Initial gem code

a1ec781b · Andrew Tomaka · 7cc78826 · a1ec781b · a1ec781b · a1ec781b
Commit a1ec781b authored Apr 21, 2013 by Andrew Tomaka
--- a/.gitignore
+++ b/.gitignore
+*.gem
--- a/LICENSE
+++ b/LICENSE
+The MIT License
+
+Copyright (c) Andrew Tomaka. 2013
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file
--- a/devise-kerberos-authenticatable.gemspec
+++ b/devise-kerberos-authenticatable.gemspec
+require 'rake'
+
+Gem::Specification.new do |s|
+  s.name            = 'devise-kerberos-authenticatable'
+  s.version         = '0.1.0'
+  s.date            = '2013-04-21'
+  s.summary         = 'Devise authentication strategy for Kerberos'
+  s.description     = 'Devise extension providing the ability to authenticate
+                      against Kerberos as defined in your local krb5.conf file
+                      using timfel-krb5-auth.'
+  s.authors         = ['Andrew Tomaka']
+  s.email           = 'atomaka@gmail.com'
+  s.files           = FileList['lib/**/*.rb'].to_a
+  s.homepage        = 'http://www.github.com/atomaka/devise-kerberos-authenticatable'
+
+  s.add_dependency  'timfel-krb5-auth', '~> 0.8'
+  s.add_dependency  'devise', '~> 2.2.3'
+end
--- a/lib/devise-kerberos-authenticatable.rb
+++ b/lib/devise-kerberos-authenticatable.rb
+require 'devise'
+
+$: << File.expand_path('..', __FILE__)
+
+require 'devise_kerberos_authenticatable/model'
+require 'devise_kerberos_authenticatable/strategy'
+require 'devise_kerberos_authenticatable/routes'
+require 'devise_kerberos_authenticatable/kerberos_adapter'
+
+Devise.add_module(
+  :kerberos_authenticatable,
+  :strategy                   => true,
+  :model                      => 'devise_kerberos_authenticatable/model',
+  :route                      => true
+)
\ No newline at end of file
--- a/lib/devise_kerberos_authenticatable/kerberos_adapter.rb
+++ b/lib/devise_kerberos_authenticatable/kerberos_adapter.rb
+require 'krb5_auth'
+include Krb5Auth
+
+module Devise
+  module KerberosAdapter
+    def self.valid_credentials?(username, password)
+      if Rails.env.test? && username == 'test' && password == 'test' then
+        true
+      end
+
+      krb5 = Krb5.new
+      begin
+        krb5.get_init_creds_password(username, password)
+      rescue Krb5Auth::Krb5::Exception
+        false
+      end
+
+      true
+    end
+  end
+end
--- a/lib/devise_kerberos_authenticatable/model.rb
+++ b/lib/devise_kerberos_authenticatable/model.rb
+require 'devise_kerberos_authenticatable/strategy'
+
+module Devise
+  module Models
+    module KerberosAuthenticatable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+
+          attr_accessor :password
+        end
+      end
+
+      def clean_up_passwords
+        self.password = nil
+      end
+
+      def valid_kerberos_authentication?(password)
+        Devise::KerberosAdapter.valid_credentials?(self.username, password)
+      end
+
+      module ClassMethods
+        def authenticate_with_kerberos(attributes = {})
+          return nil unless attributes[:username].present?
+
+          resource = scoped.where(:username => attributes['username']).first
+
+          if resource.blank?
+            resource = new
+            resource[:username] = attributes['username']
+            resource[:password] = attributes['password']
+          end
+
+          if resource.try(:valid_kerberos_authentication?, attributes[:password])
+            resource.save if resource.new_record?
+            return resource
+          else
+            return nil
+          end
+        end
+      end
+    end
+  end
+end
--- a/lib/devise_kerberos_authenticatable/routes.rb
+++ b/lib/devise_kerberos_authenticatable/routes.rb
+ActionController::Routing::Mapper.class_eval do
+  protected
+    alias_method :devise_kerberos_authenticatable, :devise_session
+end
--- a/lib/devise_kerberos_authenticatable/strategy.rb
+++ b/lib/devise_kerberos_authenticatable/strategy.rb
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class KerberosAuthenticatable < Base
+      def valid?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_kerberos)
+      end
+
+      def authenticate!
+        if resource = mapping.to.authenticate_with_kerberos(params[scope])
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+        def valid_controller?
+          params[:controller] == 'devise/sessions'
+        end
+
+        def valid_params?
+          params[scope] && params[scope][:password].present?
+        end
+    end
+  end
+end
+
+Warden::Strategies.add(
+  :kerberos_authenticatable, 
+  Devise::Strategies::KerberosAuthenticatable
+)