casino_core-authenticator-ldap 0.0.1

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color --format documentation

data/.rvmrc

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p194@casino_core-authenticator-ldap"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.15.8 (stable)" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+    \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | GREP_OPTIONS= \grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | GREP_OPTIONS= \grep -vE '^Using|Your bundle is complete'
+# fi

data/Gemfile

@@ -0,0 +1,18 @@
+source :rubygems
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem 'bundler', '~> 1.2.0'
+  gem 'jeweler', '~> 1.8.4'
+  gem 'redcarpet'
+  gem 'yard', '~> 0.8.3', require: 'redcarpet'
+end
+
+group :development, :test do
+  gem 'rspec', '~> 2.12.0'
+  gem 'simplecov', '~> 0.7.1'
+end
+
+gem 'net-ldap', '~> 0.3.1'
+gem 'casino_core'

data/Gemfile.lock

@@ -0,0 +1,64 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activemodel (3.2.9)
+      activesupport (= 3.2.9)
+      builder (~> 3.0.0)
+    activerecord (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.9)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    addressable (2.3.2)
+    arel (3.0.2)
+    builder (3.0.4)
+    casino_core (1.0.7)
+      activerecord (~> 3.2.9)
+      addressable (~> 2.3.2)
+      useragent (~> 0.4.13)
+    diff-lcs (1.1.3)
+    git (1.2.5)
+    i18n (0.6.1)
+    jeweler (1.8.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+      rdoc
+    json (1.7.6)
+    multi_json (1.5.0)
+    net-ldap (0.3.1)
+    rake (10.0.3)
+    rdoc (3.12)
+      json (~> 1.4)
+    redcarpet (2.2.2)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.12.1)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    tzinfo (0.3.35)
+    useragent (0.4.15)
+    yard (0.8.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.2.0)
+  casino_core
+  jeweler (~> 1.8.4)
+  net-ldap (~> 0.3.1)
+  redcarpet
+  rspec (~> 2.12.0)
+  simplecov (~> 0.7.1)
+  yard (~> 0.8.3)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Nils Caspar
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+# casino_core-authenticator-ldap [![Build Status](https://travis-ci.org/rbCAS/casino_core-authenticator-ldap.png?branch=master)](https://travis-ci.org/rbCAS/casino_core-authenticator-ldap)
+
+Provides mechanism to use LDAP as an authenticator for [CASinoCore](https://github.com/rbCAS/CASinoCore).
+
+## Contributing to casino_core-authenticator-ldap
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+## Copyright
+
+Copyright (c) 2013 Nils Caspar. See LICENSE.txt
+for further details.
+

data/Rakefile

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "casino_core-authenticator-ldap"
+  gem.homepage = "http://rbcas.org/"
+  gem.license = "MIT"
+  gem.summary = %Q{Provides mechanism to use LDAP as an authenticator for CASinoCore.}
+  gem.description = gem.summary
+  gem.email = "ncaspar@me.com"
+  gem.authors = ["Nils Caspar"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'yard'
+YARD::Rake::YardocTask.new do |t|
+  t.files = FileList['lib/**/*.rb']
+end
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/lib/casino_core-authenticator-ldap.rb

@@ -0,0 +1 @@
+require 'casino_core/authenticator/ldap'

data/lib/casino_core/authenticator/ldap.rb

@@ -0,0 +1,80 @@
+require 'net/ldap'
+require 'casino_core/authenticator'
+
+class CASinoCore::Authenticator::LDAP
+  DEFAULT_USERNAME_ATTRIBUTE = 'uid'
+
+  # @param [Hash] options
+  def initialize(options)
+    @options = options
+  end
+
+  def validate(username, password)
+    @username = username
+    @password = password
+    begin
+      connect
+      authenticate
+      if !@user_plain
+        false
+      else
+        generate_user
+        @user
+      end
+    rescue Net::LDAP::LdapError => e
+      raise CASinoCore::Authenticator::AuthenticatorError,
+        "LDAP authentication failed with '#{e}'. Check your authenticator configuration."
+    end
+  end
+
+  private
+  def connect
+    @ldap = Net::LDAP.new
+    @ldap.host = @options[:host]
+    @ldap.port = @options[:port]
+    if @options[:encryption]
+      @ldap.encryption(@options[:encryption].to_sym)
+    end
+  end
+
+  def authenticate
+    unless @options[:admin_user].nil?
+      @ldap.auth(@options[:admin_user], @options[:admin_password])
+    end
+    @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter)
+  end
+
+  def username_attribute
+    @options[:username_attribute] || DEFAULT_USERNAME_ATTRIBUTE
+  end
+
+  def user_filter
+    filter = Net::LDAP::Filter.eq(username_attribute, @username)
+    unless @options[:filter].nil?
+      filter &= Net::LDAP::Filter.construct(@options[:filter])
+    end
+    filter
+  end
+
+  def generate_user
+    @user = {
+      username: @user_plain[username_attribute][0],
+      extra_attributes: extra_attributes
+    }
+  end
+
+  def extra_attributes
+    if @options[:extra_attributes]
+      result = {}
+      @options[:extra_attributes].each do |index_result, index_ldap|
+        value = @user_plain[index_ldap]
+        if value
+          result[index_result] = value[0]
+        end
+      end
+      result
+    else
+      nil
+    end
+  end
+end

data/spec/casino_core/authenticator/ldap_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+require 'casino_core/authenticator/ldap'
+
+describe CASinoCore::Authenticator::LDAP do
+  let(:options) { {
+    :host => 'localhost',
+    :port => 12445,
+    :base => 'dc=users,dc=example.com',
+    :encryption => 'simple_tls',
+    :username_attribute => 'uid',
+    :extra_attributes => { :email => :mail, :fullname => :displayname }
+  } }
+  let(:subject) { described_class.new(options) }
+  let(:connection) { Object.new }
+
+  before(:each) do
+    Net::LDAP.stub(:new).and_return(connection)
+    [:host=, :port=, :encryption].each do |setting|
+      connection.stub(setting)
+    end
+  end
+
+  describe '#validate' do
+    let(:username) { 'test' }
+    let(:password) { 'foo' }
+    let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) }
+
+    before(:each) do
+      connection.stub(:bind_as)
+    end
+
+    it 'does the connection setup' do
+      connection.should_receive(:host=).with(options[:host])
+      connection.should_receive(:port=).with(options[:port])
+      connection.should_receive(:encryption).with(:"#{options[:encryption]}")
+      subject.validate(username, password)
+    end
+
+    it 'calls the #bind_as method on the LDAP connection' do
+      connection.should_receive(:bind_as).with(:base => options[:base], :size => 1, :password => password, :filter => user_filter)
+      subject.validate(username, password)
+    end
+
+    context 'when validation succeeds' do
+      let(:fullname) { 'Example User' }
+      let(:email) { "#{username}@example.org" }
+      let(:ldap_entry) {
+        entry = Net::LDAP::Entry.new
+        {:uid => username, :displayname => fullname, :mail => email}.each do |key, value|
+          entry[key] = [value]
+        end
+        entry
+      }
+      before(:each) do
+        connection.stub(:bind_as) do
+          ldap_entry
+        end
+      end
+
+      it 'returns the user data' do
+        subject.validate(username, password).should == {
+          username: username,
+          extra_attributes: {
+            :email => email,
+            :fullname => fullname
+          }
+        }
+      end
+    end
+
+    context 'when validation fails' do
+      before(:each) do
+        connection.stub(:bind_as) do
+          false
+        end
+      end
+
+      it 'returns false' do
+        subject.validate(username, password).should == false
+      end
+    end
+
+    context 'when communication error occurs' do
+      before(:each) do
+        connection.stub(:bind_as) do
+          raise Net::LDAP::LdapError, 'foo'
+        end
+      end
+
+      it 'raises an AuthenticatorError' do
+        lambda {
+          subject.validate(username, password)
+        }.should raise_error(CASinoCore::Authenticator::AuthenticatorError)
+      end
+    end
+
+    context 'with an admin user' do
+      before(:each) do
+        options.merge! :admin_user => 'admin', :admin_password => 'password'
+      end
+
+      it 'authenticates the admin user' do
+        connection.should_receive(:auth).with(options[:admin_user], options[:admin_password])
+        subject.validate(username, password)
+      end
+    end
+
+    context 'with a filter' do
+      let(:filter_expression) { '(!(attribute=abc))' }
+      let(:filter) { user_filter & Net::LDAP::Filter.construct(filter_expression) }
+      before(:each) do
+        options.merge! :filter => filter_expression
+      end
+
+      it 'calls the #bind_as method on the LDAP connection' do
+        connection.should_receive(:bind_as).with(:base => options[:base], :size => 1, :password => password, :filter => filter)
+        subject.validate(username, password)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'simplecov'
+SimpleCov.start do
+  add_filter '/spec'
+end
+
+require 'rspec'
+require 'casino_core-authenticator-ldap'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,191 @@
+--- !ruby/object:Gem::Specification
+name: casino_core-authenticator-ldap
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Nils Caspar
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: casino_core
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.4
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.3
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+description: Provides mechanism to use LDAP as an authenticator for CASinoCore.
+email: ncaspar@me.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- .document
+- .rspec
+- .rvmrc
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- lib/casino_core-authenticator-ldap.rb
+- lib/casino_core/authenticator/ldap.rb
+- spec/casino_core/authenticator/ldap_spec.rb
+- spec/spec_helper.rb
+homepage: http://rbcas.org/
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -333943744723326150
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Provides mechanism to use LDAP as an authenticator for CASinoCore.
+test_files: []