adauth 2.0.3 → 2.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/adauth/ad_object.rb +6 -4
- data/lib/adauth/ad_objects/group.rb +5 -1
- data/lib/adauth/authenticate.rb +8 -4
- data/lib/adauth/rails/model_bridge.rb +7 -4
- data/lib/adauth/version.rb +2 -2
- data/spec/adauth_authenticate_spec.rb +24 -6
- data/spec/adauth_issue_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ba854aa4c49708e90a10761e4eeeb50387995ca6
|
4
|
+
data.tar.gz: 8bdd4ba583b83515ee07b200d1c69a88a3bf051b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2a038027f3d791f37a11d77ce726b9184521af0ca81206973944709a64d95843702a04d9174465c729c40910adcee434a6ce4ba86e2176899a14999bfa89e1ec
|
7
|
+
data.tar.gz: 64b9becd466aee82b0c50f5a6ca813bfb58343ba643307145ce7a7369f20e7b220d3903a9aa9f8b394d8c7b5f54e55aa7b65d4b74c19a81950a9205a61f8dfdc
|
data/lib/adauth/ad_object.rb
CHANGED
@@ -108,9 +108,11 @@ module Adauth
|
|
108
108
|
@cn_groups_nested = cn_groups
|
109
109
|
cn_groups.each do |group|
|
110
110
|
ado = Adauth::AdObjects::Group.where('name', group).first
|
111
|
-
|
112
|
-
|
113
|
-
|
111
|
+
if ado
|
112
|
+
groups = convert_to_objects ado.cn_groups
|
113
|
+
groups.each do |g|
|
114
|
+
@cn_groups_nested.push g if !(@cn_groups_nested.include?(g))
|
115
|
+
end
|
114
116
|
end
|
115
117
|
end
|
116
118
|
return @cn_groups_nested
|
@@ -199,4 +201,4 @@ module Adauth
|
|
199
201
|
end
|
200
202
|
end
|
201
203
|
end
|
202
|
-
end
|
204
|
+
end
|
data/lib/adauth/authenticate.rb
CHANGED
@@ -20,14 +20,18 @@ module Adauth
|
|
20
20
|
return false
|
21
21
|
end
|
22
22
|
end
|
23
|
-
|
23
|
+
|
24
24
|
# Check if the user is allowed to login
|
25
25
|
def self.allowed_to_login(user)
|
26
|
-
(
|
26
|
+
if (@config.allowed_groups.empty? && @config.allowed_ous.empty?) && (@config.denied_groups.empty? && @config.denied_ous.empty?)
|
27
|
+
return true
|
28
|
+
else
|
29
|
+
return (allowed_from_arrays(@config.allowed_groups, @config.denied_groups, user.cn_groups_nested) && allowed_from_arrays(@config.allowed_ous, @config.denied_ous, user.dn_ous))
|
30
|
+
end
|
27
31
|
end
|
28
|
-
|
32
|
+
|
29
33
|
private
|
30
|
-
|
34
|
+
|
31
35
|
def self.allowed_from_arrays(allowed, denied, test)
|
32
36
|
return true if allowed.empty? && denied.empty?
|
33
37
|
return true if !((allowed & test).empty?)
|
@@ -20,7 +20,7 @@ module Adauth
|
|
20
20
|
#
|
21
21
|
# AdauthSearchField = [:login, :name]
|
22
22
|
#
|
23
|
-
# This will cause RailsModel.
|
23
|
+
# This will cause RailsModel.where(:name => AdauthObject.login).first_or_initialize
|
24
24
|
#
|
25
25
|
# The Order is [adauth_field, rails_field]
|
26
26
|
module ModelBridge
|
@@ -50,10 +50,13 @@ module Adauth
|
|
50
50
|
|
51
51
|
# Used to create the RailsModel if it doesn't exist and update it if it does
|
52
52
|
def return_and_create_from_adauth(adauth_model)
|
53
|
-
|
54
|
-
|
53
|
+
adauth_field = self::AdauthSearchField.first
|
54
|
+
adauth_search_value = adauth_model.send(adauth_field)
|
55
|
+
rails_search_field = self::AdauthSearchField.second
|
56
|
+
# Model#where({}).first_or_initialize is also compatible with Mongoid (3.1.0+)
|
57
|
+
rails_model = self.send(:where, { rails_search_field => adauth_search_value }).first_or_initialize
|
55
58
|
rails_model.update_from_adauth(adauth_model)
|
56
|
-
|
59
|
+
rails_model
|
57
60
|
end
|
58
61
|
end
|
59
62
|
end
|
data/lib/adauth/version.rb
CHANGED
@@ -5,12 +5,17 @@ describe Adauth, "#authenticate" do
|
|
5
5
|
default_config
|
6
6
|
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
|
7
7
|
end
|
8
|
-
|
8
|
+
|
9
9
|
it "should return false for failed authentication" do
|
10
10
|
default_config
|
11
11
|
Adauth.authenticate(test_data("domain", "query_user"), "foo").should be_false
|
12
12
|
end
|
13
|
-
|
13
|
+
|
14
|
+
it "should return false for a user that does not exist" do
|
15
|
+
default_config
|
16
|
+
Adauth.authenticate("foo", "bar").should be_false
|
17
|
+
end
|
18
|
+
|
14
19
|
it "should allow the user if allowed groups are used" do
|
15
20
|
Adauth.configure do |c|
|
16
21
|
c.domain = test_data("domain", "domain")
|
@@ -23,7 +28,7 @@ describe Adauth, "#authenticate" do
|
|
23
28
|
end
|
24
29
|
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
|
25
30
|
end
|
26
|
-
|
31
|
+
|
27
32
|
it "should allow the user if allowed ous are used" do
|
28
33
|
Adauth.configure do |c|
|
29
34
|
c.domain = test_data("domain", "domain")
|
@@ -36,7 +41,20 @@ describe Adauth, "#authenticate" do
|
|
36
41
|
end
|
37
42
|
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_a Adauth::AdObjects::User
|
38
43
|
end
|
39
|
-
|
44
|
+
|
45
|
+
it "should reject a user not in an allowed ou" do
|
46
|
+
Adauth.configure do |c|
|
47
|
+
c.domain = test_data("domain", "domain")
|
48
|
+
c.port = test_data("domain", "port")
|
49
|
+
c.base = test_data("domain", "base")
|
50
|
+
c.server = test_data("domain", "server")
|
51
|
+
c.query_user = test_data("domain", "query_user")
|
52
|
+
c.query_password = test_data("domain", "query_password")
|
53
|
+
c.allowed_ous = ["Users2"]
|
54
|
+
end
|
55
|
+
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_false
|
56
|
+
end
|
57
|
+
|
40
58
|
it "should reject a user if denied group is used" do
|
41
59
|
Adauth.configure do |c|
|
42
60
|
c.domain = test_data("domain", "domain")
|
@@ -49,7 +67,7 @@ describe Adauth, "#authenticate" do
|
|
49
67
|
end
|
50
68
|
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_false
|
51
69
|
end
|
52
|
-
|
70
|
+
|
53
71
|
it "should reject a user if denied ous is used" do
|
54
72
|
Adauth.configure do |c|
|
55
73
|
c.domain = test_data("domain", "domain")
|
@@ -62,4 +80,4 @@ describe Adauth, "#authenticate" do
|
|
62
80
|
end
|
63
81
|
Adauth.authenticate(test_data("domain", "query_user"), test_data("domain", "query_password")).should be_false
|
64
82
|
end
|
65
|
-
end
|
83
|
+
end
|
data/spec/adauth_issue_spec.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: adauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam "Arcath" Laycock
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2014-03-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|