Merge pull request #225 from joshua-arts/ldap

Add support for LDAP authentication.
2018-07-23 15:34:42 -04:00
parent d11390fadd 00a3deec29
commit 12a448aa24
11 changed files with 117 additions and 58 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -1,11 +1,14 @@
 # frozen_string_literal: true

 # List of supported Omniauth providers.
-Rails.application.config.providers = [:google, :twitter]
+Rails.application.config.providers = [:google, :twitter, :ldap]

 # Set which providers are configured.
 Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? && ENV['GOOGLE_OAUTH2_SECRET'].present?
 Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? && ENV['TWITTER_SECRET'].present?
+Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? && ENV['LDAP_UID'].present? &&
+                                         ENV['LDAP_BASE'].present? && ENV['LDAP_BIND_DN'].present? &&
+                                         ENV['LDAP_PASSWORD'].present?
 Rails.application.config.omniauth_bn_launcher = Rails.configuration.loadbalanced_configuration

 SETUP_PROC = lambda do |env|
@ -16,9 +19,9 @@ end
 Rails.application.config.middleware.use OmniAuth::Builder do
  if Rails.configuration.omniauth_bn_launcher
    provider :bn_launcher, client_id: ENV['CLIENT_ID'],
-             client_secret: ENV['CLIENT_SECRET'],
-             client_options: { site: ENV['BN_LAUNCHER_REDIRECT_URI'] },
-             setup: SETUP_PROC
+      client_secret: ENV['CLIENT_SECRET'],
+      client_options: { site: ENV['BN_LAUNCHER_REDIRECT_URI'] },
+      setup: SETUP_PROC
  end

  provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
@ -28,4 +31,43 @@ Rails.application.config.middleware.use OmniAuth::Builder do
    access_type: 'online',
    name: 'google',
    hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD']
+
+  provider :ldap,
+    host: ENV['LDAP_SERVER'],
+    port: ENV['LDAP_PORT'] || '389',
+    method: ENV['LDAP_METHOD'].blank? ? :plain : ENV['LDAP_METHOD'].to_sym,
+    allow_username_or_email_login: true,
+    uid: ENV['LDAP_UID'],
+    base: ENV['LDAP_BASE'],
+    bind_dn: ENV['LDAP_BIND_DN'],
+    password: ENV['LDAP_PASSWORD']
+end
+
+# Redirect back to login in development mode.
+OmniAuth.config.on_failure = proc { |env|
+  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}
+
+# Work around beacuse callback_url option causes
+# omniauth.auth to be nil in the authhash when
+# authenticating with LDAP.
+module OmniAuthLDAPExt
+  def request_phase
+    rel_root = ENV['RELATIVE_URL_ROOT'].present? ? ENV['RELATIVE_URL_ROOT'] : '/b'
+
+    @callback_path = nil
+    path = options[:callback_path]
+    options[:callback_path] = "#{rel_root if Rails.env == 'production'}/auth/ldap/callback"
+    form = super
+    options[:callback_path] = path
+    form
+  end
+end
+
+module OmniAuth
+  module Strategies
+    class LDAP
+      prepend OmniAuthLDAPExt
+    end
+  end
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -43,6 +43,7 @@ en:
      settings: Settings
      signout: Sign out
  info_update_success: Information successfully updated.
+  invalid_credentials: Login failed due to invalid credentials. Are you sure you entered them correctly?
  invite_message: "To invite someone to the meeting, send them this link:"
  landing:
    about: A simple front end for your BigBlueButton Open Source Web Conferencing Server.
@ -50,8 +51,8 @@ en:
    video: Watch a tutorial on using Greenlight
    upgrade: Show me how to upgrade to 2.0!
    version: We've released a new version of Greenlight, but your database isn't compatible.
+  ldap_error: Unable to connect to the LDAP server. Please check your LDAP configuration in the env file and ensure your server is running.
  login: Login
-  login_failed: Login failed due to invalid credentials. Are you sure you typed them correctly?
  modal:
    create_room:
      auto_join: Automatically join me into the room.
@ -67,6 +68,7 @@ en:
    login:
      or: or
      with: Login with %{provider}
+  omniauth_error: An error occured while authenticating with omniauth. Please try again or contact an administrator!
  password: Password
  recording:
    email: Email Recording
--- a/config/routes.rb
+++ b/config/routes.rb
@ -26,7 +26,7 @@ Rails.application.routes.draw do

  # Handles Omniauth authentication.
  match '/auth/:provider/callback', to: 'sessions#omniauth', via: [:get, :post], as: :omniauth_session
-  get '/auth/failure', to: 'sessions#fail'
+  get '/auth/failure', to: 'sessions#omniauth_fail'

  # Room resources.
  resources :rooms, only: [:create, :show, :destroy], param: :room_uid, path: '/'