Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'active_support'
- require 'base64'
- require 'net/ldap'
- module LdapAuth #:nodoc:
- require 'ldap_constants'
- ############################################################################
- # Auth against LDAP
- ############################################################################
- def initialize_ldap_con username, password
- return Net::LDAP.new({:host=>LDAP_IP, :port=>LDAP_PORT, :encryption=>:simple_tls,
- :auth=>{:method=>:simple, :username=>username, :password=>password}})
- end
- def auth_against_ldap user, password
- ldap_con = initialize_ldap_con(LDAP_USER, LDAP_PWD)
- filter = Net::LDAP::Filter.eq("sAMAccountName", user)
- dn = String.new
- ldap_con.search(:base=>LDAP_BASE_DN, :filter=>filter, :attributes=>'dn'){|entry| dn = entry.dn}
- login_succeeded = false
- unless dn.empty?
- ldap_con = initialize_ldap_con(dn, password)
- request.env['REMOTE_USER'] = user
- login_succeeded = true if ldap_con.bind
- end
- return login_succeeded
- end
- end
- module SimpleHTTPAuthentication #:nodoc:
- include LdapAuth
- def self.append_features(base) #:nodoc:
- super
- base.extend(ClassMethods)
- end
- # Authentifizierung, siehe RFC 2617.
- module ClassMethods #:doc:
- def requires_authentication(options = {})
- around_filter(SimpleHTTPAuthentication::ActionFilter.new(options))
- end
- end
- class ActionFilter #:nodoc:
- attr_accessor :only_actions, :except_actions, :event_handler,
- :auth_location, :realm, :error_msg, :logout_action
- def initialize(options)
- @only_actions = options[:only] || []
- @except_actions = options[:except] || []
- @event_handler = options[:using] || :auth_against_ldap #lambda{ |username, password| true }
- @auth_locations = options[:at] || ['REDIRECT_REDIRECT_X_HTTP_AUTHORIZATION',
- 'REDIRECT_X_HTTP_AUTHORIZATION',
- 'X-HTTP_AUTHORIZATION', 'HTTP_AUTHORIZATION']
- @realm = options[:realm] || 'Login Required'
- @logout_action = options[:logout_on]
- @error_msg = options[:error_msg] || "401 Unauthorized: You are not authorized to view this page."
- end
- def before(controller)
- if controller.action_name.intern == @logout_action
- controller.response.headers["Status"] = "Unauthorized"
- controller.response.headers["WWW-Authenticate"] = "Basic realm=\"#{@realm}\""
- controller.render :action => @logout_action.to_s, :status => 401
- return false
- elsif (@only_actions.include?(controller.action_name.intern) || @only_actions.empty?) && !@except_actions.include?(controller.action_name.intern)
- username, password = get_auth_data(controller)
- authenticated = false
- if @event_handler
- if @event_handler.is_a?(Proc)
- authenticated = controller.instance_exec(username, password, &@event_handler)
- elsif @event_handler.is_a?(Symbol) || @event_handler.is_a?(String)
- simple_http_auth_handler = @event_handler
- controller.instance_eval do
- authenticated = self.send(simple_http_auth_handler, username, password)
- end
- else
- authenticated = true
- end
- else
- authenticated = true
- end
- unless authenticated
- controller.response.headers["Status"] = "Unauthorized"
- controller.response.headers["WWW-Authenticate"] = "Basic realm=\"#{@realm}\""
- controller.render :text => @error_msg, :status => 401
- end
- return authenticated
- end
- end
- def after(controller)
- # wird benötigt, da rails sonst rumheult
- end
- private
- def get_auth_data(controller)
- authdata = nil
- for location in @auth_locations
- if controller.request.env.has_key?(location)
- # split basiert auf whitespace, aber splittet nur in 2 teile
- authdata = controller.request.env[location].to_s.split(nil, 2)
- end
- end
- if authdata and authdata[0] == 'Basic'
- user, pass = Base64.decode64(authdata[1]).split(':')[0..1]
- else
- user, pass = ['', '']
- end
- return user, pass
- end
- end
- end
- module ActionController #:nodoc:
- require 'ldap_constants'
- class Base #:nodoc:
- include SimpleHTTPAuthentication
- end
- end
Add Comment
Please, Sign In to add comment