Rewrite of Auth and SSO module layer.

This commit is contained in:
Martin Edenhofer 2013-08-17 23:48:01 +02:00
parent 622419ac75
commit cb7809cef9
10 changed files with 153 additions and 96 deletions

View file

@ -60,97 +60,27 @@ class User < ApplicationModel
return false return false
end end
# use auth backends user_auth = Auth.check( username, password, user )
config = [
{
:adapter => 'internal',
},
{
:adapter => 'test',
},
]
Setting.where( :area => 'Security::Authentication' ).each {|setting|
if setting.state[:value]
config.push setting.state[:value]
end
}
# try to login against configure auth backends
user_auth = nil
config.each {|config_item|
next if !config_item[:adapter]
next if config_item.class == TrueClass
file = "auth/#{config_item[:adapter]}"
require file
user_auth = Auth.const_get("#{config_item[:adapter].to_s.upcase}").check( username, password, config_item, user )
# auth ok
if user_auth
# remember last login date
user_auth.update_last_login
# reset login failed
user_auth.login_failed = 0
user_auth.save
return user_auth
end
}
# set login failed +1 # set login failed +1
if !user_auth && user if !user_auth && user
sleep 1
user.login_failed = user.login_failed + 1 user.login_failed = user.login_failed + 1
user.save user.save
end end
# auth failed # auth ok
sleep 1
return user_auth return user_auth
end end
def self.sso(params) def self.sso(params)
# use auth backends
config = [
{
:adapter => 'env',
},
{
:adapter => 'otrs',
},
]
# Setting.where( :area => 'Security::Authentication' ).each {|setting|
# if setting.state[:value]
# config.push setting.state[:value]
# end
# }
# try to login against configure auth backends # try to login against configure auth backends
user_auth = nil user_auth = Sso.check( params, user )
config.each {|config_item| return if !user_auth
next if !config_item[:adapter]
next if config_item.class == TrueClass
file = "sso/#{config_item[:adapter]}"
require file
user_auth = SSO.const_get("#{config_item[:adapter].to_s.upcase}").check( params, config_item )
# auth ok
if user_auth
# remember last login date
user_auth.update_last_login
# reset login failed
user_auth.login_failed = 0
user_auth.save
return user_auth return user_auth
end end
}
return false
end
def self.create_from_hash!(hash) def self.create_from_hash!(hash)
url = '' url = ''

View file

@ -250,7 +250,7 @@ Setting.create_if_not_exists(
:area => 'Security::Authentication', :area => 'Security::Authentication',
:description => 'Enables user authentication via OTRS.', :description => 'Enables user authentication via OTRS.',
:state => { :state => {
:adapter => 'otrs', :adapter => 'Auth::Otrs',
:required_group_ro => 'stats', :required_group_ro => 'stats',
:group_rw_role_map => { :group_rw_role_map => {
'admin' => 'Admin', 'admin' => 'Admin',
@ -271,7 +271,7 @@ Setting.create_if_not_exists(
:area => 'Security::Authentication', :area => 'Security::Authentication',
:description => 'Enables user authentication via LDAP.', :description => 'Enables user authentication via LDAP.',
:state => { :state => {
:adapter => 'ldap', :adapter => 'Auth::Ldap',
:host => 'localhost', :host => 'localhost',
:port => 389, :port => 389,
:bind_dn => 'cn=Manager,dc=example,dc=org', :bind_dn => 'cn=Manager,dc=example,dc=org',

63
lib/auth.rb Normal file
View file

@ -0,0 +1,63 @@
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
class Auth < ApplicationLib
=begin
authenticate user via username and password
result = Auth.check( username, password, user )
returns
result = user_model # if authentication was successfully
=end
def self.check(username, password, user)
# use std. auth backends
config = [
{
:adapter => 'Auth::Internal',
},
{
:adapter => 'Auth::Test',
},
]
# added configured backends
Setting.where( :area => 'Security::Authentication' ).each {|setting|
if setting.state[:value]
config.push setting.state[:value]
end
}
# try to login against configure auth backends
user_auth = nil
config.each {|config_item|
next if !config_item[:adapter]
# load backend
backend = self.load_adapter( config_item[:adapter] )
return if !backend
user_auth = backend.check( username, password, config_item, user )
# auth ok
if user_auth
# remember last login date
user_auth.update_last_login
# reset login failed
user_auth.login_failed = 0
user_auth.save
return user_auth
end
}
return
end
end

View file

@ -1,6 +1,6 @@
module Auth # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
end
module Auth::INTERNAL module Auth::Internal
def self.check( username, password, config, user ) def self.check( username, password, config, user )
# return if no user exists # return if no user exists

View file

@ -1,8 +1,8 @@
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
require 'net/ldap' require 'net/ldap'
module Auth module Auth::Ldap
end
module Auth::LDAP
def self.check( username, password, config, user ) def self.check( username, password, config, user )
scope = Net::LDAP::SearchScope_WholeSubtree scope = Net::LDAP::SearchScope_WholeSubtree

View file

@ -1,7 +1,8 @@
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
require 'import/otrs' require 'import/otrs'
module Auth
end module Auth::Otrs
module Auth::OTRS
def self.check( username, password, config, user ) def self.check( username, password, config, user )
endpoint = Setting.get('import_otrs_endpoint') endpoint = Setting.get('import_otrs_endpoint')

View file

@ -1,6 +1,6 @@
module Auth # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
end
module Auth::TEST module Auth::Test
def self.check( username, password, config, user ) def self.check( username, password, config, user )
# development systems # development systems

63
lib/sso.rb Normal file
View file

@ -0,0 +1,63 @@
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
class Sso < ApplicationLib
=begin
authenticate user via username and password
result = Sso.check( params, config_item )
returns
result = user_model # if authentication was successfully
=end
def self.check(params)
# use std. auth backends
config = [
{
:adapter => 'Sso::Env',
},
{
:adapter => 'Sso::Otrs',
},
]
# added configured backends
Setting.where( :area => 'Security::SSO' ).each {|setting|
if setting.state[:value]
config.push setting.state[:value]
end
}
# try to login against configure auth backends
user_auth = nil
config.each {|config_item|
next if !config_item[:adapter]
# load backend
backend = self.load_adapter( config_item[:adapter] )
return if !backend
user_auth = backend.check( params, config_item )
# auth ok
if user_auth
# remember last login date
user_auth.update_last_login
# reset login failed
user_auth.login_failed = 0
user_auth.save
return user_auth
end
}
return
end
end

View file

@ -1,6 +1,6 @@
module SSO # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
end
module SSO::ENV module Sso::Env
def self.check( params, config_item ) def self.check( params, config_item )
# try to find user based on login # try to find user based on login

View file

@ -1,6 +1,6 @@
module SSO # Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
end
module SSO::OTRS module Sso::Otrs
def self.check( params, config_item ) def self.check( params, config_item )
endpoint = Setting.get('import_otrs_endpoint') endpoint = Setting.get('import_otrs_endpoint')