adauth 2.0.0 → 2.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cffe1ba97471be1224d557a5df97bd0e16e5eb59
+  data.tar.gz: d080e1a4e3a065c57da6c7281c60c79e0fe82f07
+SHA512:
+  metadata.gz: 12b8d3a9a46735f4528a890272db9c52434883bbc922f46f243957e87fb6acdf1e7f4abf42d70ca0bed4af8ad2ade0947b5918496af5fbca9e89495e8acab224
+  data.tar.gz: 94ec81bf3fb570be993eb87d51de4543ff11c91de5742e30ef26a7f7acefef8aca2866d76fdde8f87750eb71ffccf7e53f2c05acef3e381959b067d95e0db6a3

data/.gitignore

@@ -8,6 +8,7 @@ doc/*
 .idea/
 .rvmrc
 log/*
+coverage/*
 
 spec/test.sqlite3
 

data/.travis.yml

@@ -2,11 +2,18 @@ language: ruby
 rvm:
  - 1.8.7
  - 1.9.3
+ - 2.0.0
  - rbx-18mode
  - rbx-19mode
+ - ruby-head
 env:
- - "rake=0.8"
  - "rake=0.9"
 script: "bundle exec rspec -t no_ad"
+before_script: "mkdir log"
 notifications:
   email: false
+matrix:
+  allow_failures:
+    - rvm: 1.8.7
+    - rvm: rbx-18mode
+    - rvm: ruby-head

data/Gemfile

@@ -1,3 +1,3 @@
-source :rubygems
+source "https://rubygems.org"
 
 gemspec

data/Gemfile.lock

@@ -1,13 +1,14 @@
 PATH
   remote: .
   specs:
-    adauth (2.0.0pre1)
+    adauth (2.0.0)
       net-ldap
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
     diff-lcs (1.1.3)
+    multi_json (1.7.7)
     net-ldap (0.3.1)
     rake (0.9.2.2)
     rspec (2.11.0)
@@ -18,6 +19,11 @@ GEM
     rspec-expectations (2.11.2)
       diff-lcs (~> 1.1.3)
     rspec-mocks (2.11.2)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    yard (0.8.6.2)
 
 PLATFORMS
   ruby
@@ -26,3 +32,5 @@ DEPENDENCIES
   adauth!
   rake
   rspec
+  simplecov
+  yard

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Adam Laycock
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -1,4 +1,13 @@
 require 'rubygems'
 require 'bundler'
 
-Bundler::GemHelper.install_tasks
+Bundler::GemHelper.install_tasks
+
+desc "Save test results to a file"
+task :generate_test_results do
+  puts "Running Tests"
+  system("rspec -c > rspec_results.txt")
+  puts "Saved!"
+  puts "Results:"
+  system("cat rspec_results.txt")
+end

data/Readme.md

@@ -1,5 +1,6 @@
 # Adauth
-[RDoc](http://rubydoc.info/github/Arcath/Adauth/master/frames) | [www](http://adauth.arcath.net) | [Gempage](http://rubygems.org/gems/adauth) | [![Status](https://secure.travis-ci.org/Arcath/Adauth.png?branch=master)](http://travis-ci.org/Arcath/Adauth)
+[RDoc](http://rubydoc.info/github/Arcath/Adauth/master/frames) | [www](http://adauth.arcath.net) | [Gempage](http://rubygems.org/gems/adauth) | [![Status](https://secure.travis-ci.org/Arcath/Adauth.png?branch=master)](http://travis-ci.org/Arcath/Adauth) | [![Code Climate](https://codeclimate.com/github/Arcath/Adauth.png)](https://codeclimate.com/github/Arcath/Adauth) | [![Dependency Status](https://gemnasium.com/Arcath/Adauth.png)](https://gemnasium.com/Arcath/Adauth)
+
 
 Easy to use Active Directory Authentication for Rails.
 

data/adauth.gemspec

@@ -14,6 +14,8 @@ Gem::Specification.new do |s|
     
     s.add_development_dependency "rake"
     s.add_development_dependency "rspec"
+    s.add_development_dependency "simplecov"
+    s.add_development_dependency "yard"
     s.add_dependency "net-ldap"
     
     s.files         = `git ls-files`.split("\n")

data/lib/adauth.rb

@@ -1,7 +1,7 @@
 # Requires
+require 'logger'
 require 'net/ldap'
 require 'timeout'
-require 'logger'
 # Version
 require 'adauth/version'
 # Classes
@@ -28,6 +28,7 @@ module Adauth
     def self.configure
         @logger ||= Logger.new('log/adauth.log', 'weekly')
         @logger.info('load') { "Loading new config" }
+        @connection = nil
         @config = Config.new
         yield(@config)
     end
@@ -53,16 +54,19 @@ module Adauth
             :server => @config.server, 
             :port => @config.port, 
             :base => @config.base, 
-            :encryption => @config.encryption, 
+            :encryption => @config.encryption,
+            :allow_fallback => @config.allow_fallback,
             :username => user, 
             :password => password 
         }
     end
     
+    # Returns the logger object
     def self.logger
       @logger
     end
     
+    # Lets you set a new logger
     def self.logger=(inputs)
       @logger = inputs
     end

data/lib/adauth/ad_object.rb

@@ -14,10 +14,10 @@ module Adauth
     # Objects inherit from this class.
     #
     # Provides all the common functions for Active Directory.
-    class AdObject      
+    class AdObject
         # Returns all objects which have the ObjectClass of the inherited class
         def self.all
-            Adauth.logger.info(self.inspect) { "Searching for all objects matching filter \"#{self::ObjectFilter}\"" }
+            Adauth.logger.info(self.class.inspect) { "Searching for all objects matching filter \"#{self::ObjectFilter}\"" }
             self.filter(self::ObjectFilter)
         end
         
@@ -26,7 +26,7 @@ module Adauth
         # Uses ObjectFilter to restrict to the current object
         def self.where(field, value)
             search_filter = Net::LDAP::Filter.eq(field, value)
-            Adauth.logger.info(self.inspect) { "Searching for all \"#{self::ObjectFilter}\" where #{field} = #{value}" }
+            Adauth.logger.info(self.class.inspect) { "Searching for all \"#{self::ObjectFilter}\" where #{field} = #{value}" }
             filter(add_object_filter(search_filter))
         end
         
@@ -62,18 +62,19 @@ module Adauth
             @ldap_object
         end
         
-        # Over rides method_missing and interacts with @ldap_object
+        # Over ride method missing to see if the object has a field by that name
         def method_missing(method, *args)
-            if self.class::Fields.keys.include?(method)
-                field = self.class::Fields[method]
-                if field.is_a? Symbol
-                    return (@ldap_object.send(field).to_s).gsub(/\"|\[|\]/, "")
-                elsif field.is_a? Array
-                    @ldap_object.send(field.first).collect(&field.last)
-                end
-            else
-                super
-            end
+          field = self.class::Fields[method]
+          return handle_field(field) if field
+          return super
+        end
+        
+        # Handle the output for the given field
+        def handle_field(field)
+          case field
+            when Symbol then return return_symbol_value(field)
+            when Array then return  @ldap_object.send(field.first).collect(&field.last)
+          end
         end
         
         # Returns all the groups the object is a member of
@@ -84,6 +85,19 @@ module Adauth
             @groups
         end
         
+        # The same as cn_groups, but with the parent groups included
+        def cn_groups_nested
+          @cn_groups_nested = cn_groups
+          cn_groups.each do |group|
+            ado = Adauth::AdObjects::Group.where('name', group).first
+            groups = convert_to_objects ado.cn_groups
+            groups.each do |g|
+              @cn_groups_nested.push g if !(@cn_groups_nested.include?(g))
+            end
+          end
+          return @cn_groups_nested
+        end
+        
         # Returns all the ous the object is in
         def ous
             unless @ous
@@ -108,7 +122,11 @@ module Adauth
         
         # Runs a modify action on the current object, takes an aray of operations
         def modify(operations)
-            raise 'Modify Operation Failed' unless Adauth.connection.modify :dn => @ldap_object.dn, :operations => operations
+          Adauth.logger.info(self.class.inspect) { "Attempting modify operation" }
+          unless Adauth.connection.modify :dn => @ldap_object.dn, :operations => operations
+            Adauth.logger.fatal(self.class.inspect) { "Modify Operation Failed! Code: #{Adauth.connection.get_operation_result.code} Message: #{Adauth.connection.get_operation_result.message}" }
+            raise 'Modify Operation Failed (see log for details)'
+          end
         end
         
         # Returns an array of member objects for this object
@@ -149,5 +167,13 @@ module Adauth
             group = Adauth::AdObjects::Group.where('sAMAccountName', entity).first
             (user || group)
         end
+        
+        def return_symbol_value(field)
+          value = @ldap_object.send(field)
+          case value
+            when String then return value
+            when Net::BER::BerIdentifiedArray then return value.first
+          end
+        end
     end
 end

data/lib/adauth/ad_objects/group.rb

@@ -19,8 +19,9 @@ module Adauth
                     :name => :samaccountname,
                     :cn_members => [ :member,
                         Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
-                    :cn_groups => [ :memberof,
-                        Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
+                    :memberof => :member
+                    #:cn_groups => [ :memberof,
+                    #    Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
                 }
             
             # Object Net::LDAP filter
@@ -30,12 +31,16 @@ module Adauth
                 
             # Returns all the objects which are members of this group
             def members
-                Adauth.logger.info(self.inspect) { "Getting group members for #{self.name}" }
+                Adauth.logger.info(self.class.inspect) { "Getting group members for #{self.name}" }
                 unless @members
                     @members = convert_to_objects(cn_members)
                 end
                 @members
             end
+            
+            def cn_groups
+              memberof.split(/.*?CN=(.*?),.*/)
+            end
         end
     end
 end

data/lib/adauth/ad_objects/user.rb

@@ -42,11 +42,11 @@ module Adauth
             end
             
             # Changes the password to the supplied value
-            #def set_password(new_password)
-            #  Adauth.logger.info("password management") { "Attempting password reset for #{self.login}" }
-            #  password = microsoft_encode_password(new_password)
-            #  modify([[:replace, 'unicodePwd', password]])
-            #end
+            def set_password(new_password)
+              Adauth.logger.info("password management") { "Attempting password reset for #{self.login}" }
+              password = microsoft_encode_password(new_password)
+              modify([[:replace, :unicodePwd, password]])
+            end
             
             private
             

data/lib/adauth/authenticate.rb

@@ -7,16 +7,13 @@ module Adauth
             Adauth.logger.info("authentication") { "Attempting to authenticate as #{username}" }
             if Adauth::AdObjects::User.authenticate(username, password)
                 user = Adauth::AdObjects::User.where('sAMAccountName', username).first
-                if allowed_group_login(user) && allowed_ou_login(user)
+                if allowed_to_login(user)
                     Adauth.logger.info("authentication") { "Authentication succesful" }
                     return user
                 else
-                    Adauth.logger.info("authentication") { "Authentication failed (not in allowed group)" }
+                    Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
                     return false
                 end
-            else
-                Adauth.logger.info("authentication") { "Authentication failed (bad username/password)" }
-                return false
             end
         rescue RuntimeError
             Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
@@ -24,63 +21,16 @@ module Adauth
         end
     end
     
-    # Makes sure the user meets the group requirements
-    def self.allowed_group_login(user)
-        if @config.allowed_groups != []
-            allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.cn_groups)) ? user : nil
-
-            if allowed == nil
-              allowed = is_group_in_group(user) != nil ? user : nil
-            end
-        else
-            allowed = user
-        end
-
-        if @config.denied_groups != []
-            denied = (user && @config.denied_groups == (@config.denied_groups - user.cn_groups)) ? user : nil
-        else
-            denied = user
-        end
-
-        allowed == denied
+    # Check if the user is allowed to login
+    def self.allowed_to_login(user)
+      (allowed_from_arrays(@config.allowed_groups, @config.denied_groups, user.cn_groups_nested) && allowed_from_arrays(@config.allowed_ous, @config.denied_ous, user.dn_ous))
     end
     
-    # Makes sure the user meets the ou requirements
-    def self.allowed_ou_login(user)
-        if @config.allowed_ous != []
-            allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.dn_ous)) ? user : nil
-        else
-            allowed = user
-        end
-
-        if @config.denied_ous != []
-            denied = (user && @config.denied_ous == (@config.denied_ous - user.dn_ous)) ? user : nil
-        else
-            denied = user
-        end
-
-        allowed == denied
-    end
-
-  def self.is_group_in_group(adobject)
-    # Loop through each users group and see if it's a member of an allowed group
-    begin
-      adobject.cn_groups.each do |group|
-
-        if @config.allowed_groups.include?(group)
-          return group
-        end
-
-        adGroup = Adauth::AdObjects::Group.where('name', group).first
-
-        unless self.is_group_in_group(adGroup) == nil
-          return true
-        end
-      end
-    rescue
-      return nil
+    private
+    
+    def self.allowed_from_arrays(allowed, denied, test)
+      return true if allowed.empty? && denied.empty?
+      return true if !((allowed & test).empty?)
+      return false if !((denied & test).empty?)
     end
-
-    nil
-  end
 end

data/lib/adauth/config.rb

@@ -3,7 +3,7 @@ module Adauth
     #
     # Sets the defaults an create and generates guess values.
     class Config
-        attr_accessor   :domain, :port, :base, :server, :encryption, :query_user, :query_password,
+        attr_accessor   :domain, :port, :base, :server, :encryption, :query_user, :query_password, :allow_fallback,
                         :allowed_groups, :denied_groups, :allowed_ous, :denied_ous, :contains_nested_groups
         
         def initialize
@@ -12,6 +12,7 @@ module Adauth
             @allowed_ous = []
             @denied_groups =[]
             @denied_ous = []
+            @allow_fallback = false
             @contains_nested_groups = false
         end
         

data/lib/adauth/connection.rb

@@ -32,6 +32,12 @@ module Adauth
                 }
             rescue Timeout::Error
                 raise 'Unable to connect to LDAP Server'
+            rescue Errno::ECONNRESET
+              if @config[:allow_fallback]
+                @config[:port] = @config[:allow_fallback]
+                @config[:encryption] = false
+                return Adauth::Connection.new(@config).bind
+              end
             end
         end
     end

data/lib/adauth/net-ldap/string.rb

@@ -64,6 +64,7 @@ module Net::BER::Extensions::String
     return result
   end
 
+  # Removes empty blocks from arrays
   def reject_empty_ber_arrays
     self.gsub(/0\000/n,'')
   end

data/lib/adauth/version.rb

@@ -1,4 +1,4 @@
 module Adauth
     # Adauths Version Number
-    Version = '2.0.0'
+    Version = '2.0.1'
 end

data/rspec_results.txt

@@ -0,0 +1,10 @@
+...................*...............
+
+Pending:
+  Adauth::AdObjects::User should allow you to reset the password
+    # Insecure connection, unable to test change password
+    # ./spec/adauth_ad_object_user_spec.rb:49
+
+Finished in 12.3 seconds
+35 examples, 0 failures, 1 pending
+Coverage report generated for RSpec to /Users/arcath/Code/Gems/Adauth/coverage. 472 / 489 LOC (96.52%) covered.

data/spec/adauth_ad_object_computer_spec.rb

@@ -1,9 +1,14 @@
 require 'spec_helper'
 
 describe Adauth::AdObjects::Computer do
+    let(:computer) do
+      ou = Adauth::AdObjects::OU.where('name', 'Domain Controllers').first
+      ou.members.first
+    end
+    
     it "Should find a computer" do
         default_config
-        pdc.should be_a Adauth::AdObjects::Computer
+        computer.should be_a Adauth::AdObjects::Computer
     end
     
     it "should only find computers" do
@@ -15,8 +20,8 @@ describe Adauth::AdObjects::Computer do
     
     it "should be in an ou" do
         default_config
-        pdc.ous.should be_a Array
-        pdc.ous.first.should be_a Adauth::AdObjects::OU
-        pdc.ous.first.name.should eq "Domain Controllers"
+        computer.ous.should be_a Array
+        computer.ous.first.should be_a Adauth::AdObjects::OU
+        computer.ous.first.name.should eq "Domain Controllers"
     end
 end

data/spec/adauth_ad_object_folder_spec.rb

@@ -1,13 +1,17 @@
 require 'spec_helper'
 
 describe Adauth::AdObjects::Folder do
-    it "should find Domain Controllers" do
+    let(:root_folder) do
+      Adauth::AdObjects::Folder.root
+    end
+  
+    it "should find the root of the domain" do
         default_config
-        Adauth::AdObjects::Folder.root.should be_a Adauth::AdObjects::Folder
+        root_folder.should be_a Adauth::AdObjects::Folder
     end
     
     it "should have members" do
         default_config
-        Adauth::AdObjects::Folder.root.members.should be_a Array
+        root_folder.members.should be_a Array
     end
 end

data/spec/adauth_ad_object_group_spec.rb

@@ -1,21 +1,23 @@
 require 'spec_helper'
 
 describe Adauth::AdObjects::Group do
+    let(:domain_admins) do
+      Adauth::AdObjects::Group.where('name', 'Domain Admins').first
+    end
+    
     it "should have a name" do
         default_config
-        group = domain_admins
-        group.name.should eq "Domain Admins"
+        domain_admins.name.should eq "Domain Admins"
     end
     
     it "should have a members list" do
         default_config
-        group = domain_admins
-        group.members.first.name.should be_a String
+        domain_admins.members.should be_a Array
+        domain_admins.members.first.name.should be_a String
     end
     
     it "should be a member of" do
         default_config
-        group = domain_admins
-        group.groups.should be_a Array
+        domain_admins.groups.should be_a Array
     end
 end

data/spec/adauth_ad_object_ou_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 
 describe Adauth::AdObjects::OU do
+    let(:domain_controllers) do
+      Adauth::AdObjects::OU.where('name', 'Domain Controllers').first
+    end
+    
     it "should find Domain Controllers" do
         default_config
         domain_controllers.should be_a Adauth::AdObjects::OU

data/spec/adauth_ad_object_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe Adauth::AdObject do
+  let(:computer) do
+    ou = Adauth::AdObjects::OU.where('name', 'Domain Controllers').first
+    ou.members.first
+  end
+  
+  let(:user) do
+    Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+  end
+  
+  it "should still have method missing" do
+    default_config
+    computer.should be_a Adauth::AdObjects::Computer
+    lambda { computer.foo_bar }.should raise_exception NoMethodError
+  end
+  
+  it "should generate a nested group list" do
+    user.cn_groups.should_not eq user.cn_groups_nested
+  end
+end

data/spec/adauth_ad_object_user_spec.rb

@@ -1,10 +1,13 @@
 require 'spec_helper'
 
 describe Adauth::AdObjects::User do
+    let(:user) do
+      Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+    end
+    
     it "should find administrator" do
         default_config
-        user = administrator
-        user.login.should eq "Administrator"
+        user.login.should eq test_data("domain", "breakable_user")
     end
     
     it "should authenticate a user" do
@@ -14,40 +17,47 @@ describe Adauth::AdObjects::User do
     
     it "should find groups" do
         default_config
-        user = administrator
         user.groups.should be_a Array
         user.groups.first.should be_a Adauth::AdObjects::Group
     end
     
-    it "should return true for member_of" do
+    it "should return boolean for member_of" do
         default_config
-        user = administrator
-        user.member_of?("Domain Admins").should be_true
+        user.member_of?("A Group").should be_false
     end
     
     it "should allow for modification" do
         default_config
         Adauth.add_field(Adauth::AdObjects::User, :phone, :homePhone)
-        number = administrator.phone
-        administrator.modify([[:replace, :homephone, "8765"]])
-        administrator.phone.should eq "8765"
-        administrator.modify([[:replace, :homephone, number]])
+        number = user.phone
+        user.modify([[:replace, :homephone, "8765"]])
+        new_user = Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+        new_user.phone.should eq "8765"
+        new_user.modify([[:replace, :homephone, number]])
+        new2_user = Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+        new2_user.phone.should eq number
     end
     
     it "should allow for additional methods" do
         default_config
         Adauth.add_field(Adauth::AdObjects::User, :description, :description)
         administrator.description.should be_a String
+        Adauth.add_field(Adauth::AdObjects::User, :objectguid, :objectguid)
+        administrator.objectguid.should be_a String
     end
     
-    #it "should allow you to reset the password" do
-    #  default_config
-    #  Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
-    #  user = Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
-    #  user.login.should eq test_data("domain", "breakable_user")
-    #  user.set_password("adauth_test")
-    #  Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), "adauth_test").should be_true
-    #  user.set_password(test_data("domain", "breakable_password"))
-    #  Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
-    #end
+    it "should allow you to reset the password" do
+      default_config
+      begin
+        Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
+        user = Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+        user.login.should eq test_data("domain", "breakable_user")
+        user.set_password("adauth_test")
+        Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), "adauth_test").should be_true
+        user.set_password(test_data("domain", "breakable_password"))
+        Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
+      rescue RuntimeError
+        pending("Insecure connection, unable to test change password")
+      end
+    end
 end

data/spec/adauth_authenticate_spec.rb

@@ -11,6 +11,32 @@ describe Adauth, "#authenticate" do
         Adauth.authenticate(test_data("domain", "query_user"), "foo").should be_false
     end
     
+    it "should allow the user if allowed groups are used" do
+      Adauth.configure do |c|
+          c.domain = test_data("domain", "domain")
+          c.port = test_data("domain", "port")
+          c.base = test_data("domain", "base")
+          c.server = test_data("domain", "server")
+          c.query_user = test_data("domain", "query_user")
+          c.query_password = test_data("domain", "query_password")
+          c.allowed_groups = ["Administrators"]
+      end
+      Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
+    end
+    
+    it "should allow the user if allowed ous are used" do
+      Adauth.configure do |c|
+          c.domain = test_data("domain", "domain")
+          c.port = test_data("domain", "port")
+          c.base = test_data("domain", "base")
+          c.server = test_data("domain", "server")
+          c.query_user = test_data("domain", "query_user")
+          c.query_password = test_data("domain", "query_password")
+          c.allowed_ous = ["Users"]
+      end
+      Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
+    end
+    
     it "should reject a user if denied group is used" do
         Adauth.configure do |c|
             c.domain = test_data("domain", "domain")

data/spec/adauth_connection_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe Adauth::Connection do
+  it "should support encryption" do
+    Adauth.configure do |c|
+      c.domain = test_data("domain", "domain")
+      c.port = test_data("domain", "port")
+      c.base = test_data("domain", "base")
+      c.server = test_data("domain", "server")
+      c.encryption = :simple_tls
+      c.query_user = test_data("domain", "query_user")
+      c.query_password = test_data("domain", "query_password")
+    end
+    begin
+      Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password"))
+    rescue
+      # Failed to authenticate due to encryption (not what we are testing here)
+    end
+  end
+  
+  it "should timeout if asked to connect to a server that doesn't exist" do
+    Adauth.configure do |c|
+      c.domain = test_data("domain", "domain")
+      c.port = test_data("domain", "port")
+      c.base = test_data("domain", "base")
+      c.server = "127.0.0.2"
+      c.query_user = test_data("domain", "query_user")
+      c.query_password = test_data("domain", "query_password")
+    end
+
+    lambda { Adauth::AdObjects::User.all }.should raise_exception
+  end
+end

data/spec/adauth_rails_model_bridge_spec.rb

@@ -21,7 +21,7 @@ class TestUserModel
 end
 
 describe Adauth::Rails::ModelBridge do
-    it "should extend", :no_ad => true do
+      it "should extend", :no_ad => true do
         TestUserModel.should respond_to :create_from_adauth
     end
     

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+# Test coverage
+require 'simplecov'
+SimpleCov.start
+
+# Requires
 require 'adauth'
 require 'yaml'
 
@@ -7,6 +12,8 @@ def default_config
         c.port = test_data("domain", "port")
         c.base = test_data("domain", "base")
         c.server = test_data("domain", "server")
+        c.encryption = test_data("domain", "encryption").to_sym if test_data("domain", "encryption")
+        c.allow_fallback = test_data("domain", "allow_fallback") if test_data("domain", "allow_fallback")
         c.query_user = test_data("domain", "query_user")
         c.query_password = test_data("domain", "query_password")
     end
@@ -21,14 +28,10 @@ def administrator
     Adauth::AdObjects::User.where('sAMAccountName', "administrator").first
 end
 
-def domain_admins
-    Adauth::AdObjects::Group.where('name', 'Domain Admins').first
-end
-
-def domain_controllers
-    Adauth::AdObjects::OU.where('name', 'Domain Controllers').first
-end
+#def breakable_user
+#  Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
+#end
 
-def pdc
-    domain_controllers.members.first
+def query_user
+  Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "query_user")).first
 end

data/spec/test_data.example.yml

@@ -1,7 +1,11 @@
 domain:
   domain: example.com
-  port: 389
+  port: 389 # Change to 636 for ssl encryption
+  #encryption: simple_tls
+  #allow_fallback: 389 # Used to fallback to insecure
   base: "dc=example, dc=com"
   server: dc1.example.com
   query_user: User.Name
-  query_password: Password
+  query_password: Password
+  breakable_user: User.Name
+  breakable_password: Password

metadata

@@ -1,62 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: adauth
 version: !ruby/object:Gem::Version
-  version: 2.0.0
-  prerelease: 
+  version: 2.0.1
 platform: ruby
 authors:
 - Adam "Arcath" Laycock
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-19 00:00:00.000000000 Z
+date: 2013-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: A full featured library for working with Microsofts Active Directory
@@ -71,6 +92,7 @@ files:
 - .travis.yml
 - Gemfile
 - Gemfile.lock
+- LICENSE.txt
 - Rakefile
 - Readme.md
 - adauth.gemspec
@@ -96,49 +118,53 @@ files:
 - lib/generators/adauth/sessions/sessions_generator.rb
 - lib/generators/adauth/sessions/templates/new.html.erb
 - lib/generators/adauth/sessions/templates/sessions_controller.rb.erb
+- rspec_results.txt
 - spec/adauth_ad_object_computer_spec.rb
 - spec/adauth_ad_object_folder_spec.rb
 - spec/adauth_ad_object_group_spec.rb
 - spec/adauth_ad_object_ou_spec.rb
+- spec/adauth_ad_object_spec.rb
 - spec/adauth_ad_object_user_spec.rb
 - spec/adauth_authenticate_spec.rb
 - spec/adauth_config_spec.rb
+- spec/adauth_connection_spec.rb
 - spec/adauth_rails_model_bridge_spec.rb
 - spec/adauth_spec.rb
 - spec/spec_helper.rb
 - spec/test_data.example.yml
 homepage: http://adauth.arcath.net
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.0.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Provides Active Directory authentication for Rails
 test_files:
 - spec/adauth_ad_object_computer_spec.rb
 - spec/adauth_ad_object_folder_spec.rb
 - spec/adauth_ad_object_group_spec.rb
 - spec/adauth_ad_object_ou_spec.rb
+- spec/adauth_ad_object_spec.rb
 - spec/adauth_ad_object_user_spec.rb
 - spec/adauth_authenticate_spec.rb
 - spec/adauth_config_spec.rb
+- spec/adauth_connection_spec.rb
 - spec/adauth_rails_model_bridge_spec.rb
 - spec/adauth_spec.rb
 - spec/spec_helper.rb