On Fri, 2016-01-29 at 03:38 -0900, Dan Morphis wrote:
> I would love to see AD auth as an option, with genie roles mapped to
> AD roles. This is something that has been on my todo list for almost
> a year. It's important that AD auth be but one option with fallback
> to the existing auth mechanism to avoid breaking existing installs.
>
> -dan
>
> > On Jan 29, 2016, at 12:00 AM, Oliver Kraitschy <[email protected]>
> > wrote:
> >
> > Hello Zaid,
> >
> > i want to enhance genieacs-gui with some features, the first one
> > will be
> > a frontend for management of users and roles. So i just wanted to
> > ask you
> > about your plans and preferences.
> >
> > One option will be authentication over Active Directory. Is there a
> > ruby
> > gem/interface you would prefer for that usecase?
> >
> > The other option will be genieacs-gui-specific authentication but
> > with
> > users and roles data stored in a database. Which database would you
> > prefer
> > for that? mongodb, redis, a relational database or something else?
> >
> > By the way, which features are next on your roadmap?
> >
> > Greetings,
> > Oliver
See attached patch for implementation of LDAP for authentication. This
just handles the authentication part so you'll still need to define the
roles in the roles file. You can define a "default" role which will
apply to all logged in users. You or anybody else are welcome to
enhance this by implementing Dan's suggestions and make a PR.
When it comes to choice of database, you don't need to worry about that
as Rails abstracts out the DB layer for you. But config files are
probably good enough for something like this anyway.
Regarding upcoming features, I will be sharing details about that in
the Announce mailing list in the coming weeks.
Zaid
From 72396fa426b69bfb8ba5344790b7ee271604c77a Mon Sep 17 00:00:00 2001
From: Zaid Abdulla <[email protected]>
Date: Fri, 8 May 2015 23:42:03 +0300
Subject: [PATCH] Use LDAP for authenticaiton
---
Gemfile | 2 ++
Gemfile.lock | 13 +++++++++++++
app/controllers/application_controller.rb | 3 ++-
app/controllers/sessions_controller.rb | 23 +++++++++++++++++------
app/views/sessions/new.html.erb | 2 +-
config/initializers/omniauth.rb | 14 ++++++++++++++
config/routes.rb | 3 +++
7 files changed, 52 insertions(+), 8 deletions(-)
create mode 100644 config/initializers/omniauth.rb
diff --git a/Gemfile b/Gemfile
index bc1166d..c57fd0d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -43,3 +43,5 @@ end
# Use debugger
# gem 'debugger', group: [:development, :test]
+
+gem 'omniauth-ldap'
diff --git a/Gemfile.lock b/Gemfile.lock
index 74ed833..e344370 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -38,6 +38,7 @@ GEM
coffee-script-source (1.7.1)
erubis (2.7.0)
execjs (2.2.1)
+ hashie (3.3.1)
hike (1.2.3)
i18n (0.6.11)
jbuilder (2.1.3)
@@ -54,7 +55,17 @@ GEM
mime-types (1.25.1)
minitest (5.4.0)
multi_json (1.10.1)
+ net-ldap (0.3.1)
+ omniauth (1.2.2)
+ hashie (>= 1.2, < 4)
+ rack (~> 1.0)
+ omniauth-ldap (1.0.4)
+ net-ldap (~> 0.3.1)
+ omniauth (~> 1.0)
+ pyu-ruby-sasl (~> 0.0.3.1)
+ rubyntlm (~> 0.1.1)
polyglot (0.3.5)
+ pyu-ruby-sasl (0.0.3.3)
rack (1.5.2)
rack-test (0.6.2)
rack (>= 1.0)
@@ -77,6 +88,7 @@ GEM
rdoc (4.1.1)
json (~> 1.4)
ref (1.0.5)
+ rubyntlm (0.1.1)
sass (3.2.19)
sass-rails (4.0.3)
railties (>= 4.0.0, < 5.0)
@@ -120,6 +132,7 @@ DEPENDENCIES
coffee-rails (~> 4.0.1)
jbuilder (~> 2.1.3)
jquery-rails
+ omniauth-ldap
rails (~> 4.1.4)
sass-rails (~> 4.0.3)
sdoc
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 4d5312b..fd48fa5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -69,7 +69,8 @@ class ApplicationController < ActionController::Base
def get_permissions
roles = ['anonymous']
if current_user
- roles.concat(Rails.configuration.users[current_user]['roles'])
+ roles.concat(['default'])
+ roles.concat(Rails.configuration.users[current_user]['roles']) if Rails.configuration.users[current_user]
end
@permissions ||= Rails.cache.fetch("#{roles}_permisions", :expires_in => 60.seconds) do
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b57ddcb..baec0ef 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,18 +4,29 @@ class SessionsController < ApplicationController
end
def create
- if (Rails.configuration.users[params[:username]]['password'] == params[:password] rescue false)
- session[:username] = params[:username]
- redirect_to params[:url]
+ provider = request.env['omniauth.auth'].provider
+ if provider == 'ldap'
+ username = request.env['omniauth.auth'].extra.raw_info[:samaccountname][0]
+ elsif provider == 'developer'
+ username = request.env['omniauth.auth'].info.name
+ end
+
+ session[:username] = username
+
+ if params[:redirect]
+ redirect_to params[:redirect]
else
- flash.now.alert = 'Invalid username or password'
- render 'new'
+ redirect_to root_path
end
end
def destroy
- session[:username] = nil
+ reset_session
redirect_to root_path
end
+ def failure
+ redirect_to "#{root_path}log_in", alert: params[:message].humanize
+ end
+
end
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 73635c4..c9cd7f9 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -3,7 +3,7 @@ content_for :title do 'Login' end
%>
<h1>Log in</h1>
<p>
-<%= form_tag log_in_path do %>
+<%= form_tag "#{root_path}auth/ldap/callback" do %>
<%= hidden_field_tag :url, params[:url] || request.original_url %>
<%= label_tag :username, 'Username' %>
<%= text_field_tag :username, nil, :autofocus => true %>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
new file mode 100644
index 0000000..2544a4c
--- /dev/null
+++ b/config/initializers/omniauth.rb
@@ -0,0 +1,14 @@
+Rails.application.config.middleware.use OmniAuth::Strategies::LDAP,
+ :title => 'LDAP Authentication',
+ :host => '10.101.10.1',
+ :port => 389,
+ :method => :plain,
+ :base => 'dc=intridea, dc=com',
+ :uid => 'sAMAccountName',
+ :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')},
+ :bind_dn => 'default_bind_dn',
+ :password => 'password'
+
+OmniAuth.config.on_failure = Proc.new { |env|
+ OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}
diff --git a/config/routes.rb b/config/routes.rb
index 00540d4..8ef2484 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,6 +8,9 @@ module URI
end
GenieacsGui::Application.routes.draw do
+ get '/auth/failure' => "sessions#failure"
+ post '/auth/:provider/callback' => 'sessions#create'
+
get 'log_out' => 'sessions#destroy', :as => 'log_out'
get 'log_in' => 'sessions#new', :as => 'log_in'
post 'log_in' => 'sessions#create'
--
libgit2 0.23.3
_______________________________________________
Users mailing list
[email protected]
http://lists.genieacs.com/mailman/listinfo/users
