devise_active_directory_authenticatable 0.1.1 → 0.2.0

data/Rakefile

@@ -22,7 +22,7 @@ begin
     gemspec.homepage = "http://github.com/ajrkerr/devise_activedirectory_authenticatable"
     gemspec.authors = ["Adam Kerr"]
     gemspec.add_dependency "devise", ">= 1.1.5"
-    gemspec.add_dependency "active_directory", ">= 1.1.0"
+    gemspec.add_dependency "active_directory", ">= 1.2.0"
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError

data/VERSION

@@ -1 +1 @@
-0.1.1
+0.2.0

data/devise_active_directory_authenticatable.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_active_directory_authenticatable}
-  s.version = "0.1.1"
+  s.version = "0.2.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Adam Kerr"]
@@ -25,7 +25,9 @@ Gem::Specification.new do |s|
     "lib/devise_active_directory_authenticatable.rb",
     "lib/devise_active_directory_authenticatable/exception.rb",
     "lib/devise_active_directory_authenticatable/logger.rb",
-    "lib/devise_active_directory_authenticatable/model.rb",
+    "lib/devise_active_directory_authenticatable/models/ad_group.rb",
+    "lib/devise_active_directory_authenticatable/models/ad_object.rb",
+    "lib/devise_active_directory_authenticatable/models/ad_user.rb",
     "lib/devise_active_directory_authenticatable/strategy.rb",
     "lib/generators/devise_active_directory_authenticatable/install_generator.rb",
     "rails/init.rb"
@@ -40,14 +42,14 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_runtime_dependency(%q<active_directory>, [">= 1.1.0"])
+      s.add_runtime_dependency(%q<active_directory>, [">= 1.2.0"])
     else
       s.add_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_dependency(%q<active_directory>, [">= 1.1.0"])
+      s.add_dependency(%q<active_directory>, [">= 1.2.0"])
     end
   else
     s.add_dependency(%q<devise>, [">= 1.1.5"])
-    s.add_dependency(%q<active_directory>, [">= 1.1.0"])
+    s.add_dependency(%q<active_directory>, [">= 1.2.0"])
   end
 end
 

data/lib/devise_active_directory_authenticatable.rb

@@ -8,8 +8,6 @@ require 'devise_active_directory_authenticatable/logger'
 # Get ldap information from config/ldap.yml now
 module Devise
 
-  ##TODO Revise these options/vars and their corresponding generator
-
   #Active Directory settings
   mattr_accessor :ad_settings
   @@ad_settings = {
@@ -23,13 +21,24 @@ module Devise
   }
 
   #Attribute mapping for user object
-  mattr_accessor :ad_attr_mapping
-  @@ad_attr_mapping = {
+  mattr_accessor :ad_user_mapping
+  @@ad_user_mapping = {
     :objectGUID => :objectGUID, #Required
     :username => :userPrincipalName,
     :dn => :dn,
     :firstname => :givenName,
     :lastname => :sn,
+    :whenChanged => :whenChanged,
+  }
+
+  #Attribute mapping for group objects
+  mattr_accessor :ad_group_mapping
+  @@ad_group_mapping = {
+    :objectGUID => :objectGUID, #Required
+    :dn => :dn,
+    :name => :name,
+    :description => :description,
+    :whenCreated => :whenChanged,
   }
 
   #Username attribute
@@ -51,4 +60,7 @@ Devise.add_module(:ad_user,
                   :route => :session, ## This will add the routes, rather than in the routes.rb
                   :strategy   => true,
                   :controller => :sessions,
-                  :model  => 'devise_active_directory_authenticatable/model')
+                  :model  => 'devise_active_directory_authenticatable/models/ad_user')
+
+Devise.add_module(:ad_group,
+                  :model => 'devise_active_directory_authenticatable/models/ad_group')

data/lib/devise_active_directory_authenticatable/{model.rb → models/ad_group.rb}

@@ -5,7 +5,7 @@ module Devise
   module Models
     # Active Directory Module, responsible for validating the user credentials via Active Directory
     #
-    module AdUser
+    module AdGroup
 
       #Remove this before production
       ADConnect = DeviseActiveDirectoryAuthenticatable
@@ -14,10 +14,6 @@ module Devise
 
       extend ActiveSupport::Concern
 
-      included do 
-        serialize :objectGUID
-      end
-
       ## Devise key
       def login_with
         self[::Devise.authentication_keys.first]
@@ -45,10 +41,6 @@ module Devise
         super if defined? super 
       end
 
-      def guid
-        objectGUID.unpack("H*")
-      end
-
 
       module ClassMethods
 

data/lib/devise_active_directory_authenticatable/models/ad_object.rb

@@ -0,0 +1,72 @@
+module Devise
+  module Models
+
+    #Basic functions and shared methods for AD objects in ActiveRecord
+    module AdObject
+
+      ADConnect = DeviseActiveDirectoryAuthenticatable
+      Logger = DeviseActiveDirectoryAuthenticatable::Logger
+
+      extend ActiveSupport::Concern
+
+      included do 
+        #Serialize all binary fields
+        # ::Devise.ad_special_fields[:binary].each do |field|
+        #   serialize field
+        # end
+      end
+
+      ## Devise key
+      def login_with
+        self[::Devise.authentication_keys.first]
+      end
+
+      # Update the attributes of the current object from the AD
+      # Defaults to current user if no parameters given
+      def sync_with_activedirectory(params = {})
+        params[:objectGUID] = self.objectGUID if params.empty?
+        user = params[:user] || User.find_in_activedirectory(params)
+
+        return false if user.nil?
+
+        Logger.send "Updating #{params.inspect}"
+
+        #Grab attributes from Devise mapping
+        ::Devise.ad_attr_mapping.each do |user_attr, active_directory_attr|
+          self[user_attr] = user.send(active_directory_attr)
+        end
+      end
+
+
+      module ClassMethods
+
+        #Search based on GUID, DN or Username primarily
+        def find_in_activedirectory(params = {})
+          
+          #Reverse mappings
+          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
+          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
+
+          params.delete(:username)
+          params.delete(@login_with)
+
+          Logger.send "Searching for #{params.inspect}"
+          user = ADUser.find(:first, params)
+          Logger.send "Found: #{user}"
+
+          return user
+        end
+
+        private
+
+        def ad_connect(params = {})
+          #Used for username and password
+          ::Devise.ad_settings[:auth].merge! params
+
+          ActiveDirectory::Base.setup(::Devise.ad_settings)
+          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
+        end 
+      end
+    end
+  end
+end

data/lib/devise_active_directory_authenticatable/models/ad_user.rb

@@ -0,0 +1,115 @@
+require 'devise_active_directory_authenticatable/strategy'
+require 'devise_active_directory_authenticatable/exception'
+
+module Devise
+  module Models
+    # Active Directory Module, responsible for validating the user credentials via Active Directory
+    #
+    module AdUser
+
+      #Remove this before production
+      ADConnect = DeviseActiveDirectoryAuthenticatable
+      ADUser = ActiveDirectory::User
+      Logger = DeviseActiveDirectoryAuthenticatable::Logger
+
+      extend ActiveSupport::Concern
+
+      ## Devise key
+      def login_with
+        self[::Devise.authentication_keys.first]
+      end
+
+      # Update the attributes of the current object from the AD
+      # Defaults to current user if no parameters given
+      def sync_with_activedirectory(params = {})
+        params[:objectGUID] = self.objectGUID if params.empty?
+        user = params[:user] || User.find_in_activedirectory(params)
+
+        return false if user.nil?
+
+        Logger.send "Updating #{params.inspect}"
+
+        #Grab attributes from Devise mapping
+        ::Devise.ad_user_mapping.each do |user_attr, active_directory_attr|
+          Logger.send "Settings #{user_attr} = #{user.send(active_directory_attr)}"
+          self[user_attr] = user.send(active_directory_attr)
+        end
+      end
+
+      # Login event handler.  Triggered after authentication.
+      def login
+        sync_with_activedirectory
+        super if defined? super 
+      end
+
+
+      module ClassMethods
+
+        # Authenticate a user based on configured attribute keys. Returns the
+        # authenticated user if it's valid or nil.
+        def authenticate_with_activedirectory(attributes={}) 
+          @login_with = ::Devise.authentication_keys.first
+
+          username = attributes[@login_with]
+          password = attributes[:password]
+
+          Logger.send "Attempting to login :#{@login_with} => #{username}"
+          ad_connect(:username => username, :password => password)
+          ad_user = find_in_activedirectory(:username => username)
+          Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
+
+          raise ADConnect::ActiveDirectoryException, "Could not connect with Active Directory.  Check your username, password, and ensure that your account is not locked." unless ad_user
+
+          # Find them in the local database
+          user = scoped.where(@login_with => attributes[@login_with]).first
+
+          if user.blank? and ::Devise.ad_create_user
+            Logger.send "Creating new user in database"
+            user = new
+            user[@login_with] = attributes[@login_with]
+            user.sync_with_activedirectory(:user => ad_user)
+            Logger.send "Created: #{user.inspect}"
+          end
+          Logger.send "User: #{user.inspect}"
+          Logger.send "Checking: #{ad_user.objectGUID.inspect} == #{user.objectGUID.inspect}"
+          # Check to see if we have the same user
+          if ad_user == user
+            user.save if user.new_record?
+            user.login if user.respond_to?(:login)
+            return user
+          else
+            raise ADConnect::ActiveDirectoryException, "Invalid Username or Password.  Possible database inconsistency."
+          end
+
+        end
+
+        #Search based on GUID, DN or Username primarily
+        def find_in_activedirectory(params = {})
+          
+          #Reverse mappings
+          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
+          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
+
+          params.delete(:username)
+          params.delete(@login_with)
+
+          Logger.send "Searching for #{params.inspect}"
+          user = ADUser.find(:first, params)
+          Logger.send "Found: #{user}"
+
+          return user
+        end
+
+        private
+
+        def ad_connect(params = {})
+          #Used for username and password
+          ::Devise.ad_settings[:auth].merge! params
+
+          ActiveDirectory::Base.setup(::Devise.ad_settings)
+          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
+        end 
+      end
+    end
+  end
+end

data/lib/generators/devise_active_directory_authenticatable/install_generator.rb

@@ -37,7 +37,6 @@ module DeviseActiveDirectoryAuthenticatable
   # }
 
   ##Attribute mapping for user object
-  # mattr_accessor :ad_attr_mapping
   # config.ad_attr_mapping = {
   #   :objectGUID => :objectGUID, #Required
   #   :username => :userPrincipalName,

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_active_directory_authenticatable
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 23
   prerelease: 
   segments: 
   - 0
-  - 1
-  - 1
-  version: 0.1.1
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Adam Kerr
@@ -42,12 +42,12 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 19
+        hash: 31
         segments: 
         - 1
-        - 1
+        - 2
         - 0
-        version: 1.1.0
+        version: 1.2.0
   type: :runtime
   version_requirements: *id002
 description: Active Directory authentication module for Devise, based off of LDAP Authentication
@@ -68,7 +68,9 @@ files:
 - lib/devise_active_directory_authenticatable.rb
 - lib/devise_active_directory_authenticatable/exception.rb
 - lib/devise_active_directory_authenticatable/logger.rb
-- lib/devise_active_directory_authenticatable/model.rb
+- lib/devise_active_directory_authenticatable/models/ad_group.rb
+- lib/devise_active_directory_authenticatable/models/ad_object.rb
+- lib/devise_active_directory_authenticatable/models/ad_user.rb
 - lib/devise_active_directory_authenticatable/strategy.rb
 - lib/generators/devise_active_directory_authenticatable/install_generator.rb
 - rails/init.rb