adauth 2.0.0pre2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -1
- data/Readme.md +27 -3
- data/adauth.gemspec +1 -0
- data/lib/adauth.rb +18 -2
- data/lib/adauth/ad_object.rb +58 -17
- data/lib/adauth/ad_objects/folder.rb +33 -0
- data/lib/adauth/ad_objects/group.rb +2 -1
- data/lib/adauth/ad_objects/ou.rb +0 -13
- data/lib/adauth/ad_objects/user.rb +18 -2
- data/lib/adauth/authenticate.rb +33 -0
- data/lib/adauth/config.rb +3 -2
- data/lib/adauth/connection.rb +3 -3
- data/lib/adauth/net-ldap/string.rb +70 -0
- data/lib/adauth/rails/model_bridge.rb +5 -4
- data/lib/adauth/version.rb +1 -1
- data/spec/adauth_ad_object_computer_spec.rb +7 -0
- data/spec/adauth_ad_object_folder_spec.rb +13 -0
- data/spec/adauth_ad_object_user_spec.rb +11 -0
- data/spec/adauth_spec.rb +4 -0
- data/spec/test_data.example.yml +7 -0
- metadata +13 -6
data/.gitignore
CHANGED
data/Readme.md
CHANGED
@@ -13,13 +13,15 @@ and run a bundle install
|
|
13
13
|
|
14
14
|
## Usage
|
15
15
|
|
16
|
+
### In Rails
|
17
|
+
|
16
18
|
First off create a new config file by running the config generator
|
17
19
|
|
18
20
|
rails g adauth:config
|
19
21
|
|
20
22
|
Fill out the config values in _config/initializers/adauth.rb_
|
21
23
|
|
22
|
-
|
24
|
+
#### Joining a model to Adauth
|
23
25
|
|
24
26
|
If you want to link your user model to Adauth you can use this simple code:
|
25
27
|
|
@@ -43,6 +45,28 @@ This gives you a bridge between Adauth and your model. When you call `User.creat
|
|
43
45
|
|
44
46
|
This can be used for any model and anything that you pull over through adauth.
|
45
47
|
|
46
|
-
|
48
|
+
#### SessionsController
|
49
|
+
|
50
|
+
You can use a premade sessions controller by running
|
51
|
+
|
52
|
+
rails g adauth:sessions
|
53
|
+
|
54
|
+
Which adds a couple of routes, a sessions controller and a login form. To login go to _/sessions/new_ and fill out the form, you will then POST to _/adauth_ and if succesful you will be sent back to _root_path_
|
55
|
+
|
56
|
+
### In Scripts
|
57
|
+
|
58
|
+
To use Adauth in a script or other program just call `Adauth.configure` somewhere at the begining of the script, once configured Adauth can be used anywhere in your program the same as rails.
|
59
|
+
|
60
|
+
## Configuring
|
61
|
+
|
62
|
+
Adauth has a few configuration options which are described in detail on the [wiki](https://github.com/Arcath/Adauth/wiki/Configuring).
|
63
|
+
|
64
|
+
## Logs
|
65
|
+
|
66
|
+
Adauth logs to weekly logs in logs/adauth.log(.DATE)
|
67
|
+
|
68
|
+
You can interact with the logger through `Adauth.logger` and set a new one using `Adauth.logger=`
|
69
|
+
|
70
|
+
## Developing
|
47
71
|
|
48
|
-
|
72
|
+
Before you can run the tests you will need to write a yml file with your domain settings in and place it at _spec/test_data.yml_, there is an example of this file in the spec folder.
|
data/adauth.gemspec
CHANGED
@@ -10,6 +10,7 @@ Gem::Specification.new do |s|
|
|
10
10
|
s.email = ["gems@arcath.net"]
|
11
11
|
s.homepage = "http://adauth.arcath.net"
|
12
12
|
s.summary = "Provides Active Directory authentication for Rails"
|
13
|
+
s.description = "A full featured library for working with Microsofts Active Directory in Ruby."
|
13
14
|
|
14
15
|
s.add_development_dependency "rake"
|
15
16
|
s.add_development_dependency "rspec"
|
data/lib/adauth.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# Requires
|
2
2
|
require 'net/ldap'
|
3
3
|
require 'timeout'
|
4
|
+
require 'logger'
|
4
5
|
# Version
|
5
6
|
require 'adauth/version'
|
6
7
|
# Classes
|
@@ -10,6 +11,7 @@ require 'adauth/config'
|
|
10
11
|
require 'adauth/connection'
|
11
12
|
# AdObjects
|
12
13
|
require 'adauth/ad_objects/computer'
|
14
|
+
require 'adauth/ad_objects/folder'
|
13
15
|
require 'adauth/ad_objects/group'
|
14
16
|
require 'adauth/ad_objects/ou'
|
15
17
|
require 'adauth/ad_objects/user'
|
@@ -18,23 +20,29 @@ require 'adauth/rails'
|
|
18
20
|
require 'adauth/rails/helpers'
|
19
21
|
require 'adauth/rails/model_bridge'
|
20
22
|
|
23
|
+
require 'adauth/net-ldap/string.rb' # Hot fix for issue
|
24
|
+
|
21
25
|
# Adauth Container Module
|
22
|
-
module Adauth
|
26
|
+
module Adauth
|
23
27
|
# Yields a new config object and then sets it as the Adauth Config
|
24
28
|
def self.configure
|
29
|
+
@logger ||= Logger.new('log/adauth.log', 'weekly')
|
30
|
+
@logger.info('load') { "Loading new config" }
|
25
31
|
@config = Config.new
|
26
32
|
yield(@config)
|
27
33
|
end
|
28
34
|
|
29
35
|
# Returns Adauths current connection to ActiveDirectory
|
30
36
|
def self.connection
|
31
|
-
|
37
|
+
@logger.fatal('connection') { "Attempted to create connection without configuring" } if @config == nil
|
38
|
+
raise 'Adauth needs configuring before use' if @config == nil # Still raise an error here even after logging it so that adauth stops dead and doesn't error on the next line
|
32
39
|
connect unless @connection
|
33
40
|
@connection
|
34
41
|
end
|
35
42
|
|
36
43
|
# Connects to ActiveDirectory using the query user details
|
37
44
|
def self.connect
|
45
|
+
@logger.info('connection') { "Connecting to AD as \"#{@config.query_user}\"" }
|
38
46
|
@connection = Adauth::Connection.new(connection_hash(@config.query_user, @config.query_password)).bind
|
39
47
|
end
|
40
48
|
|
@@ -50,4 +58,12 @@ module Adauth
|
|
50
58
|
:password => password
|
51
59
|
}
|
52
60
|
end
|
61
|
+
|
62
|
+
def self.logger
|
63
|
+
@logger
|
64
|
+
end
|
65
|
+
|
66
|
+
def self.logger=(inputs)
|
67
|
+
@logger = inputs
|
68
|
+
end
|
53
69
|
end
|
data/lib/adauth/ad_object.rb
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
module Adauth
|
2
|
+
# Container for Objects which inherit from Adauth::AdObject
|
3
|
+
module AdObjects
|
4
|
+
end
|
5
|
+
|
6
|
+
# Add a field to the specified model
|
2
7
|
def self.add_field(object, adauth_method, ldap_method)
|
8
|
+
Adauth.logger.info(object.inspect) { "Adding field \"#{ldap_method}\"" }
|
3
9
|
object::Fields[adauth_method] = ldap_method
|
4
10
|
end
|
5
11
|
|
@@ -8,27 +14,42 @@ module Adauth
|
|
8
14
|
# Objects inherit from this class.
|
9
15
|
#
|
10
16
|
# Provides all the common functions for Active Directory.
|
11
|
-
class AdObject
|
17
|
+
class AdObject
|
12
18
|
# Returns all objects which have the ObjectClass of the inherited class
|
13
19
|
def self.all
|
14
|
-
|
15
|
-
|
16
|
-
results.push self.new(result)
|
17
|
-
end
|
18
|
-
results
|
20
|
+
Adauth.logger.info(self.inspect) { "Searching for all objects matching filter \"#{self::ObjectFilter}\"" }
|
21
|
+
self.filter(self::ObjectFilter)
|
19
22
|
end
|
20
23
|
|
21
24
|
# Returns all the objects which match the supplied query
|
22
25
|
#
|
23
26
|
# Uses ObjectFilter to restrict to the current object
|
24
27
|
def self.where(field, value)
|
25
|
-
results = []
|
26
28
|
search_filter = Net::LDAP::Filter.eq(field, value)
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
Adauth.logger.info(self.inspect) { "Searching for all \"#{self::ObjectFilter}\" where #{field} = #{value}" }
|
30
|
+
filter(add_object_filter(search_filter))
|
31
|
+
end
|
32
|
+
|
33
|
+
# Returns all LDAP objects that match the given filter
|
34
|
+
#
|
35
|
+
# Use with add_object_filter to make sure that you only get objects that match the object you are querying though
|
36
|
+
def self.filter(filter)
|
37
|
+
results = []
|
38
|
+
|
39
|
+
result = Adauth.connection.search(:filter => filter)
|
40
|
+
|
41
|
+
raise 'Search returned NIL' if result == nil
|
42
|
+
|
43
|
+
result.each do |entry|
|
44
|
+
results << self.new(entry)
|
45
|
+
end
|
46
|
+
|
47
|
+
results
|
48
|
+
end
|
49
|
+
|
50
|
+
# Adds the object filter to the passed filter
|
51
|
+
def self.add_object_filter(filter)
|
52
|
+
filter & self::ObjectFilter
|
32
53
|
end
|
33
54
|
|
34
55
|
# Creates a new instance of the object and sets @ldap_object to the passed Net::LDAP entity
|
@@ -85,8 +106,32 @@ module Adauth
|
|
85
106
|
@dn_ous
|
86
107
|
end
|
87
108
|
|
109
|
+
# Runs a modify action on the current object, takes an aray of operations
|
88
110
|
def modify(operations)
|
89
|
-
raise
|
111
|
+
raise 'Modify Operation Failed' unless Adauth.connection.modify :dn => @ldap_object.dn, :operations => operations
|
112
|
+
end
|
113
|
+
|
114
|
+
# Returns an array of member objects for this object
|
115
|
+
def members
|
116
|
+
unless @members
|
117
|
+
@members = []
|
118
|
+
[Adauth::AdObjects::Computer, Adauth::AdObjects::OU, Adauth::AdObjects::User, Adauth::AdObjects::Group].each do |object|
|
119
|
+
object.all.each do |entity|
|
120
|
+
@members.push entity if entity.is_a_member?(self)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
@members
|
125
|
+
end
|
126
|
+
|
127
|
+
# Checks to see if the object is a member of a given parent (though DN)
|
128
|
+
def is_a_member?(parent)
|
129
|
+
my_split_dn = @ldap_object.dn.split(",")
|
130
|
+
parent_split_dn = parent.ldap_object.dn.split(",")
|
131
|
+
if (my_split_dn.count - 1) == parent_split_dn.count
|
132
|
+
return true if my_split_dn[1] == parent_split_dn[0]
|
133
|
+
end
|
134
|
+
return false
|
90
135
|
end
|
91
136
|
|
92
137
|
private
|
@@ -105,8 +150,4 @@ module Adauth
|
|
105
150
|
(user || group)
|
106
151
|
end
|
107
152
|
end
|
108
|
-
|
109
|
-
# Container for Objects which inherit from Adauth::AdObject
|
110
|
-
module AdObjects
|
111
|
-
end
|
112
153
|
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module Adauth
|
2
|
+
module AdObjects
|
3
|
+
# Active Directory OU Object
|
4
|
+
#
|
5
|
+
# Inherits from Adauth::AdObject
|
6
|
+
class Folder < Adauth::AdObject
|
7
|
+
# Field mapping
|
8
|
+
#
|
9
|
+
# Maps methods to LDAP fields e.g.
|
10
|
+
#
|
11
|
+
# :foo => :bar
|
12
|
+
#
|
13
|
+
# Becomes
|
14
|
+
#
|
15
|
+
# Computer.name
|
16
|
+
#
|
17
|
+
# Which calls .name on the LDAP object
|
18
|
+
Fields = {
|
19
|
+
:name => :name
|
20
|
+
}
|
21
|
+
|
22
|
+
# Object Net::LDAP filter
|
23
|
+
#
|
24
|
+
# Used to restrict searches to just this object
|
25
|
+
ObjectFilter = Net::LDAP::Filter.eq("objectClass", "top")
|
26
|
+
|
27
|
+
# Returns the Domain Object which is useful for building domain maps.
|
28
|
+
def self.root
|
29
|
+
self.new(Adauth.connection.search(:filter => Net::LDAP::Filter.eq("objectClass", "Domain")).first)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -25,11 +25,12 @@ module Adauth
|
|
25
25
|
|
26
26
|
# Object Net::LDAP filter
|
27
27
|
#
|
28
|
-
# Used to restrict searches to just this object
|
28
|
+
# Used to restrict searches' to just this object
|
29
29
|
ObjectFilter = Net::LDAP::Filter.eq("objectClass", "group")
|
30
30
|
|
31
31
|
# Returns all the objects which are members of this group
|
32
32
|
def members
|
33
|
+
Adauth.logger.info(self.inspect) { "Getting group members for #{self.name}" }
|
33
34
|
unless @members
|
34
35
|
@members = convert_to_objects(cn_members)
|
35
36
|
end
|
data/lib/adauth/ad_objects/ou.rb
CHANGED
@@ -23,19 +23,6 @@ module Adauth
|
|
23
23
|
#
|
24
24
|
# Used to restrict searches to just this object
|
25
25
|
ObjectFilter = Net::LDAP::Filter.eq("objectClass", "organizationalUnit")
|
26
|
-
|
27
|
-
# Returns all objects contained with in this OU
|
28
|
-
def members
|
29
|
-
unless @members
|
30
|
-
@members = []
|
31
|
-
[Adauth::AdObjects::Computer, Adauth::AdObjects::Group, Adauth::AdObjects::User].each do |object|
|
32
|
-
object.all.each do |entity|
|
33
|
-
@members.push entity if entity.ldap_object.dn =~ /#{@ldap_object.dn}/
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
@members
|
38
|
-
end
|
39
26
|
end
|
40
27
|
end
|
41
28
|
end
|
@@ -27,7 +27,7 @@ module Adauth
|
|
27
27
|
# Object Net::LDAP filter
|
28
28
|
#
|
29
29
|
# Used to restrict searches to just this object
|
30
|
-
ObjectFilter = Net::LDAP::Filter.eq(
|
30
|
+
ObjectFilter = Net::LDAP::Filter.eq('objectClass', 'user')
|
31
31
|
|
32
32
|
# Returns a connection to AD within the users context, used to check a user credentails
|
33
33
|
#
|
@@ -36,10 +36,26 @@ module Adauth
|
|
36
36
|
user_connection = Adauth::Connection.new(Adauth.connection_hash(user, password)).bind
|
37
37
|
end
|
38
38
|
|
39
|
-
# Returns True/False if the user is member of the
|
39
|
+
# Returns True/False if the user is member of the supplied group
|
40
40
|
def member_of?(group)
|
41
41
|
cn_groups.include?(group)
|
42
42
|
end
|
43
|
+
|
44
|
+
# Changes the password to the supplied value
|
45
|
+
#def set_password(new_password)
|
46
|
+
# Adauth.logger.info("password management") { "Attempting password reset for #{self.login}" }
|
47
|
+
# password = microsoft_encode_password(new_password)
|
48
|
+
# modify([[:replace, 'unicodePwd', password]])
|
49
|
+
#end
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def microsoft_encode_password(password)
|
54
|
+
out = ""
|
55
|
+
password = "\"" + password + "\""
|
56
|
+
password.length.times{|i| out+= "#{password[i..i]}\000" }
|
57
|
+
return out
|
58
|
+
end
|
43
59
|
end
|
44
60
|
end
|
45
61
|
end
|
data/lib/adauth/authenticate.rb
CHANGED
@@ -4,17 +4,22 @@ module Adauth
|
|
4
4
|
# Checks the groups & ous are in the allow/deny lists
|
5
5
|
def self.authenticate(username, password)
|
6
6
|
begin
|
7
|
+
Adauth.logger.info("authentication") { "Attempting to authenticate as #{username}" }
|
7
8
|
if Adauth::AdObjects::User.authenticate(username, password)
|
8
9
|
user = Adauth::AdObjects::User.where('sAMAccountName', username).first
|
9
10
|
if allowed_group_login(user) && allowed_ou_login(user)
|
11
|
+
Adauth.logger.info("authentication") { "Authentication succesful" }
|
10
12
|
return user
|
11
13
|
else
|
14
|
+
Adauth.logger.info("authentication") { "Authentication failed (not in allowed group)" }
|
12
15
|
return false
|
13
16
|
end
|
14
17
|
else
|
18
|
+
Adauth.logger.info("authentication") { "Authentication failed (bad username/password)" }
|
15
19
|
return false
|
16
20
|
end
|
17
21
|
rescue RuntimeError
|
22
|
+
Adauth.logger.info("authentication") { "Authentication failed (RuntimeError)" }
|
18
23
|
return false
|
19
24
|
end
|
20
25
|
end
|
@@ -23,6 +28,10 @@ module Adauth
|
|
23
28
|
def self.allowed_group_login(user)
|
24
29
|
if @config.allowed_groups != []
|
25
30
|
allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.cn_groups)) ? user : nil
|
31
|
+
|
32
|
+
if allowed == nil
|
33
|
+
allowed = is_group_in_group(user) != nil ? user : nil
|
34
|
+
end
|
26
35
|
else
|
27
36
|
allowed = user
|
28
37
|
end
|
@@ -32,6 +41,7 @@ module Adauth
|
|
32
41
|
else
|
33
42
|
denied = user
|
34
43
|
end
|
44
|
+
|
35
45
|
allowed == denied
|
36
46
|
end
|
37
47
|
|
@@ -48,6 +58,29 @@ module Adauth
|
|
48
58
|
else
|
49
59
|
denied = user
|
50
60
|
end
|
61
|
+
|
51
62
|
allowed == denied
|
52
63
|
end
|
64
|
+
|
65
|
+
def self.is_group_in_group(adobject)
|
66
|
+
# Loop through each users group and see if it's a member of an allowed group
|
67
|
+
begin
|
68
|
+
adobject.cn_groups.each do |group|
|
69
|
+
|
70
|
+
if @config.allowed_groups.include?(group)
|
71
|
+
return group
|
72
|
+
end
|
73
|
+
|
74
|
+
adGroup = Adauth::AdObjects::Group.where('name', group).first
|
75
|
+
|
76
|
+
unless self.is_group_in_group(adGroup) == nil
|
77
|
+
return true
|
78
|
+
end
|
79
|
+
end
|
80
|
+
rescue
|
81
|
+
return nil
|
82
|
+
end
|
83
|
+
|
84
|
+
nil
|
85
|
+
end
|
53
86
|
end
|
data/lib/adauth/config.rb
CHANGED
@@ -4,7 +4,7 @@ module Adauth
|
|
4
4
|
# Sets the defaults an create and generates guess values.
|
5
5
|
class Config
|
6
6
|
attr_accessor :domain, :port, :base, :server, :encryption, :query_user, :query_password,
|
7
|
-
:allowed_groups, :denied_groups, :allowed_ous, :denied_ous
|
7
|
+
:allowed_groups, :denied_groups, :allowed_ous, :denied_ous, :contains_nested_groups
|
8
8
|
|
9
9
|
def initialize
|
10
10
|
@port = 389
|
@@ -12,13 +12,14 @@ module Adauth
|
|
12
12
|
@allowed_ous = []
|
13
13
|
@denied_groups =[]
|
14
14
|
@denied_ous = []
|
15
|
+
@contains_nested_groups = false
|
15
16
|
end
|
16
17
|
|
17
18
|
# Guesses the Server and Base string
|
18
19
|
def domain=(s)
|
19
20
|
@domain = s
|
20
21
|
@server ||= s
|
21
|
-
@base ||= s.gsub(/\./,', dc=').
|
22
|
+
@base ||= s.gsub(/\./,', dc=').insert(0, 'dc=')
|
22
23
|
end
|
23
24
|
end
|
24
25
|
end
|
data/lib/adauth/connection.rb
CHANGED
@@ -17,7 +17,7 @@ module Adauth
|
|
17
17
|
:port => @config[:port],
|
18
18
|
:base => @config[:base]
|
19
19
|
if @config[:encryption]
|
20
|
-
conn.encryption
|
20
|
+
conn.encryption @config[:encryption]
|
21
21
|
end
|
22
22
|
|
23
23
|
conn.auth "#{@config[:username]}@#{@config[:domain]}", @config[:password]
|
@@ -27,11 +27,11 @@ module Adauth
|
|
27
27
|
if conn.bind
|
28
28
|
return conn
|
29
29
|
else
|
30
|
-
raise
|
30
|
+
raise 'Query User Rejected'
|
31
31
|
end
|
32
32
|
}
|
33
33
|
rescue Timeout::Error
|
34
|
-
raise
|
34
|
+
raise 'Unable to connect to LDAP Server'
|
35
35
|
end
|
36
36
|
end
|
37
37
|
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# -*- ruby encoding: utf-8 -*-
|
2
|
+
require 'stringio'
|
3
|
+
|
4
|
+
# THIS FILE OVERRIDES SOME OF THE CONFIG IN NET::LDAP
|
5
|
+
#
|
6
|
+
# It exists because adauth needs this pull request
|
7
|
+
|
8
|
+
##
|
9
|
+
# BER extensions to the String class.
|
10
|
+
module Net::BER::Extensions::String
|
11
|
+
##
|
12
|
+
# Converts a string to a BER string. Universal octet-strings are tagged
|
13
|
+
# with 0x04, but other values are possible depending on the context, so we
|
14
|
+
# let the caller give us one.
|
15
|
+
#
|
16
|
+
# User code should call either #to_ber_application_string or
|
17
|
+
# #to_ber_contextspecific.
|
18
|
+
def to_ber(code = 0x04)
|
19
|
+
raw_string = raw_utf8_encoded
|
20
|
+
[code].pack('C') + raw_string.length.to_ber_length_encoding + raw_string
|
21
|
+
end
|
22
|
+
|
23
|
+
# The patched method we need
|
24
|
+
def raw_utf8_encoded
|
25
|
+
if self.respond_to?(:encode)
|
26
|
+
# Strings should be UTF-8 encoded according to LDAP.
|
27
|
+
# However, the BER code is not necessarily valid UTF-8
|
28
|
+
#self.encode('UTF-8').force_encoding('ASCII-8BIT')
|
29
|
+
self.encode('UTF-8', invalid: :replace, undef: :replace, replace: '' ).force_encoding('ASCII-8BIT')
|
30
|
+
else
|
31
|
+
self
|
32
|
+
end
|
33
|
+
end
|
34
|
+
private :raw_utf8_encoded
|
35
|
+
|
36
|
+
##
|
37
|
+
# Creates an application-specific BER string encoded value with the
|
38
|
+
# provided syntax code value.
|
39
|
+
def to_ber_application_string(code)
|
40
|
+
to_ber(0x40 + code)
|
41
|
+
end
|
42
|
+
|
43
|
+
##
|
44
|
+
# Creates a context-specific BER string encoded value with the provided
|
45
|
+
# syntax code value.
|
46
|
+
def to_ber_contextspecific(code)
|
47
|
+
to_ber(0x80 + code)
|
48
|
+
end
|
49
|
+
|
50
|
+
##
|
51
|
+
# Nondestructively reads a BER object from this string.
|
52
|
+
def read_ber(syntax = nil)
|
53
|
+
StringIO.new(self).read_ber(syntax)
|
54
|
+
end
|
55
|
+
|
56
|
+
##
|
57
|
+
# Destructively reads a BER object from the string.
|
58
|
+
def read_ber!(syntax = nil)
|
59
|
+
io = StringIO.new(self)
|
60
|
+
|
61
|
+
result = io.read_ber(syntax)
|
62
|
+
self.slice!(0...io.pos)
|
63
|
+
|
64
|
+
return result
|
65
|
+
end
|
66
|
+
|
67
|
+
def reject_empty_ber_arrays
|
68
|
+
self.gsub(/0\000/n,'')
|
69
|
+
end
|
70
|
+
end
|
@@ -28,17 +28,18 @@ module Adauth
|
|
28
28
|
def self.included(base)
|
29
29
|
base.extend ClassMethods
|
30
30
|
end
|
31
|
-
|
31
|
+
|
32
32
|
# Uses AdauthMappings to update the values on the model using the ones from Adauth
|
33
33
|
def update_from_adauth(adauth_model)
|
34
34
|
self.class::AdauthMappings.each do |k, v|
|
35
35
|
setter = "#{k.to_s}=".to_sym
|
36
|
-
value = v.is_a?(Array) ? v.join(", ") : v
|
36
|
+
value = v.is_a?(Array) ? v.join(", ") : v
|
37
37
|
self.send(setter, adauth_model.send(value))
|
38
38
|
end
|
39
39
|
self.save
|
40
|
+
self
|
40
41
|
end
|
41
|
-
|
42
|
+
|
42
43
|
# Class Methods for ModelBridge
|
43
44
|
module ClassMethods
|
44
45
|
# Creates a new RailsModel from the adauth_model
|
@@ -46,7 +47,7 @@ module Adauth
|
|
46
47
|
rails_model = self.new
|
47
48
|
rails_model.update_from_adauth(adauth_model)
|
48
49
|
end
|
49
|
-
|
50
|
+
|
50
51
|
# Used to create the RailsModel if it doesn't exist and update it if it does
|
51
52
|
def return_and_create_from_adauth(adauth_model)
|
52
53
|
find_method = "find_by_#{self::AdauthSearchField.last}".to_sym
|
data/lib/adauth/version.rb
CHANGED
@@ -6,6 +6,13 @@ describe Adauth::AdObjects::Computer do
|
|
6
6
|
pdc.should be_a Adauth::AdObjects::Computer
|
7
7
|
end
|
8
8
|
|
9
|
+
it "should only find computers" do
|
10
|
+
default_config
|
11
|
+
Adauth::AdObjects::Computer.all.each do |computer|
|
12
|
+
computer.should be_a Adauth::AdObjects::Computer
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
9
16
|
it "should be in an ou" do
|
10
17
|
default_config
|
11
18
|
pdc.ous.should be_a Array
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Adauth::AdObjects::Folder do
|
4
|
+
it "should find Domain Controllers" do
|
5
|
+
default_config
|
6
|
+
Adauth::AdObjects::Folder.root.should be_a Adauth::AdObjects::Folder
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should have members" do
|
10
|
+
default_config
|
11
|
+
Adauth::AdObjects::Folder.root.members.should be_a Array
|
12
|
+
end
|
13
|
+
end
|
@@ -39,4 +39,15 @@ describe Adauth::AdObjects::User do
|
|
39
39
|
Adauth.add_field(Adauth::AdObjects::User, :description, :description)
|
40
40
|
administrator.description.should be_a String
|
41
41
|
end
|
42
|
+
|
43
|
+
#it "should allow you to reset the password" do
|
44
|
+
# default_config
|
45
|
+
# Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
|
46
|
+
# user = Adauth::AdObjects::User.where('sAMAccountName', test_data("domain", "breakable_user")).first
|
47
|
+
# user.login.should eq test_data("domain", "breakable_user")
|
48
|
+
# user.set_password("adauth_test")
|
49
|
+
# Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), "adauth_test").should be_true
|
50
|
+
# user.set_password(test_data("domain", "breakable_password"))
|
51
|
+
# Adauth::AdObjects::User.authenticate(test_data("domain", "breakable_user"), test_data("domain", "breakable_password")).should be_true
|
52
|
+
#end
|
42
53
|
end
|
data/spec/adauth_spec.rb
CHANGED
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
5
|
-
prerelease:
|
4
|
+
version: 2.0.0
|
5
|
+
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Adam "Arcath" Laycock
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2013-06-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -59,7 +59,8 @@ dependencies:
|
|
59
59
|
- - ! '>='
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '0'
|
62
|
-
description:
|
62
|
+
description: A full featured library for working with Microsofts Active Directory
|
63
|
+
in Ruby.
|
63
64
|
email:
|
64
65
|
- gems@arcath.net
|
65
66
|
executables: []
|
@@ -76,12 +77,14 @@ files:
|
|
76
77
|
- lib/adauth.rb
|
77
78
|
- lib/adauth/ad_object.rb
|
78
79
|
- lib/adauth/ad_objects/computer.rb
|
80
|
+
- lib/adauth/ad_objects/folder.rb
|
79
81
|
- lib/adauth/ad_objects/group.rb
|
80
82
|
- lib/adauth/ad_objects/ou.rb
|
81
83
|
- lib/adauth/ad_objects/user.rb
|
82
84
|
- lib/adauth/authenticate.rb
|
83
85
|
- lib/adauth/config.rb
|
84
86
|
- lib/adauth/connection.rb
|
87
|
+
- lib/adauth/net-ldap/string.rb
|
85
88
|
- lib/adauth/rails.rb
|
86
89
|
- lib/adauth/rails/helpers.rb
|
87
90
|
- lib/adauth/rails/model_bridge.rb
|
@@ -94,6 +97,7 @@ files:
|
|
94
97
|
- lib/generators/adauth/sessions/templates/new.html.erb
|
95
98
|
- lib/generators/adauth/sessions/templates/sessions_controller.rb.erb
|
96
99
|
- spec/adauth_ad_object_computer_spec.rb
|
100
|
+
- spec/adauth_ad_object_folder_spec.rb
|
97
101
|
- spec/adauth_ad_object_group_spec.rb
|
98
102
|
- spec/adauth_ad_object_ou_spec.rb
|
99
103
|
- spec/adauth_ad_object_user_spec.rb
|
@@ -102,6 +106,7 @@ files:
|
|
102
106
|
- spec/adauth_rails_model_bridge_spec.rb
|
103
107
|
- spec/adauth_spec.rb
|
104
108
|
- spec/spec_helper.rb
|
109
|
+
- spec/test_data.example.yml
|
105
110
|
homepage: http://adauth.arcath.net
|
106
111
|
licenses: []
|
107
112
|
post_install_message:
|
@@ -117,9 +122,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
117
122
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
123
|
none: false
|
119
124
|
requirements:
|
120
|
-
- - ! '
|
125
|
+
- - ! '>='
|
121
126
|
- !ruby/object:Gem::Version
|
122
|
-
version:
|
127
|
+
version: '0'
|
123
128
|
requirements: []
|
124
129
|
rubyforge_project:
|
125
130
|
rubygems_version: 1.8.23
|
@@ -128,6 +133,7 @@ specification_version: 3
|
|
128
133
|
summary: Provides Active Directory authentication for Rails
|
129
134
|
test_files:
|
130
135
|
- spec/adauth_ad_object_computer_spec.rb
|
136
|
+
- spec/adauth_ad_object_folder_spec.rb
|
131
137
|
- spec/adauth_ad_object_group_spec.rb
|
132
138
|
- spec/adauth_ad_object_ou_spec.rb
|
133
139
|
- spec/adauth_ad_object_user_spec.rb
|
@@ -136,4 +142,5 @@ test_files:
|
|
136
142
|
- spec/adauth_rails_model_bridge_spec.rb
|
137
143
|
- spec/adauth_spec.rb
|
138
144
|
- spec/spec_helper.rb
|
145
|
+
- spec/test_data.example.yml
|
139
146
|
has_rdoc:
|