casino-ldap_authenticator 2.0.2 → 2.0.3

data/lib/casino/ldap_authenticator.rb

@@ -10,16 +10,12 @@ class CASino::LDAPAuthenticator
   end
 
   def validate(username, password)
-    @username = username
-    @password = password
     begin
-      connect
-      authenticate
-      if !@user_plain
+      user_plain = authenticate(username, password)
+      if !user_plain
         false
       else
-        generate_user
-        @user
+        generate_user(user_plain)
       end
     rescue Net::LDAP::LdapError => e
       raise CASino::Authenticator::AuthenticatorError,
@@ -28,53 +24,60 @@ class CASino::LDAPAuthenticator
   end
 
   private
-  def connect
+  def ldap
+    return @ldap if @ldap
     @ldap = Net::LDAP.new
     @ldap.host = @options[:host]
     @ldap.port = @options[:port]
     if @options[:encryption]
       @ldap.encryption(@options[:encryption].to_sym)
     end
+    return @ldap
   end
 
-  def authenticate
+  def authenticate(username, password)
+    # Don't allow "Unauthenticated bind" (http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods)
+    return false unless password && !password.empty?
+
     unless @options[:admin_user].nil?
-      @ldap.auth(@options[:admin_user], @options[:admin_password])
+      ldap.auth(@options[:admin_user], @options[:admin_password])
     end
-    @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter)
-    if @user_plain
+
+    user_plain = ldap.bind_as(:base => @options[:base], :size => 1, :password => password, :filter => user_filter(username))
+    if user_plain
       include_attributes = @options[:extra_attributes].values + [username_attribute]
-      @user_plain = @ldap.search(:base => @options[:base], :filter => user_filter, :attributes => include_attributes)
-      if @user_plain.is_a?(Array)
-        @user_plain = @user_plain.first
+      user_plain = ldap.search(:base => @options[:base], :filter => user_filter(username), :attributes => include_attributes)
+      if user_plain.is_a?(Array)
+        user_plain = user_plain.first
       end
     end
+    return user_plain
   end
 
   def username_attribute
     @options[:username_attribute] || DEFAULT_USERNAME_ATTRIBUTE
   end
 
-  def user_filter
-    filter = Net::LDAP::Filter.eq(username_attribute, @username)
+  def user_filter(username)
+    filter = Net::LDAP::Filter.eq(username_attribute, username)
     unless @options[:filter].nil?
       filter &= Net::LDAP::Filter.construct(@options[:filter])
     end
     filter
   end
 
-  def generate_user
-    @user = {
-      username: @user_plain[username_attribute].first,
-      extra_attributes: extra_attributes
+  def generate_user(user_plain)
+    {
+      username: user_plain[username_attribute].first,
+      extra_attributes: extra_attributes(user_plain)
     }
   end
 
-  def extra_attributes
+  def extra_attributes(user_plain)
     if @options[:extra_attributes]
       result = {}
       @options[:extra_attributes].each do |index_result, index_ldap|
-        value = @user_plain[index_ldap]
+        value = user_plain[index_ldap]
         if value
           result[index_result] = "#{value.first}"
         end

data/lib/casino/ldap_authenticator/version.rb

@@ -1,5 +1,5 @@
 module CASino
   class LDAPAuthenticator
-    VERSION = '2.0.2'
+    VERSION = '2.0.3'
   end
 end

data/spec/casino/ldap_authenticator_spec.rb

@@ -65,6 +65,15 @@ describe CASino::LDAPAuthenticator do
       end
     end
 
+    context 'with an empty password' do
+      let(:password) { '' }
+
+      it 'does not call the #bind_as method on the LDAP connection' do
+        connection.should_not_receive(:bind_as)
+        subject.validate(username, password)
+      end
+    end
+
     context 'when validation succeeds for user with missing data' do
       let(:fullname) { 'Example User' }
       let(:email) { "#{username}@example.org" }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino-ldap_authenticator
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
   prerelease: 
 platform: ruby
 authors: