From a1ec781b8e982d37c31da6834b124663d377954d Mon Sep 17 00:00:00 2001 From: Andrew Tomaka Date: Sun, 21 Apr 2013 00:32:23 -0400 Subject: [PATCH] Initial gem code --- .gitignore | 1 + LICENSE | 21 +++++++++ devise-kerberos-authenticatable.gemspec | 18 ++++++++ lib/devise-kerberos-authenticatable.rb | 15 +++++++ .../kerberos_adapter.rb | 21 +++++++++ lib/devise_kerberos_authenticatable/model.rb | 44 +++++++++++++++++++ lib/devise_kerberos_authenticatable/routes.rb | 4 ++ .../strategy.rb | 33 ++++++++++++++ 8 files changed, 157 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 devise-kerberos-authenticatable.gemspec create mode 100644 lib/devise-kerberos-authenticatable.rb create mode 100644 lib/devise_kerberos_authenticatable/kerberos_adapter.rb create mode 100644 lib/devise_kerberos_authenticatable/model.rb create mode 100644 lib/devise_kerberos_authenticatable/routes.rb create mode 100644 lib/devise_kerberos_authenticatable/strategy.rb diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c111b33 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.gem diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7b75bf8 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License + +Copyright (c) Andrew Tomaka. 2013 + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. \ No newline at end of file diff --git a/devise-kerberos-authenticatable.gemspec b/devise-kerberos-authenticatable.gemspec new file mode 100644 index 0000000..b558687 --- /dev/null +++ b/devise-kerberos-authenticatable.gemspec @@ -0,0 +1,18 @@ +require 'rake' + +Gem::Specification.new do |s| + s.name = 'devise-kerberos-authenticatable' + s.version = '0.1.0' + s.date = '2013-04-21' + s.summary = 'Devise authentication strategy for Kerberos' + s.description = 'Devise extension providing the ability to authenticate + against Kerberos as defined in your local krb5.conf file + using timfel-krb5-auth.' + s.authors = ['Andrew Tomaka'] + s.email = 'atomaka@gmail.com' + s.files = FileList['lib/**/*.rb'].to_a + s.homepage = 'http://www.github.com/atomaka/devise-kerberos-authenticatable' + + s.add_dependency 'timfel-krb5-auth', '~> 0.8' + s.add_dependency 'devise', '~> 2.2.3' +end diff --git a/lib/devise-kerberos-authenticatable.rb b/lib/devise-kerberos-authenticatable.rb new file mode 100644 index 0000000..fd08747 --- /dev/null +++ b/lib/devise-kerberos-authenticatable.rb @@ -0,0 +1,15 @@ +require 'devise' + +$: << File.expand_path('..', __FILE__) + +require 'devise_kerberos_authenticatable/model' +require 'devise_kerberos_authenticatable/strategy' +require 'devise_kerberos_authenticatable/routes' +require 'devise_kerberos_authenticatable/kerberos_adapter' + +Devise.add_module( + :kerberos_authenticatable, + :strategy => true, + :model => 'devise_kerberos_authenticatable/model', + :route => true +) \ No newline at end of file diff --git a/lib/devise_kerberos_authenticatable/kerberos_adapter.rb b/lib/devise_kerberos_authenticatable/kerberos_adapter.rb new file mode 100644 index 0000000..49aac17 --- /dev/null +++ b/lib/devise_kerberos_authenticatable/kerberos_adapter.rb @@ -0,0 +1,21 @@ +require 'krb5_auth' +include Krb5Auth + +module Devise + module KerberosAdapter + def self.valid_credentials?(username, password) + if Rails.env.test? && username == 'test' && password == 'test' then + true + end + + krb5 = Krb5.new + begin + krb5.get_init_creds_password(username, password) + rescue Krb5Auth::Krb5::Exception + false + end + + true + end + end +end diff --git a/lib/devise_kerberos_authenticatable/model.rb b/lib/devise_kerberos_authenticatable/model.rb new file mode 100644 index 0000000..91194d7 --- /dev/null +++ b/lib/devise_kerberos_authenticatable/model.rb @@ -0,0 +1,44 @@ +require 'devise_kerberos_authenticatable/strategy' + +module Devise + module Models + module KerberosAuthenticatable + def self.included(base) + base.class_eval do + extend ClassMethods + + attr_accessor :password + end + end + + def clean_up_passwords + self.password = nil + end + + def valid_kerberos_authentication?(password) + Devise::KerberosAdapter.valid_credentials?(self.username, password) + end + + module ClassMethods + def authenticate_with_kerberos(attributes = {}) + return nil unless attributes[:username].present? + + resource = scoped.where(:username => attributes['username']).first + + if resource.blank? + resource = new + resource[:username] = attributes['username'] + resource[:password] = attributes['password'] + end + + if resource.try(:valid_kerberos_authentication?, attributes[:password]) + resource.save if resource.new_record? + return resource + else + return nil + end + end + end + end + end +end diff --git a/lib/devise_kerberos_authenticatable/routes.rb b/lib/devise_kerberos_authenticatable/routes.rb new file mode 100644 index 0000000..d7a72b4 --- /dev/null +++ b/lib/devise_kerberos_authenticatable/routes.rb @@ -0,0 +1,4 @@ +ActionController::Routing::Mapper.class_eval do + protected + alias_method :devise_kerberos_authenticatable, :devise_session +end diff --git a/lib/devise_kerberos_authenticatable/strategy.rb b/lib/devise_kerberos_authenticatable/strategy.rb new file mode 100644 index 0000000..6da4eaa --- /dev/null +++ b/lib/devise_kerberos_authenticatable/strategy.rb @@ -0,0 +1,33 @@ +require 'devise/strategies/base' + +module Devise + module Strategies + class KerberosAuthenticatable < Base + def valid? + valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_kerberos) + end + + def authenticate! + if resource = mapping.to.authenticate_with_kerberos(params[scope]) + success!(resource) + else + fail(:invalid) + end + end + + protected + def valid_controller? + params[:controller] == 'devise/sessions' + end + + def valid_params? + params[scope] && params[scope][:password].present? + end + end + end +end + +Warden::Strategies.add( + :kerberos_authenticatable, + Devise::Strategies::KerberosAuthenticatable +)