bn-ldap-authentication 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bn-ldap-authentication.gemspec +1 -1
- data/lib/bn-ldap-authentication.rb +84 -57
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 28f5306b5f744c0fab54d06be03409fa1d529786ba085b978e0a5f5734cb7d7e
|
4
|
+
data.tar.gz: 1001c8085fd135eac90e64fd9289f14d2dc993b4cc303ea73d3fcbc0e7967eff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76a2a6da20e50dea91935d97d2af72b63f2fe38a9d9fc8188e119f200c9ab8402a55ca0ecc62c0729abf7084ef48516367ad8712acb0f23c32f8297aae92fe2d
|
7
|
+
data.tar.gz: ee165356298c039147a2c88f166c681cb1ae23b38fe94bb38e0f0315902b73061b9bcec8935f7caa5b7df1994b3a54356c2b31a3d0933b99eef250e10eee3519
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "bn-ldap-authentication"
|
7
|
-
spec.version = "0.1.
|
7
|
+
spec.version = "0.1.4"
|
8
8
|
spec.authors = ["shawn-higgins1"]
|
9
9
|
spec.email = ["23224097+shawn-higgins1@users.noreply.github.com"]
|
10
10
|
|
@@ -1,70 +1,97 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module LdapAuthenticator
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
4
|
+
LDAP_ATTRIBUTE_MAPPING = {
|
5
|
+
'uid' => [:dn],
|
6
|
+
'name' => [:cn, :displayName],
|
7
|
+
'first_name' => [:givenName],
|
8
|
+
'last_name' => [:sn],
|
9
|
+
'email' => [:mail, :email, :userPrincipalName],
|
10
|
+
'nickname' => [:uid, :userid, :sAMAccountName],
|
11
|
+
'image' => [:jpegPhoto]
|
12
|
+
}
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
ldap_filter = Net::LDAP::Filter.eq(provider_info[:uid], user_params[:username])
|
40
|
-
if provider_info[:filter].present?
|
41
|
-
ldap_filter = ldap_filter & Net::LDAP::Filter.construct(provider_info[:filter])
|
42
|
-
end
|
14
|
+
def send_ldap_request(user_params, provider_info)
|
15
|
+
case provider_info[:auth_method]
|
16
|
+
when 'anonymous'
|
17
|
+
auth = {
|
18
|
+
method: :anonymous
|
19
|
+
}
|
20
|
+
when 'user'
|
21
|
+
auth = {
|
22
|
+
method: :simple,
|
23
|
+
username: provider_info[:uid] + '=' + user_params[:username] + ',' + provider_info[:base],
|
24
|
+
password: user_params[:password]
|
25
|
+
}
|
26
|
+
else
|
27
|
+
auth = {
|
28
|
+
method: :simple,
|
29
|
+
username: provider_info[:bind_dn],
|
30
|
+
password: provider_info[:password]
|
31
|
+
}
|
32
|
+
end
|
33
|
+
ldap = Net::LDAP.new(
|
34
|
+
host: provider_info[:host],
|
35
|
+
port: provider_info[:port],
|
36
|
+
auth: auth,
|
37
|
+
encryption: provider_info[:encryption]
|
38
|
+
)
|
43
39
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
password: user_params[:password]
|
48
|
-
)
|
40
|
+
ldap_filter = Net::LDAP::Filter.eq(provider_info[:uid], user_params[:username])
|
41
|
+
if provider_info[:filter].present?
|
42
|
+
ldap_filter = ldap_filter & Net::LDAP::Filter.construct(provider_info[:filter])
|
49
43
|
end
|
50
44
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
45
|
+
ldap.bind_as(
|
46
|
+
base: provider_info[:base],
|
47
|
+
filter: ldap_filter,
|
48
|
+
password: user_params[:password]
|
49
|
+
)
|
50
|
+
end
|
51
|
+
|
52
|
+
def parse_auth(result, role_field, mapping)
|
53
|
+
use_attribute_mapping(mapping)
|
54
|
+
|
55
|
+
auth = {}
|
56
|
+
auth['info'] = {}
|
57
|
+
auth['provider'] = :ldap
|
58
|
+
|
59
|
+
LDAP_ATTRIBUTE_MAPPING.each do |key, value|
|
60
|
+
value.each do |v|
|
61
|
+
next unless result[v].first
|
56
62
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
63
|
+
if key == "uid"
|
64
|
+
auth[key] = result[v].first
|
65
|
+
break
|
66
|
+
else
|
67
|
+
auth['info'][key] = result[v].first
|
68
|
+
break
|
64
69
|
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
auth['info']['roles'] = result[role_field].first
|
74
|
+
|
75
|
+
auth
|
76
|
+
end
|
77
|
+
|
78
|
+
private
|
79
|
+
|
80
|
+
def use_attribute_mapping(mapping)
|
81
|
+
return if mapping.blank?
|
82
|
+
|
83
|
+
# Split the different mappings into an array
|
84
|
+
mapping = mapping.split(";")
|
65
85
|
|
66
|
-
|
86
|
+
# Loop through all pairs (name=test) and split them apart
|
87
|
+
mapping.each do |pair|
|
88
|
+
key_val = pair.split("=")
|
67
89
|
|
68
|
-
|
90
|
+
# Skip this attribute if value isn't set up correctly
|
91
|
+
next if key_val[1].blank?
|
92
|
+
|
93
|
+
# Make the attribute the preferred option by prepending it to the attribute mapping array if it exists
|
94
|
+
LDAP_ATTRIBUTE_MAPPING[key_val[0]].prepend(key_val[1].to_sym) if LDAP_ATTRIBUTE_MAPPING[key_val[0]].present?
|
69
95
|
end
|
96
|
+
end
|
70
97
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bn-ldap-authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- shawn-higgins1
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -99,8 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: '0'
|
101
101
|
requirements: []
|
102
|
-
|
103
|
-
rubygems_version: 2.6.8
|
102
|
+
rubygems_version: 3.1.2
|
104
103
|
signing_key:
|
105
104
|
specification_version: 4
|
106
105
|
summary: An ruby gem for authenticating users with ldap
|