adauth 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -0
- data/Readme.rdoc +6 -0
- data/lib/adauth.rb +6 -0
- data/lib/adauth/config.rb +22 -2
- data/lib/adauth/user.rb +6 -4
- data/lib/adauth/user_model.rb +11 -0
- data/lib/adauth/version.rb +1 -1
- data/lib/generators/adauth/config/templates/config.rb.erb +15 -0
- data/lib/generators/adauth/user_model/user_model_generator.rb +1 -1
- data/spec/adauth_spec.rb +54 -2
- metadata +4 -4
data/.gitignore
CHANGED
data/Readme.rdoc
CHANGED
|
@@ -43,11 +43,17 @@ You need to create a yaml file that looks like this:
|
|
|
43
43
|
- group
|
|
44
44
|
fail_allowed_groups:
|
|
45
45
|
- no_group
|
|
46
|
+
pass_allowed_ous:
|
|
47
|
+
- ou
|
|
48
|
+
fail_allowed_ous:
|
|
49
|
+
- no_ou
|
|
46
50
|
|
|
47
51
|
user:
|
|
48
52
|
login: username
|
|
49
53
|
password: password
|
|
50
54
|
group: group
|
|
55
|
+
ou: ou_user_is_in
|
|
56
|
+
email: email_of_user_in_ad
|
|
51
57
|
|
|
52
58
|
The domain portion of this file is pretty self explanatory, they are the same as the code above for creating a domain connection. ALL options need to be set here.
|
|
53
59
|
|
data/lib/adauth.rb
CHANGED
|
@@ -23,6 +23,12 @@ module Adauth
|
|
|
23
23
|
elsif @config.denied_groups != []
|
|
24
24
|
user = Adauth::User.authenticate(login, pass)
|
|
25
25
|
(user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
|
|
26
|
+
elsif @config.allowed_ous != []
|
|
27
|
+
user = Adauth::User.authenticate(login, pass)
|
|
28
|
+
(user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
|
|
29
|
+
elsif @config.denied_ous != []
|
|
30
|
+
user = Adauth::User.authenticate(login, pass)
|
|
31
|
+
(user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
|
|
26
32
|
else
|
|
27
33
|
Adauth::User.authenticate(login, pass)
|
|
28
34
|
end
|
data/lib/adauth/config.rb
CHANGED
|
@@ -2,15 +2,35 @@ module Adauth
|
|
|
2
2
|
|
|
3
3
|
# Holds all of adauth config in attr_accessor values
|
|
4
4
|
class Config
|
|
5
|
-
attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups
|
|
5
|
+
attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous
|
|
6
6
|
|
|
7
7
|
# Creates a new instance of Adauth::Config
|
|
8
8
|
#
|
|
9
|
-
# Sets port, allowed_groups and
|
|
9
|
+
# Sets port, allowed_groups, denied_groups, ad_sv_attrs and ad_mv_attrs to default so they can be omitted from the config
|
|
10
10
|
def initialize
|
|
11
11
|
@port = 389
|
|
12
12
|
@allowed_groups = []
|
|
13
13
|
@denied_groups = []
|
|
14
|
+
@ad_sv_attrs = {}
|
|
15
|
+
@ad_mv_attrs = {}
|
|
16
|
+
@allowed_ous = []
|
|
17
|
+
@denied_ous = []
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def domain=(s)
|
|
21
|
+
@domain = s
|
|
22
|
+
work_out_base(s)
|
|
23
|
+
@server ||= s
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def work_out_base(s)
|
|
29
|
+
dcs = []
|
|
30
|
+
s.split(/\./).each do |split|
|
|
31
|
+
dcs.push("dc=#{split}")
|
|
32
|
+
end
|
|
33
|
+
@base ||= dcs.join(', ')
|
|
14
34
|
end
|
|
15
35
|
end
|
|
16
36
|
end
|
data/lib/adauth/user.rb
CHANGED
|
@@ -17,7 +17,9 @@ module Adauth
|
|
|
17
17
|
# Multi values were the method needs to return an array for values.
|
|
18
18
|
ATTR_MV = {
|
|
19
19
|
:groups => [ :memberof,
|
|
20
|
-
Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
|
|
20
|
+
Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
|
|
21
|
+
:ous => [ :memberof,
|
|
22
|
+
Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ]
|
|
21
23
|
}
|
|
22
24
|
|
|
23
25
|
# Authenticates a user against Active Directory and returns an instance of self
|
|
@@ -34,7 +36,7 @@ module Adauth
|
|
|
34
36
|
:auth => { :username => "#{login}@#{Adauth.config.domain}",
|
|
35
37
|
:password => pass,
|
|
36
38
|
:method => :simple }
|
|
37
|
-
if conn.bind and user = conn.search(:filter =>
|
|
39
|
+
if conn.bind and user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
|
|
38
40
|
return self.new(user)
|
|
39
41
|
else
|
|
40
42
|
return nil
|
|
@@ -66,7 +68,7 @@ module Adauth
|
|
|
66
68
|
end
|
|
67
69
|
|
|
68
70
|
def self.generate_single_value_readers
|
|
69
|
-
ATTR_SV.each_pair do |k, v|
|
|
71
|
+
ATTR_SV.merge(Adauth.config.ad_sv_attrs).each_pair do |k, v|
|
|
70
72
|
val, block = Array(v)
|
|
71
73
|
define_method(k) do
|
|
72
74
|
if @entry.attribute_names.include?(val)
|
|
@@ -83,7 +85,7 @@ module Adauth
|
|
|
83
85
|
end
|
|
84
86
|
|
|
85
87
|
def self.generate_multi_value_readers
|
|
86
|
-
ATTR_MV.each_pair do |k, v|
|
|
88
|
+
ATTR_MV.merge(Adauth.config.ad_mv_attrs).each_pair do |k, v|
|
|
87
89
|
val, block = Array(v)
|
|
88
90
|
define_method(k) do
|
|
89
91
|
if @entry.attribute_names.include?(val)
|
data/lib/adauth/user_model.rb
CHANGED
|
@@ -18,6 +18,16 @@ module Adauth
|
|
|
18
18
|
group_strings.split(", ")
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# Returns an array of groups for the user
|
|
22
|
+
#
|
|
23
|
+
# Called as:
|
|
24
|
+
# UserInstance.ous
|
|
25
|
+
#
|
|
26
|
+
# The array is generated from the group_strings attribute which is set by the adauth update and create methods. This array will match the orginizational units the user is a member of.
|
|
27
|
+
def ous
|
|
28
|
+
ou_strings.split(", ")
|
|
29
|
+
end
|
|
30
|
+
|
|
21
31
|
# Update the user record using an instance of Adauth::User
|
|
22
32
|
#
|
|
23
33
|
# Called as:
|
|
@@ -57,6 +67,7 @@ module Adauth
|
|
|
57
67
|
create! do |user|
|
|
58
68
|
user.login = adauth_user.login
|
|
59
69
|
user.group_strings = adauth_user.groups.join(", ")
|
|
70
|
+
user.ou_strings = adauth_user.ous.join(", ")
|
|
60
71
|
user.name = adauth_user.name
|
|
61
72
|
end
|
|
62
73
|
end
|
data/lib/adauth/version.rb
CHANGED
|
@@ -39,4 +39,19 @@ Adauth.configure do |c|
|
|
|
39
39
|
#
|
|
40
40
|
# Takes an array for group names
|
|
41
41
|
#c.denied_groups = ["Group1", "Group2"]
|
|
42
|
+
|
|
43
|
+
# Additional single attributes to fetch
|
|
44
|
+
#
|
|
45
|
+
# Single Values to fetch from Active Directory for example phone number
|
|
46
|
+
#
|
|
47
|
+
# Takes a hash in the form { :method_on_Adauth::User => :field_in_ad }
|
|
48
|
+
#c.ad_sv_attrs = { :phone => :telephonenumber }
|
|
49
|
+
|
|
50
|
+
# Additional multi attributes to fetch
|
|
51
|
+
#
|
|
52
|
+
# Multiple Values to fetch from Active Directory
|
|
53
|
+
#
|
|
54
|
+
# Takes a hash in the form { :method_on_Adauth::User => [ :field_in_ad, Proc.new { |g| operations_to_turn_field_into_array } ] }
|
|
55
|
+
# Example os for groups (already provided)
|
|
56
|
+
#c.ad_mv_attrs(:groups => [ :memberof, Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ])
|
|
42
57
|
end
|
|
@@ -15,7 +15,7 @@ module Adauth
|
|
|
15
15
|
# Has 2 optional parameters, model_name which defaults to "user" and migration_name which defaults to "create_users"
|
|
16
16
|
def generate_user_model
|
|
17
17
|
template "model.rb.erb", "app/models/#{file_name}.rb"
|
|
18
|
-
generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string"
|
|
18
|
+
generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string", "ou_strings:string"
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
private
|
data/spec/adauth_spec.rb
CHANGED
|
@@ -4,9 +4,17 @@ require 'yaml'
|
|
|
4
4
|
describe Adauth, "#configure" do
|
|
5
5
|
it "should accept a block" do
|
|
6
6
|
Adauth.configure do |c|
|
|
7
|
-
c.domain = "example.com"
|
|
7
|
+
c.domain = "test.example.com"
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
|
+
|
|
11
|
+
it "should correctly calculate the base" do
|
|
12
|
+
Adauth.config.base.should eq("dc=test, dc=example, dc=com")
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it "should set the server to the domain if not specified" do
|
|
16
|
+
Adauth.config.server.should eq("test.example.com")
|
|
17
|
+
end
|
|
10
18
|
end
|
|
11
19
|
|
|
12
20
|
describe Adauth, "#config" do
|
|
@@ -66,10 +74,30 @@ describe Adauth, "#authenticate" do
|
|
|
66
74
|
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
67
75
|
end
|
|
68
76
|
|
|
69
|
-
it "should
|
|
77
|
+
it "should allow users who are in a denied group" do
|
|
70
78
|
Adauth.config.denied_groups = @yaml["domain"]["fail_allowed_groups"]
|
|
71
79
|
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
72
80
|
end
|
|
81
|
+
|
|
82
|
+
it "should allow users who are in an allowed ou" do
|
|
83
|
+
Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
|
|
84
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
it "should dis-allow users who are not in an allowed ou" do
|
|
88
|
+
Adauth.config.allowed_ous = @yaml["domain"]["fail_allowed_ous"]
|
|
89
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
it "should dis-allow users who are in a denied ou" do
|
|
93
|
+
Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
|
|
94
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
it "should allow users who are not in a denied ou" do
|
|
98
|
+
Adauth.config.denied_ous = @yaml["domain"]["fail_allowed_ous"]
|
|
99
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
100
|
+
end
|
|
73
101
|
end
|
|
74
102
|
|
|
75
103
|
describe Adauth::User do
|
|
@@ -99,4 +127,28 @@ describe Adauth::User do
|
|
|
99
127
|
it "should have the correct user" do
|
|
100
128
|
@user.login.should == @yaml["user"]["login"]
|
|
101
129
|
end
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
describe "Adauth::User custom returns" do
|
|
133
|
+
before :each do
|
|
134
|
+
@yaml = YAML::load(File.open('spec/test_data.yml'))
|
|
135
|
+
Adauth.configure do |c|
|
|
136
|
+
c.domain = @yaml["domain"]["domain"]
|
|
137
|
+
c.server = @yaml["domain"]["server"]
|
|
138
|
+
c.port = @yaml["domain"]["port"]
|
|
139
|
+
c.base = @yaml["domain"]["base"]
|
|
140
|
+
c.ad_sv_attrs = { :phone => :telephonenumber }
|
|
141
|
+
c.ad_mv_attrs = { :ous => [ :memberof,
|
|
142
|
+
Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ] }
|
|
143
|
+
end
|
|
144
|
+
@user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
it "should pickup the custom single value from AD" do
|
|
148
|
+
@user.phone.should be_a String
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
it "should pickup the custom multi value from AD" do
|
|
152
|
+
@user.ous.should be_a Array
|
|
153
|
+
end
|
|
102
154
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: adauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 19
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
|
-
- 0
|
|
9
8
|
- 1
|
|
10
|
-
|
|
9
|
+
- 0
|
|
10
|
+
version: 1.1.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Adam "Arcath" Laycock
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-08-
|
|
18
|
+
date: 2011-08-08 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|