adauth 1.1.0 → 1.2.0

data/.gitignore

@@ -7,3 +7,7 @@ doc/*
 .yardoc/*
 
 .rvmrc
+
+spec/test.sqlite3
+
+spec/db/db.sqlite3

data/Gemfile.lock

@@ -1,13 +1,26 @@
 PATH
   remote: .
   specs:
-    adauth (1.0.0)
+    adauth (1.1.0)
       net-ldap
 
 GEM
   remote: http://rubygems.org/
   specs:
+    activemodel (3.0.7)
+      activesupport (= 3.0.7)
+      builder (~> 2.1.2)
+      i18n (~> 0.5.0)
+    activerecord (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
+      arel (~> 2.0.2)
+      tzinfo (~> 0.3.23)
+    activesupport (3.0.7)
+    arel (2.0.10)
+    builder (2.1.2)
     diff-lcs (1.1.2)
+    i18n (0.5.0)
     net-ldap (0.2.2)
     rspec (2.6.0)
       rspec-core (~> 2.6.0)
@@ -17,10 +30,12 @@ GEM
     rspec-expectations (2.6.0)
       diff-lcs (~> 1.1.2)
     rspec-mocks (2.6.0)
+    tzinfo (0.3.29)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  activerecord
   adauth!
   rspec

data/Rakefile

@@ -1,2 +1,3 @@
 require 'bundler'
+
 Bundler::GemHelper.install_tasks

data/lib/adauth.rb

@@ -3,37 +3,17 @@ require 'adauth/version'
 require 'adauth/user'
 require 'adauth/config'
 require 'adauth/helpers'
-require 'adauth/user_model' if defined? ActiveRecord
+require 'adauth/connection'
+require 'adauth/group'
+require 'adauth/admin_connection'
+require 'adauth/authenticate'
+require 'adauth/user_model'
 
 # The top level module
 #
 # For Adauths documentation please see the github wiki.
 module Adauth
     
-    # Takes a username and password as an input and returns an instance of `Adauth::User`
-    #
-    # Called as
-    #    Adauth.authenticate("Username", "Password")
-    #
-    # Will return `nil` if the username/password combo is wrong, if the username/password combo is correct it will return an instance of `Adauth::User` which can be used to populate your database.
-    def self.authenticate(login, pass)
-        if @config.allowed_groups != []
-            user = Adauth::User.authenticate(login, pass)
-            (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil
-        elsif @config.denied_groups != []
-            user = Adauth::User.authenticate(login, pass)
-            (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
-        elsif @config.allowed_ous != []
-            user = Adauth::User.authenticate(login, pass)
-            (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
-        elsif @config.denied_ous != []
-            user = Adauth::User.authenticate(login, pass)
-            (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
-        else
-            Adauth::User.authenticate(login, pass)
-        end
-    end
-    
     # Used to configure Adauth
     #
     # Called as

data/lib/adauth/admin_connection.rb

@@ -0,0 +1,26 @@
+module Adauth
+    
+    # Uses the administrator login to create a Net::LDAP object that can query the whole domain
+    #
+    # Called as:
+    #    Adauth::AdminConnection.bind(username,password)
+    class AdminConnection
+        
+        # Uses the administrator login to create a Net::LDAP object that can query the whole domain
+        #
+        # Called as:
+        #    Adauth::AdminConnection.bind(username,password)
+        def self.bind
+            if Adauth.config.admin_user and Adauth.config.admin_password
+                conn = Adauth::Connection.bind(Adauth.config.admin_user, Adauth.config.admin_password)
+                if conn
+                    return conn
+                else
+                    raise "admin_user and admin_password do not result in a succesful login"
+                end
+            else
+                raise "Can not create Adauth::AdminConnection without admin_user and admin_password set in config"
+            end
+        end
+    end
+end

data/lib/adauth/authenticate.rb

@@ -0,0 +1,74 @@
+module Adauth
+    # Takes a username and password as an input and returns an instance of `Adauth::User`
+    #
+    # Called as
+    #    Adauth.authenticate("Username", "Password")
+    #
+    # Will return `nil` if the username/password combo is wrong, if the username/password combo is correct it will return an instance of `Adauth::User` which can be used to populate your database.
+    def self.authenticate(login, pass)
+        if user = Adauth::User.authenticate(login, pass)
+            return user if allowed_group_login(user) and allowed_ou_login(user)
+        else
+            return nil
+        end
+    end
+    
+    # Takes a username as an input and returns and instance of `Adauth::User`
+    # 
+    # Called as
+    #    Adauth.authentication("Username")
+    #
+    # Will return `nil` if the username is worng, if the admin details are not set an error will be raised.
+    def self.passwordless_login(login)
+        @conn = Adauth::AdminConnection.bind
+        if user = @conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
+            return Adauth::User.new(user)
+        else
+            return nil
+        end
+    end
+    
+    # Checks weather an users groups are allowed to login
+    #
+    # Called as:
+    #    Adauth.allowed_group_login(Adauth::User)
+    #
+    # Returns true if the user can login and false if the user cant
+    def self.allowed_group_login(user)
+        if @config.allowed_groups != []
+            allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil
+        else
+            allowed = user
+        end
+        
+        if @config.denied_groups != []
+            denied = (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
+        else
+            denied = user
+        end
+        
+        allowed == denied
+    end
+    
+    # Checks weather an users ous are allowed to login
+    #
+    # Called as:
+    #    Adauth.allowed_ou_login(Adauth::User)
+    #
+    # Returns true if the user can login and false if the user cant
+    def self.allowed_ou_login(user)
+        if @config.allowed_ous != []
+            allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
+        else
+            allowed = user
+        end
+        
+        if @config.denied_ous != []
+            denied = (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
+        else
+            denied = user
+        end
+        
+        allowed == denied
+    end
+end

data/lib/adauth/config.rb

@@ -2,7 +2,8 @@ module Adauth
     
     # Holds all of adauth config in attr_accessor values
     class Config
-        attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous
+        attr_accessor   :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous,
+                        :admin_user, :admin_password, :ad_sv_group_attrs, :ad_mv_group_attrs
         
         # Creates a new instance of Adauth::Config
         #
@@ -15,8 +16,16 @@ module Adauth
            @ad_mv_attrs = {}
            @allowed_ous = []
            @denied_ous = []
+           @ad_sv_group_attrs = {}
+           @ad_mv_group_attrs = {}
         end
         
+        # Sets domain valiable
+        #
+        # Called as:
+        #    Adauth::Config.domain=(s)
+        #
+        # Calculates both base string and server
         def domain=(s)
             @domain = s
             work_out_base(s)
@@ -26,11 +35,7 @@ module Adauth
         private
         
         def work_out_base(s)
-            dcs = []
-            s.split(/\./).each do |split|
-                dcs.push("dc=#{split}")
-            end
-            @base ||= dcs.join(', ')
+            @base ||= s.gsub(/\./,', dc=').gsub(/^/,"dc=")
         end
     end
 end

data/lib/adauth/connection.rb

@@ -0,0 +1,31 @@
+module Adauth
+    
+    # Create a connection to LDAP using Net::LDAP
+    #
+    # Called as:
+    #    Adauth::Connection.bind(username, password)
+    #
+    # 
+    class Connection
+        
+        # Create a connection to LDAP using Net::LDAP
+        #
+        # Called as:
+        #    Adauth::Connection.bind(username, password)
+        #
+        #
+        def self.bind(login, pass)
+            conn = Net::LDAP.new    :host => Adauth.config.server,
+                                    :port => Adauth.config.port,
+                                    :base => Adauth.config.base,
+                                    :auth => { :username => "#{login}@#{Adauth.config.domain}",
+                                        :password => pass,
+                                        :method => :simple }
+            if conn.bind
+                return conn
+            else
+                return nil
+            end
+        end
+    end
+end

data/lib/adauth/group.rb

@@ -0,0 +1,100 @@
+module Adauth
+    
+    # Active Directory Group object
+    #
+    # Called as:
+    #    Adauth::Group.find(name)
+    #
+    # Returns an instance of Adauth::Group for the group specified in the find method
+    class Group
+        
+        # Single vales where the method maps directly to one Active Directory attribute
+        ATTR_SV = {
+            :name => :name,
+            :dn => :distinguishedname
+        }
+        
+        # Multi values were the method needs to return an array for values.
+        ATTR_MV = {
+            :ous => [ :distinguishedname,
+                           Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ]
+        }
+        
+        # Finds the group specified
+        #
+        # Called as:
+        #    Adauth::Group.find(name)
+        #
+        # Returns an instance of Adauth::Group for the group specified in the find method
+        def self.find(name)
+            @conn = Adauth::AdminConnection.bind
+            if group = @conn.search(:filter => Net::LDAP::Filter.eq('name', name)).first
+                return self.new(group)
+            else
+                return nil
+            end
+        end
+        
+        # Returns the members of the group
+        #
+        # Called as:
+        #    Adauth::Group.members
+        #
+        # Returns an array of Adauth::Users for the group
+        def members
+            filters = Net::LDAP::Filter.construct("(memberOf=#{dn})")
+            members_ldap = @conn.search(:filter => filters)
+            members = []
+            members_ldap.each do |member|
+                user = Adauth::User.create_from_login(member.samaccountname.first)
+                members.push(user)
+            end
+            return members
+        end
+        
+        private
+        
+        def initialize(entry)
+            @entry = entry
+            @conn = Adauth::AdminConnection.bind
+            self.class.class_eval do
+                generate_single_value_readers
+                generate_multi_value_readers
+            end
+        end
+
+        def self.generate_single_value_readers
+            ATTR_SV.merge(Adauth.config.ad_sv_group_attrs).each_pair do |k, v|
+                val, block = Array(v)
+                define_method(k) do
+                    if @entry.attribute_names.include?(val)
+                        if block.is_a?(Proc)
+                            return block[@entry.send(val).to_s]
+                        else
+                            return @entry.send(val).to_s
+                        end
+                    else
+                        return ''
+                    end
+                end
+            end
+        end
+
+        def self.generate_multi_value_readers
+            ATTR_MV.merge(Adauth.config.ad_mv_group_attrs).each_pair do |k, v|
+                val, block = Array(v)
+                define_method(k) do
+                    if @entry.attribute_names.include?(val)
+                        if block.is_a?(Proc)
+                            return @entry.send(val).collect(&block)
+                        else
+                            return @entry.send(val)
+                        end
+                    else
+                        return []
+                    end
+                end
+            end
+        end
+    end
+end

data/lib/adauth/user.rb

@@ -14,12 +14,12 @@ module Adauth
               :name => :name
         }
         
-        # Multi values were the method needs to return an array for values.
+        # Multi values where the method needs to return an array for values.
         ATTR_MV = {
               :groups => [ :memberof,
                            Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
               :ous => [ :memberof,
-                           Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ]
+                           Proc.new {|g| g.scan(/OU=.*?,/).map { |e| e.sub!(/OU=/,'').sub(/,/,'') } } ]
         }
 
         # Authenticates a user against Active Directory and returns an instance of self
@@ -30,13 +30,8 @@ module Adauth
         # Usage would by-pass Adauths group filtering.
         def self.authenticate(login, pass)
             return nil if login.empty? or pass.empty?
-            conn = Net::LDAP.new    :host => Adauth.config.server,
-                                    :port => Adauth.config.port,
-                                    :base => Adauth.config.base,
-                                    :auth => { :username => "#{login}@#{Adauth.config.domain}",
-                                        :password => pass,
-                                        :method => :simple }
-            if conn.bind and user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
+            conn = Adauth::Connection.bind(login, pass)
+            if conn and user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
                 return self.new(user)
             else
                 return nil
@@ -45,6 +40,19 @@ module Adauth
             return nil
         end
 
+        # Create a Adauth::User object from AD using just the username
+        #
+        # Called as:
+        #    Adauth::User.create_from_login(login)
+        #
+        # Allows you to create objects for users without using thier password.
+        def self.create_from_login(login)
+            conn = Adauth::AdminConnection.bind
+            user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
+            obj = self.new(user)
+            return obj
+        end
+
         # Returns the full name of the user
         #
         # Combines the first_name and last_name attributes to create full_name
@@ -90,7 +98,9 @@ module Adauth
                 define_method(k) do
                     if @entry.attribute_names.include?(val)
                         if block.is_a?(Proc)
-                            return @entry.send(val).collect(&block)
+                            output = @entry.send(val).collect(&block) 
+                            output = output.first if output.first.is_a? Array
+                            return output
                         else
                             return @entry.send(val)
                         end

data/lib/adauth/version.rb

@@ -1,5 +1,5 @@
 module Adauth
     
     # The version of the gem
-    Version = "1.1.0"
+    Version = "1.2.0"
 end

data/spec/adauth_group_spec.rb

@@ -0,0 +1,51 @@
+require 'lib/adauth'
+require 'yaml'
+
+describe Adauth::Group do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+            c.admin_user = @yaml["domain"]["admin_user"]
+            c.admin_password = @yaml["domain"]["admin_password"]
+        end
+    end
+    
+    it "should return an instance of Adauth::Group if the group exists" do
+        group = Adauth::Group.find(@yaml["user"]["group"])
+        group.should be_a Adauth::Group
+        group.name.should eq(@yaml["user"]["group"])
+    end 
+    
+    it "should return nil for a group that doesn't exist" do
+        Adauth::Group.find(@yaml["user"]["group"][0..2]).should be_nil
+    end
+    
+    it "should return an array from group.members" do
+        group = Adauth::Group.find(@yaml["user"]["group"])
+        group.members.should be_a Array
+        group.members.count.should_not eq(0)
+    end
+    
+    it "should return an array of adauth::users from group.members" do
+        group = Adauth::Group.find(@yaml["user"]["group"])
+        group.members.each do |member|
+            member.should be_a Adauth::User
+        end
+    end
+    
+    it "should only return users in this groups" do
+        group = Adauth::Group.find(@yaml["user"]["group"])
+        group.members.each do |member|
+            member.groups.include?(@yaml["user"]["group"]).should be_true
+        end
+    end
+    
+    it "should return an array of ous" do
+        group = Adauth::Group.find(@yaml["user"]["group"])
+        group.ous.should be_a Array
+    end
+end

data/spec/adauth_spec.rb

@@ -33,122 +33,4 @@ describe Adauth, "#config" do
     it "should set port to 389 if not set" do
         Adauth.config.port.should == 389
     end
-end
-
-describe Adauth, "#authenticate" do
-    before :each do
-        @yaml = YAML::load(File.open('spec/test_data.yml'))
-        Adauth.configure do |c|
-            c.domain = @yaml["domain"]["domain"]
-            c.server = @yaml["domain"]["server"]
-            c.port = @yaml["domain"]["port"]
-            c.base = @yaml["domain"]["base"]
-        end
-    end
-    
-    it "should succesfully authenticate with the example user" do
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
-    end
-    
-    it "should return nil for a failed bind" do
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should == nil
-    end
-    
-    it "should return nil for a failed bind whilst using allowed groups" do
-       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
-       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should be_nil
-    end
-    
-    it "should allow users who are in an allowed group" do
-       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
-       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
-    end
-    
-    it "should dis-allow users who are not in an allowed group" do
-       Adauth.config.allowed_groups = @yaml["domain"]["fail_allowed_groups"]
-       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
-    end
-    
-    it "should dis-allow users who are in a denied group" do
-        Adauth.config.denied_groups = @yaml["domain"]["pass_allowed_groups"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
-    end
-    
-    it "should allow users who are in a denied group" do
-        Adauth.config.denied_groups = @yaml["domain"]["fail_allowed_groups"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
-    end
-    
-    it "should allow users who are in an allowed ou" do
-        Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
-    end
-    
-    it "should dis-allow users who are not in an allowed ou" do
-        Adauth.config.allowed_ous = @yaml["domain"]["fail_allowed_ous"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
-    end
-    
-    it "should dis-allow users who are in a denied ou" do
-        Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
-    end
-    
-    it "should allow users who are not in a denied ou" do
-        Adauth.config.denied_ous = @yaml["domain"]["fail_allowed_ous"]
-        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
-    end
-end
-
-describe Adauth::User do
-    before :each do
-        @yaml = YAML::load(File.open('spec/test_data.yml'))
-        Adauth.configure do |c|
-            c.domain = @yaml["domain"]["domain"]
-            c.server = @yaml["domain"]["server"]
-            c.port = @yaml["domain"]["port"]
-            c.base = @yaml["domain"]["base"]
-        end
-        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
-    end
-    
-    it "should return groups for an authenticated user" do
-        @user.groups.should be_a Array
-    end
-    
-    it "should return true for a member_of test using the users group" do
-        @user.member_of?(@yaml["user"]["group"]).should == true
-    end
-    
-    it "should return false for a member_of test using the users password" do
-        @user.member_of?(@yaml["user"]["password"]).should == false
-    end
-    
-    it "should have the correct user" do
-        @user.login.should == @yaml["user"]["login"]
-    end
-end
-
-describe "Adauth::User custom returns" do
-    before :each do
-        @yaml = YAML::load(File.open('spec/test_data.yml'))
-        Adauth.configure do |c|
-            c.domain = @yaml["domain"]["domain"]
-            c.server = @yaml["domain"]["server"]
-            c.port = @yaml["domain"]["port"]
-            c.base = @yaml["domain"]["base"]
-            c.ad_sv_attrs = { :phone => :telephonenumber }
-            c.ad_mv_attrs = { :ous => [ :memberof,
-                                            Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ] }
-        end    
-        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
-    end
-    
-    it "should pickup the custom single value from AD" do
-        @user.phone.should be_a String
-    end
-    
-    it "should pickup the custom multi value from AD" do
-        @user.ous.should be_a Array
-    end
 end

data/spec/adauth_user_model_spec.rb

@@ -0,0 +1,80 @@
+require 'lib/adauth'
+require 'yaml'
+
+ReturnDataForTest = []
+
+class TestModel
+    include Adauth::UserModel
+    
+    attr_accessor :login, :group_strings, :name, :ou_strings
+    
+    def self.create!
+        @user = self.new
+        yield(@user)
+        return @user
+    end
+    
+    def self.find_by_login(login)
+        ReturnDataForTest.last
+    end
+    
+    def save
+        true
+    end
+end
+
+describe TestModel, "creations" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
+    end
+    
+    it "should create a new user for method `create_user_with_adauth`" do
+        TestModel.create_user_with_adauth(@user).should be_a TestModel
+    end
+    
+    it "should return a user for method `return_and_create_with_adauth`, if no user exists in the db" do
+        ReturnDataForTest.push nil
+        TestModel.return_and_create_with_adauth(@user).should be_a TestModel
+    end
+    
+    it "should return a user for method `return_and_create_with_adauth`, if the user does exist" do
+        ReturnDataForTest.push TestModel.create_user_with_adauth(@user)
+        TestModel.return_and_create_with_adauth(@user).should be_a TestModel
+    end
+end
+
+describe TestModel, "methods" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
+        @model = TestModel.create_user_with_adauth(@user)
+    end
+    
+    it "should return an array of groups for .groups" do
+        @model.groups.should be_a Array
+    end
+    
+    it "should return an array of ous for .ous" do
+        @model.ous.should be_a Array
+    end
+    
+    it "should update from adauth" do
+        @model.name = "Adauth Testing user that should be different"
+        @model.name.should_not eq(@user.name)
+        @model.update_from_adauth(@user)
+        @model.name.should eq(@user.name)
+    end
+end

data/spec/adauth_user_spec.rb

@@ -0,0 +1,199 @@
+require 'lib/adauth'
+require 'yaml'
+
+describe Adauth, "#authenticate" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+    end
+    
+    it "should succesfully authenticate with the example user" do
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should return nil for a failed bind" do
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should == nil
+    end
+    
+    it "should return nil for a failed bind whilst using allowed groups" do
+       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["group"]).should be_nil
+    end
+    
+    it "should allow users who are in an allowed group" do
+       Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should dis-allow users who are not in an allowed group" do
+       Adauth.config.allowed_groups = @yaml["domain"]["fail_allowed_groups"]
+       Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should dis-allow users who are in a denied group" do
+        Adauth.config.denied_groups = @yaml["domain"]["pass_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should allow users who are in a denied group" do
+        Adauth.config.denied_groups = @yaml["domain"]["fail_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should allow users who are in an allowed ou" do
+        Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should dis-allow users who are not in an allowed ou" do
+        Adauth.config.allowed_ous = @yaml["domain"]["fail_allowed_ous"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should dis-allow users who are in a denied ou" do
+        Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should allow users who are not in a denied ou" do
+        Adauth.config.denied_ous = @yaml["domain"]["fail_allowed_ous"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should dis-allow a user who is in an allowed ou but not an allowed group" do
+        Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.config.denied_groups = @yaml["domain"]["pass_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should dis-allow a user who is in an allowed group but not an allowed ou" do
+        Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+    
+    it "should allow a user who is in an allowed ou and an allowed group" do
+        Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.config.allowed_groups = @yaml["domain"]["pass_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
+    end
+    
+    it "should dis-allow a user who is in a dis-allowed ou and a dis-allowed group" do
+        Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
+        Adauth.config.denied_groups = @yaml["domain"]["pass_allowed_groups"]
+        Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
+    end
+end
+
+describe Adauth::User do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+        end
+        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
+    end
+    
+    it "should return groups for an authenticated user" do
+        @user.groups.should be_a Array
+    end
+    
+    it "should return ous for an authenticated user" do
+        @user.ous.should be_a Array
+    end
+
+    it "should have all the ous from the data file" do
+        @yaml["user"]["ous"].each do |ou|
+            @user.ous.include?(ou).should be_true
+        end
+    end
+    
+    it "should return true for a member_of test using the users group" do
+        @user.member_of?(@yaml["user"]["group"]).should == true
+    end
+    
+    it "should return false for a member_of test using the users password" do
+        @user.member_of?(@yaml["user"]["password"]).should == false
+    end
+    
+    it "should have the correct user" do
+        @user.login.should == @yaml["user"]["login"]
+    end
+end
+
+describe "Adauth::User custom returns" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+            c.ad_sv_attrs = { :phone => :telephonenumber }
+            c.ad_mv_attrs = { :ous => [ :memberof,
+                                            Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ] }
+        end    
+        @user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
+    end
+    
+    it "should pickup the custom single value from AD" do
+        @user.phone.should be_a String
+    end
+    
+    it "should pickup the custom multi value from AD" do
+        @user.ous.should be_a Array
+    end
+end
+
+describe Adauth::AdminConnection do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+            c.admin_user = @yaml["domain"]["admin_user"]
+            c.admin_password = @yaml["domain"]["admin_password"]
+        end
+    end
+    
+    it "should create a connection" do
+        Adauth::AdminConnection.bind.should be_a Net::LDAP
+    end
+    
+    it "should raise an exception if the password is wrong" do
+        Adauth.config.admin_password = @yaml["domain"]["admin_password"][1]
+        lambda { Adauth::AdminConnection.bind }.should raise_error
+    end
+end
+
+describe Adauth, "passwordless_login" do
+    before :each do
+        @yaml = YAML::load(File.open('spec/test_data.yml'))
+        Adauth.configure do |c|
+            c.domain = @yaml["domain"]["domain"]
+            c.server = @yaml["domain"]["server"]
+            c.port = @yaml["domain"]["port"]
+            c.base = @yaml["domain"]["base"]
+            c.admin_user = @yaml["domain"]["admin_user"]
+            c.admin_password = @yaml["domain"]["admin_password"]
+        end
+    end
+    
+    it "should return an user when asked to" do
+       Adauth.passwordless_login(@yaml["user"]["login"]).should be_a Adauth::User
+    end
+    
+    it "should be a viable user when passwordless login is used" do
+        Adauth.passwordless_login(@yaml["user"]["login"]).login.should eq(@yaml["user"]["login"])
+    end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: adauth
 version: !ruby/object:Gem::Version 
-  hash: 19
+  hash: 31
   prerelease: 
   segments: 
   - 1
-  - 1
+  - 2
   - 0
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors: 
 - Adam "Arcath" Laycock
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-08 00:00:00 +01:00
+date: 2011-09-01 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -63,7 +63,11 @@ files:
 - Readme.rdoc
 - adauth.gemspec
 - lib/adauth.rb
+- lib/adauth/admin_connection.rb
+- lib/adauth/authenticate.rb
 - lib/adauth/config.rb
+- lib/adauth/connection.rb
+- lib/adauth/group.rb
 - lib/adauth/helpers.rb
 - lib/adauth/user.rb
 - lib/adauth/user_model.rb
@@ -80,7 +84,10 @@ files:
 - lib/generators/adauth/user_model/USAGE
 - lib/generators/adauth/user_model/templates/model.rb.erb
 - lib/generators/adauth/user_model/user_model_generator.rb
+- spec/adauth_group_spec.rb
 - spec/adauth_spec.rb
+- spec/adauth_user_model_spec.rb
+- spec/adauth_user_spec.rb
 has_rdoc: true
 homepage: http://adauth.arcath.net
 licenses: []
@@ -116,4 +123,7 @@ signing_key:
 specification_version: 3
 summary: Provides Active Directory authentication for Rails
 test_files: 
+- spec/adauth_group_spec.rb
 - spec/adauth_spec.rb
+- spec/adauth_user_model_spec.rb
+- spec/adauth_user_spec.rb