From 9e6cf750b3d9d665b28bce4030d51244aa587bc2 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 17 Feb 2013 19:28:32 +0100 Subject: [PATCH] Added sso feature. --- app/controllers/application_controller.rb | 11 ++++++ app/controllers/sessions_controller.rb | 16 +++++++-- app/models/user.rb | 41 +++++++++++++++++++++++ config/routes/auth.rb | 3 ++ lib/import/otrs.rb | 11 +++++- lib/{auth => sso}/env.rb | 6 ++-- lib/sso/otrs.rb | 19 +++++++++++ 7 files changed, 101 insertions(+), 6 deletions(-) rename lib/{auth => sso}/env.rb (81%) create mode 100644 lib/sso/otrs.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6c899aff2..224808347 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -113,6 +113,17 @@ class ApplicationController < ActionController::Base } end + # check sso + if !session[:user_id] + + user = User.sso(params) + + # Log the authorizing user in. + if user + session[:user_id] = user.id + end + end + # return auth not ok (no session exists) if !session[:user_id] message = 'no valid session, user_id' diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 64ed4fcce..523edc148 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -111,7 +111,7 @@ class SessionsController < ApplicationController logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT") # redirect to app - redirect_to '/app' + redirect_to '/' end # Create a new user or add an auth to existing user, depending on @@ -128,7 +128,19 @@ class SessionsController < ApplicationController session[:user_id] = authorization.user.id # redirect to app - redirect_to '/app' + redirect_to '/' + end + + def create_sso + user = User.sso(params) + + # Log the authorizing user in. + if user + session[:user_id] = user.id + end + + # redirect to app + redirect_to '/#' end end \ No newline at end of file diff --git a/app/models/user.rb b/app/models/user.rb index c88b0b1a5..46c346bcb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -103,6 +103,47 @@ class User < ApplicationModel return user_auth end + def self.sso(params) + + # use auth backends + config = [ + { + :adapter => 'env', + }, + { + :adapter => 'otrs', + }, + ] +# Setting.where( :area => 'Security::Authentication' ).each {|setting| +# if setting.state[:value] +# config.push setting.state[:value] +# end +# } + + # try to login against configure auth backends + user_auth = nil + config.each {|config_item| + file = "sso/#{config_item[:adapter]}" + require file + user_auth = SSO.const_get("#{config_item[:adapter].to_s.upcase}").check( params, config_item ) + + # auth ok + if user_auth + + # remember last login date + user_auth.update_last_login + + # reset login failed + user_auth.login_failed = 0 + user_auth.save + + return user_auth + end + } + + return false + end + def self.create_from_hash!(hash) url = '' if hash['info']['urls'] then diff --git a/config/routes/auth.rb b/config/routes/auth.rb index 7b859cfea..02130506d 100644 --- a/config/routes/auth.rb +++ b/config/routes/auth.rb @@ -4,6 +4,9 @@ module ExtraRoutes # omniauth map.match '/auth/:provider/callback', :to => 'sessions#create_omniauth' + # sso + map.match '/auth/sso', :to => 'sessions#create_sso' + # sessions map.match '/signin', :to => 'sessions#create' map.match '/signshow', :to => 'sessions#show' diff --git a/lib/import/otrs.rb b/lib/import/otrs.rb index e941833cb..f64be5543 100644 --- a/lib/import/otrs.rb +++ b/lib/import/otrs.rb @@ -52,6 +52,15 @@ module Import::OTRS return result end + def self.session(session_id) + response = post( "public.pl", { :Action => 'Export', :Type => 'SessionCheck', :SessionID => session_id } ) + return if !response + return if response.code.to_s != '200' + + result = json(response) + return result + end + def self.start puts 'Start import...' @@ -257,7 +266,7 @@ module Import::OTRS :email => email, :password => '', :active => true, - :roles => roles, + :role_ids => [roles.id], :updated_by_id => 1, :created_by_id => 1, ) diff --git a/lib/auth/env.rb b/lib/sso/env.rb similarity index 81% rename from lib/auth/env.rb rename to lib/sso/env.rb index d30e01bb1..6904719e1 100644 --- a/lib/auth/env.rb +++ b/lib/sso/env.rb @@ -1,7 +1,7 @@ -module Auth +module SSO end -module Auth::ENV - def self.check( username, password, config, user ) +module SSO::ENV + def self.check( params, config_item ) # try to find user based on login if ENV['REMOTE_USER'] diff --git a/lib/sso/otrs.rb b/lib/sso/otrs.rb new file mode 100644 index 000000000..349ab47cf --- /dev/null +++ b/lib/sso/otrs.rb @@ -0,0 +1,19 @@ +module SSO +end +module SSO::OTRS + def self.check( params, config_item ) + + endpoint = Setting.get('import_otrs_endpoint') + return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs' + return false if !params['SessionID'] + + # connect to OTRS + result = Import::OTRS.session( params['SessionID'] ) + return false if !result + + user = User.where( :login => result['UserLogin'], :active => true ).first + return user if user + + return false + end +end \ No newline at end of file