sinatra_ad_auth 0.25.20120401

data/.gitignore

@@ -0,0 +1,6 @@
+.rvmrc
+*.swp
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,6 @@
+source "http://rubygems.org"
+
+gem 'sinatra'
+gem 'rake'
+gem 'rspec'
+gem 'net-ldap'

data/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2012, Paolo Perego - <thesp0nge@gmail.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the  nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,5 @@
+# Introduction
+
+Sinatra Active Directory auth is a simple [sinatra](http://sinatrarb.org) extension to
+provide an authentication mechanism against an AD Server and some APIs you can use
+in your sinatra applications.

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/lib/sinatra/ad_auth.rb

@@ -0,0 +1,52 @@
+require 'sinatra/base'
+require 'sinatra/ad_user'
+
+module Sinatra
+  module ADAuth
+
+    module Helpers
+      def authorized?
+        session[:authorized]
+      end
+
+      def authorize!
+        redirect '/login' unless authorized?
+      end
+
+      def logout!
+        session[:authorized] = false
+      end
+    end
+
+    def self.registered(app)
+      app.helpers ADAuth::Helpers
+      app.enable :sessions
+
+      app.get '/login' do
+        "<form method='POST' action='/login'>" +
+          "<input type='text' name='user'>" +
+          "<input type='password' name='pass'>" +
+          "<input type='submit'>" + 
+          "</form>"
+      end
+
+      # Public - This API authenticates an user against a given Active
+      # Directory server
+      #
+      app.post '/login' do
+        user = Sinatra::ADAuth::User.authenticate(params[:user],params[:pass], settings.conf)
+
+        if ! user.nil?
+          session[:authorized] = true
+          puts "here we are #{session[:authorized]}"
+          redirect '/public'
+        else
+          session[:authorized] = false
+          redirect '/login'
+        end
+      end
+    end
+
+  end
+  register ADAuth
+end

data/lib/sinatra/ad_user.rb

@@ -0,0 +1,172 @@
+# ActiveDirectoryUser (active_directory_user.rb)
+# Author       : Ernie Miller
+# Last modified: 4/4/2008
+#
+# Description:
+#   A class for authenticating via Active Directory and providing
+#   more developer-friendly access to key user attributes through configurable
+#   attribute readers.
+# 
+#   You might find this useful if you want to use a central user/pass from AD
+#   but still keep a local DB cache of certain user details for use in foreign
+#   key constraints, for instance.
+#
+# Configuration:
+#   Set your server information below, then add attributes you are interested
+#   in to the ATTR_SV or ATTR_MV hashes, depending on whether they are single
+#   or multi-value attributes. The left hand side is your desired name for
+#   the attribute, and the right hand side is the attribute name as it exists
+#   in the directory.
+#
+#   An optional Proc can be supplied to perform some processing on the raw
+#   directory data before returning it. This proc should accept a single
+#   parameter, the value to be processed. It will be used in Array#collect
+#   for multi-value attributes.
+#
+#   Example:
+#     :flanderized_first_name => [ :givenname,
+#                                  Proc.new {|n| n + '-diddly'} ]
+#
+# Usage:
+#   user = ActiveDirectoryUser.authenticate('emiller','password')
+#   user.first_name # => "Ernie"
+#   user.flanderized_first_name # => "Ernie-diddly"
+#   user.groups     # => ["Mac Users", "Geeks", "Ruby Coders", ... ]
+
+# Changes made by Paolo Perego
+# 30-Mar-2012: Packed in Sinatra::ADAuth
+# 13-Jan-2012: Moved the parameter connection in a YAML config file
+
+require 'net/ldap' # gem install net-ldap
+require 'yaml'
+
+module Sinatra
+  module ADAuth
+    class User
+      ### BEGIN CONFIGURATION ###
+
+      # ATTR_SV is for single valued attributes only. Generated readers will
+      # convert the value to a string before returning or calling your Proc.
+      ATTR_SV = {
+        :login => :samaccountname,
+        :first_name => :givenname,
+        :last_name => :sn,
+        :email => :mail
+      }
+
+
+      # ATTR_MV is for multi-valued attributes. Generated readers will always 
+      # return an array.
+      ATTR_MV = {
+        :groups => [ :memberof,
+          # Get the simplified name of first-level groups.
+          # TODO: Handle escaped special characters
+          Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
+      }
+
+      # Exposing the raw Net::LDAP::Entry is probably overkill, but could be set
+      # up by uncommenting the line below if you disagree.
+      # attr_reader :entry
+
+      ### END CONFIGURATION ###
+
+
+      # Automatically fail login if login or password are empty. Otherwise, try
+      # to initialize a Net::LDAP object and call its bind method. If successful,
+      # we find the LDAP entry for the user and initialize with it. Returns nil
+      # on failure.
+      def self.authenticate(login, pass, conf_file=nil)
+        return nil if login.empty? or pass.empty?
+
+        if ! self.read_conf(conf_file)
+          return nil
+        end
+        conn = Net::LDAP.new :host => @@server,
+          :port => @@port,
+          :base => @@base,
+          :auth => { :username => "#{login}@#{@@domain}",
+            :password => pass,
+            :method => :simple }
+        if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
+          return self.new(user)
+        else
+          return nil
+        end
+        # If we don't rescue this, Net::LDAP is decidedly ungraceful about failing
+        # to connect to the server. We'd prefer to say authentication failed.
+      rescue Net::LDAP::LdapError => e
+        return nil
+      end
+
+      def full_name
+        self.first_name + ' ' + self.last_name
+      end
+      def name
+        self.first_name.gsub("[", "").gsub("]", "").gsub("\"", "")
+      end
+
+      def member_of?(group)
+        self.groups.include?(group)
+      end
+
+      private
+
+      def initialize(entry)
+        @entry = entry
+        self.class.class_eval do
+          generate_single_value_readers
+          generate_multi_value_readers
+        end
+      end
+
+      def self.generate_single_value_readers
+        ATTR_SV.each_pair do |k, v|
+          val, block = Array(v)
+          define_method(k) do
+            if @entry.attribute_names.include?(val)
+              if block.is_a?(Proc)
+                return block[@entry.send(val).to_s]
+              else
+                return @entry.send(val).to_s
+              end
+            else
+              return ''
+            end
+          end
+        end
+      end
+
+      def self.generate_multi_value_readers
+        ATTR_MV.each_pair do |k, v|
+          val, block = Array(v)
+          define_method(k) do
+            if @entry.attribute_names.include?(val)
+              if block.is_a?(Proc)
+                return @entry.send(val).collect(&block)
+              else
+                return @entry.send(val)
+              end
+            else
+              return []
+            end
+          end
+        end
+      end
+
+      # Read connection details found in YAML configuration file that is hardcoded
+      def self.read_conf(conf=nil)
+        (conf.nil?)? filename='./lib/conf/ldap.yaml' : filename=conf
+        config= YAML.load_file(conf)
+        @@server=config['ldap']['server']
+        @@port=config['ldap']['port']
+        @@base=config['ldap']['base']
+        @@domain=config['ldap']['domain']
+        true
+      rescue Exception => e
+        puts e.to_s
+        false
+      end
+
+    end
+  end
+end

data/lib/sinatra/ad_version.rb

@@ -0,0 +1,5 @@
+module Sinatra
+  module ADAuth
+    VERSION="0.25.20120401"
+  end
+end

data/lib/sinatra_ad_auth.rb

@@ -0,0 +1 @@
+require 'sinatra/ad_version'

data/sinatra_ad_auth.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-$:.push File.expand_path("../lib", __FILE__)
+require './lib/sinatra/ad_version'
+
+Gem::Specification.new do |s|
+  s.name        = "sinatra_ad_auth"
+  s.version     = Sinatra::ADAuth::VERSION
+  s.authors     = ["Paolo Perego"]
+  s.email       = ["thesp0nge@gmail.com"]
+  s.homepage    = "http://armoredcode.com"
+  s.summary     = %q{Sinatra extension to add authentication against a given active directory}
+  s.description = %q{Sinatra extension to add authentication against a given active directory}
+
+  s.rubyforge_project = "sinatra_ad_auth"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  # specify any dependencies here; for example:
+  s.add_dependency "net-ldap"
+  s.add_dependency "sinatra"
+  s.add_development_dependency "net-ldap"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "sinatra"
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'ldap_auth'

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: sinatra_ad_auth
+version: !ruby/object:Gem::Version
+  version: 0.25.20120401
+  prerelease: 
+platform: ruby
+authors:
+- Paolo Perego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-01 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: &70110288137780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70110288137780
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: &70110288175160 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70110288175160
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: &70110288301900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70110288301900
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70110288424280 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70110288424280
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70110288598940 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70110288598940
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: &70110288688080 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70110288688080
+description: Sinatra extension to add authentication against a given active directory
+email:
+- thesp0nge@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/sinatra/ad_auth.rb
+- lib/sinatra/ad_user.rb
+- lib/sinatra/ad_version.rb
+- lib/sinatra_ad_auth.rb
+- sinatra_ad_auth.gemspec
+- spec/sinatra_ldap_auth_spec.rb
+- spec/spec_helper.rb
+homepage: http://armoredcode.com
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: sinatra_ad_auth
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Sinatra extension to add authentication against a given active directory
+test_files:
+- spec/sinatra_ldap_auth_spec.rb
+- spec/spec_helper.rb