Rewrite of Auth and SSO module layer.
This commit is contained in:
parent
622419ac75
commit
cb7809cef9
10 changed files with 153 additions and 96 deletions
|
@ -60,96 +60,26 @@ class User < ApplicationModel
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
# use auth backends
|
user_auth = Auth.check( username, password, user )
|
||||||
config = [
|
|
||||||
{
|
|
||||||
:adapter => 'internal',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
:adapter => 'test',
|
|
||||||
},
|
|
||||||
]
|
|
||||||
Setting.where( :area => 'Security::Authentication' ).each {|setting|
|
|
||||||
if setting.state[:value]
|
|
||||||
config.push setting.state[:value]
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
# try to login against configure auth backends
|
|
||||||
user_auth = nil
|
|
||||||
config.each {|config_item|
|
|
||||||
next if !config_item[:adapter]
|
|
||||||
next if config_item.class == TrueClass
|
|
||||||
file = "auth/#{config_item[:adapter]}"
|
|
||||||
require file
|
|
||||||
user_auth = Auth.const_get("#{config_item[:adapter].to_s.upcase}").check( username, password, config_item, user )
|
|
||||||
|
|
||||||
# auth ok
|
|
||||||
if user_auth
|
|
||||||
|
|
||||||
# remember last login date
|
|
||||||
user_auth.update_last_login
|
|
||||||
|
|
||||||
# reset login failed
|
|
||||||
user_auth.login_failed = 0
|
|
||||||
user_auth.save
|
|
||||||
|
|
||||||
return user_auth
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
# set login failed +1
|
# set login failed +1
|
||||||
if !user_auth && user
|
if !user_auth && user
|
||||||
|
sleep 1
|
||||||
user.login_failed = user.login_failed + 1
|
user.login_failed = user.login_failed + 1
|
||||||
user.save
|
user.save
|
||||||
end
|
end
|
||||||
|
|
||||||
# auth failed
|
# auth ok
|
||||||
sleep 1
|
|
||||||
return user_auth
|
return user_auth
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.sso(params)
|
def self.sso(params)
|
||||||
|
|
||||||
# use auth backends
|
|
||||||
config = [
|
|
||||||
{
|
|
||||||
:adapter => 'env',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
:adapter => 'otrs',
|
|
||||||
},
|
|
||||||
]
|
|
||||||
# Setting.where( :area => 'Security::Authentication' ).each {|setting|
|
|
||||||
# if setting.state[:value]
|
|
||||||
# config.push setting.state[:value]
|
|
||||||
# end
|
|
||||||
# }
|
|
||||||
|
|
||||||
# try to login against configure auth backends
|
# try to login against configure auth backends
|
||||||
user_auth = nil
|
user_auth = Sso.check( params, user )
|
||||||
config.each {|config_item|
|
return if !user_auth
|
||||||
next if !config_item[:adapter]
|
|
||||||
next if config_item.class == TrueClass
|
|
||||||
file = "sso/#{config_item[:adapter]}"
|
|
||||||
require file
|
|
||||||
user_auth = SSO.const_get("#{config_item[:adapter].to_s.upcase}").check( params, config_item )
|
|
||||||
|
|
||||||
# auth ok
|
return user_auth
|
||||||
if user_auth
|
|
||||||
|
|
||||||
# remember last login date
|
|
||||||
user_auth.update_last_login
|
|
||||||
|
|
||||||
# reset login failed
|
|
||||||
user_auth.login_failed = 0
|
|
||||||
user_auth.save
|
|
||||||
|
|
||||||
return user_auth
|
|
||||||
end
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.create_from_hash!(hash)
|
def self.create_from_hash!(hash)
|
||||||
|
|
|
@ -250,7 +250,7 @@ Setting.create_if_not_exists(
|
||||||
:area => 'Security::Authentication',
|
:area => 'Security::Authentication',
|
||||||
:description => 'Enables user authentication via OTRS.',
|
:description => 'Enables user authentication via OTRS.',
|
||||||
:state => {
|
:state => {
|
||||||
:adapter => 'otrs',
|
:adapter => 'Auth::Otrs',
|
||||||
:required_group_ro => 'stats',
|
:required_group_ro => 'stats',
|
||||||
:group_rw_role_map => {
|
:group_rw_role_map => {
|
||||||
'admin' => 'Admin',
|
'admin' => 'Admin',
|
||||||
|
@ -271,7 +271,7 @@ Setting.create_if_not_exists(
|
||||||
:area => 'Security::Authentication',
|
:area => 'Security::Authentication',
|
||||||
:description => 'Enables user authentication via LDAP.',
|
:description => 'Enables user authentication via LDAP.',
|
||||||
:state => {
|
:state => {
|
||||||
:adapter => 'ldap',
|
:adapter => 'Auth::Ldap',
|
||||||
:host => 'localhost',
|
:host => 'localhost',
|
||||||
:port => 389,
|
:port => 389,
|
||||||
:bind_dn => 'cn=Manager,dc=example,dc=org',
|
:bind_dn => 'cn=Manager,dc=example,dc=org',
|
||||||
|
|
63
lib/auth.rb
Normal file
63
lib/auth.rb
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
class Auth < ApplicationLib
|
||||||
|
|
||||||
|
=begin
|
||||||
|
|
||||||
|
authenticate user via username and password
|
||||||
|
|
||||||
|
result = Auth.check( username, password, user )
|
||||||
|
|
||||||
|
returns
|
||||||
|
|
||||||
|
result = user_model # if authentication was successfully
|
||||||
|
|
||||||
|
=end
|
||||||
|
|
||||||
|
def self.check(username, password, user)
|
||||||
|
|
||||||
|
# use std. auth backends
|
||||||
|
config = [
|
||||||
|
{
|
||||||
|
:adapter => 'Auth::Internal',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
:adapter => 'Auth::Test',
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
# added configured backends
|
||||||
|
Setting.where( :area => 'Security::Authentication' ).each {|setting|
|
||||||
|
if setting.state[:value]
|
||||||
|
config.push setting.state[:value]
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# try to login against configure auth backends
|
||||||
|
user_auth = nil
|
||||||
|
config.each {|config_item|
|
||||||
|
next if !config_item[:adapter]
|
||||||
|
|
||||||
|
# load backend
|
||||||
|
backend = self.load_adapter( config_item[:adapter] )
|
||||||
|
return if !backend
|
||||||
|
|
||||||
|
user_auth = backend.check( username, password, config_item, user )
|
||||||
|
|
||||||
|
# auth ok
|
||||||
|
if user_auth
|
||||||
|
|
||||||
|
# remember last login date
|
||||||
|
user_auth.update_last_login
|
||||||
|
|
||||||
|
# reset login failed
|
||||||
|
user_auth.login_failed = 0
|
||||||
|
user_auth.save
|
||||||
|
|
||||||
|
return user_auth
|
||||||
|
end
|
||||||
|
}
|
||||||
|
return
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,6 +1,6 @@
|
||||||
module Auth
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
end
|
|
||||||
module Auth::INTERNAL
|
module Auth::Internal
|
||||||
def self.check( username, password, config, user )
|
def self.check( username, password, config, user )
|
||||||
|
|
||||||
# return if no user exists
|
# return if no user exists
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
require 'net/ldap'
|
require 'net/ldap'
|
||||||
|
|
||||||
module Auth
|
module Auth::Ldap
|
||||||
end
|
|
||||||
module Auth::LDAP
|
|
||||||
def self.check( username, password, config, user )
|
def self.check( username, password, config, user )
|
||||||
|
|
||||||
scope = Net::LDAP::SearchScope_WholeSubtree
|
scope = Net::LDAP::SearchScope_WholeSubtree
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
require 'import/otrs'
|
require 'import/otrs'
|
||||||
module Auth
|
|
||||||
end
|
module Auth::Otrs
|
||||||
module Auth::OTRS
|
|
||||||
def self.check( username, password, config, user )
|
def self.check( username, password, config, user )
|
||||||
|
|
||||||
endpoint = Setting.get('import_otrs_endpoint')
|
endpoint = Setting.get('import_otrs_endpoint')
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
module Auth
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
end
|
|
||||||
module Auth::TEST
|
module Auth::Test
|
||||||
def self.check( username, password, config, user )
|
def self.check( username, password, config, user )
|
||||||
|
|
||||||
# development systems
|
# development systems
|
||||||
|
|
63
lib/sso.rb
Normal file
63
lib/sso.rb
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
class Sso < ApplicationLib
|
||||||
|
|
||||||
|
=begin
|
||||||
|
|
||||||
|
authenticate user via username and password
|
||||||
|
|
||||||
|
result = Sso.check( params, config_item )
|
||||||
|
|
||||||
|
returns
|
||||||
|
|
||||||
|
result = user_model # if authentication was successfully
|
||||||
|
|
||||||
|
=end
|
||||||
|
|
||||||
|
def self.check(params)
|
||||||
|
|
||||||
|
# use std. auth backends
|
||||||
|
config = [
|
||||||
|
{
|
||||||
|
:adapter => 'Sso::Env',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
:adapter => 'Sso::Otrs',
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
# added configured backends
|
||||||
|
Setting.where( :area => 'Security::SSO' ).each {|setting|
|
||||||
|
if setting.state[:value]
|
||||||
|
config.push setting.state[:value]
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# try to login against configure auth backends
|
||||||
|
user_auth = nil
|
||||||
|
config.each {|config_item|
|
||||||
|
next if !config_item[:adapter]
|
||||||
|
|
||||||
|
# load backend
|
||||||
|
backend = self.load_adapter( config_item[:adapter] )
|
||||||
|
return if !backend
|
||||||
|
|
||||||
|
user_auth = backend.check( params, config_item )
|
||||||
|
|
||||||
|
# auth ok
|
||||||
|
if user_auth
|
||||||
|
|
||||||
|
# remember last login date
|
||||||
|
user_auth.update_last_login
|
||||||
|
|
||||||
|
# reset login failed
|
||||||
|
user_auth.login_failed = 0
|
||||||
|
user_auth.save
|
||||||
|
|
||||||
|
return user_auth
|
||||||
|
end
|
||||||
|
}
|
||||||
|
return
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,6 +1,6 @@
|
||||||
module SSO
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
end
|
|
||||||
module SSO::ENV
|
module Sso::Env
|
||||||
def self.check( params, config_item )
|
def self.check( params, config_item )
|
||||||
|
|
||||||
# try to find user based on login
|
# try to find user based on login
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
module SSO
|
# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/
|
||||||
end
|
|
||||||
module SSO::OTRS
|
module Sso::Otrs
|
||||||
def self.check( params, config_item )
|
def self.check( params, config_item )
|
||||||
|
|
||||||
endpoint = Setting.get('import_otrs_endpoint')
|
endpoint = Setting.get('import_otrs_endpoint')
|
||||||
|
|
Loading…
Reference in a new issue