lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add LDAP authentication

This commit is contained in:
Josh 2017-07-05 16:26:27 -04:00
parent 9bbb669cc1
commit ae774b90ce
8 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -65,6 +65,7 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
gem 'omniauth', '1.3.1' gem 'omniauth', '1.3.1'
gem 'omniauth-twitter', '1.2.1' gem 'omniauth-twitter', '1.2.1'
gem 'omniauth-google-oauth2', '0.4.1' gem 'omniauth-google-oauth2', '0.4.1'
gem 'omniauth-ldap'
gem 'bigbluebutton-api-ruby' gem 'bigbluebutton-api-ruby'

9
Gemfile.lock
View File

@ -116,6 +116,7 @@ GEM
multi_json (1.12.1) multi_json (1.12.1)
multi_xml (0.5.5) multi_xml (0.5.5)
multipart-post (2.0.0) multipart-post (2.0.0)
net-ldap (0.16.0)
nio4r (1.2.1) nio4r (1.2.1)
nokogiri (1.6.8.1) nokogiri (1.6.8.1)
mini_portile2 (~> 2.1.0) mini_portile2 (~> 2.1.0)
@ -134,6 +135,11 @@ GEM
multi_json (~> 1.3) multi_json (~> 1.3)
omniauth (>= 1.1.1) omniauth (>= 1.1.1)
omniauth-oauth2 (>= 1.3.1) omniauth-oauth2 (>= 1.3.1)
omniauth-ldap (1.0.5)
net-ldap (~> 0.12)
omniauth (~> 1.0)
pyu-ruby-sasl (~> 0.0.3.2)
rubyntlm (~> 0.3.4)
omniauth-oauth (1.1.0) omniauth-oauth (1.1.0)
oauth oauth
omniauth (~> 1.0) omniauth (~> 1.0)
@ -151,6 +157,7 @@ GEM
mimemagic (= 0.3.0) mimemagic (= 0.3.0)
pg (0.19.0) pg (0.19.0)
puma (3.6.0) puma (3.6.0)
pyu-ruby-sasl (0.0.3.3)
rack (2.0.1) rack (2.0.1)
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
@ -184,6 +191,7 @@ GEM
rb-fsevent (0.9.7) rb-fsevent (0.9.7)
rb-inotify (0.9.7) rb-inotify (0.9.7)
ffi (>= 0.5.0) ffi (>= 0.5.0)
rubyntlm (0.3.4)
sass (3.4.22) sass (3.4.22)
sass-rails (5.0.6) sass-rails (5.0.6)
railties (>= 4.0.0, < 6) railties (>= 4.0.0, < 6)
@ -254,6 +262,7 @@ DEPENDENCIES
mocha mocha
omniauth (= 1.3.1) omniauth (= 1.3.1)
omniauth-google-oauth2 (= 0.4.1) omniauth-google-oauth2 (= 0.4.1)
omniauth-ldap
omniauth-twitter (= 1.2.1) omniauth-twitter (= 1.2.1)
paperclip (~> 4.2) paperclip (~> 4.2)
pg pg

BIN
app/assets/images/ldap_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

2
app/controllers/sessions_controller.rb
View File

@ -16,6 +16,8 @@
class SessionsController < ApplicationController class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token
def new def new
end end

8
app/models/user.rb
View File

@ -47,6 +47,14 @@ class User < ApplicationRecord
auth_hash['info']['email'] auth_hash['info']['email']
end end
def self.ldap_username(auth_hash)
auth_hash['info']['nickname']
end
def self.ldap_email(auth_hash)
auth_hash['info']['email']
end
def set_encrypted_id def set_encrypted_id
self.encrypted_id = "#{username[0..1]}-#{Digest::SHA1.hexdigest(uid+provider)[0..7]}" self.encrypted_id = "#{username[0..1]}-#{Digest::SHA1.hexdigest(uid+provider)[0..7]}"
end end

12
app/views/sessions/new.erb
View File

@ -49,6 +49,18 @@
</div> </div>
<% end %> <% end %>
<% end %> <% end %>
<% if omniauth_providers_configured(:ldap) %>
<%= link_to omniauth_login_url(:ldap), class: "signin-link signin-link-ldap" do %>
<div class="signin-button center-block">
<div class="signin-icon-wrapper">
<%= image_tag(ENV['LDAP_ICON'].present? ? ENV['LDAP_ICON'] : 'ldap_icon.png', alt: "L", class: "signin-icon") %>
</div>
<div class="signin-text-wrapper text-center">
<span class="signin-text"><%= t('signin_text', provider: ENV['LDAP_NAME'].present? ? ENV['LDAP_NAME'] : 'LDAP') %></span>
</div>
</div>
<% end %>
<% end %>
</div> </div>
<% end %> <% end %>
</div> </div>

13
config/initializers/omniauth.rb
View File

@ -1,11 +1,22 @@
Rails.application.config.providers = [:google, :twitter] Rails.application.config.providers = [:google, :twitter, :ldap]
Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present?
Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present?
Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present?
Rails.application.config.middleware.use OmniAuth::Builder do Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET'] provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'], provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google' scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google'
provider :ldap,
host: ENV['LDAP_SERVER'],
port: ENV['LDAP_PORT'],
method: :plain,
allow_username_or_email_login: true,
uid: ENV['LDAP_UID'],
base: ENV['LDAP_BASE'],
bind_dn: ENV['LDAP_BIND_DN'],
password: ENV['LDAP_PASSWORD']
end end

14
env
View File

@ -36,6 +36,20 @@ TWITTER_SECRET=
GOOGLE_OAUTH2_ID= GOOGLE_OAUTH2_ID=
GOOGLE_OAUTH2_SECRET= GOOGLE_OAUTH2_SECRET=
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for LDAP_SERVER and LDAP_PORT.
# For information about setting up LDAP, see: (LINK TO LDAP DOCS).
#
LDAP_SERVER=
LDAP_PORT=
LDAP_UID=
LDAP_BASE=
LDAP_BIND_DN=
LDAP_PASSWORD=
LDAP_ICON=
LDAP_NAME=
# If "true", GreenLight will register a webhook callback for each meeting # If "true", GreenLight will register a webhook callback for each meeting
# created. This callback is called for all events that happen in the meeting, # created. This callback is called for all events that happen in the meeting,
# including the processing of its recording. These events are used to update # including the processing of its recording. These events are used to update