Skip to content

Commit

Permalink
Item13242: Initial version of UnifiedAuthContrib
Browse files Browse the repository at this point in the history
  • Loading branch information
@jast
jast committed Feb 2, 2015
1 parent 86f5d91 commit 299f380
Show file tree
Hide file tree
Showing 15 changed files with 2,136 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
@@ -1,2 +1,4 @@
# UnifiedAuthContrib
Multiple authentication methods: . corporate LDAP, Google, Facebook, TopicUserMapping+HtPasswdUser, ...

This extension is still under development. Right now, only Google authentication is supported as a proof of concept.
56 changes: 56 additions & 0 deletions data/System/UnifiedAuthContrib.txt
View file
@@ -0,0 +1,56 @@
%META:TOPICPARENT{name="Contribs"}%
---+!! !UnifiedAuthContrib
<!--
One line description, required for extensions repository catalog.
* Set SHORTDESCRIPTION = %$SHORTDESCRIPTION%
-->
%SHORTDESCRIPTION%

%TOC%

This extension provides:

* A user mapping, assigning readable names to each user.
* For each of the existing authentication providers (listed below), a mapping is provided.
* A login manager that supports authentication from multiple sources (auth providers). The following sources are currently supported:
* Foswiki's !BaseUserMapping (specifically, !AdminUser)
* Google accounts
* A mapping for groups and group memberships that supports multiple data source. The following sources are currently supported:
* Foswiki's System.TopicUserMappingContrib (copied implementation; this will be improved later)
* A small plugin to handle user interface for selecting an auth provider (not implemented yet). The plugin must be enabled in order for logins to work.

Internally, the mapping data is stored in a database. Unless you provide your own configuration, this is an SQLite database file.

---++ Settings
The main settings are made via the =/bin/configure= interface or =LocalSite.cfg=. They are documented in the configuration interface. The details of how to configure each authentication provider live here, so as to not overload the configuration interface with text.

---+++ Auth provider configuration

Auth providers are configured in ={UnifiedAuth}{Providers}=. You can set up the same auth provider multiple times with different settings, giving each instance a different ID. The =config= hash is different for each provider; for providers shipped with !UnifiedAuthContrib, documentation follows.

---++++ Google

* =client_id=: The ID for your Google API access, registered in Google's developer console.
* =client_secret=: The secret token for your Google API access.
* =domain=: optional; if set, only Google accounts on this domain can be used.
* =wikiname_format=: how to generate wiki names from the account data. This can use field names as provided by Google (e.g. =name=, =email=, =given_name=, =family_name=). Field names must be prefixed by a =$= sign to be expanded. Any characters not permitted in wiki names will be eliminated after expansion. (Defaults to =$name=)
* =displayname_format=: same, but for the readable display name. (Defaults to =$name=)

---++ Installation Instructions

%$INSTALL_INSTRUCTIONS%

---++ Contrib Info

| Author(s): | Foswiki:Main.JanKrueger |
| Copyright: | Copyright (C) 2015 Modell Aachen GmbH |
| License: | [[http://www.gnu.org/licenses/gpl.html][GPL (Gnu General Public License)]] |
| Version: | %$VERSION% |
| Release: | %$RELEASE% |
| Change History: | <!-- versions below in reverse order -->&nbsp; |
| 0.1 (02 Feb 2015) | First public version |
| Dependencies: | %$DEPENDENCIES% |
| Contrib Home: | http://foswiki.org/Extensions/%TOPIC% |
| Support: | http://foswiki.org/Support/%TOPIC% |

<!-- Do _not_ attempt to edit this topic; it is auto-generated. Please add comments/questions/remarks to the Dev topic instead. -->
31 changes: 31 additions & 0 deletions lib/Foswiki/Contrib/UnifiedAuthContrib.pm
View file
@@ -0,0 +1,31 @@
# See bottom of file for license and copyright information

package Foswiki::Plugins::UnifiedAuthContrib;

use strict;
use warnings;

our $VERSION = '1.0';
our $RELEASE = "1.0";
our $SHORTDESCRIPTION = 'User management supporting multiple authentication and data sources';

1;

__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2015 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version. For
more details read LICENSE in the root of this distribution.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
As per the GPL, removal of this notice is prohibited.
109 changes: 109 additions & 0 deletions lib/Foswiki/Contrib/UnifiedAuthContrib/Config.spec
View file
@@ -0,0 +1,109 @@
# ---+ Extensions
# ---++ UnifiedAuthContrib
# Configure unified authentication here.
# <p>
# This contrib works best when you use <b>UnifiedPasswdUser</b> as the
# password manager, <b>UnifiedLoginManager</b> as the login manager, and
# <b>UnifiedUserMapping</b> as the user mapper.

# ---+++ Defaults

# **SELECTCLASS none,Foswiki::Users::*User EXPERT**
# Password manager to use for logins handled by Foswiki itself, e.g. normal
# TemplateLogin. There is no need to set this when using UnifiedPasswdUser as
# Foswiki's password manager -- which you should if you want to use this
# contrib.
$Foswiki::cfg{UnifiedAuth}{DefaultPasswordManager} = 'none';

# **STRING**
# Choose the auth provider that should be used when authentication is
# required; this should be the ID of an auth provider configured in
# {UnifiedAuth}{Providers} below.
# <p>
# Leave this blank to present a list of options to the user.
$Foswiki::cfg{UnifiedAuth}{DefaultAuthProvider} = '';

# ---+++ ID/name mapping
# UnifiedAuthPlugin assigns a unique ID (cUID) to each user. These IDs are
# used to associate entries in revision histories with users, among other
# things.
# <p>
# By default, a cUID has the format <em>providerid</em>_<em>login</em> (see
# below for information on provider IDs). You can change this default here to
# try and generate shorter cUIDs whenever possible.

# **BOOLEAN**
# Use WikiNames (FirstnameLastname) for cUIDs, instead of login names.
# Multiple identical cUIDs are disambiguated by appending an incrementing
# number (e.g. JohnDoe, JohnDoe1, JohnDoe2, ...)
$Foswiki::cfg{UnifiedAuth}{WikiNameIDs} = 0;

# **BOOLEAN**
# Generate a short cUID, consisting only of the login name. Multiple identical
# short cUIDs are disambiguated by using the default cUID format for all but
# the first (e.g. johndoe, topic_johndoe, oauth_johndoe).
$Foswiki::cfg{UnifiedAuth}{ShortIDs} = 0;

# **BOOLEAN**
# When using short cUIDs, disambiguate by appending a counter instead of using
# the default ID format (e.g. johndoe, johndoe1, johndoe2).
$Foswiki::cfg{UnifiedAuth}{ShortIDIncrement} = 0;

# **STRING**
# UnifiedAuthContrib will automatically normalize arbitrary Unicode strings to
# ASCII if the Text::Unidecode module is installed. That module does not
# perform normalizations that are language-specific, e.g. German umlauts are
# not normalized to "ae", "oe", "ue" etc. because the same characters are used
# by other languages (e.g. Finnish, Turkish) and those normalizations would
# not be appropriate in those language.
# <p>
# You can provide a comma-separated list of language codes here to perform
# special normalization for the corresponding languages. Currently the
# following special normalizations are implemented:
# <strong>
# de
# </strong>
$Foswiki::cfg{UnifiedAuth}{WikiNameNormalizers} = '';

# ---+++ Account merging
# In a future version, UnifiedAuthPlugin will support merging accounts from
# several auth providers into a single wiki user ID.

# ---+++ Authentication providers

# **PERL**
# A hash of authentication providers. The key is the ID you want to use for
# the authentication provider (please use that begins with a letter and
# contains only alphanumerical characters and underscores); the value is a
# hash of configuration options.
# <br>
# An auth provider ID must not be used twice.
# <p>
# <strong>The ID of an authentication provider must not be changed once you
# have added it.</strong> If you do change it, your mappings will break.
# <p>
# The configuration of each auth provider has the following keys:
# <ul>
# <li><code>module</code>: the name of the module implementing this auth
# provider. It can be the class name of a Foswiki password manager or of one
# of the auth provider classes shipped with UnifiedAuthPlugin or any
# companion extensions (minus the
# <code>Foswiki::UnifiedAuth::Providers::</code> suffix).
# <li><code>mapper_module</code>: when using a Foswiki password manager,
# specify the name of the corresponding user mapper here if required (e.g. for
# automatically importing users from LdapContrib).
# <li><code>login_module</code>: when using a Foswiki password manager,
# specify the name of the appropriate login manager here if required (defaults
# to something that is equivalent to TemplateLogin).
# <li><code>config</code>: any configuration passed to the module. For Foswiki
# password managers, the structure in this will be merged with $Foswiki::cfg
# whenever the password manager is called, so you can use it to override the
# password manager's config as set in its own category in this interface. For
# native UnifiedAuth modules, see the documentation included in the contrib
# that includes it.
# <li><code>hidden</code>: set to 1 to exclude this auth provider from the
# list shown to users.
# </ul>
$Foswiki::cfg{UnifiedAuth}{Providers} = {};

1;
4 changes: 4 additions & 0 deletions lib/Foswiki/Contrib/UnifiedAuthContrib/DEPENDENCIES
View file
@@ -0,0 +1,4 @@
# Dependencies for UnifiedAuthContrib
DBI, >=0, cpan, Required.
DBD::SQLite, >=0, cpan, Recommended (and required if you do not set up a database config).
Text::Unidecode, >=0, cpan, Recommended (for transliterating Unicode WikiNames).
13 changes: 13 additions & 0 deletions lib/Foswiki/Contrib/UnifiedAuthContrib/MANIFEST
View file
@@ -0,0 +1,13 @@
# Release manifest for UnifiedAuthContrib
!noci
data/System/UnifiedAuthContrib.txt 0644 Documentation
lib/Foswiki/Contrib/UnifiedAuthContrib.pm 0644 Contrib base module
lib/Foswiki/LoginManager/UnifiedLogin.pm 0644 Login manager
lib/Foswiki/Plugins/UnifiedAuthPlugin.pm 0644 Tag handlers
lib/Foswiki/UnifiedAuth.pm 0644 Main mapping module
lib/Foswiki/UnifiedAuth/Provider.pm 0644 Base module for auth providers
lib/Foswiki/UnifiedAuth/Providers/Google.pm 0644 OAuth for Google
lib/Foswiki/Users/UnifiedAuthUser.pm 0644 Password manager
lib/Foswiki/Users/UnifiedUserMapping.pm 0644 User mapping
lib/Foswiki/Contrib/UnifiedAuthContrib/Config.spec 0644 Config options
templates/uauth.tmpl 0644 Template file
31 changes: 31 additions & 0 deletions lib/Foswiki/Contrib/UnifiedAuthContrib/build.pl
View file
@@ -0,0 +1,31 @@
#!/usr/bin/perl -w
use strict;

BEGIN {
unshift @INC, split( /:/, $ENV{FOSWIKI_LIBS} );
}
use Foswiki::Contrib::Build;

# Create the build object
my $build = new Foswiki::Contrib::Build('UnifiedAuthContrib');

# (Optional) Set the details of the repository for uploads.
# This can be any web on any accessible Wiki installation.
# These defaults will be used when expanding tokens in .txt
# files, but be warned, they can be overridden at upload time!

# name of web to upload to
$build->{UPLOADTARGETWEB} = 'Extensions';

# Full URL of pub directory
$build->{UPLOADTARGETPUB} = 'http://foswiki.org/pub';

# Full URL of bin directory
$build->{UPLOADTARGETSCRIPT} = 'http://foswiki.org/bin';

# Script extension
$build->{UPLOADTARGETSUFFIX} = '';

# Build the target on the command line, or the default target
$build->build( $build->{target} );

0 comments on commit 299f380

Please sign in to comment.