Moved to modular auth backend layers. Still config options are needed. Related to #58.

This commit is contained in:
Martin Edenhofer 2013-01-24 00:55:33 +01:00
parent c07e22cd53
commit 83290f4953
6 changed files with 135 additions and 15 deletions

View file

@ -53,21 +53,43 @@ class User < ApplicationModel
# no user found # no user found
return nil if !user return nil if !user
# development systems # use auth backends
if !ENV['RAILS_ENV'] || ENV['RAILS_ENV'] == 'development' config = {
if password == 'test' :internal => {
return user :adapter => 'internal',
end },
end :test => {
:adapter => 'test',
# sha auth check },
if user.password =~ /^\{sha2\}/ :env => {
crypted = Digest::SHA2.hexdigest( password ) :adapter => 'env',
return user if user.password == "{sha2}#{crypted}" },
end :ldap => {
:adapter => 'ldap',
# plain auth check :host => 'somehost',
return user if user.password == password :port => '3333',
:base_dn => 'some base dn',
:bind_user => 'some bind user',
:bind_pw => 'some pw',
},
:otrs => {
:adapter => 'otrs',
:required_group => 'stats',
:group_role_map => {
'admin' => 'Admin',
'stats' => 'Report',
},
:always_role => {
'Agent' => true,
},
},
}
config.each {|key, c|
file = "auth/#{c[:adapter]}"
require file
user_auth = Auth.const_get("#{c[:adapter].to_s.upcase}").check( user, username, password, c )
return user_auth if user_auth
}
# auth failed # auth failed
return false return false

17
lib/auth/env.rb Normal file
View file

@ -0,0 +1,17 @@
module Auth::ENV
def self.check( user, username, password, config )
# try to find user based on login
if ENV['REMOTE_USER']
user = User.where( :login => ENV['REMOTE_USER'], :active => true ).first
return user if user
end
if ENV['HTTP_REMOTE_USER']
user = User.where( :login => ENV['HTTP_REMOTE_USER'], :active => true ).first
return user if user
end
return false
end
end

15
lib/auth/internal.rb Normal file
View file

@ -0,0 +1,15 @@
module Auth::INTERNAL
def self.check( user, username, password, config )
# sha auth check
if user.password =~ /^\{sha2\}/
crypted = Digest::SHA2.hexdigest( password )
return user if user.password == "{sha2}#{crypted}"
end
# plain auth check
return user if user.password == password
return false
end
end

13
lib/auth/ldap.rb Normal file
View file

@ -0,0 +1,13 @@
module Auth::LDAP
def self.check( user, username, password, config )
# ldap connect
# ldap bind
# sync roles / groups
# return user
return false
end
end

42
lib/auth/otrs.rb Normal file
View file

@ -0,0 +1,42 @@
class Auth::OTRS
def self.check( user, username, password, config )
# connect to OTRS
result = Import::OTRS.auth( username, password )
return false if !result
return false if !result['groups_rw']
# check if required OTRS group exists
return false if !result['groups_rw'].has_value?( config[:required_group] )
# sync roles / groups
if config[:group_role_map]
config[:group_role_map].each {|otrs_group, role|
if result['groups_rw'].has_value?( otrs_group )
role_ids = user.role_ids
role = Role.where( :name => role ).first
if role
role_ids.push role.id
user.role_ids = role_ids
user.save
end
end
}
end
if config[:always_role]
config[:always_role].each {|role, active|
next if !active
role_ids = user.role_ids
role = Role.where( :name => role ).first
if role
role_ids.push role.id
user.role_ids = role_ids
user.save
end
}
end
return user
end
end

11
lib/auth/test.rb Normal file
View file

@ -0,0 +1,11 @@
module Auth::TEST
def self.check( user, username, password, config )
# development systems
if !ENV['RAILS_ENV'] || ENV['RAILS_ENV'] == 'development'
return user if password == 'test'
end
return false
end
end