rack-webauth 0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/README.textile +39 -0
  2. data/lib/rack-webauth.rb +190 -0
  3. metadata +81 -0
data/README.textile ADDED
@@ -0,0 +1,39 @@
1
+
2
+ h1. Rack::Webauth
3
+
4
+ Rack middleware to acquire authentication information from a "Stanford WebAuth":http://webauth.stanford.edu/ system.
5
+
6
+ h2. Usage in any rack based app:
7
+
8
+ <pre>
9
+ # In a rack environment:
10
+ use(Rack::Webauth)
11
+
12
+ # In a view or controller:
13
+ include(Rack::Webauth::Helpers)
14
+
15
+ # In a before filter or helper
16
+ # or other middleware:
17
+ @current_user = User.find_by_login(webauth.login)
18
+
19
+ # or whatever...
20
+ </pre>
21
+
22
+ h2. Usage in rails:
23
+
24
+ <pre>
25
+ # config/application.rb:
26
+ require 'rack-webauth'
27
+ config.middleware.use(Rack::Webauth)
28
+
29
+ # ApplicationController:
30
+ include(Rack::Webauth::Helpers)
31
+ # optionally:
32
+ delegate :logged_in?, :to => :webauth
33
+ </pre>
34
+
35
+
36
+ h2. WebAuthOptional
37
+
38
+ If you want to make your site publicly available, but still enable WebAuth and have that information
39
+ in your Rails application, you need a patch to WebAuth. It is available from "here":https://mailman.stanford.edu/pipermail/webauth-info/2011-January/000705.html. Also see the corresponding "thread":https://mailman.stanford.edu/pipermail/webauth-info/2011-January/thread.html#699 for more information.
data/lib/rack-webauth.rb ADDED
@@ -0,0 +1,190 @@
1
+ require 'rack'
2
+ #
3
+ # Usage in any rack based app:
4
+ #
5
+ # # In a rack environment:
6
+ # use(Rack::Webauth)
7
+ #
8
+ # # In a view or controller:
9
+ # include(Rack::Webauth::Helpers)
10
+ #
11
+ # # In a before filter or helper
12
+ # # or other middleware:
13
+ # @current_user = User.find_by_login(webauth.login)
14
+ #
15
+ # # or whatever...
16
+ #
17
+ #
18
+ # Usage in rails:
19
+ #
20
+ # # config/application.rb:
21
+ # require 'rack-webauth'
22
+ # config.middleware.use(Rack::Webauth)
23
+ #
24
+ # # ApplicationController:
25
+ # include(Rack::Webauth::Helpers)
26
+ # # optionally:
27
+ # delegate :logged_in?, :to => :webauth
28
+ #
29
+ class Rack::Webauth
30
+ # Anonymous login name (if WebAuthOptional is set)
31
+ # Requires webauth patch.
32
+ ANONYMOUS = "<anonymous>"
33
+ # Namespace for rack environment
34
+ NS = "x-rack.webauth-info"
35
+
36
+ def initialize(app)
37
+ @app = app
38
+ end
39
+
40
+ # put new Info object in env[NS], then continue.
41
+ def call(env)
42
+ env[NS] = Rack::Webauth::Info.new(env)
43
+ @app.call(env)
44
+ end
45
+
46
+ # Helpers. See Rack::Webauth for usage overview.
47
+ module Helpers
48
+ # ActionController support. If this is included in ActionController::Base
49
+ # descendants, it adds itself as a helper as well.
50
+ def self.included(base)
51
+ if defined?(ActionController) && base.kind_of?(ActionController::Base)
52
+ base.send(:helper, self)
53
+ end
54
+ end
55
+
56
+ # Helper to access the Rack::Webauth::Info object from environment.
57
+ # Requires either "env" or "request.env" to be available.
58
+ #
59
+ # Example Usage:
60
+ # webauth.logged_in? #=> true
61
+ # webauth.login #=> "blue"
62
+ # webauth.attributes #=> { "FOO" => ["x", "y"], "BAR" => "z" }
63
+ # webauth.privgroup #=> "cn=admins,ou=groups,dc=example,dc=com"
64
+ # webauth.authrule #=> "valid-user"
65
+ # webauth.token_creation #=> Sat Jan 29 20:47:59 +0100 2011
66
+ # webauth.token_expiration #=> Sun Jan 30 06:47:59 +0100 2011
67
+ #
68
+ def webauth
69
+ (respond_to?(:env) ?
70
+ env[NS] :
71
+ (respond_to?(:request) &&
72
+ request.respond_to?(:env) ?
73
+ request.env[NS] :
74
+ (raise "Neither 'env' nor 'request.env' available. Can't access webauth-info")))
75
+ end
76
+ end
77
+
78
+ # Detects & provides webauth related information conveniently from
79
+ # the rack environment.
80
+ class Info
81
+ attr :login
82
+ # explains itself.
83
+ def logged_in? ; @logged_in ; end
84
+
85
+ # Read webauth from given environment.
86
+ # Most information (e.g. attributes, privgroups) will
87
+ # be read on demand, though.
88
+ def initialize(env)
89
+ @env = env
90
+ @login = (env["WEBAUTH_USER"] || env["REMOTE_USER"])
91
+ @logged_in = (@login && @login.any? && @login != ANONYMOUS)
92
+ # reset login if it was "" or ANONYMOUS
93
+ @login = nil unless @logged_in
94
+ end
95
+
96
+ # attributes passed via mod_webauthldap.
97
+ #
98
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapattribute
99
+ #
100
+ # See +detect_attributes+ for details.
101
+ def attributes
102
+ @attributes ||= detect_attributes
103
+ end
104
+
105
+ # privgroup of the user.
106
+ #
107
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapprivgroup
108
+ #
109
+ # TOOD: implement detection of multiple privgroups
110
+ def privgroup
111
+ @privgroup ||= env['WEABUTH_LDAPPRIVGROUP']
112
+ end
113
+
114
+ # Rule ("Require" statement) that authenticated this user
115
+ #
116
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapauthrule
117
+ def authrule
118
+ @authrule ||= env['WEBAUTH_LDAPAUTHRULE']
119
+ end
120
+
121
+ # Time when the authentication cookie was created.
122
+ #
123
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#sectionenv
124
+ #
125
+ # Also see: +token_expiration+, +token_lastused+
126
+ def token_creation
127
+ Time.at(env["WEBAUTH_TOKEN_CREATION"].to_i) if env.key?("WEBAUTH_TOKEN_CREATION")
128
+ end
129
+
130
+ # Time when the authentication cookie will expire.
131
+ # This isn't authorative, as WebAuthInactiveExpire may be set.
132
+ #
133
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#sectionenv
134
+ #
135
+ # Also see: +token_creation+, +token_lastused+
136
+ def token_expiration
137
+ Time.at(env["WEBAUTH_TOKEN_EXPIRATION"].to_i) if env.key?("WEBAUTH_TOKEN_EXPIRATION")
138
+ end
139
+
140
+ # Time the authentication cookie was last used.
141
+ # Only present is WebAuthLastUseUpdateInterval is set.
142
+ #
143
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#webauthlastuseupdateinterval
144
+ #
145
+ # Also see: +token_creation+, +token_expiration+
146
+ def token_lastused
147
+ Time.at(env["WEBAUTH_TOKEN_LASTUSED"].to_i) if env.key?("WEBAUTH_TOKEN_LASTUSED")
148
+ end
149
+
150
+ private
151
+
152
+ #
153
+ # Example:
154
+ # # Consider this environment:
155
+ # WEBAUTH_LDAP_FOO = "x"
156
+ # WEBAUTH_LDAP_FOO1 = "x"
157
+ # WEBAUTH_LDAP_FOO2 = "y"
158
+ # WEBAUTH_LDAP_BAR = "z"
159
+ # # This is what @attributes looks like:
160
+ # { "FOO" => ["x", "y"], "BAR" => "z" }
161
+ #
162
+ # Don't call this directly. Use +attributes+ instead.
163
+ #
164
+ def detect_attributes
165
+ env.keys.inject({}) do |attrs, key|
166
+ if key =~ /^WEBAUTH_LDAP_(\w+?)(\d+)$/
167
+ # multi-valued attribute
168
+ aname = $~[1]
169
+ ai = $~[2].to_i - 1
170
+
171
+ if((! attrs[aname]) ||
172
+ # in case of multi-value WEBAUTH_LDAP_FOO1,
173
+ # WEBAUTH_LDAP_FOO is also set
174
+ # (to a random value, which we discard)
175
+ (attrs[aname] && !(attrs[aname].kind_of?(Array))))
176
+
177
+ attrs[aname] = []
178
+ end
179
+
180
+ attrs[aname][ai] = env[key]
181
+ elsif key =~ /^WEBAUTH_LDAP_(\w+)$/
182
+ # single-valued attribute
183
+ attrs[ $~[1] ] = env[key]
184
+ else
185
+ # key isn't webauthldap related
186
+ end
187
+ end
188
+ end
189
+ end
190
+ end
metadata ADDED
@@ -0,0 +1,81 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-webauth
3
+ version: !ruby/object:Gem::Version
4
+ hash: 9
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 1
9
+ version: "0.1"
10
+ platform: ruby
11
+ authors:
12
+ - Niklas E. Cathor
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2011-02-25 00:00:00 +01:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ name: rack
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ none: false
25
+ requirements:
26
+ - - ">="
27
+ - !ruby/object:Gem::Version
28
+ hash: 3
29
+ segments:
30
+ - 0
31
+ version: "0"
32
+ type: :runtime
33
+ version_requirements: *id001
34
+ description:
35
+ email:
36
+ - niklas@brueckenschlaeger.de
37
+ executables: []
38
+
39
+ extensions: []
40
+
41
+ extra_rdoc_files: []
42
+
43
+ files:
44
+ - lib/rack-webauth.rb
45
+ - README.textile
46
+ has_rdoc: true
47
+ homepage:
48
+ licenses: []
49
+
50
+ post_install_message:
51
+ rdoc_options: []
52
+
53
+ require_paths:
54
+ - lib
55
+ required_ruby_version: !ruby/object:Gem::Requirement
56
+ none: false
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ hash: 3
61
+ segments:
62
+ - 0
63
+ version: "0"
64
+ required_rubygems_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ hash: 3
70
+ segments:
71
+ - 0
72
+ version: "0"
73
+ requirements: []
74
+
75
+ rubyforge_project:
76
+ rubygems_version: 1.3.7
77
+ signing_key:
78
+ specification_version: 3
79
+ summary: Rack middleware to acquire authentication information froma "Stanford WebAuth system.
80
+ test_files: []
81
+