Ruby on rails 适用于rails 3的Zendesk单点登录gem
有人知道有一个维护的gem通过现有的rails3应用程序处理Zendesk API的用户身份验证吗Ruby on rails 适用于rails 3的Zendesk单点登录gem,ruby-on-rails,ruby-on-rails-3,zendesk,Ruby On Rails,Ruby On Rails 3,Zendesk,有人知道有一个维护的gem通过现有的rails3应用程序处理Zendesk API的用户身份验证吗 我向Zendesk询问了它并将其发送到,但它看起来与rails 3不兼容,自2009年以来就没有更新过。我认为我们文档中的文章给人的印象是Zendesk SSO很难,而事实上它相当容易(http://www.zendesk.com/api/remote-authentication) #参考http://www.zendesk.com/api/remote-authentication #您需要是
我向Zendesk询问了它并将其发送到,但它看起来与rails 3不兼容,自2009年以来就没有更新过。我认为我们文档中的文章给人的印象是Zendesk SSO很难,而事实上它相当容易(http://www.zendesk.com/api/remote-authentication)
#参考http://www.zendesk.com/api/remote-authentication
#您需要是Zendesk帐户管理员才能启用远程身份验证(如果尚未启用)
#转到设置>安全,单击单一登录旁边的“启用”
#需要注意的三个重要事项:
#远程登录URL、远程注销URL和共享密钥令牌
#要在本地主机上运行的Rails 3应用程序上进行测试,请填写要映射的远程登录URL
#到http://localhost:3000/zendesk/login (我们需要确保存在该项目的路线)
#将远程注销URL填写到http://localhost:3000/zendesk/logout
#复制秘密令牌,稍后您将需要它
#首先,让我们在config/routes.rb中创建这些路由
名称空间:zendesk do
匹配“/login”=>“zendesk#login”#将匹配/zendesk/login
匹配“/注销”=>“zendesk#注销”#将匹配/zendesk/注销
结束
#上面我已经将这些请求映射到一个名为“zendesk”的控制器,但它可以命名为任何名称
#接下来我们要将我们的秘密令牌添加到应用程序中,我在初始值设定项中添加了它
#config/initializers/zendesk_auth.rb
ZENDESK_REMOTE_AUTH_TOKEN=“”
ZENDESK_REMOTE_AUTH_URL=”http://yourcompany.zendesk.com/access/remote/"
#假设我们在zendesk_controller.rb中有一个名为zendesk的控制器
需要“摘要/md5”
类ZendeskController<应用程序控制器
def索引
@zendesk\u remote\u auth\u url=zendesk\u remote\u auth\u url
结束
def登录
timestamp=params[:timestamp]| | Time.now.utc.to_i
#硬编码,例如
#你真的想做一些像current_user.name和current_user.email这样的事情吗
#您可能希望在助手中隐藏所有对控制器的实现
string=“First Last”+“First”。last@gmail.com“+ZENDESK_REMOTE_AUTH_TOKEN+timestamp.to_s”
hash=Digest::MD5.hexdigest(字符串)
@zendesk_remote_auth_url=”http://yourcompany.zendesk.com/access/remote/?name=First%20Last&email=first.last@gmail.com×tamp={timestamp}&hash={hash}”
重定向到@zendesk\u remote\u auth\u url
结束
def注销
flash[:notice]=params[:message]
结束
结束
#注意,上面的索引操作定义了一个实例变量@zendesk\u remote\u auth\u url
#在我的示例中,我简单地在相应的视图上放置了一个链接,点击ZENDESK\u REMOTE\u AUTH\u URL,这样做
#将导致Zendesk点击您的应用程序远程登录URL(您在Zendesk SSO设置中定义),并在URL参数中传递时间戳
#但是,如果您只想在应用程序中转到/zendesk/login,则完全可以避免这一额外步骤
#注意,我要么使用params[:timestamp],如果存在,要么使用Time.now创建一个新的时间戳
这个例子非常简单,但我只想说明Zendesk SSO的基本机制。请注意,我没有涉及创建新用户或编辑现有用户的更复杂问题,只是登录拥有现有Zendesk帐户的用户。Zendesk中有一个更新的示例代码
# Using JWT from Ruby is straight forward. The below example expects you to have `jwt`
# in your Gemfile, you can read more about that gem at https://github.com/progrium/ruby-jwt.
# Assuming that you've set your shared secret and Zendesk subdomain in the environment, you
# can use Zendesk SSO from your controller like this example.
class ZendeskSessionController < ApplicationController
# Configuration
ZENDESK_SHARED_SECRET = ENV["ZENDESK_SHARED_SECRET"]
ZENDESK_SUBDOMAIN = ENV["ZENDESK_SUBDOMAIN"]
def create
if user = User.authenticate(params[:login], params[:password])
# If the submitted credentials pass, then log user into Zendesk
sign_into_zendesk(user)
else
render :new, :notice => "Invalid credentials"
end
end
private
def sign_into_zendesk(user)
# This is the meat of the business, set up the parameters you wish
# to forward to Zendesk. All parameters are documented in this page.
iat = Time.now.to_i
jti = "#{iat}/#{rand(36**64).to_s(36)}"
payload = JWT.encode({
:iat => iat, # Seconds since epoch, determine when this token is stale
:jti => jti, # Unique token id, helps prevent replay attacks
:name => user.name,
:email => user.email,
}, ZENDESK_SHARED_SECRET)
redirect_to zendesk_sso_url(payload)
end
def zendesk_sso_url(payload)
"https://#{ZENDESK_SUBDOMAIN}.zendesk.com/access/jwt?jwt=#{payload}"
end
end
#使用Ruby中的JWT是直截了当的。下面的示例希望您具有'jwt'`
#在您的gem文件中,您可以在https://github.com/progrium/ruby-jwt.
#假设您已在环境中设置了共享机密和Zendesk子域,则
#可以从控制器使用Zendesk SSO,如本例所示。
类ZendeskSessionController“无效凭据”
结束
结束
私有的
def登录到zendesk(用户)
#这是业务的核心,设置您想要的参数
#转发到Zendesk。本页记录了所有参数。
iat=时间。现在。到_i
jti=“#{iat}/#{rand(36**64).to#us(36)}”
有效载荷=JWT.encode({
:iat=>iat,#自历元起秒,确定此令牌何时过期
:jti=>jti,#唯一令牌id,有助于防止重播攻击
:name=>user.name,
:email=>user.email,
},ZENDESK_共享_机密)
重定向到zendesk\u sso\u url(有效负载)
结束
def zendesk_sso_url(有效负载)
“https://{ZENDESK#u SUBDOMAIN}.ZENDESK.com/access/jwt?jwt={payload}”
结束
结束
Zendesk::RemoteAuth.auth\u url='10〕https://civicrush.zendesk.com/access/remoteauth“Zendesk::RemoteAuth.token='blah8blah'# Using JWT from Ruby is straight forward. The below example expects you to have `jwt`
# in your Gemfile, you can read more about that gem at https://github.com/progrium/ruby-jwt.
# Assuming that you've set your shared secret and Zendesk subdomain in the environment, you
# can use Zendesk SSO from your controller like this example.
class ZendeskSessionController < ApplicationController
# Configuration
ZENDESK_SHARED_SECRET = ENV["ZENDESK_SHARED_SECRET"]
ZENDESK_SUBDOMAIN = ENV["ZENDESK_SUBDOMAIN"]
def create
if user = User.authenticate(params[:login], params[:password])
# If the submitted credentials pass, then log user into Zendesk
sign_into_zendesk(user)
else
render :new, :notice => "Invalid credentials"
end
end
private
def sign_into_zendesk(user)
# This is the meat of the business, set up the parameters you wish
# to forward to Zendesk. All parameters are documented in this page.
iat = Time.now.to_i
jti = "#{iat}/#{rand(36**64).to_s(36)}"
payload = JWT.encode({
:iat => iat, # Seconds since epoch, determine when this token is stale
:jti => jti, # Unique token id, helps prevent replay attacks
:name => user.name,
:email => user.email,
}, ZENDESK_SHARED_SECRET)
redirect_to zendesk_sso_url(payload)
end
def zendesk_sso_url(payload)
"https://#{ZENDESK_SUBDOMAIN}.zendesk.com/access/jwt?jwt=#{payload}"
end
end