External Account Integration - Works with Fedora Account System

reddragon · Jul 4, 2010 · 69c6f75 · 69c6f75
1 parent 18c861c
commit 69c6f75
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 15 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -57,19 +57,43 @@ def create
     logout_keeping_session!
     @user = User.new(params[:user])
     @user.user_type = 'admin' if User.first.nil?
-    success = @user && @user.save
-    if success && @user.errors.empty?
-            # Protects against session fixation attacks, causes request forgery
-      # protection if visitor resubmits an earlier form using back
-      # button. Uncomment if you understand the tradeoffs.
-      # reset session
-      self.current_user = @user # !! now logged in
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+    if APP_CONFIG['authviascript']
+      response = system("#{APP_CONFIG['scriptcommand']} #{@user.login} #{@user.password}")
+      if !response
+        flash[:notice] = "Your username and password do not correspond to\
+          a valid account at #{APP_CONFIG['accountsystem']}."
+        render :action => 'new'
+      else
+        success = @user && @user.save
+        if success && @user.errors.empty?
+          # Protects against session fixation attacks, causes request forgery
+          # protection if visitor resubmits an earlier form using back
+          # button. Uncomment if you understand the tradeoffs.
+          # reset session
+          self.current_user = @user # !! now logged in
+          redirect_back_or_default('/')
+          flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+        else
+          flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
+          render :action => 'new'
+        end
+      end  
     else
-      flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
-      render :action => 'new'
+      success = @user && @user.save
+      if success && @user.errors.empty?
+        # Protects against session fixation attacks, causes request forgery
+        # protection if visitor resubmits an earlier form using back
+        # button. Uncomment if you understand the tradeoffs.
+        # reset session
+        self.current_user = @user # !! now logged in
+        redirect_back_or_default('/')
+        flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+      else
+        flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
+        render :action => 'new'
+      end  
     end
+
   end
 
   # PUT /users/1

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -62,7 +62,12 @@ class User < ActiveRecord::Base
   def self.authenticate(login, password)
     return nil if login.blank? || password.blank?
     u = find_by_login(login.downcase) # need to get the salt
-    u && u.authenticated?(password) ? u : nil
+    if APP_CONFIG['authviascript'] == true
+      response = system("#{APP_CONFIG['scriptcommand']} #{login} #{password}")
+      u && response ? u : nil
+    else
+      u && u.authenticated?(password) ? u : nil
+    end  
   end
 
   def login=(value)

diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
@@ -24,8 +24,14 @@
 	<div class="entry">
 
     <p style="color: red"><%= flash[:error] %></p>
-
     <% form_tag session_path do -%>
+    <% if APP_CONFIG['authviascript'] == true %>
+      <small>Please use your
+        <a href = <%= "#{APP_CONFIG['accountsystemuri']}" %> > 
+          <%= APP_CONFIG['accountsystem'] %> 
+        </a>
+        login which is registered with us.</small>
+    <% end %>
     <p><%= label_tag 'login' %><br />
     <%= text_field_tag 'login', @login %></p>
 

diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
@@ -23,7 +23,13 @@
 	<div style="clear: both;">&nbsp;</div>
 	<div class="entry">
     <% @user.password = @user.password_confirmation = nil %>
-
+     <% if APP_CONFIG['authviascript'] == true %>
+      <small>Please first register with
+        <a href = <%= "#{APP_CONFIG['accountsystemuri']}" %> > 
+          <%= APP_CONFIG['accountsystem'] %> 
+        </a>and use the registered login here.</small>
+    <% end %>
+    
     <%= error_messages_for :user %>
     <% form_for :user, :url => users_path do |f| -%>
     <p><%= label_tag 'login' %><br/>

diff --git a/config/app_settings.yml b/config/app_settings.yml
@@ -1,7 +1,14 @@
-fsocmode: Summer Coding
 programname: Fedora Summer Coding 2010
 adminname: Karsten Wade
 admindesignation: Program Administrator
+
+fsocmode: Summer Coding
+
+authviascript: true
+scriptcommand: ruby lib/checkpassword.rb
+accountsystem: Fedora Account System
+accountsystemuri: https://admin.fedoraproject.org/accounts
+
 timeframesset: false
 pct_from:
 pct_to:

diff --git a/config/environment.rb b/config/environment.rb
@@ -20,6 +20,7 @@
   config.gem "chronic"
   config.gem "javan-whenever", :lib => false, :source => 'http://gems.github.com'
   config.gem "prawn"
+  config.gem "curb"
   # config.gem "hpricot", :version => '0.6', :source => "http://code.whytheluckystiff.net"
   # config.gem "sqlite3-ruby", :lib => "sqlite3"
   # config.gem "aws-s3", :lib => "aws/s3"

diff --git a/lib/checkpassword.rb b/lib/checkpassword.rb
@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+
+# checkpassword.rb -- Checks whether a username-password pair exists in FAS
+# https://admin.fedoraproject.org/accounts/
+
+# Usage: $ ./checkpassword.rb <fas_username> <fas_password>
+
+# Dependencies: 
+
+# rubygems
+# libcurl-devel (required to gem install curb)
+# curb - gem install curb
+
+# Copyright (C) 2010 Shreyank Gupta <sgupta@REDHAT.COM>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+
+require 'rubygems'
+require 'curb'
+
+username = ARGV[0]
+password = ARGV[1]
+
+fas_url = "https://admin.fedoraproject.org/accounts/home"
+
+curlobj = Curl::Easy.new(fas_url)
+
+pf_login = Curl::PostField.content('login', 'Login')
+pf_username = Curl::PostField.content('user_name', username)
+pf_password = Curl::PostField.content('password', password)
+
+curlobj.http_post(pf_login, pf_username, pf_password)
+
+#If the script terminates properly, authentication is assumed to be successful.
+if curlobj.response_code == 200
+  puts "Authenticated"
+else
+  puts "Failed to Authenticate"
+  return 1
+end