wizdog 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/Gemfile +4 -0
- data/Rakefile +2 -0
- data/lib/wizdog.rb +16 -0
- data/lib/wizdog/acl/acl.rb +211 -0
- data/lib/wizdog/acl/aco.rb +16 -0
- data/lib/wizdog/acl/aro.rb +16 -0
- data/lib/wizdog/acl/entry.rb +42 -0
- data/lib/wizdog/acl/ext/aco_model.rb +38 -0
- data/lib/wizdog/acl/ext/action.rb +47 -0
- data/lib/wizdog/acl/ext/aro_model.rb +45 -0
- data/lib/wizdog/acl/menu_item.rb +27 -0
- data/lib/wizdog/authc/authc_info.rb +14 -0
- data/lib/wizdog/authc/authenticator.rb +31 -0
- data/lib/wizdog/authc/filter.rb +34 -0
- data/lib/wizdog/authc/realm/authc_realm.rb +49 -0
- data/lib/wizdog/authc/realm/realm.rb +10 -0
- data/lib/wizdog/authc/realm_model.rb +79 -0
- data/lib/wizdog/authc/security_context.rb +81 -0
- data/lib/wizdog/authc/security_session.rb +25 -0
- data/lib/wizdog/authc/token/authc_token.rb +12 -0
- data/lib/wizdog/authc/token/form_token.rb +11 -0
- data/lib/wizdog/authc/web/rails_env.rb +18 -0
- data/lib/wizdog/authc/web/web_env.rb +20 -0
- data/lib/wizdog/menu/menu.rb +7 -0
- data/lib/wizdog/version.rb +3 -0
- data/wizdog.gemspec +24 -0
- metadata +72 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Rakefile
ADDED
data/lib/wizdog.rb
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
require "wizdog/version"
|
2
|
+
require 'wizdog/acl/aro'
|
3
|
+
require 'wizdog/acl/aco'
|
4
|
+
require 'wizdog/acl/entry'
|
5
|
+
require 'wizdog/acl/acl'
|
6
|
+
require 'wizdog/acl/ext/aro_model'
|
7
|
+
require 'wizdog/acl/ext/aco_model'
|
8
|
+
require 'wizdog/acl/ext/action'
|
9
|
+
require 'wizdog/authc/realm_model'
|
10
|
+
require 'wizdog/authc/security_context'
|
11
|
+
require "wizdog/authc/filter"
|
12
|
+
require 'wizdog/acl/menu_item'
|
13
|
+
|
14
|
+
module Wizdog
|
15
|
+
# Your code goes here...
|
16
|
+
end
|
@@ -0,0 +1,211 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
module WizAcl
|
4
|
+
class Acl
|
5
|
+
@@serialize_path = File.join(File.dirname(__FILE__),"..","..","acl.yml")
|
6
|
+
attr_accessor :entries
|
7
|
+
def initialize
|
8
|
+
@entries = []
|
9
|
+
@entries << WizAcl::Entry.new("*", "*").deny("*")
|
10
|
+
#{aco_id => {:instance => aro, :parents => {prent_id => parent}, :children => {aro_id => aro}}}
|
11
|
+
@aros = {}
|
12
|
+
#{:instance => aco, :parent => aco_parent, :children => {}}
|
13
|
+
@acos = {}
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.instance
|
17
|
+
#unserialize
|
18
|
+
@@__acl__ ||=new
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.authorize(&block)
|
22
|
+
block.call(instance)
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.unserialize
|
26
|
+
YAML.load_file(@@serialize_path)
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.serialize
|
30
|
+
File.open(@@serialize_path,"w") do |io|
|
31
|
+
YAML.dump(@@__acl__, io)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.serialize_path=(path)
|
36
|
+
@@serialize_path = path
|
37
|
+
end
|
38
|
+
|
39
|
+
def add_aro(aro, parents = "*")
|
40
|
+
aro_id = aro.respond_to?(:aro_id) ? aro.aro_id.to_s : aro.to_s
|
41
|
+
@aros[aro_id] = @aros[aro_id] || {:instance => Aro.new(aro_id), :parents =>{}, :children =>{}}
|
42
|
+
|
43
|
+
parents = [parents] unless parents.is_a?(Array)
|
44
|
+
parents.each do |parent|
|
45
|
+
parent_id = parent.respond_to?(:aro_id) ? parent.aro_id.to_s : parent.to_s
|
46
|
+
@aros[parent_id] = @aros[parent_id] || {:instance => Aro.new(parent_id),:parents =>{}, :children =>{}}
|
47
|
+
@aros[aro_id][:parents][parent_id] = @aros[aro_id][:parents][parent_id] || @aros[parent_id][:instance]
|
48
|
+
@aros[parent_id][:children][aro_id] = @aros[aro_id][:children][aro_id] || @aros[aro_id][:instance]
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
|
53
|
+
def add_aco(aco, parents = "*")
|
54
|
+
aco = Aco.new(aco) unless aco.respond_to?(:aco_id)
|
55
|
+
|
56
|
+
@acos[aco.aco_id] = {:instance => aco, :parents =>{}, :children =>{}}
|
57
|
+
|
58
|
+
parents = [parents] unless parents.is_a?(Array)
|
59
|
+
parents.each do |parent|
|
60
|
+
parent = Aco.new(parent) unless parent.respond_to?(:aco_id)
|
61
|
+
@acos[parent.aco_id] = @acos[parent.aco_id] || {:instance => parent,:parents =>{}, :children =>{}}
|
62
|
+
@acos[aco.aco_id][:parents][parent.aco_id] = @acos[parent.aco_id][:instance]
|
63
|
+
@acos[parent.aco_id][:children][aco.aco_id] = @acos[aco.aco_id][:instance]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def get_aco(id)
|
68
|
+
@acos[id][:instance]
|
69
|
+
end
|
70
|
+
|
71
|
+
def get_parents_of_aco(id)
|
72
|
+
@acos[id][:parents].values
|
73
|
+
end
|
74
|
+
|
75
|
+
def get_children_of_aco(id)
|
76
|
+
@acos[id] ? @acos[id][:children].values : []
|
77
|
+
end
|
78
|
+
|
79
|
+
def allow(aros = "*", acos = "*", operations = "*")
|
80
|
+
aros = [aros] unless aros.is_a?(Array)
|
81
|
+
acos = [acos] unless acos.is_a?(Array)
|
82
|
+
aros.each do |aro|
|
83
|
+
acos.each do |aco|
|
84
|
+
entry = find_one_entry(aro, aco)
|
85
|
+
entry.nil? ? @entries << WizAcl::Entry.new(aro, aco).allow(operations) : entry.allow(operations)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
def deny(aros = "*", acos = "*", operations = "*")
|
91
|
+
aros = [aros] unless aros.is_a?(Array)
|
92
|
+
acos = [acos] unless acos.is_a?(Array)
|
93
|
+
aros.each do |aro|
|
94
|
+
acos.each do |aco|
|
95
|
+
entry = find_one_entry(aro, aco)
|
96
|
+
entry.nil? ? @entries << WizAcl::Entry.new(aro, aco).deny(operations) : entry.deny(operations)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
def allowed?(aro = "*", aco = "*", operation = "*")
|
102
|
+
###
|
103
|
+
permit = dfs_permitted_by_aro(aro, aco, operation)
|
104
|
+
return permit unless permit.nil?
|
105
|
+
|
106
|
+
permit = permitted?("*", "*", operation)
|
107
|
+
return permit unless permit.nil?
|
108
|
+
end
|
109
|
+
|
110
|
+
def remove_allow(aro = "*", aco = "*", operations = "*")
|
111
|
+
entry = find_one_entry(aro,aco)
|
112
|
+
if entry && entry.privileges[operations.to_s] == :allow
|
113
|
+
entry.privileges.delete(operations.to_s)
|
114
|
+
@entries.delete(entry) if entry.privileges.empty?
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
def remove_deny(aro = "*", aco = "*", operations = "*")
|
119
|
+
entry = find_one_entry(aro,aco)
|
120
|
+
if entry && entry.privileges[operations.to_s] == :deny
|
121
|
+
entry.privileges.delete(operations.to_s)
|
122
|
+
@entries.delete(entry) if entry.privileges.empty?
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
def find_entries_by_aro(aro)
|
127
|
+
aro_id = aro.respond_to?(:aro_id) ? aro.aro_id.to_s : aro.to_s
|
128
|
+
@entries.select { |e| e.aro_id == aro_id }
|
129
|
+
end
|
130
|
+
|
131
|
+
def find_entries_by_aco(aco)
|
132
|
+
aco_id = aco.respond_to?(:aco_id) ? aco.aco_id.to_s : aco.to_s
|
133
|
+
@entries.select { |e| e.aco_id == aco_id }
|
134
|
+
end
|
135
|
+
|
136
|
+
private
|
137
|
+
|
138
|
+
def find_one_entry(aro = "*", aco = "*")
|
139
|
+
aro_id = aro.respond_to?(:aro_id) ? aro.aro_id.to_s : aro.to_s
|
140
|
+
aco_id = aco.respond_to?(:aco_id) ? aco.aco_id.to_s : aco.to_s
|
141
|
+
@entries.detect() { |e| e.aro_id == aro_id && e.aco_id == aco_id }
|
142
|
+
end
|
143
|
+
|
144
|
+
def permitted?(aro = "*", aco = "*", operation = "*")
|
145
|
+
entry = find_one_entry(aro, aco)
|
146
|
+
permit = entry.allowed?(operation) unless entry.nil?
|
147
|
+
return permit unless permit.nil?
|
148
|
+
|
149
|
+
entry = find_one_entry(aro, "*")
|
150
|
+
permit = entry.allowed?(operation) unless entry.nil?
|
151
|
+
return permit unless permit.nil?
|
152
|
+
|
153
|
+
entry = find_one_entry("*", aco)
|
154
|
+
permit = entry.allowed?(operation) unless entry.nil?
|
155
|
+
return permit unless permit.nil?
|
156
|
+
|
157
|
+
nil
|
158
|
+
end
|
159
|
+
|
160
|
+
def find_all_parents_by_aro(aro = "*")
|
161
|
+
aro_id = aro.respond_to?(:aro_id) ? aro.aro_id.to_s : aro.to_s
|
162
|
+
parents = @aros[aro_id] || {}
|
163
|
+
parents[:parents] || (aro.respond_to?(:aro_parents) ? aro.aro_parents : {})
|
164
|
+
end
|
165
|
+
|
166
|
+
def find_all_parents_by_aco(aco = "*")
|
167
|
+
aco_id = aco.respond_to?(:aco_id) ? aco.aco_id.to_s : aco.to_s
|
168
|
+
parents = @acos[aco_id] || {}
|
169
|
+
parents[:parents] || (aco.respond_to?(:aco_parents) ? aco.aco_parents : {})
|
170
|
+
end
|
171
|
+
|
172
|
+
#dfs
|
173
|
+
def dfs_permitted_by_aro(aro = "*", aco = "*", operation = "*")
|
174
|
+
permit = permitted?(aro, aco, operation)
|
175
|
+
return permit unless permit.nil?
|
176
|
+
|
177
|
+
aco_parents = find_all_parents_by_aco(aco)
|
178
|
+
aro_parents = find_all_parents_by_aro(aro)
|
179
|
+
|
180
|
+
aro_parents.each do |aro_parent_id,aro_parent|
|
181
|
+
permit = dfs_permitted_by_aro(aro_parent, aco, operation)
|
182
|
+
return permit unless permit.nil?
|
183
|
+
end
|
184
|
+
|
185
|
+
aco_parents.each do |aco_parent_id, aco_parent|
|
186
|
+
permit = dfs_permitted_by_aro(aro, aco_parent, operation)
|
187
|
+
return permit unless permit.nil?
|
188
|
+
aro_parents.each do |aro_parent_id,aro_parent|
|
189
|
+
permit = dfs_permitted_by_aro(aro_parent, aco_parent, operation)
|
190
|
+
return permit unless permit.nil?
|
191
|
+
end
|
192
|
+
end
|
193
|
+
nil
|
194
|
+
end
|
195
|
+
|
196
|
+
#bfs
|
197
|
+
def bfs_permitted_by_aro(aro = "*", aco = "*", operation = "*", queue = [])
|
198
|
+
return nil if aro.nil?
|
199
|
+
|
200
|
+
permit = permitted?(aro, aco, operation)
|
201
|
+
return permit unless permit.nil?
|
202
|
+
|
203
|
+
parents = find_all_parents_by_aro(aro)
|
204
|
+
parents.each do |parent_id, parent|
|
205
|
+
queue << parent_id
|
206
|
+
end
|
207
|
+
|
208
|
+
bfs_permitted_by_aro(queue.delete_at(0), aco, operation, queue)
|
209
|
+
end
|
210
|
+
end
|
211
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
module WizAcl
|
4
|
+
class Aco
|
5
|
+
attr_accessor :aco_id, :name
|
6
|
+
|
7
|
+
def initialize(id = "*")
|
8
|
+
@aco_id = id
|
9
|
+
end
|
10
|
+
|
11
|
+
def aro_parents
|
12
|
+
{}
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAcl
|
5
|
+
class Entry
|
6
|
+
attr_accessor :aro_id, :aco_id, :privileges
|
7
|
+
|
8
|
+
def initialize(aro = "*", aco = "*")
|
9
|
+
aro.respond_to?(:aro_id) ? @aro_id = aro.aro_id : @aro_id = aro.to_s
|
10
|
+
aco.respond_to?(:aco_id) ? @aco_id = aco.aco_id : @aco_id = aco.to_s
|
11
|
+
#{:operation => :permission}
|
12
|
+
@privileges = {}
|
13
|
+
end
|
14
|
+
|
15
|
+
def allow(operations = "*")
|
16
|
+
#@privileges << Privilege.new(operation, :allow)
|
17
|
+
privilege(operations, :allow)
|
18
|
+
return self
|
19
|
+
end
|
20
|
+
|
21
|
+
def deny(operations = "*")
|
22
|
+
#@privileges << Privilege.new(operation, :deny)
|
23
|
+
privilege(operations, :deny)
|
24
|
+
return self
|
25
|
+
end
|
26
|
+
|
27
|
+
def allowed?(operation = "*")
|
28
|
+
permission = @privileges[operation.to_s] || @privileges["*"]
|
29
|
+
return permission == :allow unless permission.nil?
|
30
|
+
nil
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def privilege(operations = "*", permission = :deny)
|
36
|
+
operations = operations.to_a unless operations.is_a?(Array)
|
37
|
+
operations.each do |operation|
|
38
|
+
@privileges[operation.to_s] = permission
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
module WizAcl
|
4
|
+
module AcoModel
|
5
|
+
def self.included(base)
|
6
|
+
base.class_eval do
|
7
|
+
include InstanceMethods
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
module InstanceMethods
|
12
|
+
def aco_id
|
13
|
+
"#{self.class.name}_#{id}"
|
14
|
+
end
|
15
|
+
|
16
|
+
def allow(aros = "*", operations = "*")
|
17
|
+
Acl.instance.allow(aros, self, operations)
|
18
|
+
end
|
19
|
+
|
20
|
+
def deny(aros = "*", operations = "*")
|
21
|
+
Acl.instance.deny(aros, self, operations)
|
22
|
+
end
|
23
|
+
|
24
|
+
def allowed?(aros = "*", operation = "*")
|
25
|
+
Acl.instance.allowed?(aros, self, operation)
|
26
|
+
end
|
27
|
+
|
28
|
+
def remove_allow(aros = "*", operations = "*")
|
29
|
+
Acl.instance.remove_allow(aros, self, operations)
|
30
|
+
end
|
31
|
+
|
32
|
+
def find_entries
|
33
|
+
Acl.instance.find_entries_by_aco(self)
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAcl
|
5
|
+
module Action
|
6
|
+
def self.included(base)
|
7
|
+
base.extend(ClassMethods)
|
8
|
+
base.class_eval do
|
9
|
+
include InstanceMethods
|
10
|
+
before_filter :allowed?
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
module ClassMethods
|
15
|
+
def allow(aros = "*", actions = "*")
|
16
|
+
Acl.instance.allow(aros, controller_name, actions)
|
17
|
+
end
|
18
|
+
|
19
|
+
def deny(aros = "*", actions = "*")
|
20
|
+
Acl.instance.allow(aros, controller_name, actions)
|
21
|
+
end
|
22
|
+
|
23
|
+
def current_aro
|
24
|
+
session[:current_user]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
module InstanceMethods
|
29
|
+
def aco_id
|
30
|
+
self.class.controller_name
|
31
|
+
end
|
32
|
+
|
33
|
+
def allow(aros = "*", actions = "*")
|
34
|
+
Acl.instance.allow(aros, self, actions)
|
35
|
+
end
|
36
|
+
|
37
|
+
def deny(aros = "*", actions = "*")
|
38
|
+
Acl.instance.deny(aros, self, actions)
|
39
|
+
end
|
40
|
+
|
41
|
+
def allowed?
|
42
|
+
Acl.instance.allowed?(self.class.current_aro, self, action_name)
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAcl
|
5
|
+
module AroModel
|
6
|
+
def self.included(base)
|
7
|
+
base.class_eval do
|
8
|
+
include InstanceMethods
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
module ClassMethods
|
13
|
+
def allow(acos = "*", operations = "*")
|
14
|
+
Acl.instance.allow(self.name, acos, operations)
|
15
|
+
end
|
16
|
+
|
17
|
+
def deny(acos = "*", operations = "*")
|
18
|
+
Acl.instance.allow(self.name, acos, operations)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
module InstanceMethods
|
23
|
+
def aro_id
|
24
|
+
"#{self.class.name}_#{id}"
|
25
|
+
end
|
26
|
+
|
27
|
+
def allow(acos = "*", operations = "*")
|
28
|
+
Acl.instance.allow(self, acos, operations)
|
29
|
+
end
|
30
|
+
|
31
|
+
def deny(acos = "*", operations = "*")
|
32
|
+
Acl.instance.allow(self, acos, operations)
|
33
|
+
end
|
34
|
+
|
35
|
+
def allowed?(acos = "*", operation = "*")
|
36
|
+
Acl.instance.allowed?(self, acos, operation) || Acl.instance.allowed?(self.class.name, acos, operation)
|
37
|
+
end
|
38
|
+
|
39
|
+
def find_entries
|
40
|
+
Acl.instance.find_entries_by_aro(self)
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module WizAcl
|
2
|
+
class MenuItem < Aco
|
3
|
+
attr_accessor :url
|
4
|
+
alias_attribute :id, :aco_id
|
5
|
+
|
6
|
+
def initialize(attributes = {})
|
7
|
+
attributes.each do |name, value|
|
8
|
+
send("#{name}=", value)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
def add(attributes = nil)
|
13
|
+
acl = WizAcl::Acl.instance
|
14
|
+
case attributes
|
15
|
+
when Hash
|
16
|
+
acl.add_aco(WizAcl::MenuItem.new(attributes), self)
|
17
|
+
when Array
|
18
|
+
attributes.each do |attribute|
|
19
|
+
add(attribute)
|
20
|
+
end
|
21
|
+
when WizAcl::Aco
|
22
|
+
acl.add_aco(attributes, self)
|
23
|
+
else
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class AuthcInfo
|
6
|
+
attr_accessor :principal, :credentials, :authenticated
|
7
|
+
def initialize(principal = nil, credentials = nil, authenticated = false)
|
8
|
+
@principal = principal
|
9
|
+
@credentials = credentials
|
10
|
+
@state = :fail
|
11
|
+
@authenticated = authenticated
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class Authenticator
|
6
|
+
include Singleton
|
7
|
+
|
8
|
+
attr_accessor :storage
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
@storage = Thread.current[:identity]
|
12
|
+
end
|
13
|
+
|
14
|
+
#return authentication
|
15
|
+
def authenticate(realm)
|
16
|
+
authentication = realm.authenticate()
|
17
|
+
if authenticated?
|
18
|
+
storage = nil
|
19
|
+
end
|
20
|
+
if authentication.authenticated?
|
21
|
+
storage = authentication.identity
|
22
|
+
end
|
23
|
+
return authentication
|
24
|
+
end
|
25
|
+
|
26
|
+
def authenticated?
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
module WizAuthc
|
4
|
+
module Filter
|
5
|
+
def self.included(base)
|
6
|
+
base.extend(ClassMethods)
|
7
|
+
base.class_eval do
|
8
|
+
attr_accessor :current
|
9
|
+
include InstanceMethods
|
10
|
+
before_filter :activate_wiz_auth
|
11
|
+
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
module ClassMethods
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
|
20
|
+
module InstanceMethods
|
21
|
+
|
22
|
+
def authenticated?
|
23
|
+
WizAuthc::SecurityContext.current.authenticated?
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
def activate_wiz_auth
|
28
|
+
p self.session.to_s
|
29
|
+
WizAuthc::SecurityContext.init(self)
|
30
|
+
@current = WizAuthc::SecurityContext.current
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
module AuthcRealm
|
6
|
+
def self.included(base)
|
7
|
+
base.extend(ClassMethods)
|
8
|
+
base.class_eval do
|
9
|
+
include InstanceMethods
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module ClassMethods
|
14
|
+
def find_one_by_principal(principal)
|
15
|
+
first(:conditions => {:login => principal})
|
16
|
+
end
|
17
|
+
|
18
|
+
def authenticate(token, remembered = false)
|
19
|
+
user = find_one_by_principal(token.principal)
|
20
|
+
info = AuthcInfo.new()
|
21
|
+
if user && user.authenticate(token.credentials)
|
22
|
+
info.principal = {:identity => user.id, :type => user.class}
|
23
|
+
info.credentials = token.credentials
|
24
|
+
info.authenticated = true
|
25
|
+
end
|
26
|
+
return info
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
module InstanceMethods
|
31
|
+
attr_accessor :password, :password_confirmation
|
32
|
+
|
33
|
+
def authenticate(credential = nil)
|
34
|
+
self.credential == encrypt(credential)
|
35
|
+
end
|
36
|
+
|
37
|
+
# Encrypts the password with the user salt
|
38
|
+
def encrypt(password)
|
39
|
+
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
|
40
|
+
end
|
41
|
+
|
42
|
+
def encrypt_password
|
43
|
+
self.password = '123456' if password.blank?
|
44
|
+
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
|
45
|
+
self.crypted_password = encrypt(password)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
module RealmModel
|
6
|
+
def self.included(base)
|
7
|
+
base.extend(ClassMethods)
|
8
|
+
base.class_eval do
|
9
|
+
include InstanceMethods
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
module ClassMethods
|
14
|
+
# @@realm_map = {:principal => :name, :credential => :password, :remembered => false}
|
15
|
+
#:credential
|
16
|
+
# :principal
|
17
|
+
# :remembered
|
18
|
+
# @@realm_map = {}
|
19
|
+
|
20
|
+
# def set_realm_map(options = nil)
|
21
|
+
# # return unless options.is_a?(Hash)
|
22
|
+
# @@realm_map = @@realm_map.merge(options)
|
23
|
+
# # principal = options[:principal]
|
24
|
+
# # alias principal :principal
|
25
|
+
# # credential = options[:credential]
|
26
|
+
# # alias credential :credential
|
27
|
+
#
|
28
|
+
# end
|
29
|
+
#
|
30
|
+
# def get_realm_map
|
31
|
+
# @@realm_map
|
32
|
+
# end
|
33
|
+
#overide
|
34
|
+
def find_one_by_principal(principal)
|
35
|
+
where(:login => principal).first
|
36
|
+
end
|
37
|
+
|
38
|
+
def authenticate(principal=nil, credential=nil, remembered = false)
|
39
|
+
user = find_one_by_principal(principal)
|
40
|
+
p user
|
41
|
+
p principal
|
42
|
+
user && user.authenticate(credential) ? user : nil
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
46
|
+
|
47
|
+
module InstanceMethods
|
48
|
+
#attr_accessor :password, :password_confirmation
|
49
|
+
def authenticate(credential = nil)
|
50
|
+
self.credential == encrypt(credential)
|
51
|
+
# realm_map = self.class.get_realm_map
|
52
|
+
# my_principal = realm_map[:principal]
|
53
|
+
# my_credential = realm_map[:credential]
|
54
|
+
# if self.respond_to?(my_principal) && self.respond_to?(my_credential)
|
55
|
+
# if principal == self.send(my_principal) && credential == self.send(my_credential)
|
56
|
+
# return self.send(my_principal)
|
57
|
+
# end
|
58
|
+
# end
|
59
|
+
end
|
60
|
+
|
61
|
+
# attr_accessor :password, :password_confirmation
|
62
|
+
|
63
|
+
|
64
|
+
|
65
|
+
# Encrypts the password with the user salt
|
66
|
+
def encrypt(password)
|
67
|
+
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
|
68
|
+
end
|
69
|
+
|
70
|
+
def encrypt_password
|
71
|
+
if new_record?
|
72
|
+
self.password = '123456' if self.password.blank?
|
73
|
+
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
|
74
|
+
self.password = encrypt(self.password)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class SecurityContext
|
6
|
+
# @@ip = "0.0.0.0"
|
7
|
+
# @@contexts = {}
|
8
|
+
class << self
|
9
|
+
def env
|
10
|
+
Thread.current[:security_env_key]
|
11
|
+
end
|
12
|
+
|
13
|
+
def env=(value)
|
14
|
+
Thread.current[:security_env_key] = value
|
15
|
+
end
|
16
|
+
|
17
|
+
# def context
|
18
|
+
# Thread.current[:security_context_key]
|
19
|
+
# end
|
20
|
+
|
21
|
+
def current=(value)
|
22
|
+
# Thread.current[:security_context_key] = value
|
23
|
+
Thread.current[:security_contexts_key] = value
|
24
|
+
end
|
25
|
+
|
26
|
+
def session
|
27
|
+
env.session[:security_session_key] ||= {}
|
28
|
+
end
|
29
|
+
#
|
30
|
+
# def session=(value)
|
31
|
+
# Thread.current[:security_session_key] = value
|
32
|
+
# end
|
33
|
+
|
34
|
+
def current
|
35
|
+
Thread.current[:security_contexts_key]
|
36
|
+
end
|
37
|
+
|
38
|
+
def init(env)
|
39
|
+
self.env = env
|
40
|
+
self.current = Core::Account.new(self.session)
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
|
45
|
+
|
46
|
+
|
47
|
+
#--------------------------
|
48
|
+
|
49
|
+
def authenticate(realm, token)
|
50
|
+
authc_info = realm.authenticate(token)
|
51
|
+
# ctx = self.current
|
52
|
+
# unless ctx
|
53
|
+
# session = ctx.session
|
54
|
+
# end
|
55
|
+
ctx = self.new(authc_info.principal, authc_info.authenticated, env.session)
|
56
|
+
# env.session[:security_contexts_key] = ctx
|
57
|
+
self.current = ctx
|
58
|
+
end
|
59
|
+
|
60
|
+
|
61
|
+
end
|
62
|
+
|
63
|
+
attr_accessor :principal, :authenticated, :session
|
64
|
+
|
65
|
+
def initialize(principal, authenticated = nil, session = nil, ip = nil)
|
66
|
+
@principal = principal || nil
|
67
|
+
@authenticated = authenticated || false
|
68
|
+
@session = session
|
69
|
+
@ip = ip || "0.0.0.0"
|
70
|
+
@actived = false
|
71
|
+
end
|
72
|
+
|
73
|
+
def authenticated?
|
74
|
+
@authenticated
|
75
|
+
end
|
76
|
+
|
77
|
+
def user
|
78
|
+
@principal[:type].constantize.find(@principal[:identity])
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
module WizAuthc
|
4
|
+
class SecuritySession
|
5
|
+
def initialize
|
6
|
+
|
7
|
+
end
|
8
|
+
|
9
|
+
class << self
|
10
|
+
def controller=(value)
|
11
|
+
Thread.current[:wiz_auth_controller] = value
|
12
|
+
end
|
13
|
+
|
14
|
+
## The current controller object
|
15
|
+
def controller
|
16
|
+
Thread.current[:wiz_auth_controller]
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
def controller
|
22
|
+
self.class.controller
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class FormToken < AuthcToken
|
6
|
+
def initialize(login_name, password)
|
7
|
+
self.principal = login_name
|
8
|
+
self.credentials = password
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class RailsEnv < WebEnv
|
6
|
+
def session
|
7
|
+
self.env.session
|
8
|
+
end
|
9
|
+
|
10
|
+
def cookies
|
11
|
+
self.env.send(:cookies)
|
12
|
+
end
|
13
|
+
|
14
|
+
def request
|
15
|
+
self.env.request
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# To change this template, choose Tools | Templates
|
2
|
+
# and open the template in the editor.
|
3
|
+
|
4
|
+
module WizAuthc
|
5
|
+
class WebEnv
|
6
|
+
attr_accessor :env
|
7
|
+
|
8
|
+
#env = controller
|
9
|
+
def initialize(env)
|
10
|
+
@env = env
|
11
|
+
end
|
12
|
+
|
13
|
+
# def session
|
14
|
+
#
|
15
|
+
# end
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
data/wizdog.gemspec
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "wizdog/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "wizdog"
|
7
|
+
s.version = Wizdog::VERSION
|
8
|
+
s.authors = ["songgz"]
|
9
|
+
s.email = ["sgzhe@163.com"]
|
10
|
+
s.homepage = "http://github.com/songgz/wizdog"
|
11
|
+
s.summary = "Flexible authentication solution for Rails"
|
12
|
+
s.description = "Flexible authentication solution for Rails"
|
13
|
+
|
14
|
+
s.rubyforge_project = "wizdog"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
# specify any dependencies here; for example:
|
22
|
+
# s.add_development_dependency "rspec"
|
23
|
+
# s.add_runtime_dependency "rest-client"
|
24
|
+
end
|
metadata
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: wizdog
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- songgz
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-04-12 00:00:00.000000000 Z
|
13
|
+
dependencies: []
|
14
|
+
description: Flexible authentication solution for Rails
|
15
|
+
email:
|
16
|
+
- sgzhe@163.com
|
17
|
+
executables: []
|
18
|
+
extensions: []
|
19
|
+
extra_rdoc_files: []
|
20
|
+
files:
|
21
|
+
- .gitignore
|
22
|
+
- Gemfile
|
23
|
+
- Rakefile
|
24
|
+
- lib/wizdog.rb
|
25
|
+
- lib/wizdog/acl/acl.rb
|
26
|
+
- lib/wizdog/acl/aco.rb
|
27
|
+
- lib/wizdog/acl/aro.rb
|
28
|
+
- lib/wizdog/acl/entry.rb
|
29
|
+
- lib/wizdog/acl/ext/aco_model.rb
|
30
|
+
- lib/wizdog/acl/ext/action.rb
|
31
|
+
- lib/wizdog/acl/ext/aro_model.rb
|
32
|
+
- lib/wizdog/acl/menu_item.rb
|
33
|
+
- lib/wizdog/authc/authc_info.rb
|
34
|
+
- lib/wizdog/authc/authenticator.rb
|
35
|
+
- lib/wizdog/authc/filter.rb
|
36
|
+
- lib/wizdog/authc/realm/authc_realm.rb
|
37
|
+
- lib/wizdog/authc/realm/realm.rb
|
38
|
+
- lib/wizdog/authc/realm_model.rb
|
39
|
+
- lib/wizdog/authc/security_context.rb
|
40
|
+
- lib/wizdog/authc/security_session.rb
|
41
|
+
- lib/wizdog/authc/token/authc_token.rb
|
42
|
+
- lib/wizdog/authc/token/form_token.rb
|
43
|
+
- lib/wizdog/authc/web/rails_env.rb
|
44
|
+
- lib/wizdog/authc/web/web_env.rb
|
45
|
+
- lib/wizdog/menu/menu.rb
|
46
|
+
- lib/wizdog/version.rb
|
47
|
+
- wizdog.gemspec
|
48
|
+
homepage: http://github.com/songgz/wizdog
|
49
|
+
licenses: []
|
50
|
+
post_install_message:
|
51
|
+
rdoc_options: []
|
52
|
+
require_paths:
|
53
|
+
- lib
|
54
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
55
|
+
none: false
|
56
|
+
requirements:
|
57
|
+
- - ! '>='
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: '0'
|
60
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ! '>='
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '0'
|
66
|
+
requirements: []
|
67
|
+
rubyforge_project: wizdog
|
68
|
+
rubygems_version: 1.8.21
|
69
|
+
signing_key:
|
70
|
+
specification_version: 3
|
71
|
+
summary: Flexible authentication solution for Rails
|
72
|
+
test_files: []
|