diff --git a/Gemfile b/Gemfile index d1962a8..c415bcf 100644 --- a/Gemfile +++ b/Gemfile @@ -10,7 +10,9 @@ gem 'sqlite3' gem 'thin' gem 'devise' - +gem 'devise_pam_authenticatable', + :git => 'git://github.com/atomaka/devise_pam_authenticatable.git', + :branch => 'ruby19-update' gem 'cancan' diff --git a/Gemfile.lock b/Gemfile.lock index 3e48fa1..bf864f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,11 @@ +GIT + remote: git://github.com/atomaka/devise_pam_authenticatable.git + revision: 0f735fbb3926a46b649c5ef1fa35a7dcd0d6d1f8 + branch: ruby19-update + specs: + devise_pam_authenticatable (1.0.3) + rpam-ruby19 + GEM remote: https://rubygems.org/ specs: @@ -127,6 +135,7 @@ GEM rake (10.0.4) rdoc (3.12.2) json (~> 1.4) + rpam-ruby19 (1.2.1) ruby2ruby (2.0.3) ruby_parser (~> 3.1) sexp_processor (~> 4.0) @@ -181,6 +190,7 @@ DEPENDENCIES cancan coffee-rails (~> 3.2.1) devise + devise_pam_authenticatable! jquery-rails less-rails meta_request diff --git a/README.md b/README.md new file mode 100644 index 0000000..088792a --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +sudo apt-get install libpam0g-dev + +/etc/pam.d/rpam: + +auth sufficient pam_krb5.so +account sufficient pam_permit.so \ No newline at end of file diff --git a/README.rdoc b/README.rdoc deleted file mode 100644 index 7c36f23..0000000 --- a/README.rdoc +++ /dev/null @@ -1,261 +0,0 @@ -== Welcome to Rails - -Rails is a web-application framework that includes everything needed to create -database-backed web applications according to the Model-View-Control pattern. - -This pattern splits the view (also called the presentation) into "dumb" -templates that are primarily responsible for inserting pre-built data in between -HTML tags. The model contains the "smart" domain objects (such as Account, -Product, Person, Post) that holds all the business logic and knows how to -persist themselves to a database. The controller handles the incoming requests -(such as Save New Account, Update Product, Show Post) by manipulating the model -and directing data to the view. - -In Rails, the model is handled by what's called an object-relational mapping -layer entitled Active Record. This layer allows you to present the data from -database rows as objects and embellish these data objects with business logic -methods. You can read more about Active Record in -link:files/vendor/rails/activerecord/README.html. - -The controller and view are handled by the Action Pack, which handles both -layers by its two parts: Action View and Action Controller. These two layers -are bundled in a single package due to their heavy interdependence. This is -unlike the relationship between the Active Record and Action Pack that is much -more separate. Each of these packages can be used independently outside of -Rails. You can read more about Action Pack in -link:files/vendor/rails/actionpack/README.html. - - -== Getting Started - -1. At the command prompt, create a new Rails application: - rails new myapp (where myapp is the application name) - -2. Change directory to myapp and start the web server: - cd myapp; rails server (run with --help for options) - -3. Go to http://localhost:3000/ and you'll see: - "Welcome aboard: You're riding Ruby on Rails!" - -4. Follow the guidelines to start developing your application. You can find -the following resources handy: - -* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html -* Ruby on Rails Tutorial Book: http://www.railstutorial.org/ - - -== Debugging Rails - -Sometimes your application goes wrong. Fortunately there are a lot of tools that -will help you debug it and get it back on the rails. - -First area to check is the application log files. Have "tail -f" commands -running on the server.log and development.log. Rails will automatically display -debugging and runtime information to these files. Debugging info will also be -shown in the browser on requests from 127.0.0.1. - -You can also log your own messages directly into the log file from your code -using the Ruby logger class from inside your controllers. Example: - - class WeblogController < ActionController::Base - def destroy - @weblog = Weblog.find(params[:id]) - @weblog.destroy - logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!") - end - end - -The result will be a message in your log file along the lines of: - - Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1! - -More information on how to use the logger is at http://www.ruby-doc.org/core/ - -Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are -several books available online as well: - -* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe) -* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide) - -These two books will bring you up to speed on the Ruby language and also on -programming in general. - - -== Debugger - -Debugger support is available through the debugger command when you start your -Mongrel or WEBrick server with --debugger. This means that you can break out of -execution at any point in the code, investigate and change the model, and then, -resume execution! You need to install ruby-debug to run the server in debugging -mode. With gems, use sudo gem install ruby-debug. Example: - - class WeblogController < ActionController::Base - def index - @posts = Post.all - debugger - end - end - -So the controller will accept the action, run the first line, then present you -with a IRB prompt in the server window. Here you can do things like: - - >> @posts.inspect - => "[#nil, "body"=>nil, "id"=>"1"}>, - #"Rails", "body"=>"Only ten..", "id"=>"2"}>]" - >> @posts.first.title = "hello from a debugger" - => "hello from a debugger" - -...and even better, you can examine how your runtime objects actually work: - - >> f = @posts.first - => #nil, "body"=>nil, "id"=>"1"}> - >> f. - Display all 152 possibilities? (y or n) - -Finally, when you're ready to resume execution, you can enter "cont". - - -== Console - -The console is a Ruby shell, which allows you to interact with your -application's domain model. Here you'll have all parts of the application -configured, just like it is when the application is running. You can inspect -domain models, change values, and save to the database. Starting the script -without arguments will launch it in the development environment. - -To start the console, run rails console from the application -directory. - -Options: - -* Passing the -s, --sandbox argument will rollback any modifications - made to the database. -* Passing an environment name as an argument will load the corresponding - environment. Example: rails console production. - -To reload your controllers and models after launching the console run -reload! - -More information about irb can be found at: -link:http://www.rubycentral.org/pickaxe/irb.html - - -== dbconsole - -You can go to the command line of your database directly through rails -dbconsole. You would be connected to the database with the credentials -defined in database.yml. Starting the script without arguments will connect you -to the development database. Passing an argument will connect you to a different -database, like rails dbconsole production. Currently works for MySQL, -PostgreSQL and SQLite 3. - -== Description of Contents - -The default directory structure of a generated Ruby on Rails application: - - |-- app - | |-- assets - | |-- images - | |-- javascripts - | `-- stylesheets - | |-- controllers - | |-- helpers - | |-- mailers - | |-- models - | `-- views - | `-- layouts - |-- config - | |-- environments - | |-- initializers - | `-- locales - |-- db - |-- doc - |-- lib - | `-- tasks - |-- log - |-- public - |-- script - |-- test - | |-- fixtures - | |-- functional - | |-- integration - | |-- performance - | `-- unit - |-- tmp - | |-- cache - | |-- pids - | |-- sessions - | `-- sockets - `-- vendor - |-- assets - `-- stylesheets - `-- plugins - -app - Holds all the code that's specific to this particular application. - -app/assets - Contains subdirectories for images, stylesheets, and JavaScript files. - -app/controllers - Holds controllers that should be named like weblogs_controller.rb for - automated URL mapping. All controllers should descend from - ApplicationController which itself descends from ActionController::Base. - -app/models - Holds models that should be named like post.rb. Models descend from - ActiveRecord::Base by default. - -app/views - Holds the template files for the view that should be named like - weblogs/index.html.erb for the WeblogsController#index action. All views use - eRuby syntax by default. - -app/views/layouts - Holds the template files for layouts to be used with views. This models the - common header/footer method of wrapping views. In your views, define a layout - using the layout :default and create a file named default.html.erb. - Inside default.html.erb, call <% yield %> to render the view using this - layout. - -app/helpers - Holds view helpers that should be named like weblogs_helper.rb. These are - generated for you automatically when using generators for controllers. - Helpers can be used to wrap functionality for your views into methods. - -config - Configuration files for the Rails environment, the routing map, the database, - and other dependencies. - -db - Contains the database schema in schema.rb. db/migrate contains all the - sequence of Migrations for your schema. - -doc - This directory is where your application documentation will be stored when - generated using rake doc:app - -lib - Application specific libraries. Basically, any kind of custom code that - doesn't belong under controllers, models, or helpers. This directory is in - the load path. - -public - The directory available for the web server. Also contains the dispatchers and the - default HTML files. This should be set as the DOCUMENT_ROOT of your web - server. - -script - Helper scripts for automation and generation. - -test - Unit and functional tests along with fixtures. When using the rails generate - command, template test files will be generated for you and placed in this - directory. - -vendor - External libraries that the application depends on. Also includes the plugins - subdirectory. If the app has frozen rails, those gems also go here, under - vendor/rails/. This directory is in the load path. diff --git a/app/models/user.rb b/app/models/user.rb index 02543cc..02717d9 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,10 +2,11 @@ class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :confirmable, # :lockable, :timeoutable and :omniauthable - devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :trackable, :validatable + devise :database_authenticatable, :rememberable, :trackable, :validatable, + :pam_authenticatable # Setup accessible (or protected) attributes for your model attr_accessible :email, :password, :password_confirmation, :remember_me + attr_accessible :username # attr_accessible :title, :body end diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f9bc2c1..3d526fb 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,8 +1,8 @@

Sign in

<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %> -
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+
<%= f.label :username %>
+ <%= f.text_field :username, :autofocus => true %>
<%= f.label :password %>
<%= f.password_field :password %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 3c56e94..9711eda 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -54,9 +54,6 @@ <% else %>
  • <%= link_to "Sign in", new_user_session_path, :method => :get %>
  • -
  • <%= link_to "Register", new_user_registration_path, - :method => :get %>
  • - <% end %> diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d2b2cfe..fa4f494 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -23,7 +23,7 @@ Devise.setup do |config| # session. If you need permissions, you should implement that in a before filter. # You can also supply a hash where the value is a boolean determining whether # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [ :email ] + config.authentication_keys = [ :username ] # Configure parameters from the request object used for authentication. Each entry # given should be a request method and it will automatically be passed to the diff --git a/db/migrate/20130413054153_add_username_to_users.rb b/db/migrate/20130413054153_add_username_to_users.rb new file mode 100644 index 0000000..3b71a27 --- /dev/null +++ b/db/migrate/20130413054153_add_username_to_users.rb @@ -0,0 +1,5 @@ +class AddUsernameToUsers < ActiveRecord::Migration + def change + add_column :users, :username, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 5c80be9..41b8f56 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20130412012722) do +ActiveRecord::Schema.define(:version => 20130413054153) do create_table "alerts", :force => true do |t| t.integer "user_id" @@ -55,6 +55,7 @@ ActiveRecord::Schema.define(:version => 20130412012722) do t.string "last_sign_in_ip" t.datetime "created_at", :null => false t.datetime "updated_at", :null => false + t.string "username" end add_index "users", ["email"], :name => "index_users_on_email", :unique => true diff --git a/lib/custom_auth.rb b/lib/custom_auth.rb new file mode 100644 index 0000000..dc63362 --- /dev/null +++ b/lib/custom_auth.rb @@ -0,0 +1,36 @@ +module CustomAuth + module Devise + module Strategies + class Kerb < ::Devise::Strategies::Base + def valid? + params[:user] && (params[:user][:username] || params[:user][:password]) + end + + def authenticate! + if check_kerb_auth(params[:username], params[:password]) + u = User.find(:first, + :conditions => { :username => params[:username] }) || + User.create({ :username => login } + ) + else + fail!("Could not log in") + end + end + + def check_kerb_auth(username, password) + require 'krb5_auth' + include Krb5Auth + + return false if username.blank? or password.blank? + + begin + kerberos = Krb5.new + return kerberos.get_init_creds_password(username, password) + rescue Krb5Auth::Krb5::Exception + return false + end + end + end + end + end +end