active_directory_login 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/active_directory_login/client.rb +59 -57
  3. data/lib/active_directory_login/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 35dbce9c799a3b240d53d37db932486d6b13b138
4
- data.tar.gz: 897280b514e3103f8be0fbf6ea37f2482064458a
3
+ metadata.gz: bde1eff05aead0e087f583609f5c402284e7e705
4
+ data.tar.gz: 0129cc791a556e88f2092121d558bd5275e8cd27
5
5
  SHA512:
6
- metadata.gz: a59a6f2317c42c66fbf0773a435a64ec474c3bca2a7ff64bb0d6c4ef9e9f03e72a576e565cd879d25bb995b642ac75a0c8ff07ad51f41507d3545719becf9187
7
- data.tar.gz: e628d1e43fe5e7d8ea607a66cf43de44810377cacc1d35fd333cd5dd4bee9bfd49c19dfad41e3dc2297c5adb4a0241e7cebaad42958355cfb1171517e58dd550
6
+ metadata.gz: c3cbe0ad635d7e64f057d299768fd55810284dfff9ac4ec38f83d0237b4be083cc8fa6e4c1a803704bc27986813337995a141f8f1540a6a02a4173f79b07e95d
7
+ data.tar.gz: 743a5549e04b87219b295d44f060441d2b69759344c2ce697d090e983942f3cad031c4bf95d14a7136a18e11beb1b5f36fbd455c61c4b876b9629de1e6a6ecd7
data/lib/active_directory_login/client.rb CHANGED
@@ -93,8 +93,8 @@ module ActiveDirectoryLogin
93
93
  end
94
94
 
95
95
  def query
96
- ad_email = @ad_user.mail.downcase
97
- @query = User.where { (provider == User::LDAP) & (email =~ ad_email) }
96
+ ad_username = @ad_user.sAMAccountName.downcase
97
+ @query = User.where { (provider == User::LDAP) & (username =~ ad_username) }
98
98
  end
99
99
 
100
100
  def create_or_update_user
@@ -123,10 +123,10 @@ module ActiveDirectoryLogin
123
123
  ensure_connection
124
124
  raise NoSearchKey unless username_or_email && !username_or_email.empty?
125
125
 
126
- ad_key = (username_or_email =~ /@/) ? :mail : :sAMAccountName
127
- ad_user = ActiveDirectory::User.find(:first, ad_key => username_or_email)
128
- if ad_user.nil? # User hasnt used their primary email so try the secondary
129
- ad_user = ActiveDirectory::User.find(:first, "msrtcsip-primaryuseraddress" => "sip:#{username_or_email}")
126
+ if (username_or_email =~ /@/)
127
+ ad_user = ActiveDirectory::User.find(:first, proxyaddresses: "smtp:#{username_or_email}")
128
+ else
129
+ ad_user = ActiveDirectory::User.find(:first, sAMAccountName: username_or_email)
130
130
  end
131
131
  ad_user
132
132
  end
@@ -171,91 +171,93 @@ module ActiveDirectoryLogin
171
171
 
172
172
  # update staff
173
173
  staff_group = find_group(staff_dn)
174
- staff_member_emails = staff_group.member.collect(&:mail).map(&:downcase)
175
-
176
- allowed = User.where(email: staff_member_emails, staff: false)
177
- staff_allowed_emails = allowed.collect(&:email)
174
+ staff_member_names = staff_group.member.map { |u| u.sAMAccountName.downcase }
175
+
176
+ # users not flagged as staff in docgenie but in AD staff group
177
+ allowed = User.where { (lower(username).in staff_member_names) & (staff == false) }
178
178
  allowed.update_all(staff: true)
179
+ staff_allowed_names = allowed.map { |u| u.username.downcase }
179
180
 
180
- disallowed = User.where.not(email: staff_member_emails).where(staff: true)
181
- staff_disallowed_emails = disallowed.collect(&:email)
181
+ # users flagged as staff in docgenie but not in AD staff group
182
+ disallowed = User.where { (lower(username).not_in staff_member_names) & (staff == true) }
182
183
  disallowed.update_all(staff: false)
184
+ staff_disallowed_names = disallowed.map { |u| u.username.downcase }
183
185
 
184
- staff_unchanged = User.where(email: staff_member_emails, staff: true)
185
- staff_unchanged_emails = staff_unchanged.collect(&:email)
186
+ # users flagged as staff in docgenie and in AD staff group
187
+ staff_unchanged = User.where { (lower(username).in staff_member_names) & (staff == true) }
188
+ staff_unchanged_names = staff_unchanged.map { |u| u.username.downcase }
186
189
 
187
- # create any new staff
188
- pending = Array(staff_member_emails - staff_allowed_emails - staff_unchanged_emails)
189
- pending.each do |pending_email|
190
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
190
+ # users in AD staff group but not in docgenie (at all)
191
+ pending = Array(staff_member_names - staff_allowed_names - staff_unchanged_names)
192
+ pending.each do |pending_name|
193
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
191
194
  end
192
- staff_created_emails = pending
195
+ staff_created_names = pending
193
196
 
194
197
 
195
198
  ## update superuser
196
199
  superuser_group = find_group(superuser_dn)
197
- superuser_member_emails = superuser_group.member.collect(&:mail).map(&:downcase)
198
- superuser_member_emails = superuser_member_emails - staff_member_emails
200
+ superuser_member_names = superuser_group.member.map { |u| u.sAMAccountName.downcase } - staff_member_names
199
201
 
200
- allowed = User.where(email: superuser_member_emails, superuser: false)
201
- superuser_allowed_emails = allowed.collect(&:email)
202
+ allowed = User.where { (lower(username).in superuser_member_names) & (staff == false) }
202
203
  allowed.update_all(superuser: true)
204
+ superuser_allowed_names = allowed.map { |u| u.username.downcase }
203
205
 
204
- disallowed = User.where.not(email: superuser_member_emails).where(superuser: true)
205
- superuser_disallowed_emails = disallowed.collect(&:email)
206
+ disallowed = User.where { (lower(username).not_in superuser_member_names) & (staff == true) }
206
207
  disallowed.update_all(superuser: false)
208
+ superuser_disallowed_names = disallowed.map { |u| u.username.downcase }
207
209
 
208
- superuser_unchanged = User.where(email: superuser_member_emails, superuser: true)
209
- superuser_unchanged_emails = superuser_unchanged.collect(&:email)
210
+ superuser_unchanged = User.where { (lower(username).in superuser_member_names) & (staff == true) }
211
+ superuser_unchanged_names = superuser_unchanged.map { |u| u.username.downcase }
210
212
 
211
213
  # create any new superuser
212
- pending = Array(superuser_member_emails - superuser_allowed_emails - superuser_unchanged_emails)
213
- pending.each do |pending_email|
214
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
214
+ pending = Array(superuser_member_names - superuser_allowed_names - superuser_unchanged_names)
215
+ pending.each do |pending_name|
216
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
215
217
  end
216
- superuser_created_emails = pending
218
+ superuser_created_names = pending
217
219
 
218
220
 
219
221
 
220
222
 
221
223
  ## update users
222
224
  user_group = find_group(user_dn)
223
- member_emails = user_group.member.collect(&:mail).map(&:downcase)
224
- member_emails = member_emails - superuser_member_emails - staff_member_emails
225
+ member_names = user_group.member.map { |u| u.sAMAccountName.downcase }
226
+ member_names = member_names - superuser_member_names - staff_member_names
225
227
 
226
- allowed = User.where(email: member_emails, staff: false, superuser: false).where.not(locked_at: nil)
227
- user_allowed_emails = allowed.collect(&:email)
228
+ allowed = User.where { (lower(username).in member_names) & (staff == false) & (superuser == false) & (locked_at != nil) }
228
229
  allowed.update_all(locked_at: nil)
230
+ user_allowed_names = allowed.map { |u| u.username.downcase }
229
231
 
230
- disallowed = User.where.not(email: member_emails).where(staff: false, superuser: false)
231
- user_disallowed_emails = disallowed.collect(&:email)
232
- disallowed.each {|u| u.lock_access! }
232
+ disallowed = User.where { (lower(username).not_in member_names) & (staff == false) & (superuser == false) & (locked_at == nil) }
233
+ disallowed.each { |u| u.lock_access! }
234
+ user_disallowed_names = disallowed.map { |u| u.username.downcase }
233
235
 
234
- user_unchanged = User.where(email: member_emails, staff: false, superuser: false)
235
- user_unchanged_emails = user_unchanged.collect(&:email)
236
+ user_unchanged = User.where { (lower(username).in member_names) & (staff == false) & (superuser == false) & (locked_at == nil) }
237
+ user_unchanged_names = user_unchanged.map { |u| u.username.downcase }
236
238
 
237
239
  #create any new user
238
- pending = Array(member_emails - user_allowed_emails - user_unchanged_emails)
239
- pending.each do |pending_email|
240
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
240
+ pending = Array(member_names - user_allowed_names - user_unchanged_names)
241
+ pending.each do |pending_name|
242
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
241
243
  end
242
- user_created_emails = pending
244
+ user_created_names = pending
243
245
 
244
246
  #report on changes
245
- ActiveDirectoryLogin.logger.info "Staff allowed: #{staff_allowed_emails}"
246
- ActiveDirectoryLogin.logger.info "Staff disallowed: #{staff_disallowed_emails}"
247
- ActiveDirectoryLogin.logger.info "Staff created: #{staff_created_emails}"
248
- ActiveDirectoryLogin.logger.info "Staff unchanged: #{staff_unchanged_emails}"
247
+ ActiveDirectoryLogin.logger.info "Staff allowed: #{staff_allowed_names}"
248
+ ActiveDirectoryLogin.logger.info "Staff disallowed: #{staff_disallowed_names}"
249
+ ActiveDirectoryLogin.logger.info "Staff created: #{staff_created_names}"
250
+ ActiveDirectoryLogin.logger.info "Staff unchanged: #{staff_unchanged_names}"
249
251
 
250
- ActiveDirectoryLogin.logger.info "Superusers allowed: #{superuser_allowed_emails}"
251
- ActiveDirectoryLogin.logger.info "Superusers disallowed: #{superuser_disallowed_emails}"
252
- ActiveDirectoryLogin.logger.info "Superusers created: #{superuser_created_emails}"
253
- ActiveDirectoryLogin.logger.info "Superusers unchanged: #{superuser_unchanged_emails}"
252
+ ActiveDirectoryLogin.logger.info "Superusers allowed: #{superuser_allowed_names}"
253
+ ActiveDirectoryLogin.logger.info "Superusers disallowed: #{superuser_disallowed_names}"
254
+ ActiveDirectoryLogin.logger.info "Superusers created: #{superuser_created_names}"
255
+ ActiveDirectoryLogin.logger.info "Superusers unchanged: #{superuser_unchanged_names}"
254
256
 
255
- ActiveDirectoryLogin.logger.info "User allowed: #{user_allowed_emails}"
256
- ActiveDirectoryLogin.logger.info "User disallowed: #{user_disallowed_emails}"
257
- ActiveDirectoryLogin.logger.info "User created: #{user_created_emails}"
258
- ActiveDirectoryLogin.logger.info "User unchanged: #{user_unchanged_emails}"
257
+ ActiveDirectoryLogin.logger.info "User allowed: #{user_allowed_names}"
258
+ ActiveDirectoryLogin.logger.info "User disallowed: #{user_disallowed_names}"
259
+ ActiveDirectoryLogin.logger.info "User created: #{user_created_names}"
260
+ ActiveDirectoryLogin.logger.info "User unchanged: #{user_unchanged_names}"
259
261
  end
260
262
 
261
263
  #report new numbers of users
@@ -288,4 +290,4 @@ module ActiveDirectoryLogin
288
290
 
289
291
 
290
292
  end #class
291
- end
293
+ end
data/lib/active_directory_login/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ActiveDirectoryLogin
2
- VERSION = "0.0.5"
2
+ VERSION = "0.0.6"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: active_directory_login
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brad Murray
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-16 00:00:00.000000000 Z
11
+ date: 2014-04-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler