Initial gem code
This commit is contained in:
parent
7cc7882650
commit
a1ec781b8e
8 changed files with 157 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*.gem
|
21
LICENSE
Normal file
21
LICENSE
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
The MIT License
|
||||||
|
|
||||||
|
Copyright (c) Andrew Tomaka. 2013
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
THE SOFTWARE.
|
18
devise-kerberos-authenticatable.gemspec
Normal file
18
devise-kerberos-authenticatable.gemspec
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
require 'rake'
|
||||||
|
|
||||||
|
Gem::Specification.new do |s|
|
||||||
|
s.name = 'devise-kerberos-authenticatable'
|
||||||
|
s.version = '0.1.0'
|
||||||
|
s.date = '2013-04-21'
|
||||||
|
s.summary = 'Devise authentication strategy for Kerberos'
|
||||||
|
s.description = 'Devise extension providing the ability to authenticate
|
||||||
|
against Kerberos as defined in your local krb5.conf file
|
||||||
|
using timfel-krb5-auth.'
|
||||||
|
s.authors = ['Andrew Tomaka']
|
||||||
|
s.email = 'atomaka@gmail.com'
|
||||||
|
s.files = FileList['lib/**/*.rb'].to_a
|
||||||
|
s.homepage = 'http://www.github.com/atomaka/devise-kerberos-authenticatable'
|
||||||
|
|
||||||
|
s.add_dependency 'timfel-krb5-auth', '~> 0.8'
|
||||||
|
s.add_dependency 'devise', '~> 2.2.3'
|
||||||
|
end
|
15
lib/devise-kerberos-authenticatable.rb
Normal file
15
lib/devise-kerberos-authenticatable.rb
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
require 'devise'
|
||||||
|
|
||||||
|
$: << File.expand_path('..', __FILE__)
|
||||||
|
|
||||||
|
require 'devise_kerberos_authenticatable/model'
|
||||||
|
require 'devise_kerberos_authenticatable/strategy'
|
||||||
|
require 'devise_kerberos_authenticatable/routes'
|
||||||
|
require 'devise_kerberos_authenticatable/kerberos_adapter'
|
||||||
|
|
||||||
|
Devise.add_module(
|
||||||
|
:kerberos_authenticatable,
|
||||||
|
:strategy => true,
|
||||||
|
:model => 'devise_kerberos_authenticatable/model',
|
||||||
|
:route => true
|
||||||
|
)
|
21
lib/devise_kerberos_authenticatable/kerberos_adapter.rb
Normal file
21
lib/devise_kerberos_authenticatable/kerberos_adapter.rb
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
require 'krb5_auth'
|
||||||
|
include Krb5Auth
|
||||||
|
|
||||||
|
module Devise
|
||||||
|
module KerberosAdapter
|
||||||
|
def self.valid_credentials?(username, password)
|
||||||
|
if Rails.env.test? && username == 'test' && password == 'test' then
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
krb5 = Krb5.new
|
||||||
|
begin
|
||||||
|
krb5.get_init_creds_password(username, password)
|
||||||
|
rescue Krb5Auth::Krb5::Exception
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
44
lib/devise_kerberos_authenticatable/model.rb
Normal file
44
lib/devise_kerberos_authenticatable/model.rb
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
require 'devise_kerberos_authenticatable/strategy'
|
||||||
|
|
||||||
|
module Devise
|
||||||
|
module Models
|
||||||
|
module KerberosAuthenticatable
|
||||||
|
def self.included(base)
|
||||||
|
base.class_eval do
|
||||||
|
extend ClassMethods
|
||||||
|
|
||||||
|
attr_accessor :password
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def clean_up_passwords
|
||||||
|
self.password = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def valid_kerberos_authentication?(password)
|
||||||
|
Devise::KerberosAdapter.valid_credentials?(self.username, password)
|
||||||
|
end
|
||||||
|
|
||||||
|
module ClassMethods
|
||||||
|
def authenticate_with_kerberos(attributes = {})
|
||||||
|
return nil unless attributes[:username].present?
|
||||||
|
|
||||||
|
resource = scoped.where(:username => attributes['username']).first
|
||||||
|
|
||||||
|
if resource.blank?
|
||||||
|
resource = new
|
||||||
|
resource[:username] = attributes['username']
|
||||||
|
resource[:password] = attributes['password']
|
||||||
|
end
|
||||||
|
|
||||||
|
if resource.try(:valid_kerberos_authentication?, attributes[:password])
|
||||||
|
resource.save if resource.new_record?
|
||||||
|
return resource
|
||||||
|
else
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
4
lib/devise_kerberos_authenticatable/routes.rb
Normal file
4
lib/devise_kerberos_authenticatable/routes.rb
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
ActionController::Routing::Mapper.class_eval do
|
||||||
|
protected
|
||||||
|
alias_method :devise_kerberos_authenticatable, :devise_session
|
||||||
|
end
|
33
lib/devise_kerberos_authenticatable/strategy.rb
Normal file
33
lib/devise_kerberos_authenticatable/strategy.rb
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
require 'devise/strategies/base'
|
||||||
|
|
||||||
|
module Devise
|
||||||
|
module Strategies
|
||||||
|
class KerberosAuthenticatable < Base
|
||||||
|
def valid?
|
||||||
|
valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_kerberos)
|
||||||
|
end
|
||||||
|
|
||||||
|
def authenticate!
|
||||||
|
if resource = mapping.to.authenticate_with_kerberos(params[scope])
|
||||||
|
success!(resource)
|
||||||
|
else
|
||||||
|
fail(:invalid)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
def valid_controller?
|
||||||
|
params[:controller] == 'devise/sessions'
|
||||||
|
end
|
||||||
|
|
||||||
|
def valid_params?
|
||||||
|
params[scope] && params[scope][:password].present?
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
Warden::Strategies.add(
|
||||||
|
:kerberos_authenticatable,
|
||||||
|
Devise::Strategies::KerberosAuthenticatable
|
||||||
|
)
|
Loading…
Reference in a new issue