active_directory_login 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/active_directory_login/client.rb +59 -57
  3. data/lib/active_directory_login/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 35dbce9c799a3b240d53d37db932486d6b13b138
4
- data.tar.gz: 897280b514e3103f8be0fbf6ea37f2482064458a
3
+ metadata.gz: bde1eff05aead0e087f583609f5c402284e7e705
4
+ data.tar.gz: 0129cc791a556e88f2092121d558bd5275e8cd27
5
5
  SHA512:
6
- metadata.gz: a59a6f2317c42c66fbf0773a435a64ec474c3bca2a7ff64bb0d6c4ef9e9f03e72a576e565cd879d25bb995b642ac75a0c8ff07ad51f41507d3545719becf9187
7
- data.tar.gz: e628d1e43fe5e7d8ea607a66cf43de44810377cacc1d35fd333cd5dd4bee9bfd49c19dfad41e3dc2297c5adb4a0241e7cebaad42958355cfb1171517e58dd550
6
+ metadata.gz: c3cbe0ad635d7e64f057d299768fd55810284dfff9ac4ec38f83d0237b4be083cc8fa6e4c1a803704bc27986813337995a141f8f1540a6a02a4173f79b07e95d
7
+ data.tar.gz: 743a5549e04b87219b295d44f060441d2b69759344c2ce697d090e983942f3cad031c4bf95d14a7136a18e11beb1b5f36fbd455c61c4b876b9629de1e6a6ecd7
data/lib/active_directory_login/client.rb CHANGED
@@ -93,8 +93,8 @@ module ActiveDirectoryLogin
93
93
  end
94
94
 
95
95
  def query
96
- ad_email = @ad_user.mail.downcase
97
- @query = User.where { (provider == User::LDAP) & (email =~ ad_email) }
96
+ ad_username = @ad_user.sAMAccountName.downcase
97
+ @query = User.where { (provider == User::LDAP) & (username =~ ad_username) }
98
98
  end
99
99
 
100
100
  def create_or_update_user
@@ -123,10 +123,10 @@ module ActiveDirectoryLogin
123
123
  ensure_connection
124
124
  raise NoSearchKey unless username_or_email && !username_or_email.empty?
125
125
 
126
- ad_key = (username_or_email =~ /@/) ? :mail : :sAMAccountName
127
- ad_user = ActiveDirectory::User.find(:first, ad_key => username_or_email)
128
- if ad_user.nil? # User hasnt used their primary email so try the secondary
129
- ad_user = ActiveDirectory::User.find(:first, "msrtcsip-primaryuseraddress" => "sip:#{username_or_email}")
126
+ if (username_or_email =~ /@/)
127
+ ad_user = ActiveDirectory::User.find(:first, proxyaddresses: "smtp:#{username_or_email}")
128
+ else
129
+ ad_user = ActiveDirectory::User.find(:first, sAMAccountName: username_or_email)
130
130
  end
131
131
  ad_user
132
132
  end
@@ -171,91 +171,93 @@ module ActiveDirectoryLogin
171
171
 
172
172
  # update staff
173
173
  staff_group = find_group(staff_dn)
174
- staff_member_emails = staff_group.member.collect(&:mail).map(&:downcase)
175
-
176
- allowed = User.where(email: staff_member_emails, staff: false)
177
- staff_allowed_emails = allowed.collect(&:email)
174
+ staff_member_names = staff_group.member.map { |u| u.sAMAccountName.downcase }
175
+
176
+ # users not flagged as staff in docgenie but in AD staff group
177
+ allowed = User.where { (lower(username).in staff_member_names) & (staff == false) }
178
178
  allowed.update_all(staff: true)
179
+ staff_allowed_names = allowed.map { |u| u.username.downcase }
179
180
 
180
- disallowed = User.where.not(email: staff_member_emails).where(staff: true)
181
- staff_disallowed_emails = disallowed.collect(&:email)
181
+ # users flagged as staff in docgenie but not in AD staff group
182
+ disallowed = User.where { (lower(username).not_in staff_member_names) & (staff == true) }
182
183
  disallowed.update_all(staff: false)
184
+ staff_disallowed_names = disallowed.map { |u| u.username.downcase }
183
185
 
184
- staff_unchanged = User.where(email: staff_member_emails, staff: true)
185
- staff_unchanged_emails = staff_unchanged.collect(&:email)
186
+ # users flagged as staff in docgenie and in AD staff group
187
+ staff_unchanged = User.where { (lower(username).in staff_member_names) & (staff == true) }
188
+ staff_unchanged_names = staff_unchanged.map { |u| u.username.downcase }
186
189
 
187
- # create any new staff
188
- pending = Array(staff_member_emails - staff_allowed_emails - staff_unchanged_emails)
189
- pending.each do |pending_email|
190
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
190
+ # users in AD staff group but not in docgenie (at all)
191
+ pending = Array(staff_member_names - staff_allowed_names - staff_unchanged_names)
192
+ pending.each do |pending_name|
193
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
191
194
  end
192
- staff_created_emails = pending
195
+ staff_created_names = pending
193
196
 
194
197
 
195
198
  ## update superuser
196
199
  superuser_group = find_group(superuser_dn)
197
- superuser_member_emails = superuser_group.member.collect(&:mail).map(&:downcase)
198
- superuser_member_emails = superuser_member_emails - staff_member_emails
200
+ superuser_member_names = superuser_group.member.map { |u| u.sAMAccountName.downcase } - staff_member_names
199
201
 
200
- allowed = User.where(email: superuser_member_emails, superuser: false)
201
- superuser_allowed_emails = allowed.collect(&:email)
202
+ allowed = User.where { (lower(username).in superuser_member_names) & (staff == false) }
202
203
  allowed.update_all(superuser: true)
204
+ superuser_allowed_names = allowed.map { |u| u.username.downcase }
203
205
 
204
- disallowed = User.where.not(email: superuser_member_emails).where(superuser: true)
205
- superuser_disallowed_emails = disallowed.collect(&:email)
206
+ disallowed = User.where { (lower(username).not_in superuser_member_names) & (staff == true) }
206
207
  disallowed.update_all(superuser: false)
208
+ superuser_disallowed_names = disallowed.map { |u| u.username.downcase }
207
209
 
208
- superuser_unchanged = User.where(email: superuser_member_emails, superuser: true)
209
- superuser_unchanged_emails = superuser_unchanged.collect(&:email)
210
+ superuser_unchanged = User.where { (lower(username).in superuser_member_names) & (staff == true) }
211
+ superuser_unchanged_names = superuser_unchanged.map { |u| u.username.downcase }
210
212
 
211
213
  # create any new superuser
212
- pending = Array(superuser_member_emails - superuser_allowed_emails - superuser_unchanged_emails)
213
- pending.each do |pending_email|
214
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
214
+ pending = Array(superuser_member_names - superuser_allowed_names - superuser_unchanged_names)
215
+ pending.each do |pending_name|
216
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
215
217
  end
216
- superuser_created_emails = pending
218
+ superuser_created_names = pending
217
219
 
218
220
 
219
221
 
220
222
 
221
223
  ## update users
222
224
  user_group = find_group(user_dn)
223
- member_emails = user_group.member.collect(&:mail).map(&:downcase)
224
- member_emails = member_emails - superuser_member_emails - staff_member_emails
225
+ member_names = user_group.member.map { |u| u.sAMAccountName.downcase }
226
+ member_names = member_names - superuser_member_names - staff_member_names
225
227
 
226
- allowed = User.where(email: member_emails, staff: false, superuser: false).where.not(locked_at: nil)
227
- user_allowed_emails = allowed.collect(&:email)
228
+ allowed = User.where { (lower(username).in member_names) & (staff == false) & (superuser == false) & (locked_at != nil) }
228
229
  allowed.update_all(locked_at: nil)
230
+ user_allowed_names = allowed.map { |u| u.username.downcase }
229
231
 
230
- disallowed = User.where.not(email: member_emails).where(staff: false, superuser: false)
231
- user_disallowed_emails = disallowed.collect(&:email)
232
- disallowed.each {|u| u.lock_access! }
232
+ disallowed = User.where { (lower(username).not_in member_names) & (staff == false) & (superuser == false) & (locked_at == nil) }
233
+ disallowed.each { |u| u.lock_access! }
234
+ user_disallowed_names = disallowed.map { |u| u.username.downcase }
233
235
 
234
- user_unchanged = User.where(email: member_emails, staff: false, superuser: false)
235
- user_unchanged_emails = user_unchanged.collect(&:email)
236
+ user_unchanged = User.where { (lower(username).in member_names) & (staff == false) & (superuser == false) & (locked_at == nil) }
237
+ user_unchanged_names = user_unchanged.map { |u| u.username.downcase }
236
238
 
237
239
  #create any new user
238
- pending = Array(member_emails - user_allowed_emails - user_unchanged_emails)
239
- pending.each do |pending_email|
240
- with_user(pending_email, SecureRandom.hex){ create_or_update_user }
240
+ pending = Array(member_names - user_allowed_names - user_unchanged_names)
241
+ pending.each do |pending_name|
242
+ with_user(pending_name, SecureRandom.hex){ create_or_update_user }
241
243
  end
242
- user_created_emails = pending
244
+ user_created_names = pending
243
245
 
244
246
  #report on changes
245
- ActiveDirectoryLogin.logger.info "Staff allowed: #{staff_allowed_emails}"
246
- ActiveDirectoryLogin.logger.info "Staff disallowed: #{staff_disallowed_emails}"
247
- ActiveDirectoryLogin.logger.info "Staff created: #{staff_created_emails}"
248
- ActiveDirectoryLogin.logger.info "Staff unchanged: #{staff_unchanged_emails}"
247
+ ActiveDirectoryLogin.logger.info "Staff allowed: #{staff_allowed_names}"
248
+ ActiveDirectoryLogin.logger.info "Staff disallowed: #{staff_disallowed_names}"
249
+ ActiveDirectoryLogin.logger.info "Staff created: #{staff_created_names}"
250
+ ActiveDirectoryLogin.logger.info "Staff unchanged: #{staff_unchanged_names}"
249
251
 
250
- ActiveDirectoryLogin.logger.info "Superusers allowed: #{superuser_allowed_emails}"
251
- ActiveDirectoryLogin.logger.info "Superusers disallowed: #{superuser_disallowed_emails}"
252
- ActiveDirectoryLogin.logger.info "Superusers created: #{superuser_created_emails}"
253
- ActiveDirectoryLogin.logger.info "Superusers unchanged: #{superuser_unchanged_emails}"
252
+ ActiveDirectoryLogin.logger.info "Superusers allowed: #{superuser_allowed_names}"
253
+ ActiveDirectoryLogin.logger.info "Superusers disallowed: #{superuser_disallowed_names}"
254
+ ActiveDirectoryLogin.logger.info "Superusers created: #{superuser_created_names}"
255
+ ActiveDirectoryLogin.logger.info "Superusers unchanged: #{superuser_unchanged_names}"
254
256
 
255
- ActiveDirectoryLogin.logger.info "User allowed: #{user_allowed_emails}"
256
- ActiveDirectoryLogin.logger.info "User disallowed: #{user_disallowed_emails}"
257
- ActiveDirectoryLogin.logger.info "User created: #{user_created_emails}"
258
- ActiveDirectoryLogin.logger.info "User unchanged: #{user_unchanged_emails}"
257
+ ActiveDirectoryLogin.logger.info "User allowed: #{user_allowed_names}"
258
+ ActiveDirectoryLogin.logger.info "User disallowed: #{user_disallowed_names}"
259
+ ActiveDirectoryLogin.logger.info "User created: #{user_created_names}"
260
+ ActiveDirectoryLogin.logger.info "User unchanged: #{user_unchanged_names}"
259
261
  end
260
262
 
261
263
  #report new numbers of users
@@ -288,4 +290,4 @@ module ActiveDirectoryLogin
288
290
 
289
291
 
290
292
  end #class
291
- end
293
+ end
data/lib/active_directory_login/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ActiveDirectoryLogin
2
- VERSION = "0.0.5"
2
+ VERSION = "0.0.6"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: active_directory_login
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brad Murray
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-16 00:00:00.000000000 Z
11
+ date: 2014-04-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler