casino-ldap_authenticator 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.gitignore +8 -0
- data/.rspec +1 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Gemfile +2 -0
- data/LICENSE.txt +20 -0
- data/README.md +36 -0
- data/Rakefile +11 -0
- data/casino-ldap_authenticator.gemspec +26 -0
- data/lib/casino/ldap_authenticator/version.rb +5 -0
- data/lib/casino/ldap_authenticator.rb +83 -0
- data/lib/casino-ldap_authenticator.rb +2 -0
- data/spec/casino/ldap_authenticator_spec.rb +121 -0
- data/spec/spec_helper.rb +22 -0
- metadata +144 -0
data/.document
ADDED
data/.gitignore
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color --format documentation
|
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
casino-ldap_authenticator
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.9.3-p194
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2013 Nils Caspar
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# casino-ldap_authenticator [![Build Status](https://travis-ci.org/rbCAS/casino-ldap_authenticator.png?branch=master)](https://travis-ci.org/rbCAS/casino-ldap_authenticator)
|
2
|
+
|
3
|
+
Provides mechanism to use LDAP as an authenticator for [CASino](https://github.com/rbCAS/CASino).
|
4
|
+
|
5
|
+
To use the LDAP authenticator, configure it in your cas.yml:
|
6
|
+
|
7
|
+
authenticators:
|
8
|
+
my_company_ldap:
|
9
|
+
authenticator: "LDAP"
|
10
|
+
options:
|
11
|
+
host: "localhost"
|
12
|
+
port: 636
|
13
|
+
base: "ou=people,dc=example,dc=com"
|
14
|
+
username_attribute: "uid"
|
15
|
+
encryption: "simple_tls"
|
16
|
+
# optional, credentials to perform user lookup:
|
17
|
+
admin_user: "cn=admin,dc=example,dc=com"
|
18
|
+
admin_password: "password"
|
19
|
+
extra_attributes:
|
20
|
+
email: "mail"
|
21
|
+
fullname: "displayname"
|
22
|
+
|
23
|
+
## Contributing to casino-ldap_authenticator
|
24
|
+
|
25
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
|
26
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
|
27
|
+
* Fork the project.
|
28
|
+
* Start a feature/bugfix branch.
|
29
|
+
* Commit and push until you are happy with your contribution.
|
30
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
31
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
32
|
+
|
33
|
+
## Copyright
|
34
|
+
|
35
|
+
Copyright (c) 2013 Nils Caspar. See LICENSE.txt
|
36
|
+
for further details.
|
data/Rakefile
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path('../lib', __FILE__)
|
3
|
+
require 'casino/ldap_authenticator/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = 'casino-ldap_authenticator'
|
7
|
+
s.version = CASino::LDAPAuthenticator::VERSION
|
8
|
+
s.authors = ['Nils Caspar']
|
9
|
+
s.email = ['ncaspar@me.com']
|
10
|
+
s.homepage = 'http://rbcas.org/'
|
11
|
+
s.license = 'MIT'
|
12
|
+
s.summary = 'Provides mechanism to use LDAP as an authenticator for CASino.'
|
13
|
+
s.description = 'This gem can be used to allow the CASino backend to authenticate against an LDAP server.'
|
14
|
+
|
15
|
+
s.files = `git ls-files`.split("\n")
|
16
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
17
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
18
|
+
s.require_paths = ['lib']
|
19
|
+
|
20
|
+
s.add_development_dependency 'rake', '~> 10.0'
|
21
|
+
s.add_development_dependency 'rspec', '~> 2.12'
|
22
|
+
s.add_development_dependency 'simplecov', '~> 0.7'
|
23
|
+
|
24
|
+
s.add_runtime_dependency 'net-ldap', '~> 0.3'
|
25
|
+
s.add_runtime_dependency 'casino', '~> 2.0'
|
26
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
require 'net/ldap'
|
2
|
+
require 'casino/authenticator'
|
3
|
+
|
4
|
+
class CASino::LDAPAuthenticator
|
5
|
+
DEFAULT_USERNAME_ATTRIBUTE = 'uid'
|
6
|
+
|
7
|
+
# @param [Hash] options
|
8
|
+
def initialize(options)
|
9
|
+
@options = options
|
10
|
+
end
|
11
|
+
|
12
|
+
def validate(username, password)
|
13
|
+
@username = username
|
14
|
+
@password = password
|
15
|
+
begin
|
16
|
+
connect
|
17
|
+
authenticate
|
18
|
+
if !@user_plain
|
19
|
+
false
|
20
|
+
else
|
21
|
+
generate_user
|
22
|
+
@user
|
23
|
+
end
|
24
|
+
rescue Net::LDAP::LdapError => e
|
25
|
+
raise CASino::Authenticator::AuthenticatorError,
|
26
|
+
"LDAP authentication failed with '#{e}'. Check your authenticator configuration."
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
def connect
|
32
|
+
@ldap = Net::LDAP.new
|
33
|
+
@ldap.host = @options[:host]
|
34
|
+
@ldap.port = @options[:port]
|
35
|
+
if @options[:encryption]
|
36
|
+
@ldap.encryption(@options[:encryption].to_sym)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def authenticate
|
41
|
+
unless @options[:admin_user].nil?
|
42
|
+
@ldap.auth(@options[:admin_user], @options[:admin_password])
|
43
|
+
end
|
44
|
+
@user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter)
|
45
|
+
if @user_plain.is_a?(Array)
|
46
|
+
@user_plain = @user_plain.first
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def username_attribute
|
51
|
+
@options[:username_attribute] || DEFAULT_USERNAME_ATTRIBUTE
|
52
|
+
end
|
53
|
+
|
54
|
+
def user_filter
|
55
|
+
filter = Net::LDAP::Filter.eq(username_attribute, @username)
|
56
|
+
unless @options[:filter].nil?
|
57
|
+
filter &= Net::LDAP::Filter.construct(@options[:filter])
|
58
|
+
end
|
59
|
+
filter
|
60
|
+
end
|
61
|
+
|
62
|
+
def generate_user
|
63
|
+
@user = {
|
64
|
+
username: @user_plain[username_attribute].first,
|
65
|
+
extra_attributes: extra_attributes
|
66
|
+
}
|
67
|
+
end
|
68
|
+
|
69
|
+
def extra_attributes
|
70
|
+
if @options[:extra_attributes]
|
71
|
+
result = {}
|
72
|
+
@options[:extra_attributes].each do |index_result, index_ldap|
|
73
|
+
value = @user_plain[index_ldap]
|
74
|
+
if value
|
75
|
+
result[index_result] = "#{value.first}"
|
76
|
+
end
|
77
|
+
end
|
78
|
+
result
|
79
|
+
else
|
80
|
+
nil
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,121 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'casino/ldap_authenticator'
|
3
|
+
|
4
|
+
describe CASino::LDAPAuthenticator do
|
5
|
+
let(:options) { {
|
6
|
+
:host => 'localhost',
|
7
|
+
:port => 12445,
|
8
|
+
:base => 'dc=users,dc=example.com',
|
9
|
+
:encryption => 'simple_tls',
|
10
|
+
:username_attribute => 'uid',
|
11
|
+
:extra_attributes => { :email => 'mail', :fullname => :displayname }
|
12
|
+
} }
|
13
|
+
let(:subject) { described_class.new(options) }
|
14
|
+
let(:connection) { Object.new }
|
15
|
+
|
16
|
+
before(:each) do
|
17
|
+
Net::LDAP.stub(:new).and_return(connection)
|
18
|
+
[:host=, :port=, :encryption].each do |setting|
|
19
|
+
connection.stub(setting)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
describe '#validate' do
|
24
|
+
let(:username) { 'test' }
|
25
|
+
let(:password) { 'foo' }
|
26
|
+
let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) }
|
27
|
+
|
28
|
+
before(:each) do
|
29
|
+
connection.stub(:bind_as)
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'does the connection setup' do
|
33
|
+
connection.should_receive(:host=).with(options[:host])
|
34
|
+
connection.should_receive(:port=).with(options[:port])
|
35
|
+
connection.should_receive(:encryption).with(:"#{options[:encryption]}")
|
36
|
+
subject.validate(username, password)
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'calls the #bind_as method on the LDAP connection' do
|
40
|
+
connection.should_receive(:bind_as).with(:base => options[:base], :size => 1, :password => password, :filter => user_filter)
|
41
|
+
subject.validate(username, password)
|
42
|
+
end
|
43
|
+
|
44
|
+
context 'when validation succeeds' do
|
45
|
+
let(:fullname) { 'Example User' }
|
46
|
+
let(:email) { "#{username}@example.org" }
|
47
|
+
let(:ldap_entry) {
|
48
|
+
entry = Net::LDAP::Entry.new
|
49
|
+
{:uid => username, :displayname => fullname, :mail => email}.each do |key, value|
|
50
|
+
entry[key] = [value]
|
51
|
+
end
|
52
|
+
entry
|
53
|
+
}
|
54
|
+
before(:each) do
|
55
|
+
connection.stub(:bind_as) do
|
56
|
+
ldap_entry
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
it 'returns the user data' do
|
61
|
+
subject.validate(username, password).should == {
|
62
|
+
username: username,
|
63
|
+
extra_attributes: {
|
64
|
+
:email => email,
|
65
|
+
:fullname => fullname
|
66
|
+
}
|
67
|
+
}
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
context 'when validation fails' do
|
72
|
+
before(:each) do
|
73
|
+
connection.stub(:bind_as) do
|
74
|
+
false
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'returns false' do
|
79
|
+
subject.validate(username, password).should == false
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
context 'when communication error occurs' do
|
84
|
+
before(:each) do
|
85
|
+
connection.stub(:bind_as) do
|
86
|
+
raise Net::LDAP::LdapError, 'foo'
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'raises an AuthenticatorError' do
|
91
|
+
lambda {
|
92
|
+
subject.validate(username, password)
|
93
|
+
}.should raise_error(CASino::Authenticator::AuthenticatorError)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
context 'with an admin user' do
|
98
|
+
before(:each) do
|
99
|
+
options.merge! :admin_user => 'admin', :admin_password => 'password'
|
100
|
+
end
|
101
|
+
|
102
|
+
it 'authenticates the admin user' do
|
103
|
+
connection.should_receive(:auth).with(options[:admin_user], options[:admin_password])
|
104
|
+
subject.validate(username, password)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
context 'with a filter' do
|
109
|
+
let(:filter_expression) { '(!(attribute=abc))' }
|
110
|
+
let(:filter) { user_filter & Net::LDAP::Filter.construct(filter_expression) }
|
111
|
+
before(:each) do
|
112
|
+
options.merge! :filter => filter_expression
|
113
|
+
end
|
114
|
+
|
115
|
+
it 'calls the #bind_as method on the LDAP connection' do
|
116
|
+
connection.should_receive(:bind_as).with(:base => options[:base], :size => 1, :password => password, :filter => filter)
|
117
|
+
subject.validate(username, password)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler/setup'
|
3
|
+
|
4
|
+
require 'simplecov'
|
5
|
+
SimpleCov.start do
|
6
|
+
add_filter '/spec'
|
7
|
+
end
|
8
|
+
|
9
|
+
require 'rspec'
|
10
|
+
require 'casino-ldap_authenticator'
|
11
|
+
|
12
|
+
# Requires supporting files with custom matchers and macros, etc,
|
13
|
+
# in ./support/ and its subdirectories.
|
14
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
15
|
+
|
16
|
+
RSpec.configure do |config|
|
17
|
+
# Run specs in random order to surface order dependencies. If you find an
|
18
|
+
# order dependency and want to debug it, you can fix the order by providing
|
19
|
+
# the seed, which is printed after each run.
|
20
|
+
# --seed 1234
|
21
|
+
config.order = 'random'
|
22
|
+
end
|
metadata
ADDED
@@ -0,0 +1,144 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: casino-ldap_authenticator
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Nils Caspar
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-10-29 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rake
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '10.0'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '10.0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rspec
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '2.12'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '2.12'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: simplecov
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0.7'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0.7'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: net-ldap
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ~>
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0.3'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0.3'
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: casino
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - ~>
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '2.0'
|
86
|
+
type: :runtime
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ~>
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '2.0'
|
94
|
+
description: This gem can be used to allow the CASino backend to authenticate against
|
95
|
+
an LDAP server.
|
96
|
+
email:
|
97
|
+
- ncaspar@me.com
|
98
|
+
executables: []
|
99
|
+
extensions: []
|
100
|
+
extra_rdoc_files: []
|
101
|
+
files:
|
102
|
+
- .document
|
103
|
+
- .gitignore
|
104
|
+
- .rspec
|
105
|
+
- .ruby-gemset
|
106
|
+
- .ruby-version
|
107
|
+
- Gemfile
|
108
|
+
- LICENSE.txt
|
109
|
+
- README.md
|
110
|
+
- Rakefile
|
111
|
+
- casino-ldap_authenticator.gemspec
|
112
|
+
- lib/casino-ldap_authenticator.rb
|
113
|
+
- lib/casino/ldap_authenticator.rb
|
114
|
+
- lib/casino/ldap_authenticator/version.rb
|
115
|
+
- spec/casino/ldap_authenticator_spec.rb
|
116
|
+
- spec/spec_helper.rb
|
117
|
+
homepage: http://rbcas.org/
|
118
|
+
licenses:
|
119
|
+
- MIT
|
120
|
+
post_install_message:
|
121
|
+
rdoc_options: []
|
122
|
+
require_paths:
|
123
|
+
- lib
|
124
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
125
|
+
none: false
|
126
|
+
requirements:
|
127
|
+
- - ! '>='
|
128
|
+
- !ruby/object:Gem::Version
|
129
|
+
version: '0'
|
130
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
|
+
none: false
|
132
|
+
requirements:
|
133
|
+
- - ! '>='
|
134
|
+
- !ruby/object:Gem::Version
|
135
|
+
version: '0'
|
136
|
+
requirements: []
|
137
|
+
rubyforge_project:
|
138
|
+
rubygems_version: 1.8.23
|
139
|
+
signing_key:
|
140
|
+
specification_version: 3
|
141
|
+
summary: Provides mechanism to use LDAP as an authenticator for CASino.
|
142
|
+
test_files:
|
143
|
+
- spec/casino/ldap_authenticator_spec.rb
|
144
|
+
- spec/spec_helper.rb
|