RubyGems - casino-ldap_authenticator - Versions diffs - 2.0.2 → 2.0.3 - Mend

casino-ldap_authenticator 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/lib/casino/ldap_authenticator.rb +26 -23
data/lib/casino/ldap_authenticator/version.rb +1 -1
data/spec/casino/ldap_authenticator_spec.rb +9 -0
metadata +1 -1

data/lib/casino/ldap_authenticator.rb CHANGED Viewed

@@ -10,16 +10,12 @@ class CASino::LDAPAuthenticator
   end
   def validate(username, password)
-    @username = username
-    @password = password
     begin
-      connect
-      authenticate
-      if !@user_plain
+      user_plain = authenticate(username, password)
+      if !user_plain
         false
       else
-        generate_user
-        @user
+        generate_user(user_plain)
       end
     rescue Net::LDAP::LdapError => e
       raise CASino::Authenticator::AuthenticatorError,
@@ -28,53 +24,60 @@ class CASino::LDAPAuthenticator
   end
   private
-  def connect
+  def ldap
+    return @ldap if @ldap
     @ldap = Net::LDAP.new
     @ldap.host = @options[:host]
     @ldap.port = @options[:port]
     if @options[:encryption]
       @ldap.encryption(@options[:encryption].to_sym)
     end
+    return @ldap
   end
-  def authenticate
+  def authenticate(username, password)
+    # Don't allow "Unauthenticated bind" (http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods)
+    return false unless password && !password.empty?
     unless @options[:admin_user].nil?
-      @ldap.auth(@options[:admin_user], @options[:admin_password])
+      ldap.auth(@options[:admin_user], @options[:admin_password])
     end
-    @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter)
-    if @user_plain
+    user_plain = ldap.bind_as(:base => @options[:base], :size => 1, :password => password, :filter => user_filter(username))
+    if user_plain
       include_attributes = @options[:extra_attributes].values + [username_attribute]
-      @user_plain = @ldap.search(:base => @options[:base], :filter => user_filter, :attributes => include_attributes)
-      if @user_plain.is_a?(Array)
-        @user_plain = @user_plain.first
+      user_plain = ldap.search(:base => @options[:base], :filter => user_filter(username), :attributes => include_attributes)
+      if user_plain.is_a?(Array)
+        user_plain = user_plain.first
       end
     end
+    return user_plain
   end
   def username_attribute
     @options[:username_attribute] || DEFAULT_USERNAME_ATTRIBUTE
   end
-  def user_filter
-    filter = Net::LDAP::Filter.eq(username_attribute, @username)
+  def user_filter(username)
+    filter = Net::LDAP::Filter.eq(username_attribute, username)
     unless @options[:filter].nil?
       filter &= Net::LDAP::Filter.construct(@options[:filter])
     end
     filter
   end
-  def generate_user
-    @user = {
-      username: @user_plain[username_attribute].first,
-      extra_attributes: extra_attributes
+  def generate_user(user_plain)
+    {
+      username: user_plain[username_attribute].first,
+      extra_attributes: extra_attributes(user_plain)
     }
   end
-  def extra_attributes
+  def extra_attributes(user_plain)
     if @options[:extra_attributes]
       result = {}
       @options[:extra_attributes].each do |index_result, index_ldap|
-        value = @user_plain[index_ldap]
+        value = user_plain[index_ldap]
         if value
           result[index_result] = "#{value.first}"
         end

data/lib/casino/ldap_authenticator/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module CASino
   class LDAPAuthenticator
-    VERSION = '2.0.2'
+    VERSION = '2.0.3'
   end
 end

data/spec/casino/ldap_authenticator_spec.rb CHANGED Viewed

@@ -65,6 +65,15 @@ describe CASino::LDAPAuthenticator do
       end
     end
+    context 'with an empty password' do
+      let(:password) { '' }
+      it 'does not call the #bind_as method on the LDAP connection' do
+        connection.should_not_receive(:bind_as)
+        subject.validate(username, password)
+      end
+    end
     context 'when validation succeeds for user with missing data' do
       let(:fullname) { 'Example User' }
       let(:email) { "#{username}@example.org" }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino-ldap_authenticator
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
   prerelease:
 platform: ruby
 authors: