bn-ldap-authentication 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/bn-ldap-authentication.gemspec +1 -1
- data/lib/bn-ldap-authentication.rb +84 -57
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 28f5306b5f744c0fab54d06be03409fa1d529786ba085b978e0a5f5734cb7d7e
|
4
|
+
data.tar.gz: 1001c8085fd135eac90e64fd9289f14d2dc993b4cc303ea73d3fcbc0e7967eff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76a2a6da20e50dea91935d97d2af72b63f2fe38a9d9fc8188e119f200c9ab8402a55ca0ecc62c0729abf7084ef48516367ad8712acb0f23c32f8297aae92fe2d
|
7
|
+
data.tar.gz: ee165356298c039147a2c88f166c681cb1ae23b38fe94bb38e0f0315902b73061b9bcec8935f7caa5b7df1994b3a54356c2b31a3d0933b99eef250e10eee3519
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "bn-ldap-authentication"
|
7
|
-
spec.version = "0.1.
|
7
|
+
spec.version = "0.1.4"
|
8
8
|
spec.authors = ["shawn-higgins1"]
|
9
9
|
spec.email = ["23224097+shawn-higgins1@users.noreply.github.com"]
|
10
10
|
|
@@ -1,70 +1,97 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module LdapAuthenticator
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
4
|
+
LDAP_ATTRIBUTE_MAPPING = {
|
5
|
+
'uid' => [:dn],
|
6
|
+
'name' => [:cn, :displayName],
|
7
|
+
'first_name' => [:givenName],
|
8
|
+
'last_name' => [:sn],
|
9
|
+
'email' => [:mail, :email, :userPrincipalName],
|
10
|
+
'nickname' => [:uid, :userid, :sAMAccountName],
|
11
|
+
'image' => [:jpegPhoto]
|
12
|
+
}
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
ldap_filter = Net::LDAP::Filter.eq(provider_info[:uid], user_params[:username])
|
40
|
-
if provider_info[:filter].present?
|
41
|
-
ldap_filter = ldap_filter & Net::LDAP::Filter.construct(provider_info[:filter])
|
42
|
-
end
|
14
|
+
def send_ldap_request(user_params, provider_info)
|
15
|
+
case provider_info[:auth_method]
|
16
|
+
when 'anonymous'
|
17
|
+
auth = {
|
18
|
+
method: :anonymous
|
19
|
+
}
|
20
|
+
when 'user'
|
21
|
+
auth = {
|
22
|
+
method: :simple,
|
23
|
+
username: provider_info[:uid] + '=' + user_params[:username] + ',' + provider_info[:base],
|
24
|
+
password: user_params[:password]
|
25
|
+
}
|
26
|
+
else
|
27
|
+
auth = {
|
28
|
+
method: :simple,
|
29
|
+
username: provider_info[:bind_dn],
|
30
|
+
password: provider_info[:password]
|
31
|
+
}
|
32
|
+
end
|
33
|
+
ldap = Net::LDAP.new(
|
34
|
+
host: provider_info[:host],
|
35
|
+
port: provider_info[:port],
|
36
|
+
auth: auth,
|
37
|
+
encryption: provider_info[:encryption]
|
38
|
+
)
|
43
39
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
password: user_params[:password]
|
48
|
-
)
|
40
|
+
ldap_filter = Net::LDAP::Filter.eq(provider_info[:uid], user_params[:username])
|
41
|
+
if provider_info[:filter].present?
|
42
|
+
ldap_filter = ldap_filter & Net::LDAP::Filter.construct(provider_info[:filter])
|
49
43
|
end
|
50
44
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
45
|
+
ldap.bind_as(
|
46
|
+
base: provider_info[:base],
|
47
|
+
filter: ldap_filter,
|
48
|
+
password: user_params[:password]
|
49
|
+
)
|
50
|
+
end
|
51
|
+
|
52
|
+
def parse_auth(result, role_field, mapping)
|
53
|
+
use_attribute_mapping(mapping)
|
54
|
+
|
55
|
+
auth = {}
|
56
|
+
auth['info'] = {}
|
57
|
+
auth['provider'] = :ldap
|
58
|
+
|
59
|
+
LDAP_ATTRIBUTE_MAPPING.each do |key, value|
|
60
|
+
value.each do |v|
|
61
|
+
next unless result[v].first
|
56
62
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
63
|
+
if key == "uid"
|
64
|
+
auth[key] = result[v].first
|
65
|
+
break
|
66
|
+
else
|
67
|
+
auth['info'][key] = result[v].first
|
68
|
+
break
|
64
69
|
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
auth['info']['roles'] = result[role_field].first
|
74
|
+
|
75
|
+
auth
|
76
|
+
end
|
77
|
+
|
78
|
+
private
|
79
|
+
|
80
|
+
def use_attribute_mapping(mapping)
|
81
|
+
return if mapping.blank?
|
82
|
+
|
83
|
+
# Split the different mappings into an array
|
84
|
+
mapping = mapping.split(";")
|
65
85
|
|
66
|
-
|
86
|
+
# Loop through all pairs (name=test) and split them apart
|
87
|
+
mapping.each do |pair|
|
88
|
+
key_val = pair.split("=")
|
67
89
|
|
68
|
-
|
90
|
+
# Skip this attribute if value isn't set up correctly
|
91
|
+
next if key_val[1].blank?
|
92
|
+
|
93
|
+
# Make the attribute the preferred option by prepending it to the attribute mapping array if it exists
|
94
|
+
LDAP_ATTRIBUTE_MAPPING[key_val[0]].prepend(key_val[1].to_sym) if LDAP_ATTRIBUTE_MAPPING[key_val[0]].present?
|
69
95
|
end
|
96
|
+
end
|
70
97
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bn-ldap-authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- shawn-higgins1
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -99,8 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: '0'
|
101
101
|
requirements: []
|
102
|
-
|
103
|
-
rubygems_version: 2.6.8
|
102
|
+
rubygems_version: 3.1.2
|
104
103
|
signing_key:
|
105
104
|
specification_version: 4
|
106
105
|
summary: An ruby gem for authenticating users with ldap
|