adauth 0.0.1pre

data/.gitignore

@@ -0,0 +1,5 @@
+.DS_STORE
+pkg/*
+tmp/*
+*~
+spec/test_data.yml

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,26 @@
+PATH
+  remote: .
+  specs:
+    adauth (0.0.1pre)
+      ruby-net-ldap
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    rspec (2.6.0)
+      rspec-core (~> 2.6.0)
+      rspec-expectations (~> 2.6.0)
+      rspec-mocks (~> 2.6.0)
+    rspec-core (2.6.1)
+    rspec-expectations (2.6.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.6.0)
+    ruby-net-ldap (0.0.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  adauth!
+  rspec

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/Readme.rdoc

@@ -0,0 +1,64 @@
+= {Adauth}[http://adauth.arcath.net/]
+
+Easy to use Active Directory Authentication for Rails.
+
+== Install
+
+Add the Adauth gem to your Gemfile:
+
+    gem 'adauth'
+
+and run a bundle install
+
+== Usage
+
+Create an initializer in _config/initilaizers_ called adauth.rb and place this code in it:
+
+    Adauth.configure do |c|
+        c.domain = "example.com" #The domain name used on your network e.g. example.com or example.local
+        c.server = "127.0.0.1" #The IP of any DC on your network
+        c.base = "dc=example, dc=com" #the base for your users.
+    end
+
+c.port can also be used but defaults to 389 which is the default for AD/LDAP. For a full list of options see {Configuration}[...] on the wiki.
+
+Thats enough to very basically run Adauth, and if you prefer complete control over how your authentication is handled you can use this method:
+
+    Adauth.authenticate(username, password)
+
+Which has 2 possible return values nil if the users details are wrong or an instance of Adauth::User if the details are correct.
+
+Adauth provides generators and helper methods for getting your application up and running.
+
+== Developing
+
+Obviously to test the AD functionality Adauth requires a working domain and a user to try logging in with. If you try running the tests without first creating the test_data.yml file then they will fail with this error:
+
+    Failure/Error: @yaml = YAML::load(File.open('spec/test_data.yml'))
+
+You need to create a yaml file that looks like this:
+
+    domain:
+      domain: example.com
+      server: 127.0.0.1
+      port: 389
+      base: "dc=example, dc=com"
+      pass_allowed_groups:
+        - group
+      fail_allowed_groups:
+        - no_group
+
+    user:
+      login: username
+      password: password
+      group: group
+
+The domain portion of this file is pretty self explanatory, they are the same as the code above for creating a domain connection. ALL options need to be set here.
+
+The pass and fail allowed groups need to be an array with pass containing a group that the test user is a member of and fail containing a group that the test user isn't a member of. (The fail group doesn't have to exist)
+
+The user is a user capable of logging into the domain, you can use your account here or any account on the domain. The group attribute needs to be set to a group that you are a member of so that the tests can make sure that the correct groups are picked up from AD.
+
+Don't worry about this file making it into a pull request, it is in the .gitignore file so unless you remove it from there it wont be comitted.
+
+If you make any additions/changes please add some tests for them.

data/adauth.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require 'adauth/version'
+
+Gem::Specification.new do |s|
+    s.name = "adauth"
+    s.version = Adauth::Version
+    s.platform = Gem::Platform::RUBY
+    s.authors = ["Adam \"Arcath\" Laycock"]
+    s.email = ["gems@arcath.net"]
+    s.homepage = "http://adauth.arcath.net"
+    s.summary = "Provides Active Directory authentication for Rails"
+    
+    s.add_development_dependency "rspec"
+    s.add_dependency "ruby-net-ldap"
+    
+    s.files         = `git ls-files`.split("\n")
+    s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")   
+    s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+    s.require_paths = ["lib"]
+end

data/lib/adauth.rb

@@ -0,0 +1,26 @@
+require 'net/ldap'
+require 'adauth/version'
+require 'adauth/user'
+require 'adauth/config'
+require 'adauth/helpers'
+require 'adauth/user_model' if defined? ActiveRecord
+
+module Adauth
+    def self.authenticate(login, pass)
+        if @config.allowed_groups != []
+            user = Adauth::User.authenticate(login, pass)
+            (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil
+        else
+            Adauth::User.authenticate(login, pass)
+        end
+    end
+    
+    def self.configure
+       @config = Config.new
+       yield(@config) 
+    end
+    
+    def self.config
+        @config
+    end
+end

data/lib/adauth/config.rb

@@ -0,0 +1,10 @@
+module Adauth
+    class Config
+        attr_accessor :domain, :port, :base, :server, :allowed_groups
+        
+        def initialize
+           @port = 389
+           @allowed_groups = []
+        end
+    end
+end

data/lib/adauth/helpers.rb

@@ -0,0 +1,21 @@
+module Adauth
+    module Helpers
+        def adauth_form
+        	form_tag '/adauth', :id => "adauth_login" do
+        	    yield.html_safe
+    	    end
+        end
+        
+        def default_adauth_form
+            adauth_form do
+                "<p>#{label_tag :username}: 
+                #{text_field_tag :username}</p>
+                <p>#{label_tag :password}: 
+                #{password_field_tag :password}</p>
+                <p>#{submit_tag "Login!"}</p>"
+            end
+        end
+    end
+end
+
+ActionView::Base.send :include, Adauth::Helpers if defined? ActionView

data/lib/adauth/user.rb

@@ -0,0 +1,85 @@
+module Adauth
+    class User
+        ATTR_SV = {
+              :login => :samaccountname,
+              :first_name => :givenname,
+              :last_name => :sn,
+              :email => :mail,
+              :name => :name
+        }
+            
+        ATTR_MV = {
+              :groups => [ :memberof,
+                           Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
+        }
+
+        def self.authenticate(login, pass)
+            return nil if login.empty? or pass.empty?
+            conn = Net::LDAP.new    :host => Adauth.config.server,
+                                    :port => Adauth.config.port,
+                                    :base => Adauth.config.base,
+                                    :auth => { :username => "#{login}@#{Adauth.config.domain}",
+                                        :password => pass,
+                                        :method => :simple }
+            if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
+                return self.new(user)
+            else
+                return nil
+            end
+        rescue Net::LDAP::LdapError => e
+            return nil
+        end
+
+        def full_name
+            self.first_name + ' ' + self.last_name
+        end
+
+        def member_of?(group)
+            self.groups.include?(group)
+        end
+
+        private
+
+        def initialize(entry)
+            @entry = entry
+            self.class.class_eval do
+                generate_single_value_readers
+                generate_multi_value_readers
+            end
+        end
+
+        def self.generate_single_value_readers
+            ATTR_SV.each_pair do |k, v|
+                val, block = Array(v)
+                define_method(k) do
+                    if @entry.attribute_names.include?(val)
+                        if block.is_a?(Proc)
+                            return block[@entry.send(val).to_s]
+                        else
+                            return @entry.send(val).to_s
+                        end
+                    else
+                        return ''
+                    end
+                end
+            end
+        end
+
+        def self.generate_multi_value_readers
+            ATTR_MV.each_pair do |k, v|
+                val, block = Array(v)
+                define_method(k) do
+                    if @entry.attribute_names.include?(val)
+                        if block.is_a?(Proc)
+                            return @entry.send(val).collect(&block)
+                        else
+                            return @entry.send(val)
+                        end
+                    else
+                        return []
+                    end
+                end
+            end
+        end
+    end
+end

data/lib/adauth/user_model.rb

@@ -0,0 +1,25 @@
+module Adauth
+    module UserModel
+        def self.included(base)
+            base.extend ClassMethods
+        end
+        
+    	def groups
+    	   group_strings.split(", ") 
+	    end
+	    
+	    module ClassMethods
+	        def return_and_create_with_adauth(adauth_user)
+                find_by_login(adauth_user.login) || create_user_with_adauth(adauth_user)
+            end
+
+            def create_user_with_adauth(adauth_user)
+        		create! do |user|
+        			user.login = adauth_user.login
+        			user.group_strings = adauth_user.groups.join(", ")
+        			user.name = adauth_user.name
+        		end
+        	end 
+        end
+    end
+end

data/lib/adauth/version.rb

@@ -0,0 +1,3 @@
+module Adauth
+    Version = "0.0.1pre"
+end

data/lib/generators/adauth/user_model/USAGE

@@ -0,0 +1,14 @@
+Description:
+  Default for MODEL_NAME is user
+  Default for MIGRATION_NAME is "create_(plural of MODEL_NAME)"
+  Creates a model for storing Adauth users which inherits from Adauth::UserModel
+
+Example:
+  adauth:user_model
+    Will result in app/model/user.rb and a migration called create_users
+
+  adauth:user_model employee
+    Will result in app/model/employee.rb and a migration called create_employees
+
+  adauth:user_model employee add_adauth_to_employees
+    Will result in app/model/employee.rb and a migration called add_adauth_to_employees

data/lib/generators/adauth/user_model/templates/migration.rb.erb

@@ -0,0 +1,14 @@
+class <%= migration_name_for_array.camelize %>
+	def self.up
+		create_table :<%= model_name.pluralize %> do |t|
+			t.string :login
+			t.string :group_strings
+			t.string :name
+			t.timestamps
+		end
+	end
+	
+	def self.down
+		drop_table :<%= model_name.pluralize %>
+	end
+end

data/lib/generators/adauth/user_model/templates/model.rb.erb

@@ -0,0 +1,3 @@
+class <%= model_name.camelize %> < ActiveRecord::Base
+    include Adauth::UserModel
+end

data/lib/generators/adauth/user_model/user_model_generator.rb

@@ -0,0 +1,24 @@
+module Adauth
+    module Generators
+        class UserModelGenerator < Rails::Generators::Base
+            source_root File.expand_path('../templates', __FILE__)
+            argument :model_name, :type => :string, :default => "user"
+            argument :migration_name, :type => :string, :default => false
+            
+            def generate_user_model
+                template "model.rb.erb", "app/models/#{file_name}.rb"
+                template "migration.rb.erb", "db/migrate/#{Time.now.utc.strftime("%Y%m%d%H%M%S")}_#{migration_name_for_array}.rb"
+            end
+            
+            private
+            
+            def file_name
+               model_name.underscore
+            end
+            
+            def migration_name_for_array
+                migration_name || "create_#{model_name.pluralize}"
+            end
+        end
+    end
+end

data/spec/adauth_spec.rb

@@ -0,0 +1,92 @@
+require 'lib/adauth'
+require 'yaml'
+
+describe Adauth, "#configure" do
+    it "should accept a block" do
+        Adauth.configure do |c|
+            c.domain = "example.com"
+        end
+    end
+end
+
+describe Adauth, "#config" do
+    before :each do
+        Adauth.configure do |c|
+            c.domain = "example.com"
+            c.base = "dc=example, dc=com"
+            c.server = "127.0.0.1"
+        end
+    end
+    
+    it "should allow retrival of data" do
+        Adauth.config.domain.should == "example.com"
+    end
+    
+    it "should set port to 389 if not set" do
+        Adauth.config.port.should == 389
+    end
+end
+
+describe Adauth, "#authenticate" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+    end
+    
+    it "should succesfully authenticate with the example user" do
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should return nil for a failed bind" do
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should == nil
+    end
+    
+    it "should return nil for a failed bind whilst using allowed groups" do
+       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should be_nil
+    end
+    
+    it "should allow users who are in an allowed group" do
+       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should dis-allow users who are not in an allowed group" do
+       Adauth.config.allowed_groups = @yaml["domain"]["fail_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+end
+
+describe Adauth::User do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
+    end
+    
+    it "should return groups for an authenticated user" do
+        @user.groups.should be_a Array
+    end
+    
+    it "should return true for a member_of test using the users group" do
+        @user.member_of?(@yaml["user"]["group"]).should == true
+    end
+    
+    it "should return false for a member_of test using the users password" do
+        @user.member_of?(@yaml["user"]["password"]).should == false
+    end
+    
+    it "should have the correct user" do
+        @user.login.should == @yaml["user"]["login"]
+    end
+end

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification 
+name: adauth
+version: !ruby/object:Gem::Version 
+  hash: 961915968
+  prerelease: 5
+  segments: 
+  - 0
+  - 0
+  - 1
+  - pre
+  version: 0.0.1pre
+platform: ruby
+authors: 
+- Adam "Arcath" Laycock
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-06 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: ruby-net-ldap
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+description: 
+email: 
+- gems@arcath.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- Rakefile
+- Readme.rdoc
+- adauth.gemspec
+- lib/adauth.rb
+- lib/adauth/config.rb
+- lib/adauth/helpers.rb
+- lib/adauth/user.rb
+- lib/adauth/user_model.rb
+- lib/adauth/version.rb
+- lib/generators/adauth/user_model/USAGE
+- lib/generators/adauth/user_model/templates/migration.rb.erb
+- lib/generators/adauth/user_model/templates/model.rb.erb
+- lib/generators/adauth/user_model/user_model_generator.rb
+- spec/adauth_spec.rb
+has_rdoc: true
+homepage: http://adauth.arcath.net
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      hash: 25
+      segments: 
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Provides Active Directory authentication for Rails
+test_files: 
+- spec/adauth_spec.rb