1. 00:00 18th Jun 2007

    ActiveAuthentication - Active Directory Authentication in Rails

    Introduction

    In addition to managing our public presence on the web, we spend a considerable amount of time developing internal applications and services. Ruby on Rails makes creating generic webapps a snap; however, for any practical application you need more than just simple CRUD.

    How about Authentication?

    Most businesses out there, in no small part due to the inflexibility of Windows authentication schemes, reluctantly use Active Directory to manage their user database. Ill conceived parallel authentication schemes that do not fully integrate with AD risk a host of problems: multiple points of failure, more complex security testing, user confusion, complex password management, etc… Instead, wouldn’t it be great if your Rails webapp played nice with AD?

    Development

    To solve these probles, we created ActiveAuthentication. ActiveAuthentication is a Rails plugin that allows users to authenticate against Active Directory

    Requirements

    • Use same username as password as AD account
    • Transparently manage the creation of new users to your webapp
    • Respect the suspension/deletion of users from the AD domain

    What’s Out There

    Search first, code second. There are a lot of existing authentication plugins for Ruby on Rails. We didn’t want to rewrite what was already working, so after a brief review we elected to build on acts_as_authenticated for our Active Directory authentication system.

    Development

    With the majority of the work done by others, we made as few modifications as possible. We modified an the Authenticator object by adding and initializing the attributes we need to connect to the Domain Controller. Next we created a new authenticate method.

    The authenticate method does the following:

    • Search the database for a user with the same username as the person trying to login.
    • Connect to the domain controller with the given username and password.
    • If step 2 failed, reject the login request, otherwise proceed.
    • Load the user�s information from active directory.
    • If you found a user in step one, proceed, otherwise create a new user.
    • Populate your user model with the information from Active Directory.
    • Save the new or updated user.

    The actual code is as follows:

    If you read the code carefully, you probably noticed the active_directory.yml file that is loaded in the initialization method. This file contains all the information necessary to connect to your domain controller. The file looks like:

    Simply replace domaincontroller with the name of your domain controller, and yourcompany with your domain name, and you should be good to go. Depending on how your directory is setup, you may have to experiment with the dn, but this setup worked for us.

    Installation

    The instructions for using the plugin are the same as they were for the acts_as_authenticated plugin.

    Update

    You also need to install the ruby ldap libraries. On Ubuntu you can do this with the following command:

    Then you install the plugin:

    Next, generate your user model and update the database:

    Now include the system in your application.rb file by adding the following code:

    Add the before filter to any controllers you want to secure:

    Lastly, make sure you edit the active_directory.yml file in the config directory to match your environment.

    That’s it, now you can forget about administering users in your internal applications.

     

  2. 00:50 16th Jun 2007

    ActiveCalendar - Javascript Calendar on Rails

    Background

    When I first started with Rails I was amazed at how quickly you can get a project up and running. Coming from a Java background I was used to configuring either Hibernate, then Spring or spending my days tweaking EJB interfaces. The scaffolding in Rails blew me away. However, the basic date and date time renderer, as I’m sure you will agree, left a little something to be desired. It’s easy to change them after the scaffold was created, but that gets old quick. To solve these problems and others, I created ActiveCalendar.

    Development

    The first part of the process entailed choosing the look of the date renderer. I’ve always liked the DHTML / JavaScript Calendar from Dynarch. Since it is licensed under the LGPL, it was a suitable choice.

    Next, I had to write the plugin. I didn’t want a generator because this plugin is designed to be a drop in replacement for the date renderer. It’s not something that has to be generated per scaffold, or configured per field, so I used rails to generate a basic plugin.

    Next, I added a public directory where I stored the necessary images and JavaScript and removed all the unused directories and files. In the end I had the following directory structure:

    After creating the directory structure, it was time to open the hood and have a look at how rails renders fields. After a little digging, I found the FormHelper module in the following file:

    This quickly led me to the DateHelper in:

    Inside of the DateHelper module are methods called date_select and datetime_select, which correspond the methods used in the generated new.rhtml and edit.rhtml files. It should be noted that in the first iteration of the plugin, this is where the digging stopped. I overloaded the methods above with my own that rendered the Dynarch calendar. It worked wonderfully, until I discovered ActiveScaffold.

    ActiveScaffold is a great plugin that replaces the standard rails CRUD pages with a set of sexy AJAX powered pages. However, it uses a different method to render dates, so it was back to drop downs for me. Since I wanted a drop in replacement that would work with both standard Rails and ActiveScaffold, I was forced to dig deeper into the DateHelper.

    It turns out that the DateHelper, like the other FormHelpers, delegates calls to the InstanceTag class. In the final version of the plugin, I overloaded the to_date_select_tag and to_datetime_select_tag methods in InstanceTag and had them call my own DepotDateHelper class. ActiveScaffold must use the same InstanceTag class because once I did that, the calendar began rendering in ActiveScaffold as well.

    For good measure, I overloaded the date_select and datetime_select methods of DateHelper and continued to delegate to InstanceTag, but I added a couple of my own options.

    Installation

    You can install the plugin with the following command:

    Next add the appropriate javascript and stylesheets to your layout:

    That’s it, your dates should now render as JavaScript calendars.

    Screen Shot