Merge 55dd5e61ae into 31411d22ae
This commit is contained in:
Paul Rowe-White
commit
3915f0d2d7
40
README.md
40
README.md
|
|
@ -17,9 +17,44 @@ Modify your /etc/krb5.conf file as necessary to authenticate against your Kerber
|
|||
* Update your gemfile
|
||||
|
||||
```gem 'devise-kerberos-authenticatable', :git => 'git://github.com/atomaka/devise-kerberos-authenticatable.git'```
|
||||
* Edit config/initializers/devise.rb to use a username instead of email for login.
|
||||
|
||||
```config.authentication_keys = [ :username ]```
|
||||
* Create a migration to add username field to user table
|
||||
|
||||
```
|
||||
class AddUsernameToUser < ActiveRecord::Migration
|
||||
def change
|
||||
add_column :users, :username, :string
|
||||
end
|
||||
end
|
||||
```
|
||||
|
||||
* Create a migration to remove the index on email from the user table
|
||||
|
||||
```
|
||||
class RemoveIndexOnEmailFromUsers < ActiveRecord::Migration
|
||||
def up
|
||||
remove_index :users, 'email'
|
||||
end
|
||||
|
||||
def down
|
||||
add_index :users, :email, :unique => true
|
||||
end
|
||||
end
|
||||
```
|
||||
* Migrate the databse
|
||||
|
||||
```
|
||||
rake db:migrate
|
||||
```
|
||||
|
||||
* Edit config/initializers/devise.rb to use a username instead of email for login and add a kerberos realm to use.
|
||||
|
||||
```
|
||||
config.authentication_keys = [ :username ]
|
||||
config.kerberos_realm = "EXAMPLE.REALM"
|
||||
```
|
||||
|
||||
|
||||
* Update your Devise model app/models/user.rb
|
||||
|
||||
```
|
||||
|
|
@ -27,7 +62,6 @@ devise :kerberos_authenticatable
|
|||
attr_accessible :username
|
||||
```
|
||||
|
||||
* Update your User table in your database to include the username field and remove the index from the email field.
|
||||
* Rebuild your Devise views automatically or by hand.
|
||||
|
||||
```
|
||||
|
|
|
|||
|
|
@ -2,17 +2,17 @@ require 'rake'
|
|||
|
||||
Gem::Specification.new do |s|
|
||||
s.name = 'devise-kerberos-authenticatable'
|
||||
s.version = '0.1.0'
|
||||
s.date = '2013-04-21'
|
||||
s.version = '0.1.3'
|
||||
s.date = '2015-06-23'
|
||||
s.summary = 'Devise authentication strategy for Kerberos'
|
||||
s.description = 'Devise extension providing the ability to authenticate
|
||||
against Kerberos as defined in your local krb5.conf file
|
||||
using timfel-krb5-auth.'
|
||||
s.authors = ['Andrew Tomaka']
|
||||
s.authors = ['Andrew Tomaka', 'Paul Rowe-White', 'Simon Stueckemann']
|
||||
s.email = 'atomaka@gmail.com'
|
||||
s.files = FileList['lib/**/*.rb'].to_a
|
||||
s.homepage = 'http://www.github.com/atomaka/devise-kerberos-authenticatable'
|
||||
s.homepage = 'https://gitlab.doc.ic.ac.uk/dcw/devise-kerberos-authenticatable'
|
||||
|
||||
s.add_dependency 'timfel-krb5-auth', '~> 0.8'
|
||||
s.add_dependency 'devise', '~> 3.1.1'
|
||||
s.add_dependency 'devise', '~> 3.5.1'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -4,12 +4,18 @@ $: << File.expand_path('..', __FILE__)
|
|||
|
||||
require 'devise_kerberos_authenticatable/model'
|
||||
require 'devise_kerberos_authenticatable/strategy'
|
||||
require 'devise_kerberos_authenticatable/routes'
|
||||
require 'devise_kerberos_authenticatable/kerberos_adapter'
|
||||
|
||||
module Devise
|
||||
#Kerberos realm to use
|
||||
mattr_accessor :kerberos_realm
|
||||
@@kerberos_realm = ""
|
||||
end
|
||||
|
||||
Devise.add_module(
|
||||
:kerberos_authenticatable,
|
||||
:strategy => true,
|
||||
:model => 'devise_kerberos_authenticatable/model',
|
||||
:route => true
|
||||
)
|
||||
:route => :session,
|
||||
:controller => :sessions
|
||||
)
|
||||
|
|
|
|||
|
|
@ -4,18 +4,26 @@ include Krb5Auth
|
|||
module Devise
|
||||
module KerberosAdapter
|
||||
def self.valid_credentials?(username, password)
|
||||
if Rails.env.test? && username == 'test' && password == 'test' then
|
||||
true
|
||||
if test_environment? && username == 'test' && password == 'test' then
|
||||
return true
|
||||
end
|
||||
|
||||
krb5 = Krb5.new
|
||||
begin
|
||||
krb5.get_init_creds_password(username, password)
|
||||
krb5.get_init_creds_password(username_with_realm(username), password)
|
||||
rescue Krb5Auth::Krb5::Exception
|
||||
return false
|
||||
end
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
def username_with_realm(username)
|
||||
"#{username}@#{::Devise.kerberos_realm}"
|
||||
end
|
||||
|
||||
def self.test_environment?
|
||||
Rails.env.test? || Rails.env.development?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -23,12 +23,11 @@ module Devise
|
|||
def authenticate_with_kerberos(attributes = {})
|
||||
return nil unless attributes[:username].present?
|
||||
|
||||
resource = scoped.where(:username => attributes['username']).first
|
||||
resource = all.where(:username => attributes['username']).first
|
||||
|
||||
if resource.blank?
|
||||
resource = new
|
||||
resource[:username] = attributes['username']
|
||||
resource[:password] = attributes['password']
|
||||
end
|
||||
|
||||
if resource.try(:valid_kerberos_authentication?, attributes[:password])
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
ActionController::Routing::Mapper.class_eval do
|
||||
protected
|
||||
alias_method :devise_kerberos_authenticatable, :devise_session
|
||||
end
|
||||
|
|
@ -17,7 +17,7 @@ module Devise
|
|||
|
||||
protected
|
||||
def valid_controller?
|
||||
params[:controller] == 'devise/sessions'
|
||||
params[:controller] && params[:controller].include?('sessions')
|
||||
end
|
||||
|
||||
def valid_params?
|
||||
|
|
|
|||
Loading…
Reference in New Issue