adauth 1.2.1 → 2.0.0pre

data/lib/adauth/authenticate.rb

@@ -1,74 +1,53 @@
 module Adauth
-    # Takes a username and password as an input and returns an instance of `Adauth::User`
+    # Authenticates the specifed user agains the domain
     #
-    # Called as
-    #    Adauth.authenticate("Username", "Password")
-    #
-    # Will return `nil` if the username/password combo is wrong, if the username/password combo is correct it will return an instance of `Adauth::User` which can be used to populate your database.
-    def self.authenticate(login, pass)
-        if user = Adauth::User.authenticate(login, pass)
-            return user if allowed_group_login(user) and allowed_ou_login(user)
-        else
-            return nil
+    # Checks the groups & ous are in the allow/deny lists
+    def self.authenticate(username, password)
+        begin
+            if Adauth::AdObjects::User.authenticate(username, password)
+                user = Adauth::AdObjects::User.where('sAMAccountName', username).first
+                if allowed_group_login(user) && allowed_ou_login(user)
+                    return user
+                else
+                    return false
+                end
+            else
+                return false
+            end
+        rescue RuntimeError
+            return false
         end
     end
     
-    # Takes a username as an input and returns and instance of `Adauth::User`
-    # 
-    # Called as
-    #    Adauth.authentication("Username")
-    #
-    # Will return `nil` if the username is worng, if the admin details are not set an error will be raised.
-    def self.passwordless_login(login)
-        @conn = Adauth::AdminConnection.bind
-        if user = @conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
-            return Adauth::User.new(user)
-        else
-            return nil
-        end
-    end
-    
-    # Checks weather an users groups are allowed to login
-    #
-    # Called as:
-    #    Adauth.allowed_group_login(Adauth::User)
-    #
-    # Returns true if the user can login and false if the user cant
+    # Makes sure the user meets the group requirements
     def self.allowed_group_login(user)
         if @config.allowed_groups != []
-            allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil
+            allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.cn_groups)) ? user : nil
         else
             allowed = user
         end
-        
+
         if @config.denied_groups != []
-            denied = (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
+            denied = (user && @config.denied_groups == (@config.denied_groups - user.cn_groups)) ? user : nil
         else
             denied = user
         end
-        
         allowed == denied
     end
     
-    # Checks weather an users ous are allowed to login
-    #
-    # Called as:
-    #    Adauth.allowed_ou_login(Adauth::User)
-    #
-    # Returns true if the user can login and false if the user cant
+    # Makes sure the user meets the ou requirements
     def self.allowed_ou_login(user)
         if @config.allowed_ous != []
-            allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
+            allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.dn_ous)) ? user : nil
         else
             allowed = user
         end
-        
+
         if @config.denied_ous != []
-            denied = (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
+            denied = (user && @config.denied_ous == (@config.denied_ous - user.dn_ous)) ? user : nil
         else
             denied = user
         end
-        
         allowed == denied
     end
-end
+end

data/lib/adauth/config.rb

@@ -1,40 +1,23 @@
 module Adauth
-    
-    # Holds all of adauth config in attr_accessor values
+    # Holds all of Adauths Config values.
+    #
+    # Sets the defaults an create and generates guess values.
     class Config
-        attr_accessor   :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous,
-                        :admin_user, :admin_password, :ad_sv_group_attrs, :ad_mv_group_attrs
+        attr_accessor   :domain, :port, :base, :server, :encryption, :query_user, :query_password,
+                        :allowed_groups, :denied_groups, :allowed_ous, :denied_ous
         
-        # Creates a new instance of Adauth::Config
-        #
-        # Sets port, allowed_groups, denied_groups, ad_sv_attrs and ad_mv_attrs to default so they can be omitted from the config
         def initialize
-           @port = 389
-           @allowed_groups = []
-           @denied_groups = []
-           @ad_sv_attrs = {}
-           @ad_mv_attrs = {}
-           @allowed_ous = []
-           @denied_ous = []
-           @ad_sv_group_attrs = {}
-           @ad_mv_group_attrs = {}
+            @port = 389
+            @allowed_groups = []
+            @allowed_ous = []
+            @denied_groups =[]
+            @denied_ous = []
         end
         
-        # Sets domain valiable
-        #
-        # Called as:
-        #    Adauth::Config.domain=(s)
-        #
-        # Calculates both base string and server
+        # Guesses the Server and Base string
         def domain=(s)
             @domain = s
-            work_out_base(s)
             @server ||= s
-        end
-        
-        private
-        
-        def work_out_base(s)
             @base ||= s.gsub(/\./,', dc=').gsub(/^/,"dc=")
         end
     end

data/lib/adauth/connection.rb

@@ -1,32 +1,33 @@
 module Adauth
-    
-    # Create a connection to LDAP using Net::LDAP
+    # Active Directory Connection wrapper
     #
-    # Called as:
-    #    Adauth::Connection.bind(username, password)
-    #
-    # 
+    # Handles errors and configures the connection.
     class Connection
+        def initialize(config)
+            @config = config
+        end
         
-        # Create a connection to LDAP using Net::LDAP
+        # Attempts to bind to Active Directory
         #
-        # Called as:
-        #    Adauth::Connection.bind(username, password)
+        # If it works it returns the connection
         #
-        #
-        def self.bind(login, pass)
-            conn = Net::LDAP.new    :host => Adauth.config.server,
-                                    :port => Adauth.config.port,
-                                    :base => Adauth.config.base,
-                                    :auth => { :username => "#{login}@#{Adauth.config.domain}",
-                                        :password => pass,
-                                        :method => :simple }
+        # If it fails it raises and exception
+        def bind
+            conn = Net::LDAP.new :host => @config[:server],
+                                 :port => @config[:port],
+                                 :base => @config[:base]
+            if @config[:encryption]
+               conn.encryption = @config[:encryption]
+            end
+
+            conn.auth "#{@config[:username]}@#{@config[:domain]}", @config[:password]
+
             begin
                 Timeout::timeout(10){
                     if conn.bind
                         return conn
                     else
-                        return nil
+                        raise "Query User Rejected"
                     end
                 }
             rescue Timeout::Error

data/lib/adauth/rails.rb

@@ -0,0 +1,9 @@
+module Adauth
+    # Container for Rails te-ins
+    module Rails
+    end
+    
+    # Rails generators
+    module Generators
+    end
+end

data/lib/adauth/rails/helpers.rb

@@ -0,0 +1,29 @@
+module Adauth
+    module Rails
+        # Helper methods for rails
+        module Helpers
+        
+            # Creates a form_tag for the adauth form
+            #
+            # Sets the html id to "adauth_login" and the form destination to "/adauth"
+            def adauth_form
+        	    form_tag '/adauth', :id => "adauth_login" do
+        	        yield.html_safe
+    	        end
+            end
+        
+            # Create the default form by calling `adauth_form` and passing a username and password input
+            def default_adauth_form
+                adauth_form do
+                    "<p>#{label_tag :username}: 
+                    #{text_field_tag :username}</p>
+                    <p>#{label_tag :password}: 
+                    #{password_field_tag :password}</p>
+                    <p>#{submit_tag "Login!"}</p>"
+                end
+            end
+        end
+    end
+end
+
+ActionView::Base.send :include, Adauth::Rails::Helpers if defined? ActionView

data/lib/adauth/rails/model_bridge.rb

@@ -0,0 +1,59 @@
+module Adauth
+    module Rails
+        # Included into Models in Rails
+        #
+        # Requires you to set 2 Constants
+        #
+        # AdauthMappings
+        #
+        # A hash which controls how Adauth maps its values to rails e.g.
+        #
+        # AdauthMappings = {
+        #   :name => :login
+        # }
+        #
+        # This will store Adauths 'login' value in the 'name' field.
+        #
+        # AdauthSearchField
+        #
+        # This is an array which contains 2 values and is used to find the objects record e.g.
+        #
+        # AdauthSearchField = [:login, :name]
+        #
+        # This will cause RailsModel.find_by_name(AdauthObject.login)
+        #
+        # The Order is [adauth_field, rails_field]
+        module ModelBridge
+            # Registers the class methods when ModelBridge is included
+            def self.included(base)
+                base.extend ClassMethods
+            end
+            
+            # Uses AdauthMappings to update the values on the model using the ones from Adauth
+            def update_from_adauth(adauth_model)
+                self.class::AdauthMappings.each do |k, v|
+                    setter = "#{k.to_s}=".to_sym
+                    self.send(setter, adauth_model.send(v))
+                end
+                self.save
+            end
+            
+            # Class Methods for ModelBridge
+            module ClassMethods
+                # Creates a new RailsModel from the adauth_model
+                def create_from_adauth(adauth_model)
+                    rails_model = self.new
+                    rails_model.update_from_adauth(adauth_model)
+                end
+                
+                # Used to create the RailsModel if it doesn't exist and update it if it does
+                def return_and_create_from_adauth(adauth_model)
+                    find_method = "find_by_#{self::AdauthSearchField.last}".to_sym
+                    rails_model = (self.send(find_method, adauth_model.send(self::AdauthSearchField.first)) || create_from_adauth(adauth_model))
+                    rails_model.update_from_adauth(adauth_model)
+                    return rails_model
+                end
+            end
+        end
+    end
+end

data/lib/adauth/version.rb

@@ -1,5 +1,4 @@
 module Adauth
-    
-    # The version of the gem
-    Version = "1.2.1"
+    # Adauths Version Number
+    Version = "2.0.0pre"
 end

data/lib/generators/adauth/config/config_generator.rb

@@ -2,7 +2,7 @@ module Adauth
     module Generators
         
         # Generates a sample config file
-        class ConfigGenerator < Rails::Generators::Base
+        class ConfigGenerator < ::Rails::Generators::Base
             source_root File.expand_path('../templates', __FILE__)
             
             # Generates a sample config file

data/lib/generators/adauth/config/templates/config.rb.erb

@@ -5,53 +5,49 @@ Adauth.configure do |c|
 	#
 	# If you don't know your domain contact your IT support,
 	# it will be the DNS suffix applied to your machines
-	c.domain = "example.com" 
-	
+	c.domain = "example.com"
+
+	# Adauth needs a query user to interact with the domain.
+	# This user can be anything with domain access
+	#
+	# If Adauth doesn't work contact your IT support and make sure this account has full query access
+	c.query_user = "username"
+	c.query_password = "password"
+
 	# The IP address or Hostname of a DC (Domain Controller) on your network
 	#
 	# This could be anything and probably wont be 127.0.0.1
 	#
 	# Again contact your IT Support if you can't work this out
 	c.server = "127.0.0.1"
-	
+
 	# The LDAP base of your domain/intended users
 	#
 	# For all users in your domain the base would be:
 	# dc=example, dc=com
 	# OUs can be prepeneded to restrict access to your app
 	c.base = "dc=example, dc=com"
-	
+
 	# The port isn't always needed as Adauth defaults to 389 the LDAP Port
 	#
 	# If your DC is on the other side of a firewall you may need to change the port
+	# If your DC is using SSL, the port may be 636.
 	#c.port = 389
-	
+
+	# If your DC is using SSL, set encryption to :simple_tls
+	#c.encryption = :simple_tls
+
 	# Windows Security groups to allow
 	#
 	# Only allow members of set windows security groups to login
-	# 
+	#
 	# Takes an array for group names
 	#c.allowed_groups = ["Group1", "Group2"]
-	
+
 	# Windows Security groups to deny
 	#
 	# Only allow users who aren't in these groups to login
 	#
 	# Takes an array for group names
 	#c.denied_groups = ["Group1", "Group2"]
-	
-	# Additional single attributes to fetch
-	#
-	# Single Values to fetch from Active Directory for example phone number
-	#
-	# Takes a hash in the form { :method_on_Adauth::User => :field_in_ad }
-	#c.ad_sv_attrs = { :phone => :telephonenumber }
-	
-	# Additional multi attributes to fetch
-	#
-	# Multiple Values to fetch from Active Directory
-	#
-	# Takes a hash in the form { :method_on_Adauth::User => [ :field_in_ad, Proc.new { |g| operations_to_turn_field_into_array } ] }
-	# Example os for groups (already provided)
-	#c.ad_mv_attrs(:groups => [ :memberof, Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ])
 end

data/lib/generators/adauth/sessions/sessions_generator.rb

@@ -1,8 +1,7 @@
 module Adauth
     module Generators
-        
         # Generates the sessions controller
-        class SessionsGenerator < Rails::Generators::Base
+        class SessionsGenerator < ::Rails::Generators::Base
             source_root File.expand_path('../templates', __FILE__)
             argument :model_name, :type => :string, :default => "user"
             
@@ -28,4 +27,4 @@ module Adauth
             end
         end
     end
-end
+end

data/lib/generators/adauth/sessions/templates/sessions_controller.rb.erb

@@ -6,7 +6,7 @@ class SessionsController < ApplicationController
 	def create
 		ldap_user = Adauth.authenticate(params[:username], params[:password])
 		if ldap_user
-        	user = <%= model_name.camelize %>.return_and_create_with_adauth(ldap_user)
+        	user = <%= model_name.camelize %>.return_and_create_from_adauth(ldap_user)
         	session[:user_id] = user.id
         	redirect_to root_path
     	else

data/spec/adauth_ad_object_computer_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe Adauth::AdObjects::Computer do
+    it "Should find a computer" do
+        default_config
+        pdc.should be_a Adauth::AdObjects::Computer
+    end
+    
+    it "should be in an ou" do
+        default_config
+        pdc.ous.should be_a Array
+        pdc.ous.first.should be_a Adauth::AdObjects::OU
+        pdc.ous.first.name.should eq "Domain Controllers"
+    end
+end

data/spec/adauth_ad_object_group_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe Adauth::AdObjects::Group do
+    it "should have a name" do
+        default_config
+        group = domain_admins
+        group.name.should eq "Domain Admins"
+    end
+    
+    it "should have a members list" do
+        default_config
+        group = domain_admins
+        group.members.first.name.should be_a String
+    end
+    
+    it "should be a member of" do
+        default_config
+        group = domain_admins
+        group.groups.should be_a Array
+    end
+end