From 336965d8459eac807cabcf7a0f536b6dde57667a Mon Sep 17 00:00:00 2001 From: Andrew Tomaka Date: Sat, 13 Apr 2013 01:35:18 -0400 Subject: [PATCH] Add custom Devise authentication strategy for Kerberos --- config/application.rb | 1 + config/initializers/devise.rb | 4 ++++ lib/custom_auth.rb | 36 +++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 lib/custom_auth.rb diff --git a/config/application.rb b/config/application.rb index f33fb55..b34cdb2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -17,6 +17,7 @@ module MsuCourseAlerter # Custom directories with classes and modules you want to be autoloadable. # config.autoload_paths += %W(#{config.root}/extras) + config.autoload_paths += %W(#{config.root}/lib) # Only load the plugins named here, in the order given (default is alphabetical). # :all can be used as a placeholder for all plugins not explicitly named. diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d2b2cfe..c455f22 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -223,6 +223,10 @@ Devise.setup do |config| # manager.intercept_401 = false # manager.default_strategies(:scope => :user).unshift :some_external_strategy # end + config.warden do |manager| + manager.strategies.add(:kerb, CustomAuth::Devise::Strategies::Kerb) + manager.default_strategies :kerb + end # ==> Mountable engine configurations # When using Devise inside an engine, let's call it `MyEngine`, and this engine diff --git a/lib/custom_auth.rb b/lib/custom_auth.rb new file mode 100644 index 0000000..dc63362 --- /dev/null +++ b/lib/custom_auth.rb @@ -0,0 +1,36 @@ +module CustomAuth + module Devise + module Strategies + class Kerb < ::Devise::Strategies::Base + def valid? + params[:user] && (params[:user][:username] || params[:user][:password]) + end + + def authenticate! + if check_kerb_auth(params[:username], params[:password]) + u = User.find(:first, + :conditions => { :username => params[:username] }) || + User.create({ :username => login } + ) + else + fail!("Could not log in") + end + end + + def check_kerb_auth(username, password) + require 'krb5_auth' + include Krb5Auth + + return false if username.blank? or password.blank? + + begin + kerberos = Krb5.new + return kerberos.get_init_creds_password(username, password) + rescue Krb5Auth::Krb5::Exception + return false + end + end + end + end + end +end