adauth 1.0.1 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/Readme.rdoc +6 -0
- data/lib/adauth.rb +6 -0
- data/lib/adauth/config.rb +22 -2
- data/lib/adauth/user.rb +6 -4
- data/lib/adauth/user_model.rb +11 -0
- data/lib/adauth/version.rb +1 -1
- data/lib/generators/adauth/config/templates/config.rb.erb +15 -0
- data/lib/generators/adauth/user_model/user_model_generator.rb +1 -1
- data/spec/adauth_spec.rb +54 -2
- metadata +4 -4
data/.gitignore
CHANGED
data/Readme.rdoc
CHANGED
|
@@ -43,11 +43,17 @@ You need to create a yaml file that looks like this:
|
|
|
43
43
|
- group
|
|
44
44
|
fail_allowed_groups:
|
|
45
45
|
- no_group
|
|
46
|
+
pass_allowed_ous:
|
|
47
|
+
- ou
|
|
48
|
+
fail_allowed_ous:
|
|
49
|
+
- no_ou
|
|
46
50
|
|
|
47
51
|
user:
|
|
48
52
|
login: username
|
|
49
53
|
password: password
|
|
50
54
|
group: group
|
|
55
|
+
ou: ou_user_is_in
|
|
56
|
+
email: email_of_user_in_ad
|
|
51
57
|
|
|
52
58
|
The domain portion of this file is pretty self explanatory, they are the same as the code above for creating a domain connection. ALL options need to be set here.
|
|
53
59
|
|
data/lib/adauth.rb
CHANGED
|
@@ -23,6 +23,12 @@ module Adauth
|
|
|
23
23
|
elsif @config.denied_groups != []
|
|
24
24
|
user = Adauth::User.authenticate(login, pass)
|
|
25
25
|
(user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
|
|
26
|
+
elsif @config.allowed_ous != []
|
|
27
|
+
user = Adauth::User.authenticate(login, pass)
|
|
28
|
+
(user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
|
|
29
|
+
elsif @config.denied_ous != []
|
|
30
|
+
user = Adauth::User.authenticate(login, pass)
|
|
31
|
+
(user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
|
|
26
32
|
else
|
|
27
33
|
Adauth::User.authenticate(login, pass)
|
|
28
34
|
end
|
data/lib/adauth/config.rb
CHANGED
|
@@ -2,15 +2,35 @@ module Adauth
|
|
|
2
2
|
|
|
3
3
|
# Holds all of adauth config in attr_accessor values
|
|
4
4
|
class Config
|
|
5
|
-
attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups
|
|
5
|
+
attr_accessor :domain, :port, :base, :server, :allowed_groups, :denied_groups, :ad_sv_attrs, :ad_mv_attrs, :allowed_ous, :denied_ous
|
|
6
6
|
|
|
7
7
|
# Creates a new instance of Adauth::Config
|
|
8
8
|
#
|
|
9
|
-
# Sets port, allowed_groups and
|
|
9
|
+
# Sets port, allowed_groups, denied_groups, ad_sv_attrs and ad_mv_attrs to default so they can be omitted from the config
|
|
10
10
|
def initialize
|
|
11
11
|
@port = 389
|
|
12
12
|
@allowed_groups = []
|
|
13
13
|
@denied_groups = []
|
|
14
|
+
@ad_sv_attrs = {}
|
|
15
|
+
@ad_mv_attrs = {}
|
|
16
|
+
@allowed_ous = []
|
|
17
|
+
@denied_ous = []
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def domain=(s)
|
|
21
|
+
@domain = s
|
|
22
|
+
work_out_base(s)
|
|
23
|
+
@server ||= s
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def work_out_base(s)
|
|
29
|
+
dcs = []
|
|
30
|
+
s.split(/\./).each do |split|
|
|
31
|
+
dcs.push("dc=#{split}")
|
|
32
|
+
end
|
|
33
|
+
@base ||= dcs.join(', ')
|
|
14
34
|
end
|
|
15
35
|
end
|
|
16
36
|
end
|
data/lib/adauth/user.rb
CHANGED
|
@@ -17,7 +17,9 @@ module Adauth
|
|
|
17
17
|
# Multi values were the method needs to return an array for values.
|
|
18
18
|
ATTR_MV = {
|
|
19
19
|
:groups => [ :memberof,
|
|
20
|
-
Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ]
|
|
20
|
+
Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ],
|
|
21
|
+
:ous => [ :memberof,
|
|
22
|
+
Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ]
|
|
21
23
|
}
|
|
22
24
|
|
|
23
25
|
# Authenticates a user against Active Directory and returns an instance of self
|
|
@@ -34,7 +36,7 @@ module Adauth
|
|
|
34
36
|
:auth => { :username => "#{login}@#{Adauth.config.domain}",
|
|
35
37
|
:password => pass,
|
|
36
38
|
:method => :simple }
|
|
37
|
-
if conn.bind and user = conn.search(:filter =>
|
|
39
|
+
if conn.bind and user = conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
|
|
38
40
|
return self.new(user)
|
|
39
41
|
else
|
|
40
42
|
return nil
|
|
@@ -66,7 +68,7 @@ module Adauth
|
|
|
66
68
|
end
|
|
67
69
|
|
|
68
70
|
def self.generate_single_value_readers
|
|
69
|
-
ATTR_SV.each_pair do |k, v|
|
|
71
|
+
ATTR_SV.merge(Adauth.config.ad_sv_attrs).each_pair do |k, v|
|
|
70
72
|
val, block = Array(v)
|
|
71
73
|
define_method(k) do
|
|
72
74
|
if @entry.attribute_names.include?(val)
|
|
@@ -83,7 +85,7 @@ module Adauth
|
|
|
83
85
|
end
|
|
84
86
|
|
|
85
87
|
def self.generate_multi_value_readers
|
|
86
|
-
ATTR_MV.each_pair do |k, v|
|
|
88
|
+
ATTR_MV.merge(Adauth.config.ad_mv_attrs).each_pair do |k, v|
|
|
87
89
|
val, block = Array(v)
|
|
88
90
|
define_method(k) do
|
|
89
91
|
if @entry.attribute_names.include?(val)
|
data/lib/adauth/user_model.rb
CHANGED
|
@@ -18,6 +18,16 @@ module Adauth
|
|
|
18
18
|
group_strings.split(", ")
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# Returns an array of groups for the user
|
|
22
|
+
#
|
|
23
|
+
# Called as:
|
|
24
|
+
# UserInstance.ous
|
|
25
|
+
#
|
|
26
|
+
# The array is generated from the group_strings attribute which is set by the adauth update and create methods. This array will match the orginizational units the user is a member of.
|
|
27
|
+
def ous
|
|
28
|
+
ou_strings.split(", ")
|
|
29
|
+
end
|
|
30
|
+
|
|
21
31
|
# Update the user record using an instance of Adauth::User
|
|
22
32
|
#
|
|
23
33
|
# Called as:
|
|
@@ -57,6 +67,7 @@ module Adauth
|
|
|
57
67
|
create! do |user|
|
|
58
68
|
user.login = adauth_user.login
|
|
59
69
|
user.group_strings = adauth_user.groups.join(", ")
|
|
70
|
+
user.ou_strings = adauth_user.ous.join(", ")
|
|
60
71
|
user.name = adauth_user.name
|
|
61
72
|
end
|
|
62
73
|
end
|
data/lib/adauth/version.rb
CHANGED
|
@@ -39,4 +39,19 @@ Adauth.configure do |c|
|
|
|
39
39
|
#
|
|
40
40
|
# Takes an array for group names
|
|
41
41
|
#c.denied_groups = ["Group1", "Group2"]
|
|
42
|
+
|
|
43
|
+
# Additional single attributes to fetch
|
|
44
|
+
#
|
|
45
|
+
# Single Values to fetch from Active Directory for example phone number
|
|
46
|
+
#
|
|
47
|
+
# Takes a hash in the form { :method_on_Adauth::User => :field_in_ad }
|
|
48
|
+
#c.ad_sv_attrs = { :phone => :telephonenumber }
|
|
49
|
+
|
|
50
|
+
# Additional multi attributes to fetch
|
|
51
|
+
#
|
|
52
|
+
# Multiple Values to fetch from Active Directory
|
|
53
|
+
#
|
|
54
|
+
# Takes a hash in the form { :method_on_Adauth::User => [ :field_in_ad, Proc.new { |g| operations_to_turn_field_into_array } ] }
|
|
55
|
+
# Example os for groups (already provided)
|
|
56
|
+
#c.ad_mv_attrs(:groups => [ :memberof, Proc.new {|g| g.sub(/.*?CN=(.*?),.*/, '\1')} ])
|
|
42
57
|
end
|
|
@@ -15,7 +15,7 @@ module Adauth
|
|
|
15
15
|
# Has 2 optional parameters, model_name which defaults to "user" and migration_name which defaults to "create_users"
|
|
16
16
|
def generate_user_model
|
|
17
17
|
template "model.rb.erb", "app/models/#{file_name}.rb"
|
|
18
|
-
generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string"
|
|
18
|
+
generate "migration", "#{migration_name_for_array}", "login:string", "group_strings:string", "name:string", "ou_strings:string"
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
private
|
data/spec/adauth_spec.rb
CHANGED
|
@@ -4,9 +4,17 @@ require 'yaml'
|
|
|
4
4
|
describe Adauth, "#configure" do
|
|
5
5
|
it "should accept a block" do
|
|
6
6
|
Adauth.configure do |c|
|
|
7
|
-
c.domain = "example.com"
|
|
7
|
+
c.domain = "test.example.com"
|
|
8
8
|
end
|
|
9
9
|
end
|
|
10
|
+
|
|
11
|
+
it "should correctly calculate the base" do
|
|
12
|
+
Adauth.config.base.should eq("dc=test, dc=example, dc=com")
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it "should set the server to the domain if not specified" do
|
|
16
|
+
Adauth.config.server.should eq("test.example.com")
|
|
17
|
+
end
|
|
10
18
|
end
|
|
11
19
|
|
|
12
20
|
describe Adauth, "#config" do
|
|
@@ -66,10 +74,30 @@ describe Adauth, "#authenticate" do
|
|
|
66
74
|
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
67
75
|
end
|
|
68
76
|
|
|
69
|
-
it "should
|
|
77
|
+
it "should allow users who are in a denied group" do
|
|
70
78
|
Adauth.config.denied_groups = @yaml["domain"]["fail_allowed_groups"]
|
|
71
79
|
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
72
80
|
end
|
|
81
|
+
|
|
82
|
+
it "should allow users who are in an allowed ou" do
|
|
83
|
+
Adauth.config.allowed_ous = @yaml["domain"]["pass_allowed_ous"]
|
|
84
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
it "should dis-allow users who are not in an allowed ou" do
|
|
88
|
+
Adauth.config.allowed_ous = @yaml["domain"]["fail_allowed_ous"]
|
|
89
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
it "should dis-allow users who are in a denied ou" do
|
|
93
|
+
Adauth.config.denied_ous = @yaml["domain"]["pass_allowed_ous"]
|
|
94
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_nil
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
it "should allow users who are not in a denied ou" do
|
|
98
|
+
Adauth.config.denied_ous = @yaml["domain"]["fail_allowed_ous"]
|
|
99
|
+
Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"]).should be_a Adauth::User
|
|
100
|
+
end
|
|
73
101
|
end
|
|
74
102
|
|
|
75
103
|
describe Adauth::User do
|
|
@@ -99,4 +127,28 @@ describe Adauth::User do
|
|
|
99
127
|
it "should have the correct user" do
|
|
100
128
|
@user.login.should == @yaml["user"]["login"]
|
|
101
129
|
end
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
describe "Adauth::User custom returns" do
|
|
133
|
+
before :each do
|
|
134
|
+
@yaml = YAML::load(File.open('spec/test_data.yml'))
|
|
135
|
+
Adauth.configure do |c|
|
|
136
|
+
c.domain = @yaml["domain"]["domain"]
|
|
137
|
+
c.server = @yaml["domain"]["server"]
|
|
138
|
+
c.port = @yaml["domain"]["port"]
|
|
139
|
+
c.base = @yaml["domain"]["base"]
|
|
140
|
+
c.ad_sv_attrs = { :phone => :telephonenumber }
|
|
141
|
+
c.ad_mv_attrs = { :ous => [ :memberof,
|
|
142
|
+
Proc.new {|g| g.sub(/.*?OU=(.*?),.*/, '\1')} ] }
|
|
143
|
+
end
|
|
144
|
+
@user = Adauth.authenticate(@yaml["user"]["login"], @yaml["user"]["password"])
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
it "should pickup the custom single value from AD" do
|
|
148
|
+
@user.phone.should be_a String
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
it "should pickup the custom multi value from AD" do
|
|
152
|
+
@user.ous.should be_a Array
|
|
153
|
+
end
|
|
102
154
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: adauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 19
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
|
-
- 0
|
|
9
8
|
- 1
|
|
10
|
-
|
|
9
|
+
- 0
|
|
10
|
+
version: 1.1.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Adam "Arcath" Laycock
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-08-
|
|
18
|
+
date: 2011-08-08 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|