adauth 1.2.1 → 2.0.0pre

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+rvm:
+ - 1.8.7
+ - 1.9.3
+ - rbx-18mode
+ - rbx-19mode
+env:
+ - "rake=0.8"
+ - "rake=0.9"
+script: "bundle exec rspec -t no_ad"
+notifications:
+  email: false

data/Gemfile.lock

@@ -1,41 +1,28 @@
 PATH
   remote: .
   specs:
-    adauth (1.1.0)
+    adauth (2.0.0pre)
       net-ldap
 
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.0.7)
-      activesupport (= 3.0.7)
-      builder (~> 2.1.2)
-      i18n (~> 0.5.0)
-    activerecord (3.0.7)
-      activemodel (= 3.0.7)
-      activesupport (= 3.0.7)
-      arel (~> 2.0.2)
-      tzinfo (~> 0.3.23)
-    activesupport (3.0.7)
-    arel (2.0.10)
-    builder (2.1.2)
-    diff-lcs (1.1.2)
-    i18n (0.5.0)
-    net-ldap (0.2.2)
-    rspec (2.6.0)
-      rspec-core (~> 2.6.0)
-      rspec-expectations (~> 2.6.0)
-      rspec-mocks (~> 2.6.0)
-    rspec-core (2.6.1)
-    rspec-expectations (2.6.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.6.0)
-    tzinfo (0.3.29)
+    diff-lcs (1.1.3)
+    net-ldap (0.3.1)
+    rake (0.9.2.2)
+    rspec (2.11.0)
+      rspec-core (~> 2.11.0)
+      rspec-expectations (~> 2.11.0)
+      rspec-mocks (~> 2.11.0)
+    rspec-core (2.11.1)
+    rspec-expectations (2.11.2)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.11.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  activerecord
   adauth!
+  rake
   rspec

data/Rakefile

@@ -1,3 +1,4 @@
+require 'rubygems'
 require 'bundler'
 
 Bundler::GemHelper.install_tasks

data/Readme.md

@@ -0,0 +1,48 @@
+# Adauth
+[RDoc](http://rubydoc.info/github/Arcath/Adauth/master/frames) | [www](http://adauth.arcath.net) | [Gempage](http://rubygems.org/gems/adauth) | [![Status](https://secure.travis-ci.org/Arcath/Adauth.png?branch=master)](http://travis-ci.org/Arcath/Adauth)
+
+Easy to use Active Directory Authentication for Rails.
+
+## Install
+
+Add the Adauth gem to your Gemfile:
+
+    gem 'adauth'
+
+and run a bundle install
+
+## Usage
+
+First off create a new config file by running the config generator
+
+    rails g adauth:config
+
+Fill out the config values in _config/initializers/adauth.rb_
+
+### Joining a model to Adauth
+
+If you want to link your user model to Adauth you can use this simple code:
+
+    class User < ActiveRecord::Base
+		include Adauth::Rails::ModelBridge
+		
+		AdauthMappings = {
+			:login => :login
+			:group_strings => :cn_groups
+		}
+		
+		AdauthSearchField = [:login, :login]
+	end
+	
+This gives you a bridge between Adauth and your model. When you call `User.create_from_adauth(adauth_model)` it does:
+
+    u = User.new
+    u.login = adauth_model.login
+	u.group_strings = adauth_model.cn_groups
+	u.save
+	
+This can be used for any model and anything that you pull over through adauth.
+
+### SessionsController
+
+TODO

data/adauth.gemspec

@@ -1,4 +1,4 @@
-# -*- encoding: utf-8 -*-
+# -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib", __FILE__)
 require 'adauth/version'
 
@@ -11,6 +11,7 @@ Gem::Specification.new do |s|
     s.homepage = "http://adauth.arcath.net"
     s.summary = "Provides Active Directory authentication for Rails"
     
+    s.add_development_dependency "rake"
     s.add_development_dependency "rspec"
     s.add_dependency "net-ldap"
     

data/lib/adauth.rb

@@ -1,41 +1,53 @@
+# Requires
 require 'net/ldap'
 require 'timeout'
+# Version
 require 'adauth/version'
-require 'adauth/user'
+# Classes
+require 'adauth/ad_object'
+require 'adauth/authenticate'
 require 'adauth/config'
-require 'adauth/helpers'
 require 'adauth/connection'
-require 'adauth/group'
-require 'adauth/admin_connection'
-require 'adauth/authenticate'
-require 'adauth/user_model'
+# AdObjects
+require 'adauth/ad_objects/computer'
+require 'adauth/ad_objects/group'
+require 'adauth/ad_objects/ou'
+require 'adauth/ad_objects/user'
+# Rails
+require 'adauth/rails'
+require 'adauth/rails/helpers'
+require 'adauth/rails/model_bridge'
 
-# The top level module
-#
-# For Adauths documentation please see the github wiki.
+# Adauth Container Module
 module Adauth
-    
-    # Used to configure Adauth
-    #
-    # Called as
-    #    Adauth.configure do |c|
-    #        c.foo = "bar"
-    #    end
-    #
-    # Configures Adauth and is required for Adauth to work.
+    # Yields a new config object and then sets it as the Adauth Config
     def self.configure
-       @config = Config.new
-       yield(@config) 
+        @config = Config.new
+        yield(@config)
+    end
+    
+    # Returns Adauths current connection to ActiveDirectory
+    def self.connection
+        raise "Adauth needs configuring before use" if @config == nil
+        connect unless @connection
+        @connection
     end
     
-    # Returns the config object
-    #
-    # Allows access to the adauth config object so you can call the config values in your application
-    def self.config
-        @config
+    # Connects to ActiveDirectory using the query user details
+    def self.connect
+        @connection = Adauth::Connection.new(connection_hash(@config.query_user, @config.query_password)).bind
     end
     
-    # Rails generators
-    module Generators
+    # Generates a hash for the connection class, takes a username and password
+    def self.connection_hash(user, password)
+        { 
+            :domain => @config.domain, 
+            :server => @config.server, 
+            :port => @config.port, 
+            :base => @config.base, 
+            :encryption => @config.encryption, 
+            :username => user, 
+            :password => password 
+        }
     end
-end
+end

data/lib/adauth/ad_object.rb

@@ -0,0 +1,104 @@
+module Adauth
+    # Active Directory Interface Object
+    #
+    # Objects inherit from this class.
+    #
+    # Provides all the common functions for Active Directory.
+    class AdObject
+        # Returns all objects which have the ObjectClass of the inherited class
+        def self.all
+            results = []
+            Adauth.connection.search(:filter => self::ObjectFilter).each do |result|
+                results.push self.new(result)
+            end
+            results
+        end
+        
+        # Returns all the objects which match the supplied query
+        #
+        # Uses ObjectFilter to restrict to the current object
+        def self.where(field, value)
+            results = []
+            search_filter = Net::LDAP::Filter.eq(field, value)
+            joined_filter = search_filter & self::ObjectFilter
+            Adauth.connection.search(:filter => joined_filter).each do |result|
+                results.push self.new(result)
+            end
+            results
+        end
+        
+        # Creates a new instance of the object and sets @ldap_object to the passed Net::LDAP entity        
+        def initialize(ldap_object)
+            @ldap_object = ldap_object
+        end
+        
+        # Allows direct access to @ldap_object 
+        def ldap_object
+            @ldap_object
+        end
+        
+        # Over rides method_missing and interacts with @ldap_object
+        def method_missing(method, *args)
+            if self.class::Fields.keys.include?(method)
+                field = self.class::Fields[method]
+                if field.is_a? Symbol
+                    return @ldap_object.send(field).to_s
+                elsif field.is_a? Array
+                    @ldap_object.send(field.first).collect(&field.last)
+                end
+            else
+                super
+            end
+        end
+        
+        # Returns all the groups the object is a member of
+        def groups
+            unless @groups
+                @groups = convert_to_objects(cn_groups)
+            end
+            @groups
+        end
+        
+        # Returns all the ous the object is in
+        def ous
+            unless @ous
+                @ous = []
+                @ldap_object.dn.split(/,/).each do |entry|
+                    @ous.push Adauth::AdObjects::OU.where('name', entry.gsub(/OU=/, '')).first if entry =~ /OU=/
+                end
+            end
+            @ous
+        end
+        
+        # CSV Version of the ous list (can't be pulled over from AD)
+        def dn_ous
+            unless @dn_ous
+                @dn_ous = []
+                @ldap_object.dn.split(/,/).each do |entry|
+                    @dn_ous.push entry.gsub(/OU=/, '').gsub(/CN=/,'') if entry =~ /OU=/ or entry == "CN=Users"
+                end
+            end
+            @dn_ous
+        end
+        
+        private
+        
+        def convert_to_objects(array)
+            out = []
+            array.each do |entity|
+                out.push convert_to_object(entity)
+            end
+            out
+        end
+        
+        def convert_to_object(entity)
+            user = Adauth::AdObjects::User.where('sAMAccountName', entity).first
+            group = Adauth::AdObjects::Group.where('sAMAccountName', entity).first
+            (user || group)
+        end
+    end
+    
+    # Container for Objects which inherit from Adauth::AdObject
+    module AdObjects
+    end
+end

data/lib/adauth/ad_objects/computer.rb

@@ -0,0 +1,28 @@
+module Adauth
+    module AdObjects
+        # Active Directory Computer Object
+        #
+        # Inherits from Adauth::AdObject
+        class Computer < Adauth::AdObject
+            # Field mapping
+            #
+            # Maps methods to LDAP fields e.g.
+            #
+            # :foo => :bar
+            #
+            # Becomes
+            # 
+            # Computer.name
+            #
+            # Which calls .name on the LDAP object
+            Fields = {
+                    :name => :name
+                }
+            
+            # Object Net::LDAP filter
+            #
+            # Used to restrict searches to just this object
+            ObjectFilter = Net::LDAP::Filter.eq("objectClass", "computer")
+        end
+    end
+end

data/lib/adauth/ad_objects/group.rb

@@ -0,0 +1,40 @@
+module Adauth
+    module AdObjects
+        # Active Directory Group Object
+        #
+        # Inherits from Adauth::AdObject
+        class Group < Adauth::AdObject
+            # Field mapping
+            #
+            # Maps methods to LDAP fields e.g.
+            #
+            # :foo => :bar
+            #
+            # Becomes
+            # 
+            # Computer.name
+            #
+            # Which calls .name on the LDAP object
+            Fields = {
+                    :name => :samaccountname,
+                    :cn_members => [ :member,
+                        Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
+                    :cn_groups => [ :memberof,
+                        Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
+                }
+            
+            # Object Net::LDAP filter
+            #
+            # Used to restrict searches to just this object
+            ObjectFilter = Net::LDAP::Filter.eq("objectClass", "group")
+                
+            # Returns all the objects which are members of this group
+            def members
+                unless @members
+                    @members = convert_to_objects(cn_members)
+                end
+                @members
+            end
+        end
+    end
+end

data/lib/adauth/ad_objects/ou.rb

@@ -0,0 +1,41 @@
+module Adauth
+    module AdObjects
+        # Active Directory OU Object
+        #
+        # Inherits from Adauth::AdObject
+        class OU < Adauth::AdObject
+            # Field mapping
+            #
+            # Maps methods to LDAP fields e.g.
+            #
+            # :foo => :bar
+            #
+            # Becomes
+            # 
+            # Computer.name
+            #
+            # Which calls .name on the LDAP object
+            Fields = {
+                    :name => :name
+                }
+            
+            # Object Net::LDAP filter
+            #
+            # Used to restrict searches to just this object
+            ObjectFilter = Net::LDAP::Filter.eq("objectClass", "organizationalUnit")
+            
+            # Returns all objects contained with in this OU
+            def members
+                unless @members
+                    @members = []
+                    [Adauth::AdObjects::Computer, Adauth::AdObjects::Group, Adauth::AdObjects::User].each do |object|
+                        object.all.each do |entity|
+                            @members.push entity if entity.ldap_object.dn =~ /#{@ldap_object.dn}/
+                        end
+                    end
+                end
+                @members
+            end
+        end
+    end
+end

data/lib/adauth/ad_objects/user.rb

@@ -0,0 +1,45 @@
+module Adauth
+    module AdObjects
+        # Active Directory User Object
+        #
+        # Inherits from Adauth::AdObject
+        class User < Adauth::AdObject
+            # Field mapping
+            #
+            # Maps methods to LDAP fields e.g.
+            #
+            # :foo => :bar
+            #
+            # Becomes
+            # 
+            # Computer.name
+            #
+            # Which calls .name on the LDAP object
+            Fields = { :login => :samaccountname,
+                    :first_name => :givenname,
+                    :last_name => :sn,
+                    :email => :mail,
+                    :name => :name,
+                    :cn_groups => [ :memberof,
+                        Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
+                    }
+              
+            # Object Net::LDAP filter
+            #
+            # Used to restrict searches to just this object      
+            ObjectFilter = Net::LDAP::Filter.eq("objectClass", "user")
+          
+            # Returns a connection to AD within the users context, used to check a user credentails
+            #
+            # Using this would by pass the group and OU Filtering provided by Adauth#authenticate
+            def self.authenticate(user, password)
+                user_connection = Adauth::Connection.new(Adauth.connection_hash(user, password)).bind
+            end
+            
+            # Returns True/False if the user is member of the cupplied group
+            def member_of?(group)
+                cn_groups.include?(group)
+            end
+        end
+    end
+end