Project

gatekeeper

0.0
No commit activity in last 3 years
No release in over 3 years
gatekeeperchrisdinn/gatekeeperHomepageDocumentationSource CodeBug TrackerWiki
Connects any Rack-compatible app to a Hot Ink single sign on server.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
21,139
Stars
4
Forks
0
Watchers
2
 Releases
Current version
0.1.4
Total releases
5
First release
2010-01-12
Latest release
2010-01-25
 Development
Primary Language
Ruby
Average date of last 50 commits
2010-01-14
Reverse Dependencies
1

 Dependencies

Development

rspec
>= 1.2.9

Runtime

rack-openid
>= 0.2.1
ruby-openid
>= 2.1.7
sinatra
>= 0.9.2
 Project Readme

Gatekeeper¶ ↑

Gatekeeper can connect any Rack-compatible application to a Hot Ink SSO server. It allows you to easily verify the identity of a user against Hot Ink’s user information database. It makes some basic information about the user available to your application.

Gatekeeper is largely a rewrite of Hancock-Client (github.com/atmos/hancock-client). The functionality is different but the spirit is the same.

Installation¶ ↑

This is the easy part.

gem install gatekeeper --source http://gemcutter.org

Using Gatekeeper¶ ↑

Gatekeeper is implemented in Sinatra, but it can authenticate any Rack-based application. That could be Rails, Sinatra, Rack whatever. You’ll be surprised how easy it is.

Simply add the following into your Rack stack, by simply placing it directly into your Sinatra app as middleware, or if you’re building a Rack app, add it to your stack in config.ru:

use Rack::Session::Cookie
use Gatekeeper::Middleware do |sso|
  sso.sso_url = "http://your_sso_server.net/sso"
end

Be sure to use the session middleware when building a Rack app, or to enable :sessions when using Sinatra. Gatekeeper relies on sessions to store authentication information. Also be sure to include the correct SSO server URL.

With Rails¶ ↑

When using Gatekeeper with Rails, you should create a ‘metal’ Sinatra app to keep it in, then implement it as show above. It’s pretty easy, just run script/generate metal sso. Inside, you should have:

require(File.dirname(__FILE__) + "/../../config/environment") unless defined?(Rails)
require 'sinatra/base'
require 'logger'

class Sso < Sinatra::Base
  use Gatekeeper::Middleware do |sso|
    sso.sso_url = "http://your_sso_server.net/sso"
  end
end

When using Rails, you should be sure not to enable sessions in your Sinatra metal. Rails takes care of the session. If you re-enable, you’ll overwrite what Rails has already found and your authentication will not work

In your app¶ ↑

Gatekeeper puts the received user details in a hash accessible using session. Things are a little more convenient using the helpers. To do that, simply include Gatekeeper::Helpers::Authentication in your app. You can then use the following methods:

  • current_user

    Will return nil or the current user’s id, depending on whether or not the user is logged in.

  • is_admin?

    Is this user a Hot Ink admin? You may have some tasks that only admin users can do.

  • is_manager_of?(hotink_account_id)

    Will return true if the user is a manager of the account who’s id you passed in.

Your app can use a simple require_user method as a before filter to ensure that users are logged in, the most basic of which could look like this:

def require_user
 unless current_user
   redirect_to "/sso/login?return_to=#{request.request_uri}"
   false # if you're using this as a Rails before filter, return false
 end
end

Note on Patches/Pull Requests¶ ↑

  • Fork the project.

  • Make your feature addition or bug fix.

  • Add specs for it. This is important so I don’t break it in a future version unintentionally.

  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)

  • Send me a pull request. Bonus points for topic branches.

Copyright¶ ↑

Copyright © 2010 Chris Dinn. See LICENSE for details.