Merge branch 'feature-kerberos_authentication'
This commit is contained in:
commit
33894326ee
4
Gemfile
4
Gemfile
|
@ -10,7 +10,9 @@ gem 'sqlite3'
|
||||||
gem 'thin'
|
gem 'thin'
|
||||||
|
|
||||||
gem 'devise'
|
gem 'devise'
|
||||||
|
gem 'devise_pam_authenticatable',
|
||||||
|
:git => 'git://github.com/atomaka/devise_pam_authenticatable.git',
|
||||||
|
:branch => 'ruby19-update'
|
||||||
gem 'cancan'
|
gem 'cancan'
|
||||||
|
|
||||||
|
|
||||||
|
|
10
Gemfile.lock
10
Gemfile.lock
|
@ -1,3 +1,11 @@
|
||||||
|
GIT
|
||||||
|
remote: git://github.com/atomaka/devise_pam_authenticatable.git
|
||||||
|
revision: 0f735fbb3926a46b649c5ef1fa35a7dcd0d6d1f8
|
||||||
|
branch: ruby19-update
|
||||||
|
specs:
|
||||||
|
devise_pam_authenticatable (1.0.3)
|
||||||
|
rpam-ruby19
|
||||||
|
|
||||||
GEM
|
GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
|
@ -127,6 +135,7 @@ GEM
|
||||||
rake (10.0.4)
|
rake (10.0.4)
|
||||||
rdoc (3.12.2)
|
rdoc (3.12.2)
|
||||||
json (~> 1.4)
|
json (~> 1.4)
|
||||||
|
rpam-ruby19 (1.2.1)
|
||||||
ruby2ruby (2.0.3)
|
ruby2ruby (2.0.3)
|
||||||
ruby_parser (~> 3.1)
|
ruby_parser (~> 3.1)
|
||||||
sexp_processor (~> 4.0)
|
sexp_processor (~> 4.0)
|
||||||
|
@ -181,6 +190,7 @@ DEPENDENCIES
|
||||||
cancan
|
cancan
|
||||||
coffee-rails (~> 3.2.1)
|
coffee-rails (~> 3.2.1)
|
||||||
devise
|
devise
|
||||||
|
devise_pam_authenticatable!
|
||||||
jquery-rails
|
jquery-rails
|
||||||
less-rails
|
less-rails
|
||||||
meta_request
|
meta_request
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
sudo apt-get install libpam0g-dev
|
||||||
|
|
||||||
|
/etc/pam.d/rpam:
|
||||||
|
|
||||||
|
auth sufficient pam_krb5.so
|
||||||
|
account sufficient pam_permit.so
|
261
README.rdoc
261
README.rdoc
|
@ -1,261 +0,0 @@
|
||||||
== Welcome to Rails
|
|
||||||
|
|
||||||
Rails is a web-application framework that includes everything needed to create
|
|
||||||
database-backed web applications according to the Model-View-Control pattern.
|
|
||||||
|
|
||||||
This pattern splits the view (also called the presentation) into "dumb"
|
|
||||||
templates that are primarily responsible for inserting pre-built data in between
|
|
||||||
HTML tags. The model contains the "smart" domain objects (such as Account,
|
|
||||||
Product, Person, Post) that holds all the business logic and knows how to
|
|
||||||
persist themselves to a database. The controller handles the incoming requests
|
|
||||||
(such as Save New Account, Update Product, Show Post) by manipulating the model
|
|
||||||
and directing data to the view.
|
|
||||||
|
|
||||||
In Rails, the model is handled by what's called an object-relational mapping
|
|
||||||
layer entitled Active Record. This layer allows you to present the data from
|
|
||||||
database rows as objects and embellish these data objects with business logic
|
|
||||||
methods. You can read more about Active Record in
|
|
||||||
link:files/vendor/rails/activerecord/README.html.
|
|
||||||
|
|
||||||
The controller and view are handled by the Action Pack, which handles both
|
|
||||||
layers by its two parts: Action View and Action Controller. These two layers
|
|
||||||
are bundled in a single package due to their heavy interdependence. This is
|
|
||||||
unlike the relationship between the Active Record and Action Pack that is much
|
|
||||||
more separate. Each of these packages can be used independently outside of
|
|
||||||
Rails. You can read more about Action Pack in
|
|
||||||
link:files/vendor/rails/actionpack/README.html.
|
|
||||||
|
|
||||||
|
|
||||||
== Getting Started
|
|
||||||
|
|
||||||
1. At the command prompt, create a new Rails application:
|
|
||||||
<tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
|
|
||||||
|
|
||||||
2. Change directory to <tt>myapp</tt> and start the web server:
|
|
||||||
<tt>cd myapp; rails server</tt> (run with --help for options)
|
|
||||||
|
|
||||||
3. Go to http://localhost:3000/ and you'll see:
|
|
||||||
"Welcome aboard: You're riding Ruby on Rails!"
|
|
||||||
|
|
||||||
4. Follow the guidelines to start developing your application. You can find
|
|
||||||
the following resources handy:
|
|
||||||
|
|
||||||
* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
|
|
||||||
* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
|
|
||||||
|
|
||||||
|
|
||||||
== Debugging Rails
|
|
||||||
|
|
||||||
Sometimes your application goes wrong. Fortunately there are a lot of tools that
|
|
||||||
will help you debug it and get it back on the rails.
|
|
||||||
|
|
||||||
First area to check is the application log files. Have "tail -f" commands
|
|
||||||
running on the server.log and development.log. Rails will automatically display
|
|
||||||
debugging and runtime information to these files. Debugging info will also be
|
|
||||||
shown in the browser on requests from 127.0.0.1.
|
|
||||||
|
|
||||||
You can also log your own messages directly into the log file from your code
|
|
||||||
using the Ruby logger class from inside your controllers. Example:
|
|
||||||
|
|
||||||
class WeblogController < ActionController::Base
|
|
||||||
def destroy
|
|
||||||
@weblog = Weblog.find(params[:id])
|
|
||||||
@weblog.destroy
|
|
||||||
logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
The result will be a message in your log file along the lines of:
|
|
||||||
|
|
||||||
Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
|
|
||||||
|
|
||||||
More information on how to use the logger is at http://www.ruby-doc.org/core/
|
|
||||||
|
|
||||||
Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
|
|
||||||
several books available online as well:
|
|
||||||
|
|
||||||
* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
|
|
||||||
* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
|
|
||||||
|
|
||||||
These two books will bring you up to speed on the Ruby language and also on
|
|
||||||
programming in general.
|
|
||||||
|
|
||||||
|
|
||||||
== Debugger
|
|
||||||
|
|
||||||
Debugger support is available through the debugger command when you start your
|
|
||||||
Mongrel or WEBrick server with --debugger. This means that you can break out of
|
|
||||||
execution at any point in the code, investigate and change the model, and then,
|
|
||||||
resume execution! You need to install ruby-debug to run the server in debugging
|
|
||||||
mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
|
|
||||||
|
|
||||||
class WeblogController < ActionController::Base
|
|
||||||
def index
|
|
||||||
@posts = Post.all
|
|
||||||
debugger
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
So the controller will accept the action, run the first line, then present you
|
|
||||||
with a IRB prompt in the server window. Here you can do things like:
|
|
||||||
|
|
||||||
>> @posts.inspect
|
|
||||||
=> "[#<Post:0x14a6be8
|
|
||||||
@attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
|
|
||||||
#<Post:0x14a6620
|
|
||||||
@attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
|
|
||||||
>> @posts.first.title = "hello from a debugger"
|
|
||||||
=> "hello from a debugger"
|
|
||||||
|
|
||||||
...and even better, you can examine how your runtime objects actually work:
|
|
||||||
|
|
||||||
>> f = @posts.first
|
|
||||||
=> #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
|
|
||||||
>> f.
|
|
||||||
Display all 152 possibilities? (y or n)
|
|
||||||
|
|
||||||
Finally, when you're ready to resume execution, you can enter "cont".
|
|
||||||
|
|
||||||
|
|
||||||
== Console
|
|
||||||
|
|
||||||
The console is a Ruby shell, which allows you to interact with your
|
|
||||||
application's domain model. Here you'll have all parts of the application
|
|
||||||
configured, just like it is when the application is running. You can inspect
|
|
||||||
domain models, change values, and save to the database. Starting the script
|
|
||||||
without arguments will launch it in the development environment.
|
|
||||||
|
|
||||||
To start the console, run <tt>rails console</tt> from the application
|
|
||||||
directory.
|
|
||||||
|
|
||||||
Options:
|
|
||||||
|
|
||||||
* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
|
|
||||||
made to the database.
|
|
||||||
* Passing an environment name as an argument will load the corresponding
|
|
||||||
environment. Example: <tt>rails console production</tt>.
|
|
||||||
|
|
||||||
To reload your controllers and models after launching the console run
|
|
||||||
<tt>reload!</tt>
|
|
||||||
|
|
||||||
More information about irb can be found at:
|
|
||||||
link:http://www.rubycentral.org/pickaxe/irb.html
|
|
||||||
|
|
||||||
|
|
||||||
== dbconsole
|
|
||||||
|
|
||||||
You can go to the command line of your database directly through <tt>rails
|
|
||||||
dbconsole</tt>. You would be connected to the database with the credentials
|
|
||||||
defined in database.yml. Starting the script without arguments will connect you
|
|
||||||
to the development database. Passing an argument will connect you to a different
|
|
||||||
database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
|
|
||||||
PostgreSQL and SQLite 3.
|
|
||||||
|
|
||||||
== Description of Contents
|
|
||||||
|
|
||||||
The default directory structure of a generated Ruby on Rails application:
|
|
||||||
|
|
||||||
|-- app
|
|
||||||
| |-- assets
|
|
||||||
| |-- images
|
|
||||||
| |-- javascripts
|
|
||||||
| `-- stylesheets
|
|
||||||
| |-- controllers
|
|
||||||
| |-- helpers
|
|
||||||
| |-- mailers
|
|
||||||
| |-- models
|
|
||||||
| `-- views
|
|
||||||
| `-- layouts
|
|
||||||
|-- config
|
|
||||||
| |-- environments
|
|
||||||
| |-- initializers
|
|
||||||
| `-- locales
|
|
||||||
|-- db
|
|
||||||
|-- doc
|
|
||||||
|-- lib
|
|
||||||
| `-- tasks
|
|
||||||
|-- log
|
|
||||||
|-- public
|
|
||||||
|-- script
|
|
||||||
|-- test
|
|
||||||
| |-- fixtures
|
|
||||||
| |-- functional
|
|
||||||
| |-- integration
|
|
||||||
| |-- performance
|
|
||||||
| `-- unit
|
|
||||||
|-- tmp
|
|
||||||
| |-- cache
|
|
||||||
| |-- pids
|
|
||||||
| |-- sessions
|
|
||||||
| `-- sockets
|
|
||||||
`-- vendor
|
|
||||||
|-- assets
|
|
||||||
`-- stylesheets
|
|
||||||
`-- plugins
|
|
||||||
|
|
||||||
app
|
|
||||||
Holds all the code that's specific to this particular application.
|
|
||||||
|
|
||||||
app/assets
|
|
||||||
Contains subdirectories for images, stylesheets, and JavaScript files.
|
|
||||||
|
|
||||||
app/controllers
|
|
||||||
Holds controllers that should be named like weblogs_controller.rb for
|
|
||||||
automated URL mapping. All controllers should descend from
|
|
||||||
ApplicationController which itself descends from ActionController::Base.
|
|
||||||
|
|
||||||
app/models
|
|
||||||
Holds models that should be named like post.rb. Models descend from
|
|
||||||
ActiveRecord::Base by default.
|
|
||||||
|
|
||||||
app/views
|
|
||||||
Holds the template files for the view that should be named like
|
|
||||||
weblogs/index.html.erb for the WeblogsController#index action. All views use
|
|
||||||
eRuby syntax by default.
|
|
||||||
|
|
||||||
app/views/layouts
|
|
||||||
Holds the template files for layouts to be used with views. This models the
|
|
||||||
common header/footer method of wrapping views. In your views, define a layout
|
|
||||||
using the <tt>layout :default</tt> and create a file named default.html.erb.
|
|
||||||
Inside default.html.erb, call <% yield %> to render the view using this
|
|
||||||
layout.
|
|
||||||
|
|
||||||
app/helpers
|
|
||||||
Holds view helpers that should be named like weblogs_helper.rb. These are
|
|
||||||
generated for you automatically when using generators for controllers.
|
|
||||||
Helpers can be used to wrap functionality for your views into methods.
|
|
||||||
|
|
||||||
config
|
|
||||||
Configuration files for the Rails environment, the routing map, the database,
|
|
||||||
and other dependencies.
|
|
||||||
|
|
||||||
db
|
|
||||||
Contains the database schema in schema.rb. db/migrate contains all the
|
|
||||||
sequence of Migrations for your schema.
|
|
||||||
|
|
||||||
doc
|
|
||||||
This directory is where your application documentation will be stored when
|
|
||||||
generated using <tt>rake doc:app</tt>
|
|
||||||
|
|
||||||
lib
|
|
||||||
Application specific libraries. Basically, any kind of custom code that
|
|
||||||
doesn't belong under controllers, models, or helpers. This directory is in
|
|
||||||
the load path.
|
|
||||||
|
|
||||||
public
|
|
||||||
The directory available for the web server. Also contains the dispatchers and the
|
|
||||||
default HTML files. This should be set as the DOCUMENT_ROOT of your web
|
|
||||||
server.
|
|
||||||
|
|
||||||
script
|
|
||||||
Helper scripts for automation and generation.
|
|
||||||
|
|
||||||
test
|
|
||||||
Unit and functional tests along with fixtures. When using the rails generate
|
|
||||||
command, template test files will be generated for you and placed in this
|
|
||||||
directory.
|
|
||||||
|
|
||||||
vendor
|
|
||||||
External libraries that the application depends on. Also includes the plugins
|
|
||||||
subdirectory. If the app has frozen rails, those gems also go here, under
|
|
||||||
vendor/rails/. This directory is in the load path.
|
|
|
@ -2,10 +2,11 @@ class User < ActiveRecord::Base
|
||||||
# Include default devise modules. Others available are:
|
# Include default devise modules. Others available are:
|
||||||
# :token_authenticatable, :confirmable,
|
# :token_authenticatable, :confirmable,
|
||||||
# :lockable, :timeoutable and :omniauthable
|
# :lockable, :timeoutable and :omniauthable
|
||||||
devise :database_authenticatable, :registerable,
|
devise :database_authenticatable, :rememberable, :trackable, :validatable,
|
||||||
:recoverable, :rememberable, :trackable, :validatable
|
:pam_authenticatable
|
||||||
|
|
||||||
# Setup accessible (or protected) attributes for your model
|
# Setup accessible (or protected) attributes for your model
|
||||||
attr_accessible :email, :password, :password_confirmation, :remember_me
|
attr_accessible :email, :password, :password_confirmation, :remember_me
|
||||||
|
attr_accessible :username
|
||||||
# attr_accessible :title, :body
|
# attr_accessible :title, :body
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
<h2>Sign in</h2>
|
<h2>Sign in</h2>
|
||||||
|
|
||||||
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
|
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
|
||||||
<div><%= f.label :email %><br />
|
<div><%= f.label :username %><br />
|
||||||
<%= f.email_field :email, :autofocus => true %></div>
|
<%= f.text_field :username, :autofocus => true %></div>
|
||||||
|
|
||||||
<div><%= f.label :password %><br />
|
<div><%= f.label :password %><br />
|
||||||
<%= f.password_field :password %></div>
|
<%= f.password_field :password %></div>
|
||||||
|
|
|
@ -54,9 +54,6 @@
|
||||||
<% else %>
|
<% else %>
|
||||||
<li><%= link_to "Sign in", new_user_session_path,
|
<li><%= link_to "Sign in", new_user_session_path,
|
||||||
:method => :get %></li>
|
:method => :get %></li>
|
||||||
<li><%= link_to "Register", new_user_registration_path,
|
|
||||||
:method => :get %></li>
|
|
||||||
|
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
</div><!--/.nav-collapse -->
|
</div><!--/.nav-collapse -->
|
||||||
|
|
|
@ -23,7 +23,7 @@ Devise.setup do |config|
|
||||||
# session. If you need permissions, you should implement that in a before filter.
|
# session. If you need permissions, you should implement that in a before filter.
|
||||||
# You can also supply a hash where the value is a boolean determining whether
|
# You can also supply a hash where the value is a boolean determining whether
|
||||||
# or not authentication should be aborted when the value is not present.
|
# or not authentication should be aborted when the value is not present.
|
||||||
# config.authentication_keys = [ :email ]
|
config.authentication_keys = [ :username ]
|
||||||
|
|
||||||
# Configure parameters from the request object used for authentication. Each entry
|
# Configure parameters from the request object used for authentication. Each entry
|
||||||
# given should be a request method and it will automatically be passed to the
|
# given should be a request method and it will automatically be passed to the
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
class AddUsernameToUsers < ActiveRecord::Migration
|
||||||
|
def change
|
||||||
|
add_column :users, :username, :string
|
||||||
|
end
|
||||||
|
end
|
|
@ -11,7 +11,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended to check this file into your version control system.
|
# It's strongly recommended to check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(:version => 20130412012722) do
|
ActiveRecord::Schema.define(:version => 20130413054153) do
|
||||||
|
|
||||||
create_table "alerts", :force => true do |t|
|
create_table "alerts", :force => true do |t|
|
||||||
t.integer "user_id"
|
t.integer "user_id"
|
||||||
|
@ -55,6 +55,7 @@ ActiveRecord::Schema.define(:version => 20130412012722) do
|
||||||
t.string "last_sign_in_ip"
|
t.string "last_sign_in_ip"
|
||||||
t.datetime "created_at", :null => false
|
t.datetime "created_at", :null => false
|
||||||
t.datetime "updated_at", :null => false
|
t.datetime "updated_at", :null => false
|
||||||
|
t.string "username"
|
||||||
end
|
end
|
||||||
|
|
||||||
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
|
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
module CustomAuth
|
||||||
|
module Devise
|
||||||
|
module Strategies
|
||||||
|
class Kerb < ::Devise::Strategies::Base
|
||||||
|
def valid?
|
||||||
|
params[:user] && (params[:user][:username] || params[:user][:password])
|
||||||
|
end
|
||||||
|
|
||||||
|
def authenticate!
|
||||||
|
if check_kerb_auth(params[:username], params[:password])
|
||||||
|
u = User.find(:first,
|
||||||
|
:conditions => { :username => params[:username] }) ||
|
||||||
|
User.create({ :username => login }
|
||||||
|
)
|
||||||
|
else
|
||||||
|
fail!("Could not log in")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_kerb_auth(username, password)
|
||||||
|
require 'krb5_auth'
|
||||||
|
include Krb5Auth
|
||||||
|
|
||||||
|
return false if username.blank? or password.blank?
|
||||||
|
|
||||||
|
begin
|
||||||
|
kerberos = Krb5.new
|
||||||
|
return kerberos.get_init_creds_password(username, password)
|
||||||
|
rescue Krb5Auth::Krb5::Exception
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue