Skip to content
/ goon_auth Public

Simple authentication / registration service with LDAP backend

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Goonswarm/goon_auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
config
config
 
 
lib
lib
 
 
priv
priv
 
 
web
web
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy.sh
deploy.sh
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

GoonAuth

Build status

Authentication services for GoonSwarm.

This is a simple LDAP-backed registration and user management service that lets members of [OHGOD] register an account in an LDAP server.

This account can then be used for access to forums and other external services.

GoonAuth only concerns itself with maintaining the data in LDAP, for bad services that can't deal with that we have BADS.

Features

GoonAuth currently has the following features:

  • User authentication through EVE SSO
  • Account creation in LDAP with refresh token storage
  • Password change functionality

Several other features are planned for implementation once the base system is rolled out:

  • LDAP group management (#2)
  • Corp application feature with SSO verification (#3)
  • Password resets (#1)

Tech overview

GoonAuth is an Elixir application using the Phoenix framework. It is currently built as a Docker image and intended to be deployed in a Kubernetes cluster.

An image for an LDAP server with the correct schema is located in the infrastructure repository.

Access to CCP's CREST API is provided by the Elixir OAuth2 library with credentials retrieved from the EVE SSO site. Please refer to CCP's third-party documentation for information specific to this.

Most other functionality, including LDAP connectivity, is provided by the Erlang standard library.

Configuration & Secrets

In addition to configuration related to Phoenix, GoonAuth needs credentials for accessing both the EVE SSO and the LDAP directory. While normal configuration is provided with Elixir's configuration mechanism from the [config][] directory, secrets are loaded at runtime from a JSON structure with the following format:

{
    "crest": {
        "client": "SSO_CLIENT_ID",
        "secret": "SSO_CLIENT_SECRET",
        "callback": "https://goon-auth.host/register/crest-catch"
    },
    "ldap_password": "SOME_PASSWORD",
    "phoenix_secret_key": "SECRET_COOKIE_SESSION_KEY"
}

The location of this configuration file is specified in the Elixir configuration under the :secrets_path key.

Building

Building for production

As GoonAuth is intended to be deployed as a Docker container, a Dockerfile is included for production builds.

The Dockerfile will install dependencies and build an Erlang release.

Run docker build with appropriate flags in the repository root to create this image.

Building for development

Follow instructions from the aforementioned slapd image README to set up an LDAP test server locally.

Install Elixir and run these commands:

mix do deps.get, deps.compile
iex -S mix phoenix.server

This will fetch and compile dependencies and start up the server, giving you an interactive console.

About

Simple authentication / registration service with LDAP backend

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages