From a1ec781b8e982d37c31da6834b124663d377954d Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Sun, 21 Apr 2013 00:32:23 -0400
Subject: [PATCH] Initial gem code

---
 .gitignore                                    |  1 +
 LICENSE                                       | 21 +++++++++
 devise-kerberos-authenticatable.gemspec       | 18 ++++++++
 lib/devise-kerberos-authenticatable.rb        | 15 +++++++
 .../kerberos_adapter.rb                       | 21 +++++++++
 lib/devise_kerberos_authenticatable/model.rb  | 44 +++++++++++++++++++
 lib/devise_kerberos_authenticatable/routes.rb |  4 ++
 .../strategy.rb                               | 33 ++++++++++++++
 8 files changed, 157 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 LICENSE
 create mode 100644 devise-kerberos-authenticatable.gemspec
 create mode 100644 lib/devise-kerberos-authenticatable.rb
 create mode 100644 lib/devise_kerberos_authenticatable/kerberos_adapter.rb
 create mode 100644 lib/devise_kerberos_authenticatable/model.rb
 create mode 100644 lib/devise_kerberos_authenticatable/routes.rb
 create mode 100644 lib/devise_kerberos_authenticatable/strategy.rb

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c111b33
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.gem
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..7b75bf8
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Andrew Tomaka. 2013
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file
diff --git a/devise-kerberos-authenticatable.gemspec b/devise-kerberos-authenticatable.gemspec
new file mode 100644
index 0000000..b558687
--- /dev/null
+++ b/devise-kerberos-authenticatable.gemspec
@@ -0,0 +1,18 @@
+require 'rake'
+
+Gem::Specification.new do |s|
+  s.name            = 'devise-kerberos-authenticatable'
+  s.version         = '0.1.0'
+  s.date            = '2013-04-21'
+  s.summary         = 'Devise authentication strategy for Kerberos'
+  s.description     = 'Devise extension providing the ability to authenticate
+                      against Kerberos as defined in your local krb5.conf file
+                      using timfel-krb5-auth.'
+  s.authors         = ['Andrew Tomaka']
+  s.email           = 'atomaka@gmail.com'
+  s.files           = FileList['lib/**/*.rb'].to_a
+  s.homepage        = 'http://www.github.com/atomaka/devise-kerberos-authenticatable'
+
+  s.add_dependency  'timfel-krb5-auth', '~> 0.8'
+  s.add_dependency  'devise', '~> 2.2.3'
+end
diff --git a/lib/devise-kerberos-authenticatable.rb b/lib/devise-kerberos-authenticatable.rb
new file mode 100644
index 0000000..fd08747
--- /dev/null
+++ b/lib/devise-kerberos-authenticatable.rb
@@ -0,0 +1,15 @@
+require 'devise'
+
+$: << File.expand_path('..', __FILE__)
+
+require 'devise_kerberos_authenticatable/model'
+require 'devise_kerberos_authenticatable/strategy'
+require 'devise_kerberos_authenticatable/routes'
+require 'devise_kerberos_authenticatable/kerberos_adapter'
+
+Devise.add_module(
+  :kerberos_authenticatable,
+  :strategy                   => true,
+  :model                      => 'devise_kerberos_authenticatable/model',
+  :route                      => true
+)
\ No newline at end of file
diff --git a/lib/devise_kerberos_authenticatable/kerberos_adapter.rb b/lib/devise_kerberos_authenticatable/kerberos_adapter.rb
new file mode 100644
index 0000000..49aac17
--- /dev/null
+++ b/lib/devise_kerberos_authenticatable/kerberos_adapter.rb
@@ -0,0 +1,21 @@
+require 'krb5_auth'
+include Krb5Auth
+
+module Devise
+  module KerberosAdapter
+    def self.valid_credentials?(username, password)
+      if Rails.env.test? && username == 'test' && password == 'test' then
+        true
+      end
+
+      krb5 = Krb5.new
+      begin
+        krb5.get_init_creds_password(username, password)
+      rescue Krb5Auth::Krb5::Exception
+        false
+      end
+
+      true
+    end
+  end
+end
diff --git a/lib/devise_kerberos_authenticatable/model.rb b/lib/devise_kerberos_authenticatable/model.rb
new file mode 100644
index 0000000..91194d7
--- /dev/null
+++ b/lib/devise_kerberos_authenticatable/model.rb
@@ -0,0 +1,44 @@
+require 'devise_kerberos_authenticatable/strategy'
+
+module Devise
+  module Models
+    module KerberosAuthenticatable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+
+          attr_accessor :password
+        end
+      end
+
+      def clean_up_passwords
+        self.password = nil
+      end
+
+      def valid_kerberos_authentication?(password)
+        Devise::KerberosAdapter.valid_credentials?(self.username, password)
+      end
+
+      module ClassMethods
+        def authenticate_with_kerberos(attributes = {})
+          return nil unless attributes[:username].present?
+
+          resource = scoped.where(:username => attributes['username']).first
+
+          if resource.blank?
+            resource = new
+            resource[:username] = attributes['username']
+            resource[:password] = attributes['password']
+          end
+
+          if resource.try(:valid_kerberos_authentication?, attributes[:password])
+            resource.save if resource.new_record?
+            return resource
+          else
+            return nil
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/devise_kerberos_authenticatable/routes.rb b/lib/devise_kerberos_authenticatable/routes.rb
new file mode 100644
index 0000000..d7a72b4
--- /dev/null
+++ b/lib/devise_kerberos_authenticatable/routes.rb
@@ -0,0 +1,4 @@
+ActionController::Routing::Mapper.class_eval do
+  protected
+    alias_method :devise_kerberos_authenticatable, :devise_session
+end
diff --git a/lib/devise_kerberos_authenticatable/strategy.rb b/lib/devise_kerberos_authenticatable/strategy.rb
new file mode 100644
index 0000000..6da4eaa
--- /dev/null
+++ b/lib/devise_kerberos_authenticatable/strategy.rb
@@ -0,0 +1,33 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class KerberosAuthenticatable < Base
+      def valid?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_kerberos)
+      end
+
+      def authenticate!
+        if resource = mapping.to.authenticate_with_kerberos(params[scope])
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+        def valid_controller?
+          params[:controller] == 'devise/sessions'
+        end
+
+        def valid_params?
+          params[scope] && params[scope][:password].present?
+        end
+    end
+  end
+end
+
+Warden::Strategies.add(
+  :kerberos_authenticatable, 
+  Devise::Strategies::KerberosAuthenticatable
+)