1
0
Fork 0

Add custom Devise authentication strategy for Kerberos

This commit is contained in:
Andrew Tomaka 2013-04-13 01:35:18 -04:00
parent 677ad9ae2b
commit 336965d845
3 changed files with 41 additions and 0 deletions

View file

@ -17,6 +17,7 @@ module MsuCourseAlerter
# Custom directories with classes and modules you want to be autoloadable. # Custom directories with classes and modules you want to be autoloadable.
# config.autoload_paths += %W(#{config.root}/extras) # config.autoload_paths += %W(#{config.root}/extras)
config.autoload_paths += %W(#{config.root}/lib)
# Only load the plugins named here, in the order given (default is alphabetical). # Only load the plugins named here, in the order given (default is alphabetical).
# :all can be used as a placeholder for all plugins not explicitly named. # :all can be used as a placeholder for all plugins not explicitly named.

View file

@ -223,6 +223,10 @@ Devise.setup do |config|
# manager.intercept_401 = false # manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy # manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end # end
config.warden do |manager|
manager.strategies.add(:kerb, CustomAuth::Devise::Strategies::Kerb)
manager.default_strategies :kerb
end
# ==> Mountable engine configurations # ==> Mountable engine configurations
# When using Devise inside an engine, let's call it `MyEngine`, and this engine # When using Devise inside an engine, let's call it `MyEngine`, and this engine

36
lib/custom_auth.rb Normal file
View file

@ -0,0 +1,36 @@
module CustomAuth
module Devise
module Strategies
class Kerb < ::Devise::Strategies::Base
def valid?
params[:user] && (params[:user][:username] || params[:user][:password])
end
def authenticate!
if check_kerb_auth(params[:username], params[:password])
u = User.find(:first,
:conditions => { :username => params[:username] }) ||
User.create({ :username => login }
)
else
fail!("Could not log in")
end
end
def check_kerb_auth(username, password)
require 'krb5_auth'
include Krb5Auth
return false if username.blank? or password.blank?
begin
kerberos = Krb5.new
return kerberos.get_init_creds_password(username, password)
rescue Krb5Auth::Krb5::Exception
return false
end
end
end
end
end
end