZkYTZhYw==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
NjYwMjBlMmZmZDQxYjc2OWYxMGVhODFiNzEyMWMyNzU2ZTNhZWQ2Mg==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
YWNjNjg4MzliN2M1MmZhNzJlMTE2NTYyODM1ZTVhMWJjZWMxMTA4ZTlkODUw
|
10
|
+
OTAyZWM0OGVlY2QwNjUzMjkzZjAyMzFhYTk2MWUwMGU0NTE1NTI0Njc3NDU3
|
11
|
+
YjAxNTYxNDI4Mjg5N2VjMGFkYzVjODQyYjFhNTk4Zjc0ZmMzMWM=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
ODMyZWI1MTc1YTFhYWYyZjdjZTY0MTVhN2YxOGFlOWRhODhjODE4N2MzZjZk
|
14
|
+
N2IxYmY1MjViNGFhMTExMWE3MmZhMmEzOTYyODAxYzIzYWJmYTExNTRiNGE5
|
15
|
+
MTBlMzczYTA0MjJlMzU2NWRiOWRjYjQyNjE4ZjgwNDM5M2Q3NGM=
|
data/COPYRIGHT
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
rack-auth-ldap Copyright (c) 2014 Ultragreen Software, Romain GEORGES
|
2
|
+
All rights reserved.
|
3
|
+
|
4
|
+
Redistribution and use in source and binary forms, with or without
|
5
|
+
modification, are permitted provided that the following conditions
|
6
|
+
are met:
|
7
|
+
1. Redistributions of source code must retain the above copyright
|
8
|
+
notice, this list of conditions and the following disclaimer.
|
9
|
+
2. Redistributions in binary form must reproduce the above copyright
|
10
|
+
notice, this list of conditions and the following disclaimer in the
|
11
|
+
documentation and/or other materials provided with the distribution.
|
12
|
+
|
13
|
+
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
14
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
15
|
+
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
16
|
+
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
17
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
18
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
19
|
+
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
20
|
+
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
21
|
+
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
22
|
+
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
23
|
+
SUCH DAMAGE
|
data/README.rdoc
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
2
|
+
require 'rubygems'
|
3
|
+
require 'rspec'
|
4
|
+
require 'rake'
|
5
|
+
require "rake/clean"
|
6
|
+
require "rubygems/package_task"
|
7
|
+
require "rdoc/task"
|
8
|
+
require 'code_statistics'
|
9
|
+
require 'rspec/core/rake_task'
|
10
|
+
require 'yard'
|
11
|
+
require 'yard/rake/yardoc_task.rb'
|
12
|
+
require "rake/tasklib"
|
13
|
+
require "roodi"
|
14
|
+
require "roodi_task"
|
15
|
+
|
16
|
+
|
17
|
+
RoodiTask.new() do | t |
|
18
|
+
t.patterns = %w(lib/**/*.rb)
|
19
|
+
end
|
20
|
+
|
21
|
+
|
22
|
+
CLEAN.include('*.tmp','*.old')
|
23
|
+
CLOBBER.include('*.tmp', 'build/*','#*#')
|
24
|
+
|
25
|
+
|
26
|
+
content = File::readlines(File.join(File.dirname(__FILE__), 'rack-auth-ldap.gemspec')).join
|
27
|
+
spec = eval(content)
|
28
|
+
|
29
|
+
RSpec::Core::RakeTask.new('spec')
|
30
|
+
|
31
|
+
YARD::Rake::YardocTask.new do |t|
|
32
|
+
t.files = [ 'lib/**/*.rb', '-', 'doc/**/*','spec/**/*_spec.rb']
|
33
|
+
t.options += ['--title', "Gem Documentation"]
|
34
|
+
t.options += ['-o', "yardoc"]
|
35
|
+
t.options += ['-r', "doc/manual.rdoc"]
|
36
|
+
end
|
37
|
+
YARD::Config.load_plugin('yard-rspec')
|
38
|
+
|
39
|
+
namespace :yardoc do
|
40
|
+
task :clobber do
|
41
|
+
rm_r "yardoc" rescue nil
|
42
|
+
rm_r ".yardoc" rescue nil
|
43
|
+
end
|
44
|
+
end
|
45
|
+
task :clobber => "yardoc:clobber"
|
46
|
+
|
47
|
+
|
48
|
+
Gem::PackageTask.new(spec) do |pkg|
|
49
|
+
pkg.need_tar = true
|
50
|
+
pkg.need_zip = true
|
51
|
+
end
|
52
|
+
|
53
|
+
Rake::RDocTask.new('rdoc') do |d|
|
54
|
+
d.rdoc_files.include('doc/**/*','bin/*')
|
55
|
+
d.main = 'doc/manual.rdoc'
|
56
|
+
d.title = 'Dorsal : Yard'
|
57
|
+
d.options << '--line-numbers' << '--diagram' << '-SHN'
|
58
|
+
end
|
59
|
+
|
60
|
+
task :default => [:gem]
|
data/examples/config.ru
ADDED
data/examples/ldap.yml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
production: &ldap_defaults
|
2
|
+
hostname: localhost
|
3
|
+
basedn: ou=groups,dc=domain,dc=tld
|
4
|
+
rootdn: cn=admin,dc=domain,dc=tld
|
5
|
+
passdn: secret
|
6
|
+
auth: true
|
7
|
+
port: 389
|
8
|
+
username_ldap_attribut: uid
|
9
|
+
|
10
|
+
|
11
|
+
test:
|
12
|
+
<<: *ldap_defults
|
13
|
+
|
14
|
+
development:
|
15
|
+
<<: *ldap_defults
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'sinatra'
|
3
|
+
|
4
|
+
require 'haml'
|
5
|
+
|
6
|
+
|
7
|
+
|
8
|
+
get '/' do
|
9
|
+
haml :index
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
enable :inline_templates
|
14
|
+
|
15
|
+
__END__
|
16
|
+
|
17
|
+
@@ index
|
18
|
+
%h1 Rack::Auth::Ldap test
|
19
|
+
%p= "Hello #{request.env['REMOTE_USER']} !"
|
20
|
+
|
21
|
+
|
@@ -0,0 +1,126 @@
|
|
1
|
+
require 'rack'
|
2
|
+
require 'ldap'
|
3
|
+
require 'rack/auth/abstract/handler'
|
4
|
+
require 'rack/auth/abstract/request'
|
5
|
+
|
6
|
+
module Rack
|
7
|
+
module Auth
|
8
|
+
|
9
|
+
class Config
|
10
|
+
def initialize(options = {})
|
11
|
+
@values = defaults
|
12
|
+
config_options = YAML.load_file(::File.expand_path('ldap.yml', Dir.pwd))[ENV['RACK_ENV']]
|
13
|
+
config_options.keys.each do |key|
|
14
|
+
config_options[key.to_sym] = config_options.delete(key)
|
15
|
+
end
|
16
|
+
@values.merge! options
|
17
|
+
@values.merge! config_options
|
18
|
+
@values.keys.each do |meth|
|
19
|
+
bloc = Proc.new {@values[meth] }
|
20
|
+
self.class.send :define_method, meth, &bloc
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
def defaults
|
26
|
+
return {
|
27
|
+
:hostname => 'localhost',
|
28
|
+
:basedn => 'dc=domain,dc=tld',
|
29
|
+
:rootdn => '',
|
30
|
+
:passdn => '',
|
31
|
+
:auth => false,
|
32
|
+
:port => 389,
|
33
|
+
:scope => :subtree,
|
34
|
+
:username_ldap_attribute => 'uid',
|
35
|
+
}
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
|
42
|
+
class Ldap < AbstractHandler
|
43
|
+
|
44
|
+
attr_reader :config
|
45
|
+
|
46
|
+
def initialize(app, config_options = {})
|
47
|
+
super(app)
|
48
|
+
@config = Config.new(config_options)
|
49
|
+
end
|
50
|
+
|
51
|
+
|
52
|
+
def call(env)
|
53
|
+
auth = Ldap::Request.new(env)
|
54
|
+
return unauthorized unless auth.provided?
|
55
|
+
return bad_request unless auth.basic?
|
56
|
+
if valid?(auth)
|
57
|
+
env['REMOTE_USER'] = auth.username
|
58
|
+
return @app.call(env)
|
59
|
+
end
|
60
|
+
unauthorized
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def challenge
|
67
|
+
'Basic realm="%s"' % realm
|
68
|
+
end
|
69
|
+
|
70
|
+
def valid?(auth)
|
71
|
+
dn = ''
|
72
|
+
conn = LDAP::Conn.new(@config.hostname, @config.port)
|
73
|
+
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
|
74
|
+
conn.simple_bind(@config.rootdn,@config.passdn) if @config.auth
|
75
|
+
filter = "(#{@config.username_ldap_attribute}=#{auth.username})"
|
76
|
+
conn.search(@config.basedn, ldap_scope(@config.scope), filter) do |entry|
|
77
|
+
dn = entry.dn
|
78
|
+
end
|
79
|
+
return false if dn.empty?
|
80
|
+
conn.unbind
|
81
|
+
conn = LDAP::Conn.new(@config.hostname, @config.port)
|
82
|
+
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
|
83
|
+
begin
|
84
|
+
return conn.simple_bind(dn, auth.password)
|
85
|
+
rescue LDAP::ResultError
|
86
|
+
return false
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
private
|
91
|
+
def ldap_scope(_scope)
|
92
|
+
res = {
|
93
|
+
:subtree => ::LDAP::LDAP_SCOPE_SUBTREE,
|
94
|
+
:one => ::LDAP::LDAP_SCOPE_ONELEVEL
|
95
|
+
}
|
96
|
+
return res[_scope]
|
97
|
+
end
|
98
|
+
|
99
|
+
|
100
|
+
|
101
|
+
|
102
|
+
class Request < Auth::AbstractRequest
|
103
|
+
def basic?
|
104
|
+
!parts.first.nil? && "basic" == scheme
|
105
|
+
end
|
106
|
+
|
107
|
+
def credentials
|
108
|
+
@credentials ||= params.unpack("m*").first.split(/:/, 2)
|
109
|
+
end
|
110
|
+
|
111
|
+
def username
|
112
|
+
credentials.first
|
113
|
+
end
|
114
|
+
|
115
|
+
def password
|
116
|
+
credentials.last
|
117
|
+
end
|
118
|
+
|
119
|
+
end
|
120
|
+
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
|
126
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
lib = File.expand_path('../lib', __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require 'rack/auth/ldap/version'
|
4
|
+
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = "rack-auth-ldap"
|
8
|
+
s.summary = %Q{Rack middleware providing LDAP authentication}
|
9
|
+
s.email = "romain@ultragreen.net"
|
10
|
+
s.homepage = "http://www.github.com/lecid/rack-auth-ldap"
|
11
|
+
s.authors = ["Romain GEORGES"]
|
12
|
+
s.version = Rack::Auth::Ldap::VERSION
|
13
|
+
s.date = "2014-04-29"
|
14
|
+
s.rubyforge_project = 'nowarning'
|
15
|
+
s.description = %q{rack-auth-ldap : provide LDAP authentication for Rack middelware}
|
16
|
+
s.has_rdoc = true
|
17
|
+
s.required_ruby_version = '>= 1.9.0'
|
18
|
+
s.license = "BSD"
|
19
|
+
s.files = `git ls-files`.split($/)
|
20
|
+
end
|
21
|
+
|
22
|
+
|
23
|
+
|
metadata
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rack-auth-ldap
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.1'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Romain GEORGES
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-04-29 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: ! 'rack-auth-ldap : provide LDAP authentication for Rack middelware'
|
14
|
+
email: romain@ultragreen.net
|
15
|
+
executables: []
|
16
|
+
extensions: []
|
17
|
+
extra_rdoc_files: []
|
18
|
+
files:
|
19
|
+
- COPYRIGHT
|
20
|
+
- README.rdoc
|
21
|
+
- Rakefile
|
22
|
+
- examples/config.ru
|
23
|
+
- examples/ldap.yml
|
24
|
+
- examples/sinatra_example.rb
|
25
|
+
- lib/rack/auth/ldap.rb
|
26
|
+
- lib/rack/auth/ldap/version.rb
|
27
|
+
- rack-auth-ldap.gemspec
|
28
|
+
homepage: http://www.github.com/lecid/rack-auth-ldap
|
29
|
+
licenses:
|
30
|
+
- BSD
|
31
|
+
metadata: {}
|
32
|
+
post_install_message:
|
33
|
+
rdoc_options: []
|
34
|
+
require_paths:
|
35
|
+
- lib
|
36
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ! '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.9.0
|
41
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
requirements: []
|
47
|
+
rubyforge_project: nowarning
|
48
|
+
rubygems_version: 2.2.2
|
49
|
+
signing_key:
|
50
|
+
specification_version: 4
|
51
|
+
summary: Rack middleware providing LDAP authentication
|
52
|
+
test_files: []
|
53
|
+
has_rdoc: true
|