rack-webauth 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/README.textile +39 -0
  2. data/lib/rack-webauth.rb +190 -0
  3. metadata +81 -0
data/README.textile ADDED
@@ -0,0 +1,39 @@
1
+
2
+ h1. Rack::Webauth
3
+
4
+ Rack middleware to acquire authentication information from a "Stanford WebAuth":http://webauth.stanford.edu/ system.
5
+
6
+ h2. Usage in any rack based app:
7
+
8
+ <pre>
9
+ # In a rack environment:
10
+ use(Rack::Webauth)
11
+
12
+ # In a view or controller:
13
+ include(Rack::Webauth::Helpers)
14
+
15
+ # In a before filter or helper
16
+ # or other middleware:
17
+ @current_user = User.find_by_login(webauth.login)
18
+
19
+ # or whatever...
20
+ </pre>
21
+
22
+ h2. Usage in rails:
23
+
24
+ <pre>
25
+ # config/application.rb:
26
+ require 'rack-webauth'
27
+ config.middleware.use(Rack::Webauth)
28
+
29
+ # ApplicationController:
30
+ include(Rack::Webauth::Helpers)
31
+ # optionally:
32
+ delegate :logged_in?, :to => :webauth
33
+ </pre>
34
+
35
+
36
+ h2. WebAuthOptional
37
+
38
+ If you want to make your site publicly available, but still enable WebAuth and have that information
39
+ in your Rails application, you need a patch to WebAuth. It is available from "here":https://mailman.stanford.edu/pipermail/webauth-info/2011-January/000705.html. Also see the corresponding "thread":https://mailman.stanford.edu/pipermail/webauth-info/2011-January/thread.html#699 for more information.
data/lib/rack-webauth.rb ADDED
@@ -0,0 +1,190 @@
1
+ require 'rack'
2
+ #
3
+ # Usage in any rack based app:
4
+ #
5
+ # # In a rack environment:
6
+ # use(Rack::Webauth)
7
+ #
8
+ # # In a view or controller:
9
+ # include(Rack::Webauth::Helpers)
10
+ #
11
+ # # In a before filter or helper
12
+ # # or other middleware:
13
+ # @current_user = User.find_by_login(webauth.login)
14
+ #
15
+ # # or whatever...
16
+ #
17
+ #
18
+ # Usage in rails:
19
+ #
20
+ # # config/application.rb:
21
+ # require 'rack-webauth'
22
+ # config.middleware.use(Rack::Webauth)
23
+ #
24
+ # # ApplicationController:
25
+ # include(Rack::Webauth::Helpers)
26
+ # # optionally:
27
+ # delegate :logged_in?, :to => :webauth
28
+ #
29
+ class Rack::Webauth
30
+ # Anonymous login name (if WebAuthOptional is set)
31
+ # Requires webauth patch.
32
+ ANONYMOUS = "<anonymous>"
33
+ # Namespace for rack environment
34
+ NS = "x-rack.webauth-info"
35
+
36
+ def initialize(app)
37
+ @app = app
38
+ end
39
+
40
+ # put new Info object in env[NS], then continue.
41
+ def call(env)
42
+ env[NS] = Rack::Webauth::Info.new(env)
43
+ @app.call(env)
44
+ end
45
+
46
+ # Helpers. See Rack::Webauth for usage overview.
47
+ module Helpers
48
+ # ActionController support. If this is included in ActionController::Base
49
+ # descendants, it adds itself as a helper as well.
50
+ def self.included(base)
51
+ if defined?(ActionController) && base.kind_of?(ActionController::Base)
52
+ base.send(:helper, self)
53
+ end
54
+ end
55
+
56
+ # Helper to access the Rack::Webauth::Info object from environment.
57
+ # Requires either "env" or "request.env" to be available.
58
+ #
59
+ # Example Usage:
60
+ # webauth.logged_in? #=> true
61
+ # webauth.login #=> "blue"
62
+ # webauth.attributes #=> { "FOO" => ["x", "y"], "BAR" => "z" }
63
+ # webauth.privgroup #=> "cn=admins,ou=groups,dc=example,dc=com"
64
+ # webauth.authrule #=> "valid-user"
65
+ # webauth.token_creation #=> Sat Jan 29 20:47:59 +0100 2011
66
+ # webauth.token_expiration #=> Sun Jan 30 06:47:59 +0100 2011
67
+ #
68
+ def webauth
69
+ (respond_to?(:env) ?
70
+ env[NS] :
71
+ (respond_to?(:request) &&
72
+ request.respond_to?(:env) ?
73
+ request.env[NS] :
74
+ (raise "Neither 'env' nor 'request.env' available. Can't access webauth-info")))
75
+ end
76
+ end
77
+
78
+ # Detects & provides webauth related information conveniently from
79
+ # the rack environment.
80
+ class Info
81
+ attr :login
82
+ # explains itself.
83
+ def logged_in? ; @logged_in ; end
84
+
85
+ # Read webauth from given environment.
86
+ # Most information (e.g. attributes, privgroups) will
87
+ # be read on demand, though.
88
+ def initialize(env)
89
+ @env = env
90
+ @login = (env["WEBAUTH_USER"] || env["REMOTE_USER"])
91
+ @logged_in = (@login && @login.any? && @login != ANONYMOUS)
92
+ # reset login if it was "" or ANONYMOUS
93
+ @login = nil unless @logged_in
94
+ end
95
+
96
+ # attributes passed via mod_webauthldap.
97
+ #
98
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapattribute
99
+ #
100
+ # See +detect_attributes+ for details.
101
+ def attributes
102
+ @attributes ||= detect_attributes
103
+ end
104
+
105
+ # privgroup of the user.
106
+ #
107
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapprivgroup
108
+ #
109
+ # TOOD: implement detection of multiple privgroups
110
+ def privgroup
111
+ @privgroup ||= env['WEABUTH_LDAPPRIVGROUP']
112
+ end
113
+
114
+ # Rule ("Require" statement) that authenticated this user
115
+ #
116
+ # http://webauth.stanford.edu/manual/mod/mod_webauthldap.html#webauthldapauthrule
117
+ def authrule
118
+ @authrule ||= env['WEBAUTH_LDAPAUTHRULE']
119
+ end
120
+
121
+ # Time when the authentication cookie was created.
122
+ #
123
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#sectionenv
124
+ #
125
+ # Also see: +token_expiration+, +token_lastused+
126
+ def token_creation
127
+ Time.at(env["WEBAUTH_TOKEN_CREATION"].to_i) if env.key?("WEBAUTH_TOKEN_CREATION")
128
+ end
129
+
130
+ # Time when the authentication cookie will expire.
131
+ # This isn't authorative, as WebAuthInactiveExpire may be set.
132
+ #
133
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#sectionenv
134
+ #
135
+ # Also see: +token_creation+, +token_lastused+
136
+ def token_expiration
137
+ Time.at(env["WEBAUTH_TOKEN_EXPIRATION"].to_i) if env.key?("WEBAUTH_TOKEN_EXPIRATION")
138
+ end
139
+
140
+ # Time the authentication cookie was last used.
141
+ # Only present is WebAuthLastUseUpdateInterval is set.
142
+ #
143
+ # http://webauth.stanford.edu/manual/mod/mod_webauth.html#webauthlastuseupdateinterval
144
+ #
145
+ # Also see: +token_creation+, +token_expiration+
146
+ def token_lastused
147
+ Time.at(env["WEBAUTH_TOKEN_LASTUSED"].to_i) if env.key?("WEBAUTH_TOKEN_LASTUSED")
148
+ end
149
+
150
+ private
151
+
152
+ #
153
+ # Example:
154
+ # # Consider this environment:
155
+ # WEBAUTH_LDAP_FOO = "x"
156
+ # WEBAUTH_LDAP_FOO1 = "x"
157
+ # WEBAUTH_LDAP_FOO2 = "y"
158
+ # WEBAUTH_LDAP_BAR = "z"
159
+ # # This is what @attributes looks like:
160
+ # { "FOO" => ["x", "y"], "BAR" => "z" }
161
+ #
162
+ # Don't call this directly. Use +attributes+ instead.
163
+ #
164
+ def detect_attributes
165
+ env.keys.inject({}) do |attrs, key|
166
+ if key =~ /^WEBAUTH_LDAP_(\w+?)(\d+)$/
167
+ # multi-valued attribute
168
+ aname = $~[1]
169
+ ai = $~[2].to_i - 1
170
+
171
+ if((! attrs[aname]) ||
172
+ # in case of multi-value WEBAUTH_LDAP_FOO1,
173
+ # WEBAUTH_LDAP_FOO is also set
174
+ # (to a random value, which we discard)
175
+ (attrs[aname] && !(attrs[aname].kind_of?(Array))))
176
+
177
+ attrs[aname] = []
178
+ end
179
+
180
+ attrs[aname][ai] = env[key]
181
+ elsif key =~ /^WEBAUTH_LDAP_(\w+)$/
182
+ # single-valued attribute
183
+ attrs[ $~[1] ] = env[key]
184
+ else
185
+ # key isn't webauthldap related
186
+ end
187
+ end
188
+ end
189
+ end
190
+ end
metadata ADDED
@@ -0,0 +1,81 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-webauth
3
+ version: !ruby/object:Gem::Version
4
+ hash: 9
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 1
9
+ version: "0.1"
10
+ platform: ruby
11
+ authors:
12
+ - Niklas E. Cathor
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2011-02-25 00:00:00 +01:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ name: rack
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ none: false
25
+ requirements:
26
+ - - ">="
27
+ - !ruby/object:Gem::Version
28
+ hash: 3
29
+ segments:
30
+ - 0
31
+ version: "0"
32
+ type: :runtime
33
+ version_requirements: *id001
34
+ description:
35
+ email:
36
+ - niklas@brueckenschlaeger.de
37
+ executables: []
38
+
39
+ extensions: []
40
+
41
+ extra_rdoc_files: []
42
+
43
+ files:
44
+ - lib/rack-webauth.rb
45
+ - README.textile
46
+ has_rdoc: true
47
+ homepage:
48
+ licenses: []
49
+
50
+ post_install_message:
51
+ rdoc_options: []
52
+
53
+ require_paths:
54
+ - lib
55
+ required_ruby_version: !ruby/object:Gem::Requirement
56
+ none: false
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ hash: 3
61
+ segments:
62
+ - 0
63
+ version: "0"
64
+ required_rubygems_version: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ hash: 3
70
+ segments:
71
+ - 0
72
+ version: "0"
73
+ requirements: []
74
+
75
+ rubyforge_project:
76
+ rubygems_version: 1.3.7
77
+ signing_key:
78
+ specification_version: 3
79
+ summary: Rack middleware to acquire authentication information froma "Stanford WebAuth system.
80
+ test_files: []
81
+