adauth 1.0.1 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore CHANGED
@@ -5,3 +5,5 @@ tmp/*
5
5
  spec/test_data.yml
6
6
  doc/*
7
7
  .yardoc/*
8
+
9
+ .rvmrc
@@ -43,11 +43,17 @@ You need to create a yaml file that looks like this:
43
43
  - group
44
44
  fail_allowed_groups:
45
45
  - no_group
46
+ pass_allowed_ous:
47
+ - ou
48
+ fail_allowed_ous:
49
+ - no_ou
46
50
 
47
51
  user:
48
52
  login: username
49
53
  password: password
50
54
  group: group
55
+ ou: ou_user_is_in
56
+ email: email_of_user_in_ad
51
57
 
52
58
  The domain portion of this file is pretty self explanatory, they are the same as the code above for creating a domain connection. ALL options need to be set here.
53
59
 
@@ -23,6 +23,12 @@ module Adauth
23
23
  elsif @config.denied_groups != []
24
24
  user = Adauth::User.authenticate(login, pass)
25
25
  (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
26
+ elsif @config.allowed_ous != []
27
+ user = Adauth::User.authenticate(login, pass)
28
+ (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
29
+ elsif @config.denied_ous != []
30
+ user = Adauth::User.authenticate(login, pass)
31
+ (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
26
32
  else
27
33
  Adauth::User.authenticate(login, pass)
28
34
  end
@@ -2,15 +2,35 @@ module Adauth
2
2
 
3
3
  # Holds all of adauth config in attr_accessor values
4
4
  class Config
5
- attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups
5
+ attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous
6
6
 
7
7
  # Creates a new instance of Adauth::Config
8
8
  #
9
- # Sets port, allowed_groups and denied_groups to default so they can be omitted from the config
9
+ # Sets port, allowed_groups, denied_groups, ad_sv_attrs and ad_mv_attrs to default so they can be omitted from the config
10
10
  def initialize
11
11
  @port = 389
12
12
  @allowed_groups = []
13
13
  @denied_groups = []
14
+ @ad_sv_attrs = {}
15
+ @ad_mv_attrs = {}
16
+ @allowed_ous = []
17
+ @denied_ous = []
18
+ end
19
+
20
+ def domain=(s)
21
+ @domain = s
22
+ work_out_base(s)
23
+ @server ||= s
24
+ end
25
+
26
+ private
27
+
28
+ def work_out_base(s)
29
+ dcs = []
30
+ s.split(/\./).each do |split|
31
+ dcs.push("dc=#{split}")
32
+ end
33
+ @base ||= dcs.join(', ')
14
34
  end
15
35
  end
16
36
  end
@@ -17,7 +17,9 @@ module Adauth
17
17
  # Multi values were the method needs to return an array for values.
18
18
  ATTR_MV = {
19
19
  :groups => [ :memberof,
20
- Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
20
+ Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
21
+ :ous => [ :memberof,
22
+ Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ]
21
23
  }
22
24
 
23
25
  # Authenticates a user against Active Directory and returns an instance of self
@@ -34,7 +36,7 @@ module Adauth
34
36
  :auth => { :username => "#{login}@#{Adauth.config.domain}",
35
37
  :password => pass,
36
38
  :method => :simple }
37
- if conn.bind and user = conn.search(:filter => "sAMAccountName=#{login}").first
39
+ if conn.bind and user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
38
40
  return self.new(user)
39
41
  else
40
42
  return nil
@@ -66,7 +68,7 @@ module Adauth
66
68
  end
67
69
 
68
70
  def self.generate_single_value_readers
69
- ATTR_SV.each_pair do |k, v|
71
+ ATTR_SV.merge(Adauth.config.ad_sv_attrs).each_pair do |k, v|
70
72
  val, block = Array(v)
71
73
  define_method(k) do
72
74
  if @entry.attribute_names.include?(val)
@@ -83,7 +85,7 @@ module Adauth
83
85
  end
84
86
 
85
87
  def self.generate_multi_value_readers
86
- ATTR_MV.each_pair do |k, v|
88
+ ATTR_MV.merge(Adauth.config.ad_mv_attrs).each_pair do |k, v|
87
89
  val, block = Array(v)
88
90
  define_method(k) do
89
91
  if @entry.attribute_names.include?(val)
@@ -18,6 +18,16 @@ module Adauth
18
18
  group_strings.split(", ")
19
19
  end
20
20
 
21
+ # Returns an array of groups for the user
22
+ #
23
+ # Called as:
24
+ # UserInstance.ous
25
+ #
26
+ # The array is generated from the group_strings attribute which is set by the adauth update and create methods. This array will match the orginizational units the user is a member of.
27
+ def ous
28
+ ou_strings.split(", ")
29
+ end
30
+
21
31
  # Update the user record using an instance of Adauth::User
22
32
  #
23
33
  # Called as:
@@ -57,6 +67,7 @@ module Adauth
57
67
  create! do |user|
58
68
  user.login = adauth_user.login
59
69
  user.group_strings = adauth_user.groups.join(", ")
70
+ user.ou_strings = adauth_user.ous.join(", ")
60
71
  user.name = adauth_user.name
61
72
  end
62
73
  end
@@ -1,5 +1,5 @@
1
1
  module Adauth
2
2
 
3
3
  # The version of the gem
4
- Version = "1.0.1"
4
+ Version = "1.1.0"
5
5
  end
@@ -39,4 +39,19 @@ Adauth.configure do |c|
39
39
  #
40
40
  # Takes an array for group names
41
41
  #c.denied_groups = ["Group1", "Group2"]
42
+
43
+ # Additional single attributes to fetch
44
+ #
45
+ # Single Values to fetch from Active Directory for example phone number
46
+ #
47
+ # Takes a hash in the form { :method_on_Adauth::User => :field_in_ad }
48
+ #c.ad_sv_attrs = { :phone => :telephonenumber }
49
+
50
+ # Additional multi attributes to fetch
51
+ #
52
+ # Multiple Values to fetch from Active Directory
53
+ #
54
+ # Takes a hash in the form { :method_on_Adauth::User => [ :field_in_ad, Proc.new { |g| operations_to_turn_field_into_array } ] }
55
+ # Example os for groups (already provided)
56
+ #c.ad_mv_attrs(:groups => [ :memberof, Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ])
42
57
  end
@@ -15,7 +15,7 @@ module Adauth
15
15
  # Has 2 optional parameters, model_name which defaults to "user" and migration_name which defaults to "create_users"
16
16
  def generate_user_model
17
17
  template "model.rb.erb", "app/models/#{file_name}.rb"
18
- generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string"
18
+ generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string", "ou_strings:string"
19
19
  end
20
20
 
21
21
  private
@@ -4,9 +4,17 @@ require 'yaml'
4
4
  describe Adauth, "#configure" do
5
5
  it "should accept a block" do
6
6
  Adauth.configure do |c|
7
- c.domain = "example.com"
7
+ c.domain = "test.example.com"
8
8
  end
9
9
  end
10
+
11
+ it "should correctly calculate the base" do
12
+ Adauth.config.base.should eq("dc=test, dc=example, dc=com")
13
+ end
14
+
15
+ it "should set the server to the domain if not specified" do
16
+ Adauth.config.server.should eq("test.example.com")
17
+ end
10
18
  end
11
19
 
12
20
  describe Adauth, "#config" do
@@ -66,10 +74,30 @@ describe Adauth, "#authenticate" do
66
74
  Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
67
75
  end
68
76
 
69
- it "should dis-allow users who are in a denied group" do
77
+ it "should allow users who are in a denied group" do
70
78
  Adauth.config.denied_groups = @yaml["domain"]["fail_allowed_groups"]
71
79
  Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
72
80
  end
81
+
82
+ it "should allow users who are in an allowed ou" do
83
+ Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
84
+ Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
85
+ end
86
+
87
+ it "should dis-allow users who are not in an allowed ou" do
88
+ Adauth.config.allowed_ous = @yaml["domain"]["fail_allowed_ous"]
89
+ Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
90
+ end
91
+
92
+ it "should dis-allow users who are in a denied ou" do
93
+ Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
94
+ Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
95
+ end
96
+
97
+ it "should allow users who are not in a denied ou" do
98
+ Adauth.config.denied_ous = @yaml["domain"]["fail_allowed_ous"]
99
+ Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
100
+ end
73
101
  end
74
102
 
75
103
  describe Adauth::User do
@@ -99,4 +127,28 @@ describe Adauth::User do
99
127
  it "should have the correct user" do
100
128
  @user.login.should == @yaml["user"]["login"]
101
129
  end
130
+ end
131
+
132
+ describe "Adauth::User custom returns" do
133
+ before :each do
134
+ @yaml = YAML::load(File.open('spec/test_data.yml'))
135
+ Adauth.configure do |c|
136
+ c.domain = @yaml["domain"]["domain"]
137
+ c.server = @yaml["domain"]["server"]
138
+ c.port = @yaml["domain"]["port"]
139
+ c.base = @yaml["domain"]["base"]
140
+ c.ad_sv_attrs = { :phone => :telephonenumber }
141
+ c.ad_mv_attrs = { :ous => [ :memberof,
142
+ Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ] }
143
+ end
144
+ @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
145
+ end
146
+
147
+ it "should pickup the custom single value from AD" do
148
+ @user.phone.should be_a String
149
+ end
150
+
151
+ it "should pickup the custom multi value from AD" do
152
+ @user.ous.should be_a Array
153
+ end
102
154
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: adauth
3
3
  version: !ruby/object:Gem::Version
4
- hash: 21
4
+ hash: 19
5
5
  prerelease:
6
6
  segments:
7
7
  - 1
8
- - 0
9
8
  - 1
10
- version: 1.0.1
9
+ - 0
10
+ version: 1.1.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Adam "Arcath" Laycock
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-08-01 00:00:00 +01:00
18
+ date: 2011-08-08 00:00:00 +01:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency