From ae774b90ce3c7f0accde4ba3db1012a459f65fb7 Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 5 Jul 2017 16:26:27 -0400 Subject: [PATCH 01/10] add LDAP authentication --- Gemfile | 1 + Gemfile.lock | 9 +++++++++ app/assets/images/ldap_icon.png | Bin 0 -> 22308 bytes app/controllers/sessions_controller.rb | 2 ++ app/models/user.rb | 8 ++++++++ app/views/sessions/new.erb | 12 ++++++++++++ config/initializers/omniauth.rb | 13 ++++++++++++- env | 14 ++++++++++++++ 8 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 app/assets/images/ldap_icon.png diff --git a/Gemfile b/Gemfile index 6fd584d2..fbdeab91 100644 --- a/Gemfile +++ b/Gemfile @@ -65,6 +65,7 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] gem 'omniauth', '1.3.1' gem 'omniauth-twitter', '1.2.1' gem 'omniauth-google-oauth2', '0.4.1' +gem 'omniauth-ldap' gem 'bigbluebutton-api-ruby' diff --git a/Gemfile.lock b/Gemfile.lock index 4178690f..6779b2fa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -116,6 +116,7 @@ GEM multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) + net-ldap (0.16.0) nio4r (1.2.1) nokogiri (1.6.8.1) mini_portile2 (~> 2.1.0) @@ -134,6 +135,11 @@ GEM multi_json (~> 1.3) omniauth (>= 1.1.1) omniauth-oauth2 (>= 1.3.1) + omniauth-ldap (1.0.5) + net-ldap (~> 0.12) + omniauth (~> 1.0) + pyu-ruby-sasl (~> 0.0.3.2) + rubyntlm (~> 0.3.4) omniauth-oauth (1.1.0) oauth omniauth (~> 1.0) @@ -151,6 +157,7 @@ GEM mimemagic (= 0.3.0) pg (0.19.0) puma (3.6.0) + pyu-ruby-sasl (0.0.3.3) rack (2.0.1) rack-test (0.6.3) rack (>= 1.0) @@ -184,6 +191,7 @@ GEM rb-fsevent (0.9.7) rb-inotify (0.9.7) ffi (>= 0.5.0) + rubyntlm (0.3.4) sass (3.4.22) sass-rails (5.0.6) railties (>= 4.0.0, < 6) @@ -254,6 +262,7 @@ DEPENDENCIES mocha omniauth (= 1.3.1) omniauth-google-oauth2 (= 0.4.1) + omniauth-ldap omniauth-twitter (= 1.2.1) paperclip (~> 4.2) pg diff --git a/app/assets/images/ldap_icon.png b/app/assets/images/ldap_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..74bee5ff3a2fa80a1de6de2474f5629e335e8732 GIT binary patch literal 22308 zcmdqJg;$i_7d8wipmcW*Edxk5hzu~Kv_p4?bVv%)B`vLlC?JhAN`nXpNVkA=cYkM| z-}kQd{td5dJ?mM_-1mun&aP`;d!p3U6mYSquuxD?a24S&O%xO~1oFQ}7~qpO>-Tfu ze-GWCD{4Oi|NI|WMxvlFpeVv*w0*L7=6(IO$3J2oES6;`@=c$|y?s|1#$~2}?rNfr zx*hU$qBUlI_elTindI!cgOh`SNvW>Gc>Y&U)OI66a`kVOuNVm!IH%7uEYq&2rqB;N1&993MugGPu` z`ejrkdQ9IhwDxzJW1|sUpXjs&y(~<$@XrKKKh)Vg^AO-D@-aL7k8fJkz z(L0Lm)pef4H;1@tme1~ue^0(`$oG5vnYP)0liAuVHRd3W2U`kqb!=H z8}cBee6;urhVgqr{DY(9pEpjuKmY7qapOE()wgu^;*P*wIVO_kFtoaif=4AR+Xy5U zUi@Q8Qh8d)ex3Qc^7i2H`S_bAuOT%`4dZBPV(cVo4x@rp4bl*P|5BHPU~ z4u=x`0}UNcsd8tz3LXYAqQ^_F)4UeiRMx4V%ybpS_=p>w9wr(e4k{MPhQ4`MeQ7E_ zpERM5eR3CtsQz^wC6BFB59%y>N(J9c=?%DQ;sGyexfkG03w> z8*%M>rc^BgLbX3+rz^|5)8{7@`T<8Y3Z=v&(pE zIkc)iHob(-M~Y2d)p8`F{<4I28}RfOdU|>hq^YN$omNyx`o6R%51uVmM@twAh++ceiKm4Xw+lZWvAYOmT#u8B7VZ9phk=%%q-Hu1|L_8&U@*zbtwJ6*#bK@qS#aP|t9 zy%B;wPRb8%WQ;MGskkEsLt@z0|2FYsX=L})uJq4cU@(js)YQxQTC3uM+eJ(p*7wvp zt#G+XGz=X6kZZU~6pue2OL+w(IzEx|5W!bWK>lKAS&WO1v~8+iyCqb{YC2s1=Jxi1 z?Jgw&ZA72Is043=>mD4MY5ZeQxu4_$!lp%m^EQQig4VhULImX;2{ZVY(7~eRrdQkd z`{FOFEH(I+G}ZHBw)uMG&l)jpL}a|EaVMU+UGL-jzFkddbgPfl-TAD)BcyT7US9e#z$nX1x2uuLh8#57>>}Fb{FCvt9asgrO zM7*3Yxj9Rnp9*^GjZV~G!aNZA%0wh{R{Y(`1sdxnt^Kano=F?=_PIMfC#2xLPEt6% zp%|Im<{?cnT*-eqsdmN>GezO0&Pw-bokVa(U$CPtHrb2e-re;y29AmT!|1{ea;T!s zQv%JqLo?i5L@WJmsLY6KBzp(Z9NwH*5D9pA-MWYww@qE~$tx!Z?YoN}V*w8zIR(ai z_5oF|m09w*c5u)%&G7RJ2nz>NHRuqH*arCC(eck=A*tl7D-qZ|9|gqUSWs+|nPe9_ zNE&}XT5|BKbhOCXV22elkzu6dzTwOGd>lFk z)x=(MN;x_9LiYQc4T8Iq9%CGg=RlJZ6-9S-{ntB28tnf)TCjr?c9WCK8M>#xxV$`` ztuzbD0+NQI1lx6gxfteTgD@ptTWeSzgvk+}_Do=`y&Uk)pX?3z8VNV~Yvgrva&*{W zs)^V8e3ZsSn}iT~UZrc|hyT9Gk7z_jw*9^&u5mr@;NuQvQ$6g4WzN3-EPHualQl9r z$p0`3j@Q`ld^4$&{L~J{*DE*r&;(wXp$^x`^}k2CyU`_mJ{R~VlG&mTWlYDfqr>>b2UF19+M4G|UtySb%_A|eQ3Dp1k^uNc9N%38&CF$9=0m8%9GtDIujw?0ocngTDls z_Nr@Hq1j4Ic*kG-w<*_YyFY&Ze2tt6vNd{SIOi!xi68gLY?%s5^{q#(!tJ<#-onNx z9Vt1&`s!*r!NFGBos%ciiq2_JDxx-ZTg1eUlg8d_XU?Y9K;$s_Puh2X1iV!3$R63G z5#Ox6fP7?p{808M)4uk~tJ3orpbyM{29Ki;>)e$aQXd2`8bb=lj_@#2^CX(l_xHpg z;PxfDBvdRUJQ!>}z{4P|AL~hyW9ufz2>1vBq_uc9A=4MK^~eP^@v*X@;?IlV_PeUZ z7oCXuYy9S*wcXQcyIz(5=Y*uGG@`E`G)6?Zc&wp&jYh*8KY<%tneX;!AEbOKww3QfH;; z!ISiFUp;-4C;e!@$^_Hbka+XQp*YU%n|B>Ki-U15q&^nBQg1w_Pn~l6EbBqSm+0CU z#XhL^%sCo+la5^TZw?4RWR$XrDWl3O>1rBhBjOiiYESV#6uctfntx!sabW(+LKuWp zm2WlvsL&cVWjrtDjaeP*!st>X4ZFIbkl$ExfJ&CX95}9?X1^ zt0HW7Zes!|mTd5|at6T*%dFq=GiqyDFC3p$B={L7z9v`s*^_T~`I%jbkXB9$Xv^W> zaQ&95It?&KuunQIet;(xD+#mfoZw@r5!M=D3y$WCh1%Egfqf=AZlFO(FwvW2Y6Sm! zN?tgS|79#@ePaA?(P`br;iX(JV^kxJ(9Ip^+Iy)daTXPi4-|zG@y`S}r498T2fY)I z)byECqXt_1$V95(k#n)CNA~9}dYr#s&K(X;A_OUx@YzXNf$zSq$O-XX;S;^1qRBH& z_OWmXbvyrF&)By+&4D9SiXKx;zLZuIlSouCjJ`cGI>8^Tu<)g)TGjK>;VsMz#FQ7^ zsl=`$t2FWL7(Hy04~=KkOXto<@kV&znk;&BbKc`HGXu^I9UTkdyOlfxm(QsN+3G%l zZkIm(cJipbW}$zH9b8@nxjgedsB6u)c=r}KLFe3;v048}JDpb)y8D3<^;ylam$;R| zeU4>QV|%gJ@PR~li0dEqui%S9s;SOb`&xHRCHfvXN$N^1#Q1?lXe&oVatetZ|3YaS z-0fJJt{NZZhVRE8E4!{pq(KXoiS5;2lr2<9oLHxBP%wWSnWmHQ2|ynujt%hsFp(+N zdhw5#+VykY3lEZ{-}T%SaTPjj^DH|#;*74UcOwO$gQRDCmGR=!JKOG0kZ zOJ81L+Mi!JcYmbT(pL9|Wq<)uiL*NB6!+6;*a>}dX4GYnTeb7vP@GbTvqJszTBX6^ zbwx@6G;e#-)`tZB;_`d_a;W6s4T&&HU?x>pgkM(bzO+$)K)LPIPi(D&jjv;Jy-#WO zO$mghoA7kv=JN~QS!R222DVya4bddG^Xi*txAO)6%=B7|P!_H+9H|5;&q3BUYfQWu z+_@O{d#f`R@HrzIaK6wt1c4{NtQ{qO_uzX*RhcR}dk3T+?Xn4*KP4cd4P&;b(LY!^ zU4zF8o)7ILrsVAO+)h^h7(Kwncz&^b;(gL9E2)%svbwn^)fs@#m6}O$|hufpGcPmeGDcmX&fl_-``Z-ICHa*rD}`L zCovRsc)LOI$#wR|JjL?xGb2?ScLlw-L=~z+lRs21$*es|y@Kb1|Mouh?@>txF)T%P z?w)WHV@VAU9IdL^vWxNYWS>=nu%bpkl*K?drq=?l3=W$qkO9LC`fbXPb}Qqu!REZm_Ajw^?{7wF6hQclzUQC>1= z4$^S8UH_4P*ifFR-C*m6NB(WQ@1g|;tTYrk+0vAJVT8f8h{y&Bc3QmW3GNdhUc#K) zx$Wpbjd#BwBZM0dC-b`3-~QR$IbWH5;S5t)WKd4St1{h80oVa@=s$HxznYY#n;o4< zY3NrZY!k1hpi5*!s+cqLEzp1ei|WB;C{$0ZGo(oCzSWV<>yH-@B1WaHe%r<)46}w$QJhL2P7&*b{$`N<1dr#{v7*v^?Xhr-C!#5~AuwJSRhJ|G{Cu8V3 zm-m8vOC+X<35pP_X>L>YHSOje;q7DK&dz?&9QVq-Rq43lsgq^N28AWT{qd37PWe8N z-Q&QcEqKCk#oT3r(gH6$Q?wqc?D0@6&i#TWQQrTKU=Q30x{AEeNW4nZO&AFAyl)*i zGn@RuC6OuY66N)UC4qHNt*2N;$3Mdu{j=FQf4>l|4may3ibYpuqchTp!$1EP33li9 zZwd#|@I&D|$vlUBz=n`@*T1qDJ>h5-e;HBfu>{olr^Wu!;Io;(GjzVdk3q!HD1TY( z>#p3+4`z20MWQQLA_Jhw@83d_8w&;TW{y6y|8g3wkAI5s_XH!vIB~`C^9t z%(?#z`!AZ{dw=r>QRr(9>;1r(*=6C*js|Z0Tw^WK9m9S$(HnH-57+7YUAf`TKvKc1 zq%J?w6wAiKHT39^f1e3>tW5H_Z_^VZDj)g=I6M$0E{degOJ^5D!yUUYl(HeAM=9T+>3j*1q+1?~lIVeJd3`8m~?iKwvZ#l)=iPTyhGjjyuvs{BC4mzEwbzHFu*F! zqU-UHuOXpy_F(lI6W03_HxNrf!xQ-L1MzEEFGDDGA{m<)S{NhC!sCcI>P}5d$(tdm z9fz%Ds4hvRsa%xz(+@W%CI$qLjyzQpQ`0*_SW5G8j9Cl&upW}momOxi9RHq;v}lh` zT5PSxyiPcYj+bG5m$O4e`=%o$r)xbPQgH?6q4N(&*q{jS4IxF}E-^?2xeW5L#MBKk zvLa{7SZd zayW^U5sDx@GvRSoFxdY9ZYPA}kfzWom8N$+KEJrm2Iaf{H(3vyPV@HY58mEF9Hm}# zgkUIEjtLI1S&sHy0@^n!|Gw_3`gq$A+f+e<(K(-sU1O%+>$M-}v0o9*dyNpXt3VOV z9ThKkp5H$UW>K~P6CPc^Jo`}O_sj!_k21XzBPPs`qyLFe533kjhPwMXO5pvI{U?8@ zuyr45Pt+bW*bsHBEg9%rtBGTiMImDuq(jhy;vSA6ERcEFFnK+&YpiQ-Zoz4k*nCkZ zrB>p+eYkMJPVbr?I+IrVI;UG;5fw$9pa{Mi17F|tF3~?T5#PTq@Q8(*RhrsuxH#k; zb@}YRKF3N-9Ad0-tX0ag_OB2`*4+WsD_54o z=h-r;nR(kWifnZLp7=mqmm%6f8ya;SVi90?rBW?GqbH7dJ@_< z8}6B60f;NJxDAR?vvw?5g~bmYD-YonO(JmR(wc;|_a~cC=Vt{439~{tnAo}$$o*e6 zPK0@sl;(xjmWhPQy&e}P=*n9xBchdk0!4Hp_p8^~XzYQLueJ4;<++{bS(RyGAlED+ z=E0yuvCC&fWq8yq-@64*mv?Ep2K&Jqk6^_ln!$_Zs}v&IV1OS^lyHn)n!=*-na=h2 zliigqA?MkrFepNn1cw8wLOK~ozgZMMP?9lBtGLATYFCz_&xu+s0^K3fc-k=G3a0${VKi-b7Jq} z{IFixm}xr|+K_RgO1ww4Y5(V{8WWF)`HU;jiOnk091NQZxDZGZ)Jg74IkG0`7H$>Y zmZ1~m7VToV;GNiu%vAhIlSD_6nA2`VWg7~3T-V8PgFELjx?(;P0WP&om0BG7Hnz)I zwB^ZHY;hc4kff_H@pf zFM-b;sdORRUPV-@Enj*@i2BKC_A9w9`;jM*(S~X_IR)}Y^Zy0W5f$H%c@7Qsgd!5# zOWvm^pbfP}>={X*a!06o;Ar+c*Zf_NVFR8<0Gi!>B|%n}>=QU|R(pDsW|!1k7{Ux( z$`dgRJ4=6K2*BjP3Ir_w_Z;!V5XQAldc-Gp3A390!mVtP8HcK!9mAHk67{~>Y8`T3wV_{*0SuEVS(llpjS`brC0gPwY zB4CT~cUBalk-ewKo+x${pZmD;d7B8ic%>XuQ%=!>}!bYO= zpDGbmI?~a|^-UQ{)icw_7b#Sk(vATQ*4>qWAZ14SsXHqE8DUcLDlpKtQ{dweCL^h_ zVRP`@@o)lOh_LiKM}U`g^-Rh2et2})Knr&f|8I|`@b>RgV(en!E>HxD|J{e9zgPM| z*}?}`%p3Wde587rKc)-)X&0vuI4wiRCJP3b@WvrJ@>QXTxL0NcEAA?MTW42QZtkrc z6weQHuorZdj;dV`1SLwlf!EeR+%=wk*m(3j<8I6sL0JD zhG}qBY5gk3j)yq2&9t@ht`aDX+4c?yo1PI)%nT&6z>TfxEL4pusl;1;X0~zx35R`6 zcfiE`8uTi~w4&!ql#M|zY=3@y=~r`j}QApF(|6i{Ax;6TRD1YHS)N&*xR zxr%|fw8oB8i`Gp8a-X;moScKL(wLOJX`!^p_km9UvM+qhAK&;1idbk5J_45mh)|#k z6bmpOFoJN_qE$-ze{o%56oBM`G@p(`(>Smveh%V-=nrhju7h5?GEmw^EcT!5!ma+ z5l#mNNn_~=ZC8w#SStl1auBm*{p0(%iA7d#&A>$U=skco`lJoLtA=!$bMS_kw0!4w25lk3_xpjyJuTnYWDjlK;)cZudWoYJbX z7~uvo<<~rA;<4O;YKbzQpg6XiYdyl7-=U2j6N*nc|H@=K&Y1_(MsK|Ce1+%LOW+ep zG^{CORJAH^+6nNzSUbTPuPl&%17DamT{k+l=)J*t1@6d&stZA-9oEFvme2|QQD{u; zK8X4*#;ED$Iuw*w+NG{0s{Rn=q-gZocaoLS<(W*k zqZh&0JU`dr@3zh@@#((~2y`BK=7A-?)%1JilzNZvqZ#%@W^0dQ7fj#RCc>3GeQR)Q zeh}#B=1k9no-7?<$M&nf50f5IwMQ5)L?WqjS!GVTV;k@WD$yM*;tpq?CZ>I(*?Pt~ z+#b{5TtQF2&%dxFQ&?1Y9qT>b{|>$MQ{zj!El?SgDfG+kj&1=!ReM9k8v?t6FJlpz z|BPi@wQ%$*C#X*1A40x_?fDiOltVdvHQj4W8aqJ@?!(Dt6j56%rCb*Ji> zH!__P(lEkv0AHV6`3QZS0Ley6byzxPRCviG`Hu-%+I$P!9vAchTdi1FA_(7n%p`59 zYQH&JaADj4qY+tXUdTJ=gC2u?V|NqZehI%4$F`gP(efrf9tg9Ub9U=`^lEHBhmc}% zNYF*F>27>R7zF|T%eiTzePLl71l z*1$^XITOL^wZhkDPv3t3UT*@f1_w}PjqyKBV&SYfI+d{kb#M}=uaXZC-=bow$MxI3 z(9LbUXZM$<9KhA7^m6%53DKbo@S|@DZ7FzaxX_M57wCty@tXWU5ze1OtWqYFnU(w& z8Pdv^7gU$8dLuALMugeLFcSa7@}*IKGW9&ee-bf!1zbwf0&wNe#K~>(4Ge}+a<4wf zgT-vpI&UKbw-fAnT&+r>$=Xheb6SF^HCmj%39q!H;u&)=O%}2DO_6tclLM=A07V>) z;*%+*l~N)cUsrd+q8L?bDc@@QBVNllWS9i$eA@BeIXlGaot!J|_2Gb(xSYbf9-j1L zKe<8{00}H%6u@Rm?RWmk{Fbfs7?hzA8RZ0v{YYWfsUb^JCi^vD&NPJ`jqY^~7N|RH zP&AFt05q_H>p|i_vFlrrKTpo%9KzWVe$>st=kpaBo1g^w1c0!u=@gWdeh-K3!U!3! zr<@~0bXYEvpB35+2u+wd>BN8sj_>xY0Rjfl8AxYRfTJ+1U2F<+E&xefxCNQo$Xxe| zNjv~7I)`&-LGY6Jv0v(2jVa-X-RTwD#bJ#BtoL`Ec)Ig)?n@XU>-7|OKs!M08$-o4 zNE|D6S4I6$0$a_=&*(Qn!qj(wSAPn;(7Q9W=bP9QZJ(U?mefdCkib4I##A1wp~Km? zrN)FtPjn3dcC5+@#RYonLLRWEwcCHh{qh>Y^pZ8xDF(s<-j@w~(d<7h+f>*Cz-l{i z?;`WRH2VGUkOQ?X7f>QPxkAe?AjpXRWzm9)mDaMG2G?~c)j#|%XN}ARCl_OM>bA(I z#>|vap{Zz6X}QQ23fIMN)eB2FtBZ~&bgg*h^n>34dEqUU_!15^$;;B5^F|lMkr#-A z0}DBaEPd_W!k+cq@r@Ty8dj>F4PgB~sVn?E=c=)2bX_XQvg zl+qUpEFp{>(z8)G78QkgJYZOWCxE!))1)*-7wrp2Sn`{Ngyya0hN>rtYJFl8${_j> zTfO;2OsQ&f&#-6kP0IskP~vV66c@{ifR*8 z##j8{ZL_#ZMJK1h{=OxK;_M8*@4*%_BZihBof9AtCG;l zXz7-s7t{~~rOmgnoD+OD6T-6HMgfx-5aLnvcsQ6^ZA!Qq9-I6Gxr*~{2EP2G4$Bcj z0paf8AU22|EwXTEHdV-lkd*q4l!c0K;^EJ}+C&auNk@43;xCWLpcVd$ju0j>3y&s7 zZ>eD=Hw#B@9%7=+H?bCNDd+?1_)qRWc=*K=QjU(-$OD1!z8nwm{ZeO&}a7%r(X8^?Br=NU^Gd&EXw_phyh zG#7%>+6MBrPKZr=(#etnqySI^Ta9)u0?I1wCx5lI4DYmlWP`qy^W=5W%)L3iL zdFM4$OKhj|t;*zQ$oP|K0mejQJub3e0B+8=^A&Md!En^gb)hNmI1vHh>hhKz69E>- zh07~!<2m)1I-ReNI5g*t)C!fWZ+}Cq+W$hlA)cQ|i~s%_*+lYFGNQOgTyc8s>z2x@ zC`B9`F*2L|ef$)Nk?fb#>sgorQ<82%dio=|)qJ*{oMG_0ZoVOk0l8tca;CdaX!( z8_FQ~vv}U7o0+mcHVVlb2p9>fCRrKkkSSrn$6qk=Hh}^ZKwJSR7>5{MPFGimr3w@- z51dPyQ(0#WwY_WM0Gk+DqI18{nX+Cb#;pu8R@!WNJPih({M|cAp<2R*A)IFvn>Ebc zGgCqa{A+@axM-=I2V}Y@P!v1Ok}Hip=}6PO%ICEdcSh2{^pk#2t?1nu^{73=F_p8T zH8wQqy{(IkPjuQz2T8Y(DxBo;njA-i^U$MgQPu~#*!3@;CJDU2an3e~r5>V*(rJ!g z0>!Dy(l%ueDCDE%e;2j74gujZ65+s{%+re;-FY~o!QN4(i#^0OfTXa1ppE!Nn@Q-o z7d;_uOl0`8pCN(-@3zIDiTb)R=<8~I9b7i#7M2*^2;l+{ieBud7lSITFcOYE_ZE(c zhmq)1tCqv{DkFcb0)|h6XCN=w5vb78QY0q_F9tNyfU1el&in&If)}3{XIGd zsOQF1s4VlZvzJl;S&T;OZWM@@Wq4K{qO&dycgpGB`Ch&>KkT> z+qh{T?@7X&<+|3-4*TS^QE=k_f2XkwK=H(fc)9_Z<%d%l+yO8*x-ts*4?3f7moy#_!8UKZ)(5ZxQ<^|-gaYk<(B!pz+h|0?@s2&c{J z%5r^a6{z4dF1W#yqN;$(P>_L*jhUfiz=|2DsAA9?Y&G%P0*xP6C(q@tyo<78Za6rW zvqJFsJ-oY+Ck33e$at85rCNj`{~Zvvu`Z)x${O3UG&gm`h^WLw_=$yf8fH+-M>JrK z4i^W!T^S`5W&X1Ua)sV>=?@m0DoL=5|GA@zZ%)K&*!k><+br$x)Bjjp6la*1kB7Zx zwQ5h=6@z9BbZfaC-o_{}At6_+5j()@m=g*j;m*hoHQ`>2IvsZca?45i&rT_SvwO}L zF-IbNclrR45!QdP zUcbHs?mdW86cv6_LW^a~!<;RlNRr4_WXhH>h7L8jNxQ6-J9~bS&tF_y}iOZ z%pCsTHe=EsDW-6K`nQ6a9{XmNW0E=t{`GRD2Gq}msnjhR9>5$8q@GdauE>uF0MC$nJ(K~= zYB=CkbO5V8Cs0B0Vor)!v|r*XDxYnfm`SXo5~#1`HEVKq85y>7jx<)n0w3*vW;xQs z%Fq~+dpkk%i#`vWSO!eL#n3_;n`}f8lxz++xW-(sMGH*ViU{(PqhqR8CY3)e^`^%q z?;YXxvn_B64IroI2& zR>~`E$a2!(Y@eM8N)bPrNvp&&O9MLQHF(mK>F2_u!hk=ES)LWLJq!hfR`_eYX43DC z&RG9JhFFv;_AOc-Z_N^GOcf{06~6;>k8H6pX20ST|r}4G70k|8(JXv_{JuvfyT-Dcv_Wp{^l-ie;Y$A=E5j|)VD>ua#FLb-F-1o! zG9?{OIq?(lOgo(w(pNk2VZjY6vBr==#^cmAw!aniYU?=c8Y!ukz6bTQHV{#@^01$U z_}T5zkOf6}r(mlHDLBUm&TK)^tVCv(@)Drfjxowi163?@d_3HmQg3>QtJDc-OhkeA zscv-ZGRz1Wdm6e{E3u@83?5wB__xIm;o>s~B;HgdhrUr4ixq0Jv7M}d#DfY*ADzfM z_t3bcm@(mvx+;{EE^%C$@#H9|84ZBRZ*5w^1jQO4N45L2fP#A{$ zz;t(?YNER{}plz4Gp0G$^n26TEfyAOe>>CS! zM1ctYkJtDrL{MxNpr4PcZS`|OAWmXdqcr+1m3dLrqYxLoy@{=>n1)Hlk^ViA3a}v8 zV$nc`#g0{;+s}pg)n|^XRNa7~Oi@4PoOqbxq`CfUgc5#yQ27eN5B&Uq6GG)PgCL%B zaSL@mNbOJ>D@HVZxR=d_V4o66*1N!67~y6Asl?JI@ra_(v>%**_^@-0shS-K)?p-a zHVMO^gp;pw)=w-;0?jz@|F8@ob__#_-x+<{fVqKZ%pyRZQE!Waqgg3mW18{vm&O;6 zK4_${bc^u{34=5`8ZzDM1#)&mJJ-l6>c17wWq;u7LENd5na+ciW!GyBcp-88hz`B4 zWCIrxcum%(RW5_HiF&DUsR9|@2vkSN3Z5W&W$Vd70$!K?f|u)^p0 zvu_$G7GxYf$grPEncP`PhjSnRKTcVuWDfi9#t8yMV5(=Wi5n+ank(-}wo~pp7t|*W zkQJ2wU~>|gafR0|*DKqg0s@iQnz@!!`0yy}UEW)AxrpDvAF*`xWQaiRpPV)n@)_9uf!fMd%D^n{QwjB#Z5U0~?Q z3V?jdbYrY=yf0ZHkfc$>1IMSYvp-^ynPz{HgFqlPyrUEV;?mKujO})X!C=-F0H$(5 zcL3#{u4WuhcV;mBa(C|(uN|yor1fTFV0XjWMO@9JBkDX~DDHW78LP4`hI0I*Y*jx&t(~#~V zjy^aRug5l3;B!mUF5cM&^wK{FtvIkGc`NWIfD59gB98UrCxFs#i_f)dg{`S7VAC0239{paXJ(vOAci+9%BJ(Au3P{r)V-& zg~GoT_J|`z56Mr4M|qp8sD&(Zhx1H_~gZMN+oe{Uy?K1{e<@8k$xKk${v#uUGd1S|rejdHW1$DP^G65J<1zFN2HGW&hnnBMR=M2r_@9_YH^}#QYYm3D_$P@~VKC;OAn9=t z-~H4Gq*rT-`lD#A5hy+wJ%qB?aEz=BNHz_LdQgC^g{P&icGQCWc+eP?l^cQL(ob?M zXb+Ciw#lujk*uEHW-Fxb$6Kv5@a%|ry}nC#t^Ww`+sYU`22E$BG9-;rU20+S35cAu z?Yz+b8eREN3xW2W-^--5vgB?_^L@IFZGl0E1e6LT+s@dj{>7>(xMh!d0D&fx zLs1ZX%>+=yh+vREYk7tsWTzr1Fo0`eZsM~U#C5O566a@(Cam`&I~6{*Eg__UxQ}D5)}V z;iD?=9>YEmA7OmR8_=G~FE(F&alX$9%4;wM-nd_|^b-8DIvr?NVp{T!yjnFishmPk z&}`Lx+m}zYNWRrVx%J7#O~;X(rdN`IXCqp$dymcENoUNamYy3axzWQ(dK7K{t(yFg zoiXFh@uqA4Fw(dl$AUltu!%oqx1y=EVQe=zSR-qu%wd3@HrMQfw$OS_BjGYnl41?2 zv4xGCf-_Dt&Nb#TVZK8~G2z*k!fC%ay7;|+^)S_|2(NAr!^?BD*u_HBK{1j$Cn@G( zJz#r4zWkz2kFwc&ALmE*B3R>_L=_@iXQY0jukaox_AHSOJ(5p zO2}P7H~FVL&X=W^6y9;-Gd66D3SK!LZ|nvtL)jx4Gf+se0k9l-0XF2&y=y=Ch?NG<$Mxt*s11kYK*_Z%|Yi20k ztX^O982hI?;Yy|4%`l)QHb6tRTQ-h?dc7wPJ5qUO-$I<8;cqcQoN)*3NOl!18G2( zk}+&cXT1{+XYcLf22^2+x|UdL{WK;!ZM?DO<|L9*_cq2sz4y2E6+5C$&i0NN+~Y2+ zg+PKu(~l)+#6mPzavI#^QOk*GVKzQd2PB4gS!-APF~Acvf}k=0jl4N;X3I#yWgmOCYV~8?#wogh-yHgyXr?4t0G&;RT0G!t zKyx*I)FCYG0lw34TXpK=wJS47r^RDKCbp|qR`19<$q#ps`}%l<6Immvf2CTR^Bd+4XnB4pc*3HTPLd)A~u zQr=$lCBRC3sFuG~MZF1h*iXAGKz1$pd13*w4f6Pq7*{XDXqcbLRQYSCSa4b)Sgth) zY@M4wMvI^j;%QV8!y0r%-=v_cQyLfxcSJR_2B3f;pWKZ~ZElq*F5ocN%=rrqvonkB zY2aeCI9SL1X6QedE+d1gyG9*dSC<+m#?$y$lpx!5+bdJ52IGX%v!^3R+zg|QT?vM1O|?00lePYY@!saQno z8YskvbgMqx)qRb-$S(~BTt%7tXBTq(oc)8{d&TdPcY5ZkGD_%+d&%!|t*p~iH#$_0 z8^~8(s!YQ;7Od)Bno=H3l~$X|t@LFNJaIFt54(5u{yQJa25Qg;|IR*D($g=QpKJLp zHF0E0#FM4h3~m{a$A^#6{hMcG?FlLB0QmUaw>K&k3TrIS>%1dyyHoi)cz8~CZ>RJo zJ!kG;?2d>U?%er;2CxtPjDz~wR<^oxX^j3*#1q$93_kHXhe}9*H$pEEB45}Yc6-Y6 zib~&g#_jV1FoM~=C?IR6yH|+^7t~}TN7#ZFywLKiFU@c@2tTMY{nF(`-M90{7!oTW z7&A*M*FKQyDSLNsqT%X+hho^>z1QI7#b|uDte2U}i89qU5Nfvk4QC5*AC~~vD{R&d zl)d2kiA}hRAO;MHTE0iAT~lATiSH530c@o3TN_jbo^&-%yr5!V%2e_qfXb;L8{&-H z+_?i?`YBW=*K{UoOWO!LV?p;vThJk5gtyR|oc6~fK4PQ)+jX39kgFh#)m`u0CRu&n z=ORB8ph2ceW^PkK|3J@5$=P^x8oi+e>&~h7wBm^P#&t$rME=n_#o**HmyCRVOwG$D zV9~3Y(_ucI%Amq{z{Ub;Z7|oraL82i6d2kpD=T}cQyI_WwSTnbXMoB@mZzW(Lc6V% z>|eG@W_%#|kKBe~CerW_+ILykA@=kUJ+uo^9{CJ{WFR-`xVzG#jdK@!<@~BEIOxK} zn})pEp#Y?Itvrt8w6bEL1=6Mo;PwZ+$mouC@uM4C@Th3P|wgbXIz!3+;31ufP&T*kPcZs!PeOc5S%M;Rb!hI zCrnr|Kj)d4+Uy1$Yw`3q7W@M`@BhUQ{+M2=L6jr;$sK#GZV=Gg3-TkmShC(s+q&`2 zvLt~*UqfJqU64xvQez;%`SLop8>p*jYa0r(a>Ej&A48ft^GhUC0|ZCs#-af4==`g; zN0_$cg^-$=ESWp(!T>#gkbD6E@N}@1tLw@C84}4s0t1+S1}3pv`WLCLk+g2MxQ{mut%6DdakI4?#IKE@uWOC8`Q9n_ub% z@_?o_dCQ#i+9pRu-u!~!{>Mo7Ub^aF=NSDT+Y~sRPMqY%>1EYxZ+_*}p7IPyG|;h8 zWr*Z~r}*C|@q)V50|01%LeuDDrQ$c$HTWtK`~#eW)_NUgK7L|OX8B~M*@&o zsEK$n;Eh34Q?1!PUtNLxYMhdll$r7_@(H&W8<+oXHc{-)qe??LRIrVCmkD^v+V(Nu z!x5J+TrW|i8li(Vp8FFOoneQ;S#_g( zqSx~`F{1;``7!4tV${>Bb=&R=dLWP+P zD0*4!Aw2mNO1Z^rLkv6jULfW zA>-TFAC%V6&P%Q1)lX0P{+a{)`GP{6?m|gaf_ra*8%@EhJ$iJ7%bP2k0m)tk37DK( zwZXVWnY!=i>OuSVqP3a5ChiBoHhgT_-%?~(O0a1pdW)`%$(@;P(YRa&0m(>s*NWTH z%=DH`e6Eone0(xbD=o|i7cVmnxx~#m7hOVRcb6Lr0d|_&oa>#f3Wv700-1&Y^5&JC ze+Q=PWozg)DXacmAOuXr!&mf_(mPukbkL3Q_qGlaRqAu4oh_iQao#tRsTxUvj&n78 zP@+~Hx-rnutJvDEW2d;k+8}6ZS zH?gAYP$m7!j%xs9JTy?i8Gl~x3wqw3obd-G$+mazPy8=#A2Xw`TfIx> z-eS%pwf@K!#(~uM1EP;=x4on*plJ|))g7RYBskxF4s!@;#M7FjqQ0J9a16L#%Le3fX_`AN@rq%ZShzGweP@3DS6zjPZJF;0qw=zD6TheB%444t6PY@`Twy&kI)1uajy8gCr7k8{x zx}GW7fG#Ac=#ZW0+)VM@#eu@cj_}ZP-O`^4ZvgtZ`l-vFSl$g1ttnDM<#(_lzGYLv zUC|dhPj>e+97OF(?b{VnyKzo&4acLrC3vN|!a^W$Reb`ACK1m6Uo+SF*W|KhALTSxWj35Th%IX;jRV4#OO@vVBT*+ zJ4ypPZ{U@M=009&6X+BY_+t9ATP5FBa2{H9h4*~Ckx3>iF-^fca*2ZJ){SvLMtg-z z9ZKKa)s{G209uA*xYtXH(|r}vk12Ipp$B-VlwSiAsw_iK$4eaW`1E-d8W7ZL1;ear zNMt@6l85;>nIiKUpyPZ*roW&;ut_!d7iXK5?jE9;u(dOX0Rbs`9bbRqcI$?X>EIh( z%qX`AJQfPZv)(OSIv6$NL?!qP#GaGD29@n2))j3@3nXp#&aLy2A2qoS;1_e*1OxpT zt15J<*3waUjs<|m9QJrEfjmunypT}|?|asj^3&~b?BmEK&B7dxn4*FtGane3G0e+q-PkegwQRhTwKypT(kw!TR{^(1JoGUR z@Y1V)zdVo_Um@5qsT&5pn(|0kIe*v;;H|5B*vT#dU<%i>tH-7vgG(tp9>ZK^{SJ7i z7EqJL`21P39$nE#6GIG zB%rzqeRMvUaH-(lYRqaf;L3sm8vr315=}WFX<;JC-~_J{j0{d-p6Nk2zA`>3&C6u5 z_Gq&B+dH82WOf$y$?8tz&D7!GSyN=#(qA4zMiiK~RajT*By&Q>x$_lQ}Qfd8fnqS2{tHPdoH;HAbW>fqq*> z^5w0WNx-*O27GHJrGNNQH34z}pY&p}jAIcz$(xg-CF$Ns0d?j$A}|9w&F z+-cLV&bgRq#{bVPVPRpqPp1yCjh6Ume!`(xRg3UjXs+0J8gpfJvh?)V)ym|W?v@_g zE~AUlsdl>b5(|CMtDL8N<`(QHsz8Uv zji=TyxLn(CrKu?DeC0esmJSYSN=J@o*3bB|HS0$$WGP0ooh^S zr2;cLB%2gW>CV1wDEK2h2jZ^cZIZ@bgVQVQ^yttF2(@c~%Xk(vyG#XW)sed_LLeFK z@$Wy~8cA@RFZbMG$dFf@i_=IWO0pn1<}NEj4&R#=t7^_xB;SH=*Emp_GHD{n8g2>m zZ4q93+3wtw{h=Ko!c1;xBZ{~aQ|F-sX8s}qg$Pv?2pQ4_Ig4mgEyOv{M0Hk%L@yth z#5i#xz5*G(zm*?Sv6}7q31RaQ_>2qJ@aQ52g-+#tc&r%t_wQJPB5*9W7bv@^NXBiVV zCUQmo{p*kz6U)Bqy*DVC3ilXyPI;E_4T@WoT+vfN+Ryv*YGLk z8wp>3V^f9Uk!_>x3A?=aU>CaE1*cgbs<{v3OlO^|t}*hozE-}>L#N|@lxzy@S}#h< z=Hmp$^v}%m2{2Jh#HO%t|8r#Dd+|o)4J(Cyhm!8nHn-i>KL*$$+$iXwgk4ap3Oq~q zO-WBup0QFGa4#9M6t(#{?yHbGQ#d$BcVKq`!E(7$YI?6?-XAw6!C>%djgEZ!~M_%BBT1UW^sLSQ6SA*3Q?JlITu~O*(Mq! zt;D*Pu&PIt435J^HC<4-NC6X|bMm3pzJZnOMv^8oHk38tCGtGnE<~&=GN#^7&%XD- z#Ej~NsHB%p9J{IbBURNqKg2^BnXg*)z%Qlr$Z8VC&2IhTfT7K3UWm@CMU3K?!Y14m zV@+vf(cvYEy4>95-bdZKvTt|GxFFMVD3b$R8dfOg4NP$?OPXH0pwIIIC?hu*+vWyj zD%#kY>+AJLxJ*xGSkas7_drgBROUOer+RnSv25*L`%N!~mmmoH8uO%$dfUYBV#qh$ z3N4?|^rZnWKlxf|hTN?)%sX#*N9ts)LX*02O7NU6bxFA@y+A=99{#XJc2?Z-V_>1O z3GLm^lIwDG+Y1XhlD59b9qQr|{5N9L6qK?s^pZ}-BFQKh+1yCobf9%}0txE7gq1>j zXJv1JqtFOta-M=vg|^=~=h4|2>~O63)FoP_$QoZqy#K?}#J)5I5iWuL9}&j2&b`+u zggL*78F3j8^hfx?jO7olN)*boOXBfM8>$sN=hlE85o|W@= zcc;oQIA?sRgsQiRoG)2aLolQWf@~q@SZwo}+c9Eo;7i-QE?UgtHd08*;76qbF5 z3;|_=xkn#U1TRnX;QW^4vuQFm%JHmoDZr095wql`jZ%b@nw2#mhA+d&qcX$y@0a1S zR3-(OeaYzQZ9SZ_41~LfQ+DK*?0Ms<8zi65Us&XnVz~24!;3&9FxB~gQD>{WP^e0F zpJ$rbKWcC9)H)@Uz?i$s%PAUeq}CwCLUmmi^EJfkij~zbEq!wdmC8dY4+w%%NXU|m zIxGt7v^q37jPqM@5Jd4jQBc!RABvPl8;c=TcdvYd={H=ojJ?2g8T7LmYm&Mytp`>u z@G+ArSxZQY69&|1sC?f+lPFEZxsJ{crc=>iwj_$urkV1fP;+7aj{dj>SWmZxZ9bV$ z%K~}RyW4aUlp3B6PhD&Ghbq@S{WFGdaKRXDc%4;L!V?p19JICZ!0s~E~FE3qVrTTDOX|6Bn z3H+q0K6Sd&?=7?$Q`-Y`yz1v8^PW_Kw&V9lH_-eppCL+@m;~scGJce5wu(sw8nm=# zn@BHb(ici7Dp%mM}$UCyiE7Vn<|1^$c|Il^MF!KT{VU<;ioq{Qg~d+4)i|%>5Gtp_V`Ih zLyTQyu08&hMVXFX+M0oJTu7eQB}wGaFPy&lefc9CCe=-DDvgaRNL^kBdq}&0 <% end %> <% end %> + <% if omniauth_providers_configured(:ldap) %> + <%= link_to omniauth_login_url(:ldap), class: "signin-link signin-link-ldap" do %> + + <% end %> + <% end %> <% end %> diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index b5b3be0a..45584723 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -1,11 +1,22 @@ -Rails.application.config.providers = [:google, :twitter] +Rails.application.config.providers = [:google, :twitter, :ldap] Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? +Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? + Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET'] provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'], scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google' + provider :ldap, + host: ENV['LDAP_SERVER'], + port: ENV['LDAP_PORT'], + method: :plain, + allow_username_or_email_login: true, + uid: ENV['LDAP_UID'], + base: ENV['LDAP_BASE'], + bind_dn: ENV['LDAP_BIND_DN'], + password: ENV['LDAP_PASSWORD'] end diff --git a/env b/env index ba0ad89f..764187e6 100644 --- a/env +++ b/env @@ -36,6 +36,20 @@ TWITTER_SECRET= GOOGLE_OAUTH2_ID= GOOGLE_OAUTH2_SECRET= +# LDAP Login Provider (optional) +# +# You can enable LDAP authentication by providing values for LDAP_SERVER and LDAP_PORT. +# For information about setting up LDAP, see: (LINK TO LDAP DOCS). +# +LDAP_SERVER= +LDAP_PORT= +LDAP_UID= +LDAP_BASE= +LDAP_BIND_DN= +LDAP_PASSWORD= +LDAP_ICON= +LDAP_NAME= + # If "true", GreenLight will register a webhook callback for each meeting # created. This callback is called for all events that happen in the meeting, # including the processing of its recording. These events are used to update From 0eb26ae8ec0983a2e9a08b1b074794ad1ef67a87 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 09:08:49 -0400 Subject: [PATCH 02/10] only use LDAP when enabled --- app/controllers/sessions_controller.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 75bdbea0..812f45ad 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -19,6 +19,10 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + # If LDAP is enabled, just route to it instead. + if Rails.application.config.omniauth_ldap + redirect_to "#{relative_root}/auth/ldap" + end end def create From f8d2540665b3aa9c018bddc4e334b0b6143a43da Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 09:16:53 -0400 Subject: [PATCH 03/10] remove LDAP login button --- app/views/sessions/new.erb | 12 ------------ env | 2 -- 2 files changed, 14 deletions(-) diff --git a/app/views/sessions/new.erb b/app/views/sessions/new.erb index 2fbe9b70..5b5694b4 100644 --- a/app/views/sessions/new.erb +++ b/app/views/sessions/new.erb @@ -49,18 +49,6 @@ <% end %> <% end %> - <% if omniauth_providers_configured(:ldap) %> - <%= link_to omniauth_login_url(:ldap), class: "signin-link signin-link-ldap" do %> - - <% end %> - <% end %> <% end %> diff --git a/env b/env index 764187e6..a2a59d4e 100644 --- a/env +++ b/env @@ -47,8 +47,6 @@ LDAP_UID= LDAP_BASE= LDAP_BIND_DN= LDAP_PASSWORD= -LDAP_ICON= -LDAP_NAME= # If "true", GreenLight will register a webhook callback for each meeting # created. This callback is called for all events that happen in the meeting, From 034c5ba6177f2f6cfcd0ea1ee5d0e3c9d2cd79f1 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 11:45:56 -0400 Subject: [PATCH 04/10] handle invalid credentials --- app/controllers/sessions_controller.rb | 6 +++++- config/initializers/omniauth.rb | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 812f45ad..eeb9d325 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -42,6 +42,10 @@ class SessionsController < ApplicationController end def auth_failure - redirect_to '/' + if params[:message] == 'invalid_credentials' + redirect_to '/', flash: {danger: 'Invalid login credentials.' } + else + redirect_to '/' + end end end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 45584723..3ce3796e 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -20,3 +20,8 @@ Rails.application.config.middleware.use OmniAuth::Builder do bind_dn: ENV['LDAP_BIND_DN'], password: ENV['LDAP_PASSWORD'] end + +# Redirect back to login in development mode. +OmniAuth.config.on_failure = Proc.new { |env| + OmniAuth::FailureEndpoint.new(env).redirect_to_failure +} From 704dab1e5c34a4e72776405cb2d52d8229ba4b1a Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 13:17:12 -0400 Subject: [PATCH 05/10] add footer to Youtube prompt --- app/assets/stylesheets/main/landing.scss | 6 ++++++ app/controllers/sessions_controller.rb | 2 +- app/views/landing/rooms.html.erb | 1 + config/locales/en-us.yml | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/assets/stylesheets/main/landing.scss b/app/assets/stylesheets/main/landing.scss index 664d8524..99d10488 100644 --- a/app/assets/stylesheets/main/landing.scss +++ b/app/assets/stylesheets/main/landing.scss @@ -114,3 +114,9 @@ .tooltip-wrapper { display: inline-block; } + + #youtube-footer{ + font-size: 10px; + text-align: center; + margin-top: 10px; + } diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index eeb9d325..3c723844 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -43,7 +43,7 @@ class SessionsController < ApplicationController def auth_failure if params[:message] == 'invalid_credentials' - redirect_to '/', flash: {danger: 'Invalid login credentials.' } + redirect_to '/', flash: {danger: t('invalid_login') } else redirect_to '/' end diff --git a/app/views/landing/rooms.html.erb b/app/views/landing/rooms.html.erb index 0ec86587..a1dda2b7 100644 --- a/app/views/landing/rooms.html.erb +++ b/app/views/landing/rooms.html.erb @@ -76,6 +76,7 @@ <%= t('upload') %> +
diff --git a/config/locales/en-us.yml b/config/locales/en-us.yml index 3016c399..36c5f549 100644 --- a/config/locales/en-us.yml +++ b/config/locales/en-us.yml @@ -92,6 +92,7 @@ en-US: home_page: Home page home_title: Welcome to BigBlueButton invalid_file: You may only upload an image file (jpg, gif, png). + invalid_login: Invalid log in credentials. invite: Invite invite_description: (share this link below to invite others to this meeting) join: Join @@ -182,6 +183,7 @@ en-US: watch: Watch 'yes': 'Yes' youtube_description: This recording was recorded with BigBlueButton. For more information check out %{url}. + youtube_footer: this will upload all webcam and audio data youtube_privacy_options: public: Public private: Private From a0c39c91a5a4cea98bf53c5e1978a656165d8570 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 14:16:55 -0400 Subject: [PATCH 06/10] add LDAP docs link --- env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/env b/env index a2a59d4e..a66471a4 100644 --- a/env +++ b/env @@ -39,7 +39,8 @@ GOOGLE_OAUTH2_SECRET= # LDAP Login Provider (optional) # # You can enable LDAP authentication by providing values for LDAP_SERVER and LDAP_PORT. -# For information about setting up LDAP, see: (LINK TO LDAP DOCS). +# For information about setting up LDAP, see: +# http://docs.bigbluebutton.org/install/green-light.html#ldap-oauth # LDAP_SERVER= LDAP_PORT= From d80fd262bc3516902d01acdf9c0aebaf472f5b56 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 6 Jul 2017 14:41:54 -0400 Subject: [PATCH 07/10] add LDAP method as environment variable --- config/initializers/omniauth.rb | 2 +- env | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 3ce3796e..b08cd1ea 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -13,7 +13,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do provider :ldap, host: ENV['LDAP_SERVER'], port: ENV['LDAP_PORT'], - method: :plain, + method: ENV['LDAP_METHOD'].present? ? ENV['LDAP_METHOD'].to_sym : :plain, allow_username_or_email_login: true, uid: ENV['LDAP_UID'], base: ENV['LDAP_BASE'], diff --git a/env b/env index a66471a4..935e3456 100644 --- a/env +++ b/env @@ -38,12 +38,13 @@ GOOGLE_OAUTH2_SECRET= # LDAP Login Provider (optional) # -# You can enable LDAP authentication by providing values for LDAP_SERVER and LDAP_PORT. +# You can enable LDAP authentication by providing values for the variables below. # For information about setting up LDAP, see: # http://docs.bigbluebutton.org/install/green-light.html#ldap-oauth # LDAP_SERVER= LDAP_PORT= +LDAP_METHOD= LDAP_UID= LDAP_BASE= LDAP_BIND_DN= From 43496a6cf1bfc650a60e3d6c4dfe3f0256d7cbcc Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 7 Jul 2017 10:23:19 -0400 Subject: [PATCH 08/10] change sessions#new test to allow redirect --- app/controllers/sessions_controller.rb | 2 +- test/controllers/sessions_controller_test.rb | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 3c723844..1f649ce2 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -16,7 +16,7 @@ class SessionsController < ApplicationController - skip_before_filter :verify_authenticity_token + skip_before_action :verify_authenticity_token def new # If LDAP is enabled, just route to it instead. diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 544c2b77..0bfa08e4 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -8,7 +8,12 @@ class SessionsControllerTest < ActionController::TestCase test "should get new" do get :new - assert_response :success + # We redirect directly to LDAP if configured. + if ENV['LDAP_SERVER'].present? + assert_response :redirect + else + assert_response :success + end end test "should redirect to home on auth failture" do From 0040baecbfe183111e182a9156a9169e4fd80aa2 Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 7 Jul 2017 10:32:01 -0400 Subject: [PATCH 09/10] display ldap error to help with troubleshooting --- app/controllers/sessions_controller.rb | 3 +++ config/locales/en-us.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1f649ce2..ea5fdc1c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -42,8 +42,11 @@ class SessionsController < ApplicationController end def auth_failure + puts params.inspect if params[:message] == 'invalid_credentials' redirect_to '/', flash: {danger: t('invalid_login') } + elsif params[:message] == 'ldap_error' + redirect_to '/', flash: {danger: t('ldap_error') } else redirect_to '/' end diff --git a/config/locales/en-us.yml b/config/locales/en-us.yml index 36c5f549..623476dc 100644 --- a/config/locales/en-us.yml +++ b/config/locales/en-us.yml @@ -102,6 +102,7 @@ en-US: connect: Connect in real-time with others collaborate: Collaborate with friends teach: Teach students online + ldap_error: Unable to connect to the LDAP server. Please check your LDAP configuration in the env file and ensure your server is running. logged_in_description_html: You are logged in as %{link} login: login login_description: Want to record a meeting? From 0b1ae2497f45b3c173d7170ef0790a5fcade81be Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 7 Jul 2017 10:32:48 -0400 Subject: [PATCH 10/10] remove debug code --- app/controllers/sessions_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index ea5fdc1c..4e0ef13c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -42,7 +42,6 @@ class SessionsController < ApplicationController end def auth_failure - puts params.inspect if params[:message] == 'invalid_credentials' redirect_to '/', flash: {danger: t('invalid_login') } elsif params[:message] == 'ldap_error'