sinatra_ad_auth 0.25.20120401
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +6 -0
- data/Gemfile +6 -0
- data/LICENSE +24 -0
- data/README.md +5 -0
- data/Rakefile +7 -0
- data/lib/sinatra/ad_auth.rb +52 -0
- data/lib/sinatra/ad_user.rb +172 -0
- data/lib/sinatra/ad_version.rb +5 -0
- data/lib/sinatra_ad_auth.rb +1 -0
- data/sinatra_ad_auth.gemspec +26 -0
- data/spec/sinatra_ldap_auth_spec.rb +0 -0
- data/spec/spec_helper.rb +1 -0
- metadata +127 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
Copyright (c) 2012, Paolo Perego - <thesp0nge@gmail.com>
|
2
|
+
All rights reserved.
|
3
|
+
|
4
|
+
Redistribution and use in source and binary forms, with or without
|
5
|
+
modification, are permitted provided that the following conditions are met:
|
6
|
+
* Redistributions of source code must retain the above copyright
|
7
|
+
notice, this list of conditions and the following disclaimer.
|
8
|
+
* Redistributions in binary form must reproduce the above copyright
|
9
|
+
notice, this list of conditions and the following disclaimer in the
|
10
|
+
documentation and/or other materials provided with the distribution.
|
11
|
+
* Neither the name of the nor the
|
12
|
+
names of its contributors may be used to endorse or promote products
|
13
|
+
derived from this software without specific prior written permission.
|
14
|
+
|
15
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
16
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
17
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
18
|
+
DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
|
19
|
+
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
20
|
+
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
21
|
+
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
22
|
+
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
23
|
+
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
24
|
+
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'sinatra/base'
|
2
|
+
require 'sinatra/ad_user'
|
3
|
+
|
4
|
+
module Sinatra
|
5
|
+
module ADAuth
|
6
|
+
|
7
|
+
module Helpers
|
8
|
+
def authorized?
|
9
|
+
session[:authorized]
|
10
|
+
end
|
11
|
+
|
12
|
+
def authorize!
|
13
|
+
redirect '/login' unless authorized?
|
14
|
+
end
|
15
|
+
|
16
|
+
def logout!
|
17
|
+
session[:authorized] = false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.registered(app)
|
22
|
+
app.helpers ADAuth::Helpers
|
23
|
+
app.enable :sessions
|
24
|
+
|
25
|
+
app.get '/login' do
|
26
|
+
"<form method='POST' action='/login'>" +
|
27
|
+
"<input type='text' name='user'>" +
|
28
|
+
"<input type='password' name='pass'>" +
|
29
|
+
"<input type='submit'>" +
|
30
|
+
"</form>"
|
31
|
+
end
|
32
|
+
|
33
|
+
# Public - This API authenticates an user against a given Active
|
34
|
+
# Directory server
|
35
|
+
#
|
36
|
+
app.post '/login' do
|
37
|
+
user = Sinatra::ADAuth::User.authenticate(params[:user],params[:pass], settings.conf)
|
38
|
+
|
39
|
+
if ! user.nil?
|
40
|
+
session[:authorized] = true
|
41
|
+
puts "here we are #{session[:authorized]}"
|
42
|
+
redirect '/public'
|
43
|
+
else
|
44
|
+
session[:authorized] = false
|
45
|
+
redirect '/login'
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
register ADAuth
|
52
|
+
end
|
@@ -0,0 +1,172 @@
|
|
1
|
+
# ActiveDirectoryUser (active_directory_user.rb)
|
2
|
+
# Author : Ernie Miller
|
3
|
+
# Last modified: 4/4/2008
|
4
|
+
#
|
5
|
+
# Description:
|
6
|
+
# A class for authenticating via Active Directory and providing
|
7
|
+
# more developer-friendly access to key user attributes through configurable
|
8
|
+
# attribute readers.
|
9
|
+
#
|
10
|
+
# You might find this useful if you want to use a central user/pass from AD
|
11
|
+
# but still keep a local DB cache of certain user details for use in foreign
|
12
|
+
# key constraints, for instance.
|
13
|
+
#
|
14
|
+
# Configuration:
|
15
|
+
# Set your server information below, then add attributes you are interested
|
16
|
+
# in to the ATTR_SV or ATTR_MV hashes, depending on whether they are single
|
17
|
+
# or multi-value attributes. The left hand side is your desired name for
|
18
|
+
# the attribute, and the right hand side is the attribute name as it exists
|
19
|
+
# in the directory.
|
20
|
+
#
|
21
|
+
# An optional Proc can be supplied to perform some processing on the raw
|
22
|
+
# directory data before returning it. This proc should accept a single
|
23
|
+
# parameter, the value to be processed. It will be used in Array#collect
|
24
|
+
# for multi-value attributes.
|
25
|
+
#
|
26
|
+
# Example:
|
27
|
+
# :flanderized_first_name => [ :givenname,
|
28
|
+
# Proc.new {|n| n + '-diddly'} ]
|
29
|
+
#
|
30
|
+
# Usage:
|
31
|
+
# user = ActiveDirectoryUser.authenticate('emiller','password')
|
32
|
+
# user.first_name # => "Ernie"
|
33
|
+
# user.flanderized_first_name # => "Ernie-diddly"
|
34
|
+
# user.groups # => ["Mac Users", "Geeks", "Ruby Coders", ... ]
|
35
|
+
|
36
|
+
# Changes made by Paolo Perego
|
37
|
+
# 30-Mar-2012: Packed in Sinatra::ADAuth
|
38
|
+
# 13-Jan-2012: Moved the parameter connection in a YAML config file
|
39
|
+
|
40
|
+
require 'net/ldap' # gem install net-ldap
|
41
|
+
require 'yaml'
|
42
|
+
|
43
|
+
module Sinatra
|
44
|
+
module ADAuth
|
45
|
+
class User
|
46
|
+
### BEGIN CONFIGURATION ###
|
47
|
+
|
48
|
+
# ATTR_SV is for single valued attributes only. Generated readers will
|
49
|
+
# convert the value to a string before returning or calling your Proc.
|
50
|
+
ATTR_SV = {
|
51
|
+
:login => :samaccountname,
|
52
|
+
:first_name => :givenname,
|
53
|
+
:last_name => :sn,
|
54
|
+
:email => :mail
|
55
|
+
}
|
56
|
+
|
57
|
+
|
58
|
+
# ATTR_MV is for multi-valued attributes. Generated readers will always
|
59
|
+
# return an array.
|
60
|
+
ATTR_MV = {
|
61
|
+
:groups => [ :memberof,
|
62
|
+
# Get the simplified name of first-level groups.
|
63
|
+
# TODO: Handle escaped special characters
|
64
|
+
Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
|
65
|
+
}
|
66
|
+
|
67
|
+
# Exposing the raw Net::LDAP::Entry is probably overkill, but could be set
|
68
|
+
# up by uncommenting the line below if you disagree.
|
69
|
+
# attr_reader :entry
|
70
|
+
|
71
|
+
### END CONFIGURATION ###
|
72
|
+
|
73
|
+
|
74
|
+
# Automatically fail login if login or password are empty. Otherwise, try
|
75
|
+
# to initialize a Net::LDAP object and call its bind method. If successful,
|
76
|
+
# we find the LDAP entry for the user and initialize with it. Returns nil
|
77
|
+
# on failure.
|
78
|
+
def self.authenticate(login, pass, conf_file=nil)
|
79
|
+
return nil if login.empty? or pass.empty?
|
80
|
+
|
81
|
+
if ! self.read_conf(conf_file)
|
82
|
+
return nil
|
83
|
+
end
|
84
|
+
conn = Net::LDAP.new :host => @@server,
|
85
|
+
:port => @@port,
|
86
|
+
:base => @@base,
|
87
|
+
:auth => { :username => "#{login}@#{@@domain}",
|
88
|
+
:password => pass,
|
89
|
+
:method => :simple }
|
90
|
+
if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
|
91
|
+
return self.new(user)
|
92
|
+
else
|
93
|
+
return nil
|
94
|
+
end
|
95
|
+
# If we don't rescue this, Net::LDAP is decidedly ungraceful about failing
|
96
|
+
# to connect to the server. We'd prefer to say authentication failed.
|
97
|
+
rescue Net::LDAP::LdapError => e
|
98
|
+
return nil
|
99
|
+
end
|
100
|
+
|
101
|
+
def full_name
|
102
|
+
self.first_name + ' ' + self.last_name
|
103
|
+
end
|
104
|
+
def name
|
105
|
+
self.first_name.gsub("[", "").gsub("]", "").gsub("\"", "")
|
106
|
+
end
|
107
|
+
|
108
|
+
def member_of?(group)
|
109
|
+
self.groups.include?(group)
|
110
|
+
end
|
111
|
+
|
112
|
+
private
|
113
|
+
|
114
|
+
def initialize(entry)
|
115
|
+
@entry = entry
|
116
|
+
self.class.class_eval do
|
117
|
+
generate_single_value_readers
|
118
|
+
generate_multi_value_readers
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
def self.generate_single_value_readers
|
123
|
+
ATTR_SV.each_pair do |k, v|
|
124
|
+
val, block = Array(v)
|
125
|
+
define_method(k) do
|
126
|
+
if @entry.attribute_names.include?(val)
|
127
|
+
if block.is_a?(Proc)
|
128
|
+
return block[@entry.send(val).to_s]
|
129
|
+
else
|
130
|
+
return @entry.send(val).to_s
|
131
|
+
end
|
132
|
+
else
|
133
|
+
return ''
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
def self.generate_multi_value_readers
|
140
|
+
ATTR_MV.each_pair do |k, v|
|
141
|
+
val, block = Array(v)
|
142
|
+
define_method(k) do
|
143
|
+
if @entry.attribute_names.include?(val)
|
144
|
+
if block.is_a?(Proc)
|
145
|
+
return @entry.send(val).collect(&block)
|
146
|
+
else
|
147
|
+
return @entry.send(val)
|
148
|
+
end
|
149
|
+
else
|
150
|
+
return []
|
151
|
+
end
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|
155
|
+
|
156
|
+
# Read connection details found in YAML configuration file that is hardcoded
|
157
|
+
def self.read_conf(conf=nil)
|
158
|
+
(conf.nil?)? filename='./lib/conf/ldap.yaml' : filename=conf
|
159
|
+
config= YAML.load_file(conf)
|
160
|
+
@@server=config['ldap']['server']
|
161
|
+
@@port=config['ldap']['port']
|
162
|
+
@@base=config['ldap']['base']
|
163
|
+
@@domain=config['ldap']['domain']
|
164
|
+
true
|
165
|
+
rescue Exception => e
|
166
|
+
puts e.to_s
|
167
|
+
false
|
168
|
+
end
|
169
|
+
|
170
|
+
end
|
171
|
+
end
|
172
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'sinatra/ad_version'
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-$:.push File.expand_path("../lib", __FILE__)
|
2
|
+
require './lib/sinatra/ad_version'
|
3
|
+
|
4
|
+
Gem::Specification.new do |s|
|
5
|
+
s.name = "sinatra_ad_auth"
|
6
|
+
s.version = Sinatra::ADAuth::VERSION
|
7
|
+
s.authors = ["Paolo Perego"]
|
8
|
+
s.email = ["thesp0nge@gmail.com"]
|
9
|
+
s.homepage = "http://armoredcode.com"
|
10
|
+
s.summary = %q{Sinatra extension to add authentication against a given active directory}
|
11
|
+
s.description = %q{Sinatra extension to add authentication against a given active directory}
|
12
|
+
|
13
|
+
s.rubyforge_project = "sinatra_ad_auth"
|
14
|
+
|
15
|
+
s.files = `git ls-files`.split("\n")
|
16
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
17
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
18
|
+
s.require_paths = ["lib"]
|
19
|
+
# specify any dependencies here; for example:
|
20
|
+
s.add_dependency "net-ldap"
|
21
|
+
s.add_dependency "sinatra"
|
22
|
+
s.add_development_dependency "net-ldap"
|
23
|
+
s.add_development_dependency "rake"
|
24
|
+
s.add_development_dependency "rspec"
|
25
|
+
s.add_development_dependency "sinatra"
|
26
|
+
end
|
File without changes
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'ldap_auth'
|
metadata
ADDED
@@ -0,0 +1,127 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: sinatra_ad_auth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.25.20120401
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Paolo Perego
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-04-01 00:00:00.000000000Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: net-ldap
|
16
|
+
requirement: &70110288137780 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70110288137780
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: sinatra
|
27
|
+
requirement: &70110288175160 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ! '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70110288175160
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: net-ldap
|
38
|
+
requirement: &70110288301900 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ! '>='
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '0'
|
44
|
+
type: :development
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70110288301900
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rake
|
49
|
+
requirement: &70110288424280 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ! '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
type: :development
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70110288424280
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: rspec
|
60
|
+
requirement: &70110288598940 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ! '>='
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '0'
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70110288598940
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: sinatra
|
71
|
+
requirement: &70110288688080 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ! '>='
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70110288688080
|
80
|
+
description: Sinatra extension to add authentication against a given active directory
|
81
|
+
email:
|
82
|
+
- thesp0nge@gmail.com
|
83
|
+
executables: []
|
84
|
+
extensions: []
|
85
|
+
extra_rdoc_files: []
|
86
|
+
files:
|
87
|
+
- .gitignore
|
88
|
+
- .rvmrc
|
89
|
+
- Gemfile
|
90
|
+
- Gemfile.lock
|
91
|
+
- LICENSE
|
92
|
+
- README.md
|
93
|
+
- Rakefile
|
94
|
+
- lib/sinatra/ad_auth.rb
|
95
|
+
- lib/sinatra/ad_user.rb
|
96
|
+
- lib/sinatra/ad_version.rb
|
97
|
+
- lib/sinatra_ad_auth.rb
|
98
|
+
- sinatra_ad_auth.gemspec
|
99
|
+
- spec/sinatra_ldap_auth_spec.rb
|
100
|
+
- spec/spec_helper.rb
|
101
|
+
homepage: http://armoredcode.com
|
102
|
+
licenses: []
|
103
|
+
post_install_message:
|
104
|
+
rdoc_options: []
|
105
|
+
require_paths:
|
106
|
+
- lib
|
107
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
108
|
+
none: false
|
109
|
+
requirements:
|
110
|
+
- - ! '>='
|
111
|
+
- !ruby/object:Gem::Version
|
112
|
+
version: '0'
|
113
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
114
|
+
none: false
|
115
|
+
requirements:
|
116
|
+
- - ! '>='
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
requirements: []
|
120
|
+
rubyforge_project: sinatra_ad_auth
|
121
|
+
rubygems_version: 1.8.10
|
122
|
+
signing_key:
|
123
|
+
specification_version: 3
|
124
|
+
summary: Sinatra extension to add authentication against a given active directory
|
125
|
+
test_files:
|
126
|
+
- spec/sinatra_ldap_auth_spec.rb
|
127
|
+
- spec/spec_helper.rb
|