casino-ldap_authenticator 2.0.3 → 3.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
@@ -10,48 +10,58 @@ class CASino::LDAPAuthenticator
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def validate(username, password)
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
raise CASino::Authenticator::AuthenticatorError,
|
22
|
-
"LDAP authentication failed with '#{e}'. Check your authenticator configuration."
|
23
|
-
end
|
13
|
+
authenticate(username, password)
|
14
|
+
rescue Net::LDAP::LdapError => e
|
15
|
+
raise CASino::Authenticator::AuthenticatorError,
|
16
|
+
"LDAP authentication failed with '#{e}'. Check your authenticator configuration."
|
17
|
+
end
|
18
|
+
|
19
|
+
def load_user_data(username)
|
20
|
+
load_user_data_with_connection(username, connect_to_ldap)
|
24
21
|
end
|
25
22
|
|
26
23
|
private
|
27
|
-
def
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
24
|
+
def connect_to_ldap
|
25
|
+
Net::LDAP.new.tap do |ldap|
|
26
|
+
ldap.host = @options[:host]
|
27
|
+
ldap.port = @options[:port]
|
28
|
+
if @options[:encryption]
|
29
|
+
ldap.encryption(@options[:encryption].to_sym)
|
30
|
+
end
|
31
|
+
unless @options[:admin_user].nil?
|
32
|
+
ldap.auth(@options[:admin_user], @options[:admin_password])
|
33
|
+
end
|
34
34
|
end
|
35
|
-
return @ldap
|
36
35
|
end
|
37
36
|
|
38
37
|
def authenticate(username, password)
|
39
38
|
# Don't allow "Unauthenticated bind" (http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods)
|
40
39
|
return false unless password && !password.empty?
|
41
40
|
|
42
|
-
|
43
|
-
|
41
|
+
ldap = connect_to_ldap
|
42
|
+
user = ldap.bind_as(:base => @options[:base], :size => 1, :password => password, :filter => user_filter(username))
|
43
|
+
if user
|
44
|
+
load_user_data_with_connection(username, ldap)
|
45
|
+
else
|
46
|
+
false
|
44
47
|
end
|
48
|
+
end
|
45
49
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
end
|
50
|
+
def load_user_data_with_connection(username, ldap)
|
51
|
+
include_attributes = @options[:extra_attributes].values + [username_attribute]
|
52
|
+
user = ldap.search(:base => @options[:base], :filter => user_filter(username), :attributes => include_attributes)
|
53
|
+
return nil if user.nil?
|
54
|
+
if user.is_a?(Array)
|
55
|
+
user = user.first
|
53
56
|
end
|
54
|
-
|
57
|
+
user_data(user)
|
58
|
+
end
|
59
|
+
|
60
|
+
def user_data(user)
|
61
|
+
{
|
62
|
+
username: user[username_attribute].first,
|
63
|
+
extra_attributes: extra_attributes(user)
|
64
|
+
}
|
55
65
|
end
|
56
66
|
|
57
67
|
def username_attribute
|
@@ -66,13 +76,6 @@ class CASino::LDAPAuthenticator
|
|
66
76
|
filter
|
67
77
|
end
|
68
78
|
|
69
|
-
def generate_user(user_plain)
|
70
|
-
{
|
71
|
-
username: user_plain[username_attribute].first,
|
72
|
-
extra_attributes: extra_attributes(user_plain)
|
73
|
-
}
|
74
|
-
end
|
75
|
-
|
76
79
|
def extra_attributes(user_plain)
|
77
80
|
if @options[:extra_attributes]
|
78
81
|
result = {}
|
@@ -15,22 +15,51 @@ describe CASino::LDAPAuthenticator do
|
|
15
15
|
|
16
16
|
before(:each) do
|
17
17
|
Net::LDAP.stub(:new).and_return(connection)
|
18
|
-
[:host=, :port=, :encryption].each do |setting|
|
18
|
+
[:host=, :port=, :encryption, :bind_as, :search].each do |setting|
|
19
19
|
connection.stub(setting)
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
|
+
describe '#load_user_data' do
|
24
|
+
let(:username) { 'NaNiwa' }
|
25
|
+
let(:email) { 'naniwa@swarmhosts.com' }
|
26
|
+
|
27
|
+
context 'valid username' do
|
28
|
+
let(:ldap_entry) {
|
29
|
+
Net::LDAP::Entry.new.tap do |entry|
|
30
|
+
entry[:uid] = username
|
31
|
+
entry[:mail] = email
|
32
|
+
end
|
33
|
+
}
|
34
|
+
|
35
|
+
before(:each) do
|
36
|
+
connection.stub(:search) do
|
37
|
+
ldap_entry
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'returns the username' do
|
42
|
+
subject.load_user_data(username)[:username].should eq(username)
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'returns the extra attributes' do
|
46
|
+
subject.load_user_data(username)[:extra_attributes][:email].should eq(email)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context 'invalid username' do
|
51
|
+
it 'returns nil' do
|
52
|
+
subject.load_user_data(username).should eq(nil)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
23
57
|
describe '#validate' do
|
24
58
|
let(:username) { 'test' }
|
25
59
|
let(:password) { 'foo' }
|
26
60
|
let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) }
|
27
61
|
let(:extra_attributes) { ['mail', :displayname, 'memberof'] }
|
28
62
|
|
29
|
-
before(:each) do
|
30
|
-
connection.stub(:bind_as)
|
31
|
-
connection.stub(:search)
|
32
|
-
end
|
33
|
-
|
34
63
|
it 'does the connection setup' do
|
35
64
|
connection.should_receive(:host=).with(options[:host])
|
36
65
|
connection.should_receive(:port=).with(options[:port])
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casino-ldap_authenticator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
5
|
-
prerelease:
|
4
|
+
version: 3.0.0.pre1
|
5
|
+
prerelease: 6
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Nils Caspar
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-02-09 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -96,17 +96,23 @@ dependencies:
|
|
96
96
|
requirement: !ruby/object:Gem::Requirement
|
97
97
|
none: false
|
98
98
|
requirements:
|
99
|
-
- -
|
99
|
+
- - ! '>='
|
100
100
|
- !ruby/object:Gem::Version
|
101
101
|
version: 3.0.0
|
102
|
+
- - <
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: 5.0.0
|
102
105
|
type: :runtime
|
103
106
|
prerelease: false
|
104
107
|
version_requirements: !ruby/object:Gem::Requirement
|
105
108
|
none: false
|
106
109
|
requirements:
|
107
|
-
- -
|
110
|
+
- - ! '>='
|
108
111
|
- !ruby/object:Gem::Version
|
109
112
|
version: 3.0.0
|
113
|
+
- - <
|
114
|
+
- !ruby/object:Gem::Version
|
115
|
+
version: 5.0.0
|
110
116
|
description: This gem can be used to allow the CASino backend to authenticate against
|
111
117
|
an LDAP server.
|
112
118
|
email:
|
@@ -147,9 +153,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
147
153
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
148
154
|
none: false
|
149
155
|
requirements:
|
150
|
-
- - ! '
|
156
|
+
- - ! '>'
|
151
157
|
- !ruby/object:Gem::Version
|
152
|
-
version:
|
158
|
+
version: 1.3.1
|
153
159
|
requirements: []
|
154
160
|
rubyforge_project:
|
155
161
|
rubygems_version: 1.8.23
|