module DeviseRadiusAuthenticatable class InstallGenerator < Rails::Generators::Base source_root File.expand_path("../../templates", __FILE__) desc <<-DESC.gsub(/ {6}/, '') Description: Adds radius_authenticatable strategy to the devise initializer - The IP address of the radius server - The shared secret for the radius server DESC argument(:server, :banner => '', :desc => 'The IP address of the radius server') argument(:secret, :banner => '', :desc => 'The shared secret for the radius server') class_option(:uid_field, :default => :uid, :desc => 'What database column to use for the UID') class_option(:port, :default => 1812, :desc => 'The port to connect to the radius server on') class_option(:timeout, :default => 60, :desc => 'How long to wait for a response from the radius server') class_option(:retries, :default => 0, :desc => 'How many times to retry a radius request') class_option(:dictionary_path, :default => nil, :desc => 'The path to load radius dictionary files from') class_option(:handle_timeout_as_failure, :default => false, :desc => 'Option to handle radius timeout as authentication failure') def install inject_into_file("config/initializers/devise.rb", default_devise_settings, :before => /^\s*.*==> Scopes configuration/) end private def default_devise_settings <<-CONFIG.gsub(/ {6}/, '') # ==> Configuration for radius_authenticatable # The radius_authenticatable strategy can be used in place of the # database_authenticatable strategy or alongside it. The default order of the # strategies is the reverse of how they were loaded. You can control this # order by explicitly telling warden the order in which to apply the strategies. # See the Warden Configuration section for further details. # # Configure the hostname or IP address of an individual radius server to use. # config.radius_server = '#{server}' # Configure multiple radius servers with optional port. # Example: ['127.0.0.1'] config.radius_servers = ['#{server}:#{options[:port]}'] # Configure the port to use when connecting to the radius server. config.radius_server_port = #{options[:port]} # Configure the shared secret needed to connect to the radius server. config.radius_server_secret = '#{secret}' # Configure the time in seconds to wait for a radius server to respond. config.radius_server_timeout = #{options[:timeout]} # Configure the number of times a request should be retried when a radius server # does not immediately respond to requests. config.radius_server_retries = #{options[:retries]} # In some cases you may want to support authentication attempts against # multiple radius servers. In these cases the same username could be used on # each of the servers. In order to create unique database records, a unique # username is generated by using the radius username and the radius server IP # address once the authentication has succeeded. This configuration option # allows you to chose which database column this calculated UID field will be # stored in. config.radius_uid_field = :#{options[:uid_field]} # If you want to control how the unique identifier is created for each radius # user, this can be customized by configuring a proc that accepts the username # and the radius server as parameters and returns the uid. # # config.radius_uid_generator = Proc.new do |username, server| # "\#{username}@\#{server}" # end # There is a very basic radius dictionary provided by default. Most of the time # this will not be sufficient, so this configuration option allows you to # specify the path that contains all of the radius dictionary files that should # be loaded. # # config.radius_dictionary_path = '#{options[:dictionary_path]}' # Option to handle radius timeout as authentication failure # config.handle_radius_timeout_as_failure = #{options[:handle_timeout_as_failure]} CONFIG end end end