LDAP BASE IMPLEMENRTATION

Valery Sizov · vsizov
1 parent b4cc04d7
Showing 12 changed files with 80 additions and 2 deletions Show diff stats
Gemfile
Gemfile.lock
app/assets/javascripts/users/omniauth_callbacks.js.coffee
app/assets/stylesheets/users/omniauth_callbacks.css.scss
app/controllers/users/omniauth_callbacks_controller.rb
app/helpers/users/omniauth_callbacks_helper.rb
app/models/user.rb
app/views/devise/sessions/new.html.erb
config/initializers/devise.rb
config/routes.rb
spec/controllers/users/omniauth_callbacks_controller_spec.rb
spec/helpers/users/omniauth_callbacks_helper_spec.rb
@@ -28,6 +28,7 @@ gem &quot;resque&quot;
 gem "httparty"
 gem "charlock_holmes"
 gem "foreman"
+gem "omniauth-ldap"
  
 group :assets do
   gem "sass-rails",   "~> 3.1.0"
@@ -115,6 +115,7 @@ GEM
       haml (~> 3.0)
       railties (~> 3.0)
     hashery (1.4.0)
+    hashie (1.2.0)
     hike (1.2.1)
     httparty (0.8.1)
       multi_json
@@ -141,12 +142,22 @@ GEM
     mime-types (1.17.2)
     multi_json (1.0.3)
     multi_xml (0.4.1)
+    net-ldap (0.2.2)
     nokogiri (1.5.0)
+    omniauth (1.0.2)
+      hashie (~> 1.2)
+      rack
+    omniauth-ldap (1.0.2)
+      net-ldap (~> 0.2.2)
+      omniauth (~> 1.0)
+      pyu-ruby-sasl (~> 0.0.3.1)
+      rubyntlm (~> 0.1.1)
     orm_adapter (0.0.5)
     polyglot (0.3.3)
     posix-spawn (0.3.6)
     pygments.rb (0.2.4)
       rubypython (~> 0.5.3)
+    pyu-ruby-sasl (0.0.3.3)
     rack (1.3.5)
     rack-cache (1.1)
       rack (>= 0.4)
@@ -210,6 +221,7 @@ GEM
       ruby-debug-base19 (>= 0.11.19)
     ruby_core_source (0.1.5)
       archive-tar-minitar (>= 0.5.2)
+    rubyntlm (0.1.1)
     rubypython (0.5.3)
       blankslate (>= 2.1.2.3)
       ffi (~> 1.0.7)
@@ -306,6 +318,7 @@ DEPENDENCIES
   kaminari
   launchy
   letter_opener
+  omniauth-ldap
   pygments.rb (= 0.2.4)
   rails (= 3.1.1)
   rails-footnotes (~> 3.7.5)
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
@@ -0,0 +1,3 @@
+// Place all the styles related to the Users::OmniauthCallbacks controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
@@ -0,0 +1,22 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+ 
+  def ldap
+    # We only find ourselves here if the authentication to LDAP was successful.
+    ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
+    username = ldap.sAMAccountName[0].to_s
+    email = ldap.proxyaddresses[0][5..-1].to_s
+ 
+    if @user = User.find_by_email(email)
+        sign_in_and_redirect root_path
+    else
+      password = User.generate_random_password
+        @user = User.create(:name => username,
+                            :email => email,
+                            :password => password,
+                            :password_confirmation => password
+                           )
+        sign_in_and_redirect @user
+    end
+  end
+
+end
@@ -0,0 +1,2 @@
+module Users::OmniauthCallbacksHelper
+end
@@ -2,7 +2,7 @@ class User &lt; ActiveRecord::Base
   # Include default devise modules. Others available are:
   # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :token_authenticatable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :trackable, :validatable, :omniauthable
  
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me,
@@ -62,6 +62,10 @@ class User &lt; ActiveRecord::Base
   def last_activity_project
     projects.first
   end
+
+  def self.generate_random_password
+    (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
+  end 
 end
 # == Schema Information
 #
@@ -9,4 +9,5 @@
   <br/>
   <%= f.submit "Sign in", :class => "grey-button" %>
   <div class="right"> <%= render :partial => "devise/shared/links" %></div>
+  <%= user_omniauth_authorize_path(:ldap)%>
 <% end %>
@@ -199,6 +199,15 @@ Devise.setup do |config|
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
  
+  #config.omniauth :ldap, 
+  #    :host => 'YOUR_LDAP_SERVER',
+  #    :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
+  #    :uid => 'sAMAccountName',
+  #    :port => 389,
+  #    :method => :plain,
+  #    :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
+  #    :password => 'THE_PASSWORD_OF_THE_BIND_USER'
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
   resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
   resources :keys
  
-  devise_for :users
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
  
   resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
     member do
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Users::OmniauthCallbacksController do
+
+end
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the Users::OmniauthCallbacksHelper. For example:
+#
+# describe Users::OmniauthCallbacksHelper do
+#   describe "string concat" do
+#     it "concats two strings with spaces" do
+#       helper.concat_strings("this","that").should == "this that"
+#     end
+#   end
+# end
+describe Users::OmniauthCallbacksHelper do
+  pending "add some examples to (or delete) #{__FILE__}"
+end
...	...	@@ -28,6 +28,7 @@ gem "resque"
28	28	gem "httparty"
29	29	gem "charlock_holmes"
30	30	gem "foreman"
	31	+gem "omniauth-ldap"
31	32
32	33	group :assets do
33	34	gem "sass-rails", "~> 3.1.0"
...	...
...	...	@@ -115,6 +115,7 @@ GEM
115	115	haml (~> 3.0)
116	116	railties (~> 3.0)
117	117	hashery (1.4.0)
	118	+ hashie (1.2.0)
118	119	hike (1.2.1)
119	120	httparty (0.8.1)
120	121	multi_json
...	...	@@ -141,12 +142,22 @@ GEM
141	142	mime-types (1.17.2)
142	143	multi_json (1.0.3)
143	144	multi_xml (0.4.1)
	145	+ net-ldap (0.2.2)
144	146	nokogiri (1.5.0)
	147	+ omniauth (1.0.2)
	148	+ hashie (~> 1.2)
	149	+ rack
	150	+ omniauth-ldap (1.0.2)
	151	+ net-ldap (~> 0.2.2)
	152	+ omniauth (~> 1.0)
	153	+ pyu-ruby-sasl (~> 0.0.3.1)
	154	+ rubyntlm (~> 0.1.1)
145	155	orm_adapter (0.0.5)
146	156	polyglot (0.3.3)
147	157	posix-spawn (0.3.6)
148	158	pygments.rb (0.2.4)
149	159	rubypython (~> 0.5.3)
	160	+ pyu-ruby-sasl (0.0.3.3)
150	161	rack (1.3.5)
151	162	rack-cache (1.1)
152	163	rack (>= 0.4)
...	...	@@ -210,6 +221,7 @@ GEM
210	221	ruby-debug-base19 (>= 0.11.19)
211	222	ruby_core_source (0.1.5)
212	223	archive-tar-minitar (>= 0.5.2)
	224	+ rubyntlm (0.1.1)
213	225	rubypython (0.5.3)
214	226	blankslate (>= 2.1.2.3)
215	227	ffi (~> 1.0.7)
...	...	@@ -306,6 +318,7 @@ DEPENDENCIES
306	318	kaminari
307	319	launchy
308	320	letter_opener
	321	+ omniauth-ldap
309	322	pygments.rb (= 0.2.4)
310	323	rails (= 3.1.1)
311	324	rails-footnotes (~> 3.7.5)
...	...
...	...	@@ -0,0 +1,3 @@
	1	+# Place all the behaviors and hooks related to the matching controller here.
	2	+# All this logic will automatically be available in application.js.
	3	+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
...	...
...	...	@@ -0,0 +1,3 @@
	1	+// Place all the styles related to the Users::OmniauthCallbacks controller here.
	2	+// They will automatically be included in application.css.
	3	+// You can use Sass (SCSS) here: http://sass-lang.com/
...	...
...	...	@@ -0,0 +1,22 @@
	1	+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
	2	+
	3	+ def ldap
	4	+ # We only find ourselves here if the authentication to LDAP was successful.
	5	+ ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
	6	+ username = ldap.sAMAccountName[0].to_s
	7	+ email = ldap.proxyaddresses[0][5..-1].to_s
	8	+
	9	+ if @user = User.find_by_email(email)
	10	+ sign_in_and_redirect root_path
	11	+ else
	12	+ password = User.generate_random_password
	13	+ @user = User.create(:name => username,
	14	+ :email => email,
	15	+ :password => password,
	16	+ :password_confirmation => password
	17	+ )
	18	+ sign_in_and_redirect @user
	19	+ end
	20	+ end
	21	+
	22	+end
...	...
...	...	@@ -0,0 +1,2 @@
	1	+module Users::OmniauthCallbacksHelper
	2	+end
...	...
...	...	@@ -2,7 +2,7 @@ class User < ActiveRecord::Base
2	2	# Include default devise modules. Others available are:
3	3	# :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
4	4	devise :database_authenticatable, :token_authenticatable,
5		- :recoverable, :rememberable, :trackable, :validatable
	5	+ :recoverable, :rememberable, :trackable, :validatable, :omniauthable
6	6
7	7	# Setup accessible (or protected) attributes for your model
8	8	attr_accessible :email, :password, :password_confirmation, :remember_me,
...	...	@@ -62,6 +62,10 @@ class User < ActiveRecord::Base
62	62	def last_activity_project
63	63	projects.first
64	64	end
	65	+
	66	+ def self.generate_random_password
	67	+ (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
	68	+ end
65	69	end
66	70	# == Schema Information
67	71	#
...	...
...	...	@@ -9,4 +9,5 @@
9	9	<br/>
10	10	<%= f.submit "Sign in", :class => "grey-button" %>
11	11	<div class="right"> <%= render :partial => "devise/shared/links" %></div>
	12	+ <%= user_omniauth_authorize_path(:ldap)%>
12	13	<% end %>
...	...
...	...	@@ -199,6 +199,15 @@ Devise.setup do \|config\|
199	199	# up on your models and hooks.
200	200	# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
201	201
	202	+ #config.omniauth :ldap,
	203	+ # :host => 'YOUR_LDAP_SERVER',
	204	+ # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
	205	+ # :uid => 'sAMAccountName',
	206	+ # :port => 389,
	207	+ # :method => :plain,
	208	+ # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
	209	+ # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
	210	+
202	211	# ==> Warden configuration
203	212	# If you want to use other strategies, that are not supported by Devise, or
204	213	# change the failure app, you can configure them inside the config.warden block.
...	...
...	...	@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
39	39	resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
40	40	resources :keys
41	41
42		- devise_for :users
	42	+ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
43	43
44	44	resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
45	45	member do
...	...