adauth 1.2.1 → 2.0.0pre
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +12 -0
- data/Gemfile.lock +13 -26
- data/Rakefile +1 -0
- data/Readme.md +48 -0
- data/adauth.gemspec +2 -1
- data/lib/adauth.rb +40 -28
- data/lib/adauth/ad_object.rb +104 -0
- data/lib/adauth/ad_objects/computer.rb +28 -0
- data/lib/adauth/ad_objects/group.rb +40 -0
- data/lib/adauth/ad_objects/ou.rb +41 -0
- data/lib/adauth/ad_objects/user.rb +45 -0
- data/lib/adauth/authenticate.rb +25 -46
- data/lib/adauth/config.rb +11 -28
- data/lib/adauth/connection.rb +19 -18
- data/lib/adauth/rails.rb +9 -0
- data/lib/adauth/rails/helpers.rb +29 -0
- data/lib/adauth/rails/model_bridge.rb +59 -0
- data/lib/adauth/version.rb +2 -3
- data/lib/generators/adauth/config/config_generator.rb +1 -1
- data/lib/generators/adauth/config/templates/config.rb.erb +18 -22
- data/lib/generators/adauth/sessions/sessions_generator.rb +2 -3
- data/lib/generators/adauth/sessions/templates/sessions_controller.rb.erb +1 -1
- data/spec/adauth_ad_object_computer_spec.rb +15 -0
- data/spec/adauth_ad_object_group_spec.rb +21 -0
- data/spec/adauth_ad_object_ou_spec.rb +18 -0
- data/spec/adauth_ad_object_user_spec.rb +27 -0
- data/spec/adauth_authenticate_spec.rb +39 -0
- data/spec/adauth_config_spec.rb +15 -0
- data/spec/adauth_rails_model_bridge_spec.rb +37 -0
- data/spec/adauth_spec.rb +2 -30
- data/spec/spec_helper.rb +34 -0
- metadata +52 -38
- data/Readme.rdoc +0 -66
- data/lib/adauth/admin_connection.rb +0 -26
- data/lib/adauth/group.rb +0 -100
- data/lib/adauth/helpers.rb +0 -28
- data/lib/adauth/user.rb +0 -114
- data/lib/adauth/user_model.rb +0 -76
- data/lib/generators/adauth/all/USAGE +0 -5
- data/lib/generators/adauth/all/all_generator.rb +0 -18
- data/lib/generators/adauth/user_model/USAGE +0 -14
- data/lib/generators/adauth/user_model/templates/model.rb.erb +0 -3
- data/lib/generators/adauth/user_model/user_model_generator.rb +0 -32
- data/spec/adauth_group_spec.rb +0 -51
- data/spec/adauth_user_model_spec.rb +0 -80
- data/spec/adauth_user_spec.rb +0 -213
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Adauth::AdObjects::OU do
|
4
|
+
it "should find Domain Controllers" do
|
5
|
+
default_config
|
6
|
+
domain_controllers.should be_a Adauth::AdObjects::OU
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should have members" do
|
10
|
+
default_config
|
11
|
+
domain_controllers.members.should be_a Array
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should have a computer as a member" do
|
15
|
+
default_config
|
16
|
+
domain_controllers.members.first.should be_a Adauth::AdObjects::Computer
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Adauth::AdObjects::User do
|
4
|
+
it "should find administrator" do
|
5
|
+
default_config
|
6
|
+
user = administrator
|
7
|
+
user.login.should eq "Administrator"
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should authenticate a user" do
|
11
|
+
default_config
|
12
|
+
Adauth::AdObjects::User.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_true
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should find groups" do
|
16
|
+
default_config
|
17
|
+
user = administrator
|
18
|
+
user.groups.should be_a Array
|
19
|
+
user.groups.first.should be_a Adauth::AdObjects::Group
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should return true for member_of" do
|
23
|
+
default_config
|
24
|
+
user = administrator
|
25
|
+
user.member_of?("Domain Admins").should be_true
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Adauth, "#authenticate" do
|
4
|
+
it "should return a user for authentication" do
|
5
|
+
default_config
|
6
|
+
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should return false for failed authentication" do
|
10
|
+
default_config
|
11
|
+
Adauth.authenticate(test_data("domain", "query_user"), "foo").should be_false
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should reject a user if denied group is used" do
|
15
|
+
Adauth.configure do |c|
|
16
|
+
c.domain = test_data("domain", "domain")
|
17
|
+
c.port = test_data("domain", "port")
|
18
|
+
c.base = test_data("domain", "base")
|
19
|
+
c.server = test_data("domain", "server")
|
20
|
+
c.query_user = test_data("domain", "query_user")
|
21
|
+
c.query_password = test_data("domain", "query_password")
|
22
|
+
c.denied_groups = ["Administrators"]
|
23
|
+
end
|
24
|
+
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_false
|
25
|
+
end
|
26
|
+
|
27
|
+
it "should reject a user if denied ous is used" do
|
28
|
+
Adauth.configure do |c|
|
29
|
+
c.domain = test_data("domain", "domain")
|
30
|
+
c.port = test_data("domain", "port")
|
31
|
+
c.base = test_data("domain", "base")
|
32
|
+
c.server = test_data("domain", "server")
|
33
|
+
c.query_user = test_data("domain", "query_user")
|
34
|
+
c.query_password = test_data("domain", "query_password")
|
35
|
+
c.denied_ous = ["Users"]
|
36
|
+
end
|
37
|
+
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_false
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Adauth::Config, :no_ad => true do
|
4
|
+
it "should default port to 389" do
|
5
|
+
config = Adauth::Config.new
|
6
|
+
config.port.should eq 389
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should calculate the default settings" do
|
10
|
+
config = Adauth::Config.new
|
11
|
+
config.domain = "example.com"
|
12
|
+
config.base.should eq "dc=example, dc=com"
|
13
|
+
config.server.should eq "example.com"
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
class TestUserModel
|
4
|
+
include Adauth::Rails::ModelBridge
|
5
|
+
|
6
|
+
attr_accessor :name
|
7
|
+
|
8
|
+
AdauthMappings = {
|
9
|
+
:name => :name
|
10
|
+
}
|
11
|
+
|
12
|
+
AdauthSearchField = [:name]
|
13
|
+
|
14
|
+
def self.find_by_name(name)
|
15
|
+
TestUserModel.new
|
16
|
+
end
|
17
|
+
|
18
|
+
def save
|
19
|
+
return true
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
describe Adauth::Rails::ModelBridge do
|
24
|
+
it "should extend", :no_ad => true do
|
25
|
+
TestUserModel.should respond_to :create_from_adauth
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should create the model" do
|
29
|
+
default_config
|
30
|
+
TestUserModel.create_from_adauth(administrator)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "should return and create the model" do
|
34
|
+
default_config
|
35
|
+
TestUserModel.return_and_create_from_adauth(administrator)
|
36
|
+
end
|
37
|
+
end
|
data/spec/adauth_spec.rb
CHANGED
@@ -1,36 +1,8 @@
|
|
1
|
-
require '
|
2
|
-
require 'yaml'
|
1
|
+
require 'spec_helper'
|
3
2
|
|
4
|
-
describe Adauth,
|
3
|
+
describe Adauth, :no_ad => true do
|
5
4
|
it "should accept a block" do
|
6
5
|
Adauth.configure do |c|
|
7
|
-
c.domain = "test.example.com"
|
8
6
|
end
|
9
7
|
end
|
10
|
-
|
11
|
-
it "should correctly calculate the base" do
|
12
|
-
Adauth.config.base.should eq("dc=test, dc=example, dc=com")
|
13
|
-
end
|
14
|
-
|
15
|
-
it "should set the server to the domain if not specified" do
|
16
|
-
Adauth.config.server.should eq("test.example.com")
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe Adauth, "#config" do
|
21
|
-
before :each do
|
22
|
-
Adauth.configure do |c|
|
23
|
-
c.domain = "example.com"
|
24
|
-
c.base = "dc=example, dc=com"
|
25
|
-
c.server = "127.0.0.1"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
it "should allow retrival of data" do
|
30
|
-
Adauth.config.domain.should == "example.com"
|
31
|
-
end
|
32
|
-
|
33
|
-
it "should set port to 389 if not set" do
|
34
|
-
Adauth.config.port.should == 389
|
35
|
-
end
|
36
8
|
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'adauth'
|
2
|
+
require 'yaml'
|
3
|
+
|
4
|
+
def default_config
|
5
|
+
Adauth.configure do |c|
|
6
|
+
c.domain = test_data("domain", "domain")
|
7
|
+
c.port = test_data("domain", "port")
|
8
|
+
c.base = test_data("domain", "base")
|
9
|
+
c.server = test_data("domain", "server")
|
10
|
+
c.query_user = test_data("domain", "query_user")
|
11
|
+
c.query_password = test_data("domain", "query_password")
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_data(set, key)
|
16
|
+
@yaml ||= YAML::load(File.open('spec/test_data.yml'))
|
17
|
+
@yaml[set][key]
|
18
|
+
end
|
19
|
+
|
20
|
+
def administrator
|
21
|
+
Adauth::AdObjects::User.where('sAMAccountName', "administrator").first
|
22
|
+
end
|
23
|
+
|
24
|
+
def domain_admins
|
25
|
+
Adauth::AdObjects::Group.where('name', 'Domain Admins').first
|
26
|
+
end
|
27
|
+
|
28
|
+
def domain_controllers
|
29
|
+
Adauth::AdObjects::OU.where('name', 'Domain Controllers').first
|
30
|
+
end
|
31
|
+
|
32
|
+
def pdc
|
33
|
+
domain_controllers.members.first
|
34
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
4
|
+
prerelease: true
|
6
5
|
segments:
|
7
|
-
- 1
|
8
6
|
- 2
|
9
|
-
-
|
10
|
-
|
7
|
+
- 0
|
8
|
+
- 0pre
|
9
|
+
version: 2.0.0pre
|
11
10
|
platform: ruby
|
12
11
|
authors:
|
13
12
|
- Adam "Arcath" Laycock
|
@@ -15,37 +14,45 @@ autorequire:
|
|
15
14
|
bindir: bin
|
16
15
|
cert_chain: []
|
17
16
|
|
18
|
-
date: 2012-
|
17
|
+
date: 2012-08-16 00:00:00 +01:00
|
19
18
|
default_executable:
|
20
19
|
dependencies:
|
21
20
|
- !ruby/object:Gem::Dependency
|
22
|
-
name:
|
21
|
+
name: rake
|
23
22
|
prerelease: false
|
24
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
24
|
requirements:
|
27
25
|
- - ">="
|
28
26
|
- !ruby/object:Gem::Version
|
29
|
-
hash: 3
|
30
27
|
segments:
|
31
28
|
- 0
|
32
29
|
version: "0"
|
33
30
|
type: :development
|
34
31
|
version_requirements: *id001
|
35
32
|
- !ruby/object:Gem::Dependency
|
36
|
-
name:
|
33
|
+
name: rspec
|
37
34
|
prerelease: false
|
38
35
|
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
-
none: false
|
40
36
|
requirements:
|
41
37
|
- - ">="
|
42
38
|
- !ruby/object:Gem::Version
|
43
|
-
hash: 3
|
44
39
|
segments:
|
45
40
|
- 0
|
46
41
|
version: "0"
|
47
|
-
type: :
|
42
|
+
type: :development
|
48
43
|
version_requirements: *id002
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: net-ldap
|
46
|
+
prerelease: false
|
47
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
48
|
+
requirements:
|
49
|
+
- - ">="
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
segments:
|
52
|
+
- 0
|
53
|
+
version: "0"
|
54
|
+
type: :runtime
|
55
|
+
version_requirements: *id003
|
49
56
|
description:
|
50
57
|
email:
|
51
58
|
- gems@arcath.net
|
@@ -57,23 +64,25 @@ extra_rdoc_files: []
|
|
57
64
|
|
58
65
|
files:
|
59
66
|
- .gitignore
|
67
|
+
- .travis.yml
|
60
68
|
- Gemfile
|
61
69
|
- Gemfile.lock
|
62
70
|
- Rakefile
|
63
|
-
- Readme.
|
71
|
+
- Readme.md
|
64
72
|
- adauth.gemspec
|
65
73
|
- lib/adauth.rb
|
66
|
-
- lib/adauth/
|
74
|
+
- lib/adauth/ad_object.rb
|
75
|
+
- lib/adauth/ad_objects/computer.rb
|
76
|
+
- lib/adauth/ad_objects/group.rb
|
77
|
+
- lib/adauth/ad_objects/ou.rb
|
78
|
+
- lib/adauth/ad_objects/user.rb
|
67
79
|
- lib/adauth/authenticate.rb
|
68
80
|
- lib/adauth/config.rb
|
69
81
|
- lib/adauth/connection.rb
|
70
|
-
- lib/adauth/
|
71
|
-
- lib/adauth/helpers.rb
|
72
|
-
- lib/adauth/
|
73
|
-
- lib/adauth/user_model.rb
|
82
|
+
- lib/adauth/rails.rb
|
83
|
+
- lib/adauth/rails/helpers.rb
|
84
|
+
- lib/adauth/rails/model_bridge.rb
|
74
85
|
- lib/adauth/version.rb
|
75
|
-
- lib/generators/adauth/all/USAGE
|
76
|
-
- lib/generators/adauth/all/all_generator.rb
|
77
86
|
- lib/generators/adauth/config/USAGE
|
78
87
|
- lib/generators/adauth/config/config_generator.rb
|
79
88
|
- lib/generators/adauth/config/templates/config.rb.erb
|
@@ -81,13 +90,15 @@ files:
|
|
81
90
|
- lib/generators/adauth/sessions/sessions_generator.rb
|
82
91
|
- lib/generators/adauth/sessions/templates/new.html.erb
|
83
92
|
- lib/generators/adauth/sessions/templates/sessions_controller.rb.erb
|
84
|
-
-
|
85
|
-
-
|
86
|
-
-
|
87
|
-
- spec/
|
93
|
+
- spec/adauth_ad_object_computer_spec.rb
|
94
|
+
- spec/adauth_ad_object_group_spec.rb
|
95
|
+
- spec/adauth_ad_object_ou_spec.rb
|
96
|
+
- spec/adauth_ad_object_user_spec.rb
|
97
|
+
- spec/adauth_authenticate_spec.rb
|
98
|
+
- spec/adauth_config_spec.rb
|
99
|
+
- spec/adauth_rails_model_bridge_spec.rb
|
88
100
|
- spec/adauth_spec.rb
|
89
|
-
- spec/
|
90
|
-
- spec/adauth_user_spec.rb
|
101
|
+
- spec/spec_helper.rb
|
91
102
|
has_rdoc: true
|
92
103
|
homepage: http://adauth.arcath.net
|
93
104
|
licenses: []
|
@@ -98,32 +109,35 @@ rdoc_options: []
|
|
98
109
|
require_paths:
|
99
110
|
- lib
|
100
111
|
required_ruby_version: !ruby/object:Gem::Requirement
|
101
|
-
none: false
|
102
112
|
requirements:
|
103
113
|
- - ">="
|
104
114
|
- !ruby/object:Gem::Version
|
105
|
-
hash: 3
|
106
115
|
segments:
|
107
116
|
- 0
|
108
117
|
version: "0"
|
109
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
110
|
-
none: false
|
111
119
|
requirements:
|
112
|
-
- - "
|
120
|
+
- - ">"
|
113
121
|
- !ruby/object:Gem::Version
|
114
|
-
hash: 3
|
115
122
|
segments:
|
116
|
-
-
|
117
|
-
|
123
|
+
- 1
|
124
|
+
- 3
|
125
|
+
- 1
|
126
|
+
version: 1.3.1
|
118
127
|
requirements: []
|
119
128
|
|
120
129
|
rubyforge_project:
|
121
|
-
rubygems_version: 1.
|
130
|
+
rubygems_version: 1.3.6
|
122
131
|
signing_key:
|
123
132
|
specification_version: 3
|
124
133
|
summary: Provides Active Directory authentication for Rails
|
125
134
|
test_files:
|
126
|
-
- spec/
|
135
|
+
- spec/adauth_ad_object_computer_spec.rb
|
136
|
+
- spec/adauth_ad_object_group_spec.rb
|
137
|
+
- spec/adauth_ad_object_ou_spec.rb
|
138
|
+
- spec/adauth_ad_object_user_spec.rb
|
139
|
+
- spec/adauth_authenticate_spec.rb
|
140
|
+
- spec/adauth_config_spec.rb
|
141
|
+
- spec/adauth_rails_model_bridge_spec.rb
|
127
142
|
- spec/adauth_spec.rb
|
128
|
-
- spec/
|
129
|
-
- spec/adauth_user_spec.rb
|
143
|
+
- spec/spec_helper.rb
|
data/Readme.rdoc
DELETED
@@ -1,66 +0,0 @@
|
|
1
|
-
= {Adauth}[http://adauth.arcath.net/]
|
2
|
-
|
3
|
-
Easy to use Active Directory Authentication for Rails.
|
4
|
-
|
5
|
-
== Install
|
6
|
-
|
7
|
-
Add the Adauth gem to your Gemfile:
|
8
|
-
|
9
|
-
gem 'adauth'
|
10
|
-
|
11
|
-
and run a bundle install
|
12
|
-
|
13
|
-
== Usage
|
14
|
-
|
15
|
-
Adauth requires a config file which can be created by running the command
|
16
|
-
|
17
|
-
rails g adauth:config
|
18
|
-
|
19
|
-
This creates a config file for _example.com_ with all the values present along with helpful comments for getting Adauth up and running.
|
20
|
-
|
21
|
-
Thats enough to very basically run Adauth, and if you prefer complete control over how your authentication is handled you can use this method:
|
22
|
-
|
23
|
-
Adauth.authenticate(username, password)
|
24
|
-
|
25
|
-
Which has 2 possible return values nil if the users details are wrong or an instance of Adauth::User if the details are correct.
|
26
|
-
|
27
|
-
Adauth provides a lot of additional functionality which can be used to get your authentication up and running quickly. See the {wiki}[https://github.com/Arcath/Adauth/wiki] for more information.
|
28
|
-
|
29
|
-
== Developing
|
30
|
-
|
31
|
-
Obviously to test the AD functionality Adauth requires a working domain and a user to try logging in with. If you try running the tests without first creating the test_data.yml file then they will fail with this error:
|
32
|
-
|
33
|
-
Failure/Error: @yaml = YAML::load(File.open('spec/test_data.yml'))
|
34
|
-
|
35
|
-
You need to create a yaml file that looks like this:
|
36
|
-
|
37
|
-
domain:
|
38
|
-
domain: example.com
|
39
|
-
server: 127.0.0.1
|
40
|
-
port: 389
|
41
|
-
base: "dc=example, dc=com"
|
42
|
-
pass_allowed_groups:
|
43
|
-
- group
|
44
|
-
fail_allowed_groups:
|
45
|
-
- no_group
|
46
|
-
pass_allowed_ous:
|
47
|
-
- ou
|
48
|
-
fail_allowed_ous:
|
49
|
-
- no_ou
|
50
|
-
|
51
|
-
user:
|
52
|
-
login: username
|
53
|
-
password: password
|
54
|
-
group: group
|
55
|
-
ou: ou_user_is_in
|
56
|
-
email: email_of_user_in_ad
|
57
|
-
|
58
|
-
The domain portion of this file is pretty self explanatory, they are the same as the code above for creating a domain connection. ALL options need to be set here.
|
59
|
-
|
60
|
-
The pass and fail allowed groups need to be an array with pass containing a group that the test user is a member of and fail containing a group that the test user isn't a member of. (The fail group doesn't have to exist)
|
61
|
-
|
62
|
-
The user is a user capable of logging into the domain, you can use your account here or any account on the domain. The group attribute needs to be set to a group that you are a member of so that the tests can make sure that the correct groups are picked up from AD.
|
63
|
-
|
64
|
-
Don't worry about this file making it into a pull request, it is in the .gitignore file so unless you remove it from there it wont be comitted.
|
65
|
-
|
66
|
-
If you make any additions/changes please add some tests for them.
|