LDAP BASE IMPLEMENRTATION

Valery Sizov · vsizov
1 parent b4cc04d7
Showing 12 changed files with 80 additions and 2 deletions Show diff stats
Gemfile
Gemfile.lock
app/assets/javascripts/users/omniauth_callbacks.js.coffee
app/assets/stylesheets/users/omniauth_callbacks.css.scss
app/controllers/users/omniauth_callbacks_controller.rb
app/helpers/users/omniauth_callbacks_helper.rb
app/models/user.rb
app/views/devise/sessions/new.html.erb
config/initializers/devise.rb
config/routes.rb
spec/controllers/users/omniauth_callbacks_controller_spec.rb
spec/helpers/users/omniauth_callbacks_helper_spec.rb
@@ -28,6 +28,7 @@ gem &quot;resque&quot;
 gem "httparty"
 gem "charlock_holmes"
 gem "foreman"
+gem "omniauth-ldap"
 group :assets do
   gem "sass-rails",   "~> 3.1.0"
@@ -115,6 +115,7 @@ GEM
       haml (~> 3.0)
       railties (~> 3.0)
     hashery (1.4.0)
+    hashie (1.2.0)
     hike (1.2.1)
     httparty (0.8.1)
       multi_json
@@ -141,12 +142,22 @@ GEM
     mime-types (1.17.2)
     multi_json (1.0.3)
     multi_xml (0.4.1)
+    net-ldap (0.2.2)
     nokogiri (1.5.0)
+    omniauth (1.0.2)
+      hashie (~> 1.2)
+      rack
+    omniauth-ldap (1.0.2)
+      net-ldap (~> 0.2.2)
+      omniauth (~> 1.0)
+      pyu-ruby-sasl (~> 0.0.3.1)
+      rubyntlm (~> 0.1.1)
     orm_adapter (0.0.5)
     polyglot (0.3.3)
     posix-spawn (0.3.6)
     pygments.rb (0.2.4)
       rubypython (~> 0.5.3)
+    pyu-ruby-sasl (0.0.3.3)
     rack (1.3.5)
     rack-cache (1.1)
       rack (>= 0.4)
@@ -210,6 +221,7 @@ GEM
       ruby-debug-base19 (>= 0.11.19)
     ruby_core_source (0.1.5)
       archive-tar-minitar (>= 0.5.2)
+    rubyntlm (0.1.1)
     rubypython (0.5.3)
       blankslate (>= 2.1.2.3)
       ffi (~> 1.0.7)
@@ -306,6 +318,7 @@ DEPENDENCIES
   kaminari
   launchy
   letter_opener
+  omniauth-ldap
   pygments.rb (= 0.2.4)
   rails (= 3.1.1)
   rails-footnotes (~> 3.7.5)
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
@@ -0,0 +1,3 @@
+// Place all the styles related to the Users::OmniauthCallbacks controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
@@ -0,0 +1,22 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+ 
+  def ldap
+    # We only find ourselves here if the authentication to LDAP was successful.
+    ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
+    username = ldap.sAMAccountName[0].to_s
+    email = ldap.proxyaddresses[0][5..-1].to_s
+ 
+    if @user = User.find_by_email(email)
+        sign_in_and_redirect root_path
+    else
+      password = User.generate_random_password
+        @user = User.create(:name => username,
+                            :email => email,
+                            :password => password,
+                            :password_confirmation => password
+                           )
+        sign_in_and_redirect @user
+    end
+  end
+
+end
@@ -0,0 +1,2 @@
+module Users::OmniauthCallbacksHelper
+end
@@ -2,7 +2,7 @@ class User &lt; ActiveRecord::Base
   # Include default devise modules. Others available are:
   # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :token_authenticatable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :trackable, :validatable, :omniauthable
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me,
@@ -62,6 +62,10 @@ class User &lt; ActiveRecord::Base
   def last_activity_project
     projects.first
   end
+
+  def self.generate_random_password
+    (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
+  end 
 end
 # == Schema Information
 #
@@ -9,4 +9,5 @@
   <br/>
   <%= f.submit "Sign in", :class => "grey-button" %>
   <div class="right"> <%= render :partial => "devise/shared/links" %></div>
+  <%= user_omniauth_authorize_path(:ldap)%>
 <% end %>
@@ -199,6 +199,15 @@ Devise.setup do |config|
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  #config.omniauth :ldap, 
+  #    :host => 'YOUR_LDAP_SERVER',
+  #    :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
+  #    :uid => 'sAMAccountName',
+  #    :port => 389,
+  #    :method => :plain,
+  #    :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
+  #    :password => 'THE_PASSWORD_OF_THE_BIND_USER'
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
   resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
   resources :keys
-  devise_for :users
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
   resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
     member do
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Users::OmniauthCallbacksController do
+
+end
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the Users::OmniauthCallbacksHelper. For example:
+#
+# describe Users::OmniauthCallbacksHelper do
+#   describe "string concat" do
+#     it "concats two strings with spaces" do
+#       helper.concat_strings("this","that").should == "this that"
+#     end
+#   end
+# end
+describe Users::OmniauthCallbacksHelper do
+  pending "add some examples to (or delete) #{__FILE__}"
+end
	@@ -28,6 +28,7 @@ gem "resque"		@@ -28,6 +28,7 @@ gem "resque"
28	gem "httparty"	28	gem "httparty"
29	gem "charlock_holmes"	29	gem "charlock_holmes"
30	gem "foreman"	30	gem "foreman"
		31	+gem "omniauth-ldap"
31		32
32	group :assets do	33	group :assets do
33	gem "sass-rails", "~> 3.1.0"	34	gem "sass-rails", "~> 3.1.0"
	@@ -115,6 +115,7 @@ GEM		@@ -115,6 +115,7 @@ GEM
115	haml (~> 3.0)	115	haml (~> 3.0)
116	railties (~> 3.0)	116	railties (~> 3.0)
117	hashery (1.4.0)	117	hashery (1.4.0)
		118	+ hashie (1.2.0)
118	hike (1.2.1)	119	hike (1.2.1)
119	httparty (0.8.1)	120	httparty (0.8.1)
120	multi_json	121	multi_json
	@@ -141,12 +142,22 @@ GEM		@@ -141,12 +142,22 @@ GEM
141	mime-types (1.17.2)	142	mime-types (1.17.2)
142	multi_json (1.0.3)	143	multi_json (1.0.3)
143	multi_xml (0.4.1)	144	multi_xml (0.4.1)
		145	+ net-ldap (0.2.2)
144	nokogiri (1.5.0)	146	nokogiri (1.5.0)
		147	+ omniauth (1.0.2)
		148	+ hashie (~> 1.2)
		149	+ rack
		150	+ omniauth-ldap (1.0.2)
		151	+ net-ldap (~> 0.2.2)
		152	+ omniauth (~> 1.0)
		153	+ pyu-ruby-sasl (~> 0.0.3.1)
		154	+ rubyntlm (~> 0.1.1)
145	orm_adapter (0.0.5)	155	orm_adapter (0.0.5)
146	polyglot (0.3.3)	156	polyglot (0.3.3)
147	posix-spawn (0.3.6)	157	posix-spawn (0.3.6)
148	pygments.rb (0.2.4)	158	pygments.rb (0.2.4)
149	rubypython (~> 0.5.3)	159	rubypython (~> 0.5.3)
		160	+ pyu-ruby-sasl (0.0.3.3)
150	rack (1.3.5)	161	rack (1.3.5)
151	rack-cache (1.1)	162	rack-cache (1.1)
152	rack (>= 0.4)	163	rack (>= 0.4)
	@@ -210,6 +221,7 @@ GEM		@@ -210,6 +221,7 @@ GEM
210	ruby-debug-base19 (>= 0.11.19)	221	ruby-debug-base19 (>= 0.11.19)
211	ruby_core_source (0.1.5)	222	ruby_core_source (0.1.5)
212	archive-tar-minitar (>= 0.5.2)	223	archive-tar-minitar (>= 0.5.2)
		224	+ rubyntlm (0.1.1)
213	rubypython (0.5.3)	225	rubypython (0.5.3)
214	blankslate (>= 2.1.2.3)	226	blankslate (>= 2.1.2.3)
215	ffi (~> 1.0.7)	227	ffi (~> 1.0.7)
	@@ -306,6 +318,7 @@ DEPENDENCIES		@@ -306,6 +318,7 @@ DEPENDENCIES
306	kaminari	318	kaminari
307	launchy	319	launchy
308	letter_opener	320	letter_opener
		321	+ omniauth-ldap
309	pygments.rb (= 0.2.4)	322	pygments.rb (= 0.2.4)
310	rails (= 3.1.1)	323	rails (= 3.1.1)
311	rails-footnotes (~> 3.7.5)	324	rails-footnotes (~> 3.7.5)
@@ -0,0 +1,3 @@		@@ -0,0 +1,3 @@
	1	+# Place all the behaviors and hooks related to the matching controller here.
	2	+# All this logic will automatically be available in application.js.
	3	+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
@@ -0,0 +1,3 @@		@@ -0,0 +1,3 @@
	1	+// Place all the styles related to the Users::OmniauthCallbacks controller here.
	2	+// They will automatically be included in application.css.
	3	+// You can use Sass (SCSS) here: http://sass-lang.com/
@@ -0,0 +1,22 @@		@@ -0,0 +1,22 @@
	1	+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
	2	+
	3	+ def ldap
	4	+ # We only find ourselves here if the authentication to LDAP was successful.
	5	+ ldap = request.env["omniauth.auth"]["extra"]["raw_info"]
	6	+ username = ldap.sAMAccountName[0].to_s
	7	+ email = ldap.proxyaddresses[0][5..-1].to_s
	8	+
	9	+ if @user = User.find_by_email(email)
	10	+ sign_in_and_redirect root_path
	11	+ else
	12	+ password = User.generate_random_password
	13	+ @user = User.create(:name => username,
	14	+ :email => email,
	15	+ :password => password,
	16	+ :password_confirmation => password
	17	+ )
	18	+ sign_in_and_redirect @user
	19	+ end
	20	+ end
	21	+
	22	+end
@@ -0,0 +1,2 @@		@@ -0,0 +1,2 @@
	1	+module Users::OmniauthCallbacksHelper
	2	+end
	@@ -9,4 +9,5 @@		@@ -9,4 +9,5 @@
9	<br/>	9	<br/>
10	<%= f.submit "Sign in", :class => "grey-button" %>	10	<%= f.submit "Sign in", :class => "grey-button" %>
11	<div class="right"> <%= render :partial => "devise/shared/links" %></div>	11	<div class="right"> <%= render :partial => "devise/shared/links" %></div>
		12	+ <%= user_omniauth_authorize_path(:ldap)%>
12	<% end %>	13	<% end %>
	@@ -199,6 +199,15 @@ Devise.setup do \|config\|		@@ -199,6 +199,15 @@ Devise.setup do \|config\|
199	# up on your models and hooks.	199	# up on your models and hooks.
200	# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'	200	# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
201		201
		202	+ #config.omniauth :ldap,
		203	+ # :host => 'YOUR_LDAP_SERVER',
		204	+ # :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
		205	+ # :uid => 'sAMAccountName',
		206	+ # :port => 389,
		207	+ # :method => :plain,
		208	+ # :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
		209	+ # :password => 'THE_PASSWORD_OF_THE_BIND_USER'
		210	+
202	# ==> Warden configuration	211	# ==> Warden configuration
203	# If you want to use other strategies, that are not supported by Devise, or	212	# If you want to use other strategies, that are not supported by Devise, or
204	# change the failure app, you can configure them inside the config.warden block.	213	# change the failure app, you can configure them inside the config.warden block.
	@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do		@@ -39,7 +39,7 @@ Gitlab::Application.routes.draw do
39	resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]	39	resources :projects, :constraints => { :id => /[^\/]+/ }, :only => [:new, :create, :index]
40	resources :keys	40	resources :keys
41		41
42	- devise_for :users	42	+ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
43		43
44	resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do	44	resources :projects, :constraints => { :id => /[^\/]+/ }, :except => [:new, :create, :index], :path => "/" do
45	member do	45	member do
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+require 'spec_helper'
	2	+
	3	+describe Users::OmniauthCallbacksController do
	4	+
	5	+end