chaltron 1.1.7 → 2.0.0

data/config/initializers/warden.rb

@@ -1,31 +1,33 @@
 require 'chaltron/ldap/user'
 
-Warden::Manager.after_set_user do |record, warden, options|
-  # LDAP callback. Last check before authentication
-  if record && record.ldap_user? &&
-    Chaltron.ldap_after_authenticate.call(record, Chaltron::LDAP::Connection.new).nil?
-    scope = options[:scope]
-    warden.logout(scope)
-    throw :warden, scope: scope, message: I18n.t('chaltron.not_allowed_to_sign_in')
+if defined?(Warden)
+  Warden::Manager.after_set_user do |record, warden, options|
+    # LDAP callback. Last check before authentication
+    if record && record.ldap_user? &&
+      Chaltron.ldap_after_authenticate.call(record, Chaltron::LDAP::Connection.new).nil?
+      scope = options[:scope]
+      warden.logout(scope)
+      throw :warden, scope: scope, message: I18n.t('chaltron.not_allowed_to_sign_in')
+    end
   end
-end
 
-# Log after authentication
-Warden::Manager.after_authentication do |user,auth,opts|
-  Log.create(
-    message: I18n.t('chaltron.logs.login', user: user.display_name),
-    category: :login,
-    severity: :info
-  ) if user
-end
+  # Log after authentication
+  Warden::Manager.after_authentication do |user,auth,opts|
+    Log.create(
+      message: I18n.t('chaltron.logs.login', user: user.display_name),
+      category: :login,
+      severity: :info
+    ) if user
+  end
 
-Warden::Manager.before_logout do |user,auth,opts|
-  # LDAP callback
-  Chaltron.ldap_before_logout.call(user, Chaltron::LDAP::Connection.new) if user.ldap_user?
-  # Log before logout
-  Log.create(
-    message: I18n.t('chaltron.logs.logout', user: user.display_name),
-    category: :login,
-    severity: :info
-  ) if user
+  Warden::Manager.before_logout do |user,auth,opts|
+    # LDAP callback
+    Chaltron.ldap_before_logout.call(user, Chaltron::LDAP::Connection.new) if user.ldap_user?
+    # Log before logout
+    Log.create(
+      message: I18n.t('chaltron.logs.logout', user: user.display_name),
+      category: :login,
+      severity: :info
+    ) if user
+  end
 end

data/config/routes.rb

@@ -23,4 +23,4 @@ Rails.application.routes.draw do
     post  'ldap/multi_new'    => 'chaltron/ldap#multi_new'
     post  'ldap/multi_create' => 'chaltron/ldap#multi_create'
   end
-end
+end if defined?(Devise)

data/lib/chaltron.rb

@@ -1,5 +1,4 @@
 require 'chaltron/engine'
-require 'chaltron/bootstrap_form'
 require 'syslog'
 
 module Chaltron

data/lib/chaltron/engine.rb

@@ -1,20 +1,3 @@
-require 'devise'
-require 'cancancan'
-require 'omniauth'
-require 'omniauth-ldap'
-require 'bootstrap'
-require 'autoprefixer-rails'
-require 'font-awesome-sass'
-require 'simple-navigation'
-require 'ajax-datatables-rails'
-require 'bootstrap_form'
-require 'nprogress-rails'
-require 'rails-i18n'
-require 'jquery-rails'
-require 'jquery-datatables'
-
-SimpleNavigation.config_file_paths << File.expand_path('../../../config', __FILE__)
-
 module Chaltron
   class Engine < ::Rails::Engine
     config.generators do |g|
@@ -33,11 +16,27 @@ module Chaltron
       Chaltron::Engine.config.i18n.load_path += Dir[root.join('app/models', 'locales', '*.{rb,yml}')]
     end
 
-    initializer('chaltron.helpers') do |_app|
+    initializer('chaltron.controller') do |_app|
       ActiveSupport.on_load(:action_controller) do
         include Chaltron::Controllers::Helpers
         before_action :configure_permitted_parameters, if: :devise_controller?
+
+        # to override devise views
+        prepend_view_path File.expand_path('../../../app/views', __FILE__)
+      end
+    end
+
+    initializer('chaltron.simple_navigation') do |_app|
+      if defined?(SimpleNavigation)
+        SimpleNavigation.config_file_paths << File.expand_path('../../../config', __FILE__)
       end
     end
+
+    initializer('chaltron.bootstrap_form') do |_app|
+      if defined?(BootstrapForm)
+        require 'chaltron/form_builder/bootstrap_form'
+      end
+    end
+
   end
 end

data/lib/chaltron/form_builder/bootstrap_form.rb

@@ -0,0 +1,23 @@
+if defined?(BootstrapForm)
+  class BootstrapForm::FormBuilder
+
+    def role_select(opts = {})
+      collection = Chaltron.roles.map { |role| [role, I18n.translate("roles.#{role}")] }
+      checked = @object.nil?? false : @object.roles
+      html = inputs_collection(:roles, collection, :first, :last, checked: checked) do |name, value, options|
+        options[:multiple] = true
+        options[:inline] = opts.fetch(:inline, true)
+
+        if value == opts[:disabled]
+          options[:disabled] = true
+          options[:checked] = true
+        end
+        check_box(name, options, value, nil)
+      end
+
+      hidden = opts[:disabled] || ''
+      hidden_field(:roles, { value: hidden, multiple: true }).concat(html)
+    end
+
+  end
+end

data/lib/chaltron/ldap/connection.rb

@@ -1,190 +1,192 @@
-require 'net/ldap'
-require 'chaltron/ldap/person'
-
-module Chaltron
-  module LDAP
-    class Connection
-      NET_LDAP_ENCRYPTION_METHOD = {
-        simple_tls: :simple_tls,
-        start_tls:  :start_tls,
-        plain:      nil
-      }.freeze
-
-      attr_reader :ldap
-
-      def initialize(params = {})
-        @ldap = Net::LDAP.new(adapter_options)
-      end
+if defined?(Net::LDAP)
+  require 'net/ldap'
+  require 'chaltron/ldap/person'
+
+  module Chaltron
+    module LDAP
+      class Connection
+        NET_LDAP_ENCRYPTION_METHOD = {
+          simple_tls: :simple_tls,
+          start_tls:  :start_tls,
+          plain:      nil
+        }.freeze
+
+        attr_reader :ldap
+
+        def initialize(params = {})
+          @ldap = Net::LDAP.new(adapter_options)
+        end
 
-      def auth(login, password)
-        filter = Net::LDAP::Filter.eq(uid, login)
-        ldap.bind_as(base: base, filter: filter, password: password)
-      end
+        def auth(login, password)
+          filter = Net::LDAP::Filter.eq(uid, login)
+          ldap.bind_as(base: base, filter: filter, password: password)
+        end
 
-      def find_by_uid(id)
-        opts = {}
-        opts[uid.to_sym] = id
-        ret = find_user(opts)
-      end
+        def find_by_uid(id)
+          opts = {}
+          opts[uid.to_sym] = id
+          ret = find_user(opts)
+        end
 
-      def find_user(*args)
-        find_users(*args).first
-      end
+        def find_user(*args)
+          find_users(*args).first
+        end
 
-      def ldap_search(*args)
-        results = ldap.search(*args)
-        if results.nil?
-          response = ldap.get_operation_result
-          unless response.code.zero?
-            Rails.logger.warn("LDAP search error: #{response.message}")
+        def ldap_search(*args)
+          results = ldap.search(*args)
+          if results.nil?
+            response = ldap.get_operation_result
+            unless response.code.zero?
+              Rails.logger.warn("LDAP search error: #{response.message}")
+            end
+            []
+          else
+            results
           end
-          []
-        else
-          results
         end
-      end
 
-      def find_users(args)
-        return [] if args.empty?
-        limit = args.delete(:limit)
-        fields = args.keys
-
-        if fields.include?(:dn)
-          options = {
-            base: args[:dn],
-            scope: Net::LDAP::SearchScope_BaseObject
-          }
-        else
-          filters = fields.map do |field|
-            f = translate_field(field)
-            Net::LDAP::Filter.eq(f, args[field]) if f
+        def find_users(args)
+          return [] if args.empty?
+          limit = args.delete(:limit)
+          fields = args.keys
+
+          if fields.include?(:dn)
+            options = {
+              base: args[:dn],
+              scope: Net::LDAP::SearchScope_BaseObject
+            }
+          else
+            filters = fields.map do |field|
+              f = translate_field(field)
+              Net::LDAP::Filter.eq(f, args[field]) if f
+            end
+            options = {
+              base: base,
+              filter: filters.inject { |sum, n| Net::LDAP::Filter.join(sum, n) }
+            }
           end
+          options.merge!(size: limit) unless limit.nil?
+          ldap_search(options).map do |entry|
+            Chaltron::LDAP::Person.new(entry, uid) if entry.respond_to? uid
+          end.compact
+        end
+
+        def find_groups_by_member(entry)
           options = {
-            base: base,
-            filter: filters.inject { |sum, n| Net::LDAP::Filter.join(sum, n) }
+            base: Chaltron.ldap_group_base || base,
+            filter: Chaltron.ldap_group_member_filter.call(entry)
           }
+          ldap_search(options)
         end
-        options.merge!(size: limit) unless limit.nil?
-        ldap_search(options).map do |entry|
-          Chaltron::LDAP::Person.new(entry, uid) if entry.respond_to? uid
-        end.compact
-      end
-
-      def find_groups_by_member(entry)
-        options = {
-          base: Chaltron.ldap_group_base || base,
-          filter: Chaltron.ldap_group_member_filter.call(entry)
-        }
-        ldap_search(options)
-      end
 
-      def update_attributes(dn, args)
-        ldap.modify dn: dn, operations: args.map { |k,v| [:replace, k, v] }
-      end
+        def update_attributes(dn, args)
+          ldap.modify dn: dn, operations: args.map { |k,v| [:replace, k, v] }
+        end
 
-      private
+        private
 
-      def options
-        Devise.omniauth_configs[:ldap].options
-      end
+        def options
+          Devise.omniauth_configs[:ldap].options
+        end
 
-      def translate_field field
-        return uid if field.to_sym == :uid
-        return Chaltron.ldap_field_mappings[field.to_sym] unless Chaltron.ldap_field_mappings[field.to_sym].nil?
-        field
-      end
+        def translate_field field
+          return uid if field.to_sym == :uid
+          return Chaltron.ldap_field_mappings[field.to_sym] unless Chaltron.ldap_field_mappings[field.to_sym].nil?
+          field
+        end
 
-      def adapter_options
-        opts = {
-          host: options[:host],
-          port: options[:port],
-          encryption: encryption_options,
-          verbose: true
-        }
-        opts.merge!(auth_options) if has_auth?
-        opts
-      end
+        def adapter_options
+          opts = {
+            host: options[:host],
+            port: options[:port],
+            encryption: encryption_options,
+            verbose: true
+          }
+          opts.merge!(auth_options) if has_auth?
+          opts
+        end
 
-      def base
-        options[:base]
-      end
+        def base
+          options[:base]
+        end
 
-      def uid
-        options[:uid]
-      end
+        def uid
+          options[:uid]
+        end
 
-      def encryption_options
-        method = translate_method
-        return unless method
-        {
-          method: method,
-          tls_options: tls_options
-        }
-      end
+        def encryption_options
+          method = translate_method
+          return unless method
+          {
+            method: method,
+            tls_options: tls_options
+          }
+        end
 
-      def translate_method
-        NET_LDAP_ENCRYPTION_METHOD[options[:encryption]&.to_sym]
-      end
+        def translate_method
+          NET_LDAP_ENCRYPTION_METHOD[options[:encryption]&.to_sym]
+        end
 
-      def tls_options
-        return @tls_options if defined?(@tls_options)
+        def tls_options
+          return @tls_options if defined?(@tls_options)
 
-        method = translate_method
-        return unless method
+          method = translate_method
+          return unless method
 
-        opts = if options[:disable_verify_certificates]
-          # It is important to explicitly set verify_mode for two reasons:
-          # 1. The behavior of OpenSSL is undefined when verify_mode is not set.
-          # 2. The net-ldap gem implementation verifies the certificate hostname
-          #    unless verify_mode is set to VERIFY_NONE.
-          { verify_mode: OpenSSL::SSL::VERIFY_NONE }
-         else
-           # Dup so we don't accidentally overwrite the constant
-           OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.dup
-         end
+          opts = if options[:disable_verify_certificates]
+            # It is important to explicitly set verify_mode for two reasons:
+            # 1. The behavior of OpenSSL is undefined when verify_mode is not set.
+            # 2. The net-ldap gem implementation verifies the certificate hostname
+            #    unless verify_mode is set to VERIFY_NONE.
+            { verify_mode: OpenSSL::SSL::VERIFY_NONE }
+           else
+             # Dup so we don't accidentally overwrite the constant
+             OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.dup
+           end
 
-        opts.merge!(custom_tls_options)
+          opts.merge!(custom_tls_options)
 
-        @tls_options = opts
-      end
+          @tls_options = opts
+        end
 
-      def custom_tls_options
-        return {} unless options['tls_options']
+        def custom_tls_options
+          return {} unless options['tls_options']
 
-        # Dup so we don't overwrite the original value
-        custom_options = options['tls_options'].dup.delete_if { |_, value| value.nil? || value.blank? }
-        custom_options.symbolize_keys!
+          # Dup so we don't overwrite the original value
+          custom_options = options['tls_options'].dup.delete_if { |_, value| value.nil? || value.blank? }
+          custom_options.symbolize_keys!
 
-        if custom_options[:cert]
-          begin
-            custom_options[:cert] = OpenSSL::X509::Certificate.new(custom_options[:cert])
-          rescue OpenSSL::X509::CertificateError => e
-            Rails.logger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}"
+          if custom_options[:cert]
+            begin
+              custom_options[:cert] = OpenSSL::X509::Certificate.new(custom_options[:cert])
+            rescue OpenSSL::X509::CertificateError => e
+              Rails.logger.error "LDAP TLS Options 'cert' is invalid for provider #{provider}: #{e.message}"
+            end
           end
-        end
 
-        if custom_options[:key]
-          begin
-            custom_options[:key] = OpenSSL::PKey.read(custom_options[:key])
-          rescue OpenSSL::PKey::PKeyError => e
-            Rails.logger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}"
+          if custom_options[:key]
+            begin
+              custom_options[:key] = OpenSSL::PKey.read(custom_options[:key])
+            rescue OpenSSL::PKey::PKeyError => e
+              Rails.logger.error "LDAP TLS Options 'key' is invalid for provider #{provider}: #{e.message}"
+            end
           end
+          custom_options
         end
-        custom_options
-      end
 
-      def auth_options
-        {
-          auth: {
-            method: :simple,
-            username: options[:bind_dn],
-            password: options[:password]
+        def auth_options
+          {
+            auth: {
+              method: :simple,
+              username: options[:bind_dn],
+              password: options[:password]
+            }
           }
-        }
-      end
+        end
 
-      def has_auth?
-        options[:password] || options[:bind_dn]
+        def has_auth?
+          options[:password] || options[:bind_dn]
+        end
       end
     end
   end