activeldap 4.0.4 → 4.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c12549921e8f9d7aa8674add95bc2f48f82afdd
-  data.tar.gz: dd5633df0f5fc5ce5241ff4d77545bc243b8becb
+  metadata.gz: 4f80df61b7c3ce5999e745306e16007bc5b17f6d
+  data.tar.gz: 6de78b2c730aab8884c3de3d0a49efce255a45b3
 SHA512:
-  metadata.gz: 8ef5b66f2ece4f6eea6b6c46db97df52e97dd72b3d80e47d4027ed135346780f90de594b3bce5a2cae221d1f186fb3e225627600a8bd786b2326713388064efa
-  data.tar.gz: 580ccd4daf6d3625358be6c7ccba2f3a64aee0722dd8e9d7b2bc354c32120915692d42c59287054b1edb6cb37aee42f6b2cacfd4b0d5ead69be200b6e75f2008
+  metadata.gz: 2a6bbedd08e66e15391642d7c37132e4c83b90c01d2fbf213fbdcdff9352a80f0112716f28e1c373b89908f18d5a2b5f36975425c1d248c6b094cc4a02e3df4b
+  data.tar.gz: 472d41a261d52c4001f333fbdf5e07e4450cfbff210cf199a592e9e47c7f123032c250f6ebea79b9e7d7c9c1989e3d93742cfa92e0fb6e2404f35cf0ab7e4d70

data/doc/text/news.textile

@@ -1,5 +1,30 @@
 h1. News
 
+h2(#release-4-0-5). 4.0.5: 2016-01-20
+
+h3. Improvements
+
+* Supported @unicodePwd@ in Active Directory
+  [GitHub#105] [Reported by Laas Toom]
+* Supported Blowfish, SHA-256 and SHA-512 password hash with salt.
+  [GitHub#108] [Patch by Gary Richards]
+* Supported Ruby 2.2.
+  [GitHub#115] [Reported by Jan Zikan]
+  [GitHub#125] [Patch by Bohuslav Blín]
+* Supported Ruby 2.3.
+
+h3. Fixes
+
+* Fixed documentation for @rails generate@.
+  [GitHub#107] [Patch by Gary Richards]
+
+h3. Thanks
+
+* Laas Toom
+* Gary Richards
+* Jan Zikan
+* Bohuslav Blín
+
 h2(#release-4-0-4). 4.0.4: 2014-10-11
 
 h3. Improvements

data/doc/text/rails.textile

@@ -96,7 +96,7 @@ end
 You can also generate a Group model by the following command:
 
 <pre class="command">
-% script/rails generate model Group --classes PosixGroup
+% script/rails generate active_ldap:model Group --classes PosixGroup
 </pre>
 
 app/model/group.rb:

data/lib/active_ldap/connection.rb

@@ -55,7 +55,7 @@ module ActiveLdap
       def clear_active_connection_name
         @active_connection_name = nil
         ObjectSpace.each_object(Class) do |klass|
-          if klass < self and !klass.name.blank?
+          if klass < self and !klass.name.blank? and !klass.frozen?
             klass.instance_variable_set("@active_connection_name", nil)
           end
         end

data/lib/active_ldap/ldif.rb

@@ -140,6 +140,8 @@ module ActiveLdap
       def read_external_file
         uri_string = @scanner.scan(URI::ABS_URI)
         raise uri_is_missing if uri_string.nil?
+        uri_string.chomp!
+
         uri = nil
         begin
           uri = URI.parse(uri_string)
@@ -441,6 +443,10 @@ module ActiveLdap
         invalid_ldif(_("URI is invalid: %s: %s") % [uri_string, message])
       end
 
+      def uri_is_missing
+        invalid_ldif(_("URI is missing"))
+      end
+
       def modify_spec_separator_is_missing
         invalid_ldif(_("'-' is missing"))
       end

data/lib/active_ldap/railties/controller_runtime.rb

@@ -5,11 +5,11 @@ module ActiveLdap
   module Railties
     module ControllerRuntime #:nodoc:
       extend ActiveSupport::Concern
-      
+
     protected
-      
+
       attr_internal :ldap_runtime
-      
+
       def process_action(action, *args)
         # We also need to reset the runtime before each action
         # because of queries in middleware or in cases we are streaming
@@ -17,7 +17,7 @@ module ActiveLdap
         ActiveLdap::LogSubscriber.reset_runtime
         super
       end
-      
+
       def cleanup_view_runtime
         if ActiveLdap::Base.connected?
           ldap_rt_before_render = ActiveLdap::LogSubscriber.reset_runtime
@@ -29,12 +29,12 @@ module ActiveLdap
           super
         end
       end
-      
+
       def append_info_to_payload(payload)
         super
         payload[:ldap_runtime] = ldap_runtime
       end
-      
+
       module ClassMethods
         def log_process_action(payload)
           messages, ldap_runtime = super, payload[:ldap_runtime]

data/lib/active_ldap/schema/syntaxes.rb

@@ -191,10 +191,15 @@ module ActiveLdap
             fraction = match_data[-2]
             fraction = fraction.to_f if fraction
             time_zone = match_data[-1]
+            arguments = [
+              year, month, day, hour, minute, second, fraction, time_zone,
+              Time.now,
+            ]
+            if Time.method(:make_time).arity == 10
+              arguments.unshift(value)
+            end
             begin
-              Time.send(:make_time,
-                        year, month, day, hour, minute, second, fraction,
-                        time_zone, Time.now)
+              Time.send(:make_time, *arguments)
             rescue ArgumentError
               raise if year >= 1700
               out_of_range_messages = ["argument out of range",
@@ -444,6 +449,25 @@ module ActiveLdap
         #   String(NT-Sec-Desc) 1.2.840.113556.1.4.907
         SYNTAXES["1.2.840.113556.1.4.907"] = self
       end
+
+      class UnicodePwd < OctetString
+        # @see http://msdn.microsoft.com/en-us/library/cc220961.aspx
+        #   cn: Unicode-Pwd
+        #   ldapDisplayName: unicodePwd
+        #   attributeId: 1.2.840.113556.1.4.90
+        #   attributeSyntax: 2.5.5.10
+        #   omSyntax: 4
+        #   isSingleValued: TRUE
+        #   schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
+        #   systemOnly: FALSE
+        #   searchFlags: 0
+        #   systemFlags: FLAG_SCHEMA_BASE_OBJECT
+        #   schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+        #
+        # @see http://msdn.microsoft.com/en-us/library/cc223177.aspx
+        #   String(Octet) 2.5.5.10
+        SYNTAXES["1.2.840.113556.1.4.90"] = self
+      end
     end
   end
 end

data/lib/active_ldap/user_password.rb

@@ -5,6 +5,8 @@ require 'digest/sha1'
 
 module ActiveLdap
   module UserPassword
+    include GetText
+
     module_function
     def valid?(password, hashed_password)
       unless /^\{([A-Za-z][A-Za-z\d]+)\}/ =~ hashed_password
@@ -37,10 +39,18 @@ module ActiveLdap
     end
 
     def extract_salt_for_crypt(crypted_password)
-      if /^\$1\$/ =~ crypted_password
-        $MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
+      if /\A\$(?:1|5|6|2a)\$[a-zA-Z0-9.\/]{,16}\$/ =~ crypted_password
+        $MATCH
       else
-        crypted_password[0, 2]
+        salt = crypted_password[0, 2]
+        if salt.size != 2
+          raise ArgumentError, _("salt size must be 2: <%s>") % salt
+        end
+        unless /\A[a-zA-Z0-9.\/]{2}\z/ =~ salt
+          message = _("salt character must be [a-zA-Z0-9./]: <%s>") % salt
+          raise ArgumentError, message
+        end
+        salt
       end
     end
 

data/lib/active_ldap/version.rb

@@ -1,3 +1,3 @@
 module ActiveLdap
-  VERSION = "4.0.4"
+  VERSION = "4.0.5"
 end

data/test/test_ldif.rb

@@ -1247,6 +1247,27 @@ uid: hjensen
 EOL
   end
 
+  def test_record_with_external_file_reference_is_invalid
+    ldif_source = <<-EOL
+version: 1
+dn: cn=Horatio Jensen, ou=Product Testing, dc=airius, dc=com
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+cn: Horatio Jensen
+sn: Jensen
+uid: hjensen
+jpegphoto:< INVALID_URI
+EOL
+
+    ldif_source_with_error_mark = <<-EOL
+jpegphoto:< |@|INVALID_URI
+EOL
+
+    assert_invalid_ldif("URI is missing",
+                        ldif_source, 9, 13, ldif_source_with_error_mark)
+  end
+
   def test_records_with_option_attributes
     ldif_source = <<-EOL
 version: 1

data/test/test_user_password.rb

@@ -24,25 +24,107 @@ class TestUserPassword < Test::Unit::TestCase
     end
   end
 
-  def test_crypt
-    salt = ".WoUoU9f3IlUx9Hh7D/8y.xA6ziklGib"
-    assert_equal("{CRYPT}.W57FZhV52w0s",
-                 ActiveLdap::UserPassword.crypt("password", salt))
-
-    password = "PASSWORD"
-    hashed_password = ActiveLdap::UserPassword.crypt(password)
-    salt = hashed_password.sub(/^\{CRYPT\}/, '')
-    assert_equal(hashed_password,
-                 ActiveLdap::UserPassword.crypt(password, salt))
-  end
+  sub_test_case("crypt") do
+    def test_encrypt
+      salt = ".WoUoU9f3IlUx9Hh7D/8y.xA6ziklGib"
+      assert_equal("{CRYPT}.W57FZhV52w0s",
+                   ActiveLdap::UserPassword.crypt("password", salt))
+
+      password = "PASSWORD"
+      hashed_password = ActiveLdap::UserPassword.crypt(password)
+      salt = hashed_password.sub(/^\{CRYPT\}/, '')
+      assert_equal(hashed_password,
+                   ActiveLdap::UserPassword.crypt(password, salt))
+    end
 
-  def test_extract_salt_for_crypt
-    assert_extract_salt(:crypt, "AB", "ABCDE")
-    assert_extract_salt(:crypt, "$1", "$1")
-    assert_extract_salt(:crypt, "$1$$", "$1$")
-    assert_extract_salt(:crypt, "$1$$", "$1$$")
-    assert_extract_salt(:crypt, "$1$abcdefgh$", "$1$abcdefgh$")
-    assert_extract_salt(:crypt, "$1$abcdefgh$", "$1$abcdefghi$")
+    sub_test_case("extract_salt") do
+      sub_test_case("base format") do
+        def test_less
+          message = "salt size must be 2: <a>"
+          assert_raise(ArgumentError.new(message)) do
+            extract_salt(:crypt, "a")
+          end
+        end
+
+        def test_exact
+          assert_extract_salt(:crypt, "ab", "ab")
+        end
+
+        def test_more
+          assert_extract_salt(:crypt, "ab", "abc")
+        end
+      end
+
+      sub_test_case("glibc2 format") do
+        sub_test_case("ID") do
+          def test_md5
+            assert_extract_salt(:crypt, "$1$abcdefgh$", "$1$abcdefgh$")
+          end
+
+          def test_blowfish
+            assert_extract_salt(:crypt, "$2a$abcdefgh$", "$2a$abcdefgh$")
+          end
+
+          def test_sha256
+            assert_extract_salt(:crypt, "$5$abcdefgh$", "$5$abcdefgh$")
+          end
+
+          def test_sha512
+            assert_extract_salt(:crypt, "$6$abcdefgh$", "$6$abcdefgh$")
+          end
+        end
+
+        sub_test_case("salt") do
+          def test_not_teminated
+            message = "salt character must be [a-zA-Z0-9./]: <$1>"
+            assert_raise(ArgumentError.new(message)) do
+              extract_salt(:crypt, "$1$")
+            end
+          end
+
+          def test_empty
+            assert_extract_salt(:crypt, "$1$$", "$1$$")
+          end
+
+          def test_lower_case
+            assert_extract_salt(:crypt, "$1$abc$", "$1$abc$")
+          end
+
+          def test_upper_case
+            assert_extract_salt(:crypt, "$1$ABC$", "$1$ABC$")
+          end
+
+          def test_digit
+            assert_extract_salt(:crypt, "$1$012$", "$1$012$")
+          end
+
+          def test_dot
+            assert_extract_salt(:crypt, "$1$...$", "$1$...$")
+          end
+
+          def test_slash
+            assert_extract_salt(:crypt, "$1$///$", "$1$///$")
+          end
+
+          def test_mix
+            assert_extract_salt(:crypt, "$1$aA0./$", "$1$aA0./$")
+          end
+
+          def test_max
+            assert_extract_salt(:crypt,
+                                "$1$0123456789abcdef$",
+                                "$1$0123456789abcdef$")
+          end
+
+          def test_over
+            message = "salt character must be [a-zA-Z0-9./]: <$1>"
+            assert_raise(ArgumentError.new(message)) do
+              extract_salt(:crypt, "$1$0123456789abcdefg$")
+            end
+          end
+        end
+      end
+    end
   end
 
   def test_md5
@@ -94,10 +176,12 @@ class TestUserPassword < Test::Unit::TestCase
   end
 
   private
+  def extract_salt(type, hashed_password)
+    ActiveLdap::UserPassword.send("extract_salt_for_#{type}",
+                                  hashed_password)
+  end
   def assert_extract_salt(type, expected, hashed_password)
-    actual = ActiveLdap::UserPassword.send("extract_salt_for_#{type}",
-                                           hashed_password)
-    assert_equal(expected, actual)
+    assert_equal(expected, extract_salt(type, hashed_password))
   end
 
   def encode64(string)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: activeldap
 version: !ruby/object:Gem::Version
-  version: 4.0.4
+  version: 4.0.5
 platform: ruby
 authors:
 - Will Drewry
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-11 00:00:00.000000000 Z
+date: 2016-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -347,7 +347,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: ruby-activeldap
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: ActiveLdap is a object-oriented API to LDAP