class Rack::Ntlm

Public Class Methods

new(app, config = {}) click to toggle source
# File lib/rack/ntlm.rb, line 8
def initialize(app, config = {})
  @app = app
  @config = {
    :uri_pattern => /\//,
    :port => 389,
    :search_filter => "(sAMAccountName=%1)"
  }.merge(config)
end

Public Instance Methods

auth(user) click to toggle source
# File lib/rack/ntlm.rb, line 17
def auth(user)
  ldap = Net::LDAP.new
  ldap.host = @config[:host]
  ldap.port = @config[:port]
  ldap.base = @config[:base]
  ldap.auth @config[:auth][:username], @config[:auth][:password] if @config[:auth]
  !ldap.search(:filter => @config[:search_filter].gsub("%1", user)).empty?
rescue => e
  false
end
call(env) click to toggle source
# File lib/rack/ntlm.rb, line 28
def call(env)
  if env['PATH_INFO'] =~ @config[:uri_pattern] && env['HTTP_AUTHORIZATION'].blank?
    return [401, {'WWW-Authenticate' => "NTLM"}, []]
  end

  if /^(NTLM|Negotiate) (.+)/ =~ env["HTTP_AUTHORIZATION"]

    message = Net::NTLM::Message.decode64($2)

    if message.type == 1 
      type2 = Net::NTLM::Message::Type2.new
      return [401, {"WWW-Authenticate" => "NTLM " + type2.encode64}, []]
    end

    if message.type == 3 && env['PATH_INFO'] =~ @config[:uri_pattern]
      user = Net::NTLM::decode_utf16le(message.user)
      if auth(user)
        env['REMOTE_USER'] = user 
      else
        return [401, {}, ["You are not authorized to see this page"]]
      end
    end
    end

  @app.call(env)
end