devise_active_directory_authenticatable 0.2.0 → 0.3.0

data/VERSION

@@ -1 +1 @@
-0.2.0
+0.3.0

data/ad_auth.sublime.proj

@@ -5,7 +5,7 @@
 			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
 			"settings":
 			{
-				"buffer_size": 3917,
+				"buffer_size": 0,
 				"line_ending": "Unix"
 			}
 		},
@@ -13,7 +13,7 @@
 			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/Rakefile",
 			"settings":
 			{
-				"buffer_size": 1525,
+				"buffer_size": 1130,
 				"line_ending": "Unix"
 			}
 		},
@@ -21,7 +21,7 @@
 			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable.rb",
 			"settings":
 			{
-				"buffer_size": 2719,
+				"buffer_size": 1786,
 				"line_ending": "Unix"
 			}
 		},
@@ -29,7 +29,7 @@
 			"file": "/Users/ajrkerr/test3.rb",
 			"settings":
 			{
-				"buffer_size": 1404,
+				"buffer_size": 896,
 				"line_ending": "Unix"
 			}
 		},
@@ -37,7 +37,7 @@
 			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/strategy.rb",
 			"settings":
 			{
-				"buffer_size": 1196,
+				"buffer_size": 1211,
 				"line_ending": "Unix"
 			}
 		}
@@ -125,15 +125,15 @@
 					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
 					"settings":
 					{
-						"buffer_size": 3917,
+						"buffer_size": 0,
 						"regions":
 						{
 						},
 						"selection":
 						[
 							[
-								883,
-								883
+								0,
+								0
 							]
 						],
 						"settings":
@@ -153,15 +153,15 @@
 					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/Rakefile",
 					"settings":
 					{
-						"buffer_size": 1525,
+						"buffer_size": 1130,
 						"regions":
 						{
 						},
 						"selection":
 						[
 							[
-								366,
-								366
+								0,
+								0
 							]
 						],
 						"settings":
@@ -187,15 +187,15 @@
 					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable.rb",
 					"settings":
 					{
-						"buffer_size": 2719,
+						"buffer_size": 1786,
 						"regions":
 						{
 						},
 						"selection":
 						[
 							[
-								705,
-								705
+								0,
+								0
 							]
 						],
 						"settings":
@@ -215,15 +215,15 @@
 					"file": "/Users/ajrkerr/test3.rb",
 					"settings":
 					{
-						"buffer_size": 1404,
+						"buffer_size": 896,
 						"regions":
 						{
 						},
 						"selection":
 						[
 							[
-								754,
-								754
+								0,
+								0
 							]
 						],
 						"settings":
@@ -243,15 +243,15 @@
 					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/strategy.rb",
 					"settings":
 					{
-						"buffer_size": 1196,
+						"buffer_size": 1211,
 						"regions":
 						{
 						},
 						"selection":
 						[
 							[
-								738,
-								738
+								0,
+								0
 							]
 						],
 						"settings":
@@ -298,6 +298,7 @@
 			1
 		]
 	},
+	"menu_visible": true,
 	"save_all_on_build": true,
 	"select_file":
 	{

data/devise_active_directory_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_active_directory_authenticatable}
-  s.version = "0.2.0"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Adam Kerr"]
-  s.date = %q{2011-02-10}
+  s.date = %q{2011-02-17}
   s.description = %q{Active Directory authentication module for Devise, based off of LDAP Authentication}
   s.email = %q{ajrkerr@gmail.com}
   s.extra_rdoc_files = [

data/lib/devise_active_directory_authenticatable.rb

@@ -20,31 +20,43 @@ module Devise
     }
   }
 
-  #Attribute mapping for user object
-  mattr_accessor :ad_user_mapping
-  @@ad_user_mapping = {
-    :objectGUID => :objectGUID, #Required
-    :username => :userPrincipalName,
-    :dn => :dn,
-    :firstname => :givenName,
-    :lastname => :sn,
-    :whenChanged => :whenChanged,
-  }
+  #Attribute mapping for AD to Rails objects
+  # :object => { :rails_attr => :ad_attr }
+  mattr_accessor :ad_attr_mapping
+  @@ad_attr_mapping = {
+    #Attribute mapping for user object
+    :AdUser => {
+      #Attributes are lowercase
+      :objectguid => :objectguid, #Required
+      :username => :userprincipalname,
+      :dn => :dn,
+      :firstname => :givenName,
+      :lastname => :sn,
+      :whenchanged => :whenchanged,
+      :whencreated => :whencreated,
+    },
 
-  #Attribute mapping for group objects
-  mattr_accessor :ad_group_mapping
-  @@ad_group_mapping = {
-    :objectGUID => :objectGUID, #Required
-    :dn => :dn,
-    :name => :name,
-    :description => :description,
-    :whenCreated => :whenChanged,
+    #Attribute mapping for group objects
+    :AdGroup => {
+      #Attributes are lowercase
+      :objectguid => :objectguid, #Required
+      :dn => :dn,
+      :name => :name,
+      :description => :description,
+      :whencreated => :whencreated,
+      :whenchanged => :whenchanged,
+    }
   }
 
-  #Username attribute
+  #Username attribute used for logging in
+  #Will be automagicaly mapped to authentication_keys.first
   mattr_accessor :ad_username
   @@ad_username = :userPrincipalName
 
+  #Map Devise authentication key accordingly
+  #Does this work when initializers are set too?
+  @@ad_attr_mapping[:AdUser][::Devise.authentication_keys.first] = @@ad_username
+
   #Create the user if they're not found
   mattr_accessor :ad_create_user
   @@ad_create_user = true

data/lib/devise_active_directory_authenticatable/models/ad_group.rb

@@ -1,116 +1,31 @@
-require 'devise_active_directory_authenticatable/strategy'
 require 'devise_active_directory_authenticatable/exception'
+require 'devise_active_directory_authenticatable/models/ad_object'
 
 module Devise
   module Models
     # Active Directory Module, responsible for validating the user credentials via Active Directory
     #
     module AdGroup
-
-      #Remove this before production
-      ADConnect = DeviseActiveDirectoryAuthenticatable
-      ADUser = ActiveDirectory::User
-      Logger = DeviseActiveDirectoryAuthenticatable::Logger
-
       extend ActiveSupport::Concern
-
-      ## Devise key
-      def login_with
-        self[::Devise.authentication_keys.first]
-      end
-
-      # Update the attributes of the current object from the AD
-      # Defaults to current user if no parameters given
-      def sync_with_activedirectory(params = {})
-        params[:objectGUID] = self.objectGUID if params.empty?
-        user = params[:user] || User.find_in_activedirectory(params)
-
-        return false if user.nil?
-
-        Logger.send "Updating #{params.inspect}"
-
-        #Grab attributes from Devise mapping
-        ::Devise.ad_attr_mapping.each do |user_attr, active_directory_attr|
-          self[user_attr] = user.send(active_directory_attr)
-        end
-      end
-
-      # Login event handler.  Triggered after authentication.
-      def login
-        sync_with_activedirectory
-        super if defined? super 
-      end
-
+      include AdObject
 
       module ClassMethods
-
-        # Authenticate a user based on configured attribute keys. Returns the
-        # authenticated user if it's valid or nil.
-        def authenticate_with_activedirectory(attributes={}) 
-          @login_with = ::Devise.authentication_keys.first
-
-          username = attributes[@login_with]
-          password = attributes[:password]
-
-          raise ADConnect::ActiveDirectoryException, "Annonymous binds are not permitted." unless attributes[@login_with].present?
-
-          Logger.send "Attempting to login :#{@login_with} => #{username}"
-          ad_connect(:username => username, :password => password)
-          ad_user = find_in_activedirectory(:username => username)
-          Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
-
-          raise ADConnect::ActiveDirectoryException, "Could not connect with Active Directory.  Check your username, password, and ensure that your account is not locked." unless ad_user
-
-          # Find them in the local database
-          user = scoped.where(@login_with => attributes[@login_with]).first
-
-          if user.blank? and ::Devise.ad_create_user
-            Logger.send "Creating new user in database"
-            user = new
-            user[@login_with] = attributes[@login_with]
-            user.sync_with_activedirectory(:user => ad_user)
-            Logger.send "Created: #{user.inspect}"
-          end
-          
-          Logger.send "Checking: #{ad_user.objectGUID} == #{user.objectGUID}"
-          # Check to see if we have the same user
-          if ad_user == user
-            user.save if user.new_record?
-            user.login if user.respond_to?(:login)
-            return user
-          else
-            raise ADConnect::ActiveDirectoryException, "Invalid Username or Password.  Possible database inconsistency."
-          end
-
+        def activedirectory_class
+          ActiveDirectory::Group
         end
 
-        #Search based on GUID, DN or Username primarily
-        def find_in_activedirectory(params = {})
-          
-          #Reverse mappings
-          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
-          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
-
-          params.delete(:username)
-          params.delete(@login_with)
-
-          Logger.send "Searching for #{params.inspect}"
-          user = ADUser.find(:first, params)
-          Logger.send "Found: #{user}"
-
-          return user
+        def devise_model
+          AdGroup
         end
 
-        private
-
-        def ad_connect(params = {})
-          #Used for username and password
-          ::Devise.ad_settings[:auth].merge! params
-
-          ActiveDirectory::Base.setup(::Devise.ad_settings)
-          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
-        end 
+        def sync_all
+          #return false unless connected_to_activedirectory?
+          find_or_create_from_activedirectory.each do |gp|
+            gp.save
+          end
+        end
       end
+
     end
   end
 end

data/lib/devise_active_directory_authenticatable/models/ad_object.rb

@@ -1,72 +1,129 @@
 module Devise
-  module Models
+  #Basic functions and shared methods for AD objects in ActiveRecord
+  module AdObject
+    extend ActiveSupport::Concern
 
-    #Basic functions and shared methods for AD objects in ActiveRecord
-    module AdObject
+    #Constants for easy access
+    ADConnect = DeviseActiveDirectoryAuthenticatable
+    Logger = DeviseActiveDirectoryAuthenticatable::Logger
 
-      ADConnect = DeviseActiveDirectoryAuthenticatable
-      Logger = DeviseActiveDirectoryAuthenticatable::Logger
+    def klass
+      self.class
+    end
+
+    # Update the attributes of the current object from the AD
+    # Defaults to current user if no parameters given
+    def activedirectory_sync!(params = {})
+      params[:objectguid] = self.objectguid if params.empty?
+      ad_objs = params[:object] || klass.find_in_activedirectory(params)
 
-      extend ActiveSupport::Concern
+      return false if ad_objs.nil?
+      ad_objs = Array(ad_objs) unless ad_objs.is_a? Array
 
-      included do 
-        #Serialize all binary fields
-        # ::Devise.ad_special_fields[:binary].each do |field|
-        #   serialize field
-        # end
+      #Grab attributes from Devise mapping
+      ad_objs.each do |ad_obj|
+        ::Devise.ad_attr_mapping[klass.devise_model_name.to_sym].each do |local_attr, active_directory_attr|
+          self[local_attr] = ad_obj.send(active_directory_attr)
+        end
       end
+    end
+
+    def activedirectory_self
+      find_in_activedirectory :objectGUID => objectGUID
+    end
 
-      ## Devise key
-      def login_with
-        self[::Devise.authentication_keys.first]
+    module ClassMethods
+
+      # def devise_model
+      #   self.ancestors.each do |mod|
+      #     return mod if mod.include? self.class
+      #   end
+      # end
+
+      def devise_model_name
+        devise_model.name[/.*::(.*)/, 1]
       end
 
-      # Update the attributes of the current object from the AD
-      # Defaults to current user if no parameters given
-      def sync_with_activedirectory(params = {})
-        params[:objectGUID] = self.objectGUID if params.empty?
-        user = params[:user] || User.find_in_activedirectory(params)
+      def activedirectory_class_name
+        activedirectory_class.name[/.*::(.*)/, 1]
+      end
 
-        return false if user.nil?
+      #TODO switch from reverse to rassoc to allow for multiple mappings
+      def ad_field_to_local field_name
+        @ad_to_local_map ||= ::Devise.ad_attr_mapping[devise_model_name.to_sym].invert
+        return (@ad_to_local_map.has_key? field_name) ? @ad_to_local_map[field_name] : field_name
+      end
 
-        Logger.send "Updating #{params.inspect}"
+      #TODO switch from reverse to rassoc to allow for multiple mappings
+      def local_field_to_ad field_name
+        @local_to_ad_map ||= ::Devise.ad_attr_mapping[devise_model_name.to_sym]
+        return (@local_to_ad_map.has_key? field_name) ? @local_to_ad_map[field_name] : field_name
+      end
 
-        #Grab attributes from Devise mapping
-        ::Devise.ad_attr_mapping.each do |user_attr, active_directory_attr|
-          self[user_attr] = user.send(active_directory_attr)
+      def ad_attrs_to_local ad_attrs
+        local_attrs = {}
+        ad_attrs.each do |ad_key, value|
+          local_key = ad_field_to_local(ad_key)
+          local_attrs[local_key] = value
         end
+        local_attrs
       end
 
+      def local_attrs_to_ad local_attrs
+        ad_attrs = {}
+        local_attrs.each do |local_key, value|
+          ad_key = local_field_to_ad(local_key)
+          ad_attrs[ad_key] = value
+        end
+        ad_attrs
+      end
+
+      #Search based on GUID, DN or Username primarily
+      def find_in_activedirectory(local_params = {})
+        #Reverse mappings for user
+        ad_params = local_attrs_to_ad local_params
+
+        return find_all_in_activedirectory if ad_params.empty?
 
-      module ClassMethods
+        ad_objs = activedirectory_class.find(:all, ad_params)
 
-        #Search based on GUID, DN or Username primarily
-        def find_in_activedirectory(params = {})
-          
-          #Reverse mappings
-          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
-          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
+        return ad_objs
+      end
+
+      def find_or_create_from_activedirectory params = {}
+        ad_objs = find_in_activedirectory params
+        local_objs = []
 
-          params.delete(:username)
-          params.delete(@login_with)
+        ad_objs.each do |ad_obj|
+          obj = scoped.where(:objectguid => ad_obj.objectguid).first
+          obj = new if obj.blank?
 
-          Logger.send "Searching for #{params.inspect}"
-          user = ADUser.find(:first, params)
-          Logger.send "Found: #{user}"
+          obj.activedirectory_sync! :object => ad_obj
 
-          return user
+          local_objs << obj
         end
 
-        private
+        local_objs
+      end
 
-        def ad_connect(params = {})
-          #Used for username and password
-          ::Devise.ad_settings[:auth].merge! params
+      def find_all_in_activedirectory
+        activedirectory_class.find(:all)
+      end
+
+      def connected_to_activedirectory?
+        ActiveDirectory::Base.connected?
+      end
+
+      # Initializes connection with active directory
+      def set_activedirectory_credentials(params = {})
+        #Used for username and password
+        ::Devise.ad_settings[:auth].merge! params
+      end
 
-          ActiveDirectory::Base.setup(::Devise.ad_settings)
-          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
-        end 
+      def activedirectory_connect
+        ActiveDirectory::Base.setup(::Devise.ad_settings)
+        raise DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException, "Invliad Username or Password" unless ActiveDirectory::Base.connected?
       end
     end
   end
-end
+end

data/lib/devise_active_directory_authenticatable/models/ad_user.rb

@@ -1,49 +1,44 @@
 require 'devise_active_directory_authenticatable/strategy'
 require 'devise_active_directory_authenticatable/exception'
+require 'devise_active_directory_authenticatable/models/ad_object'
+require 'devise_active_directory_authenticatable/models/ad_group'
 
 module Devise
   module Models
     # Active Directory Module, responsible for validating the user credentials via Active Directory
     #
     module AdUser
+      extend ActiveSupport::Concern
+      include AdObject
 
-      #Remove this before production
-      ADConnect = DeviseActiveDirectoryAuthenticatable
-      ADUser = ActiveDirectory::User
       Logger = DeviseActiveDirectoryAuthenticatable::Logger
 
-      extend ActiveSupport::Concern
-
       ## Devise key
       def login_with
         self[::Devise.authentication_keys.first]
       end
 
-      # Update the attributes of the current object from the AD
-      # Defaults to current user if no parameters given
-      def sync_with_activedirectory(params = {})
-        params[:objectGUID] = self.objectGUID if params.empty?
-        user = params[:user] || User.find_in_activedirectory(params)
-
-        return false if user.nil?
-
-        Logger.send "Updating #{params.inspect}"
-
-        #Grab attributes from Devise mapping
-        ::Devise.ad_user_mapping.each do |user_attr, active_directory_attr|
-          Logger.send "Settings #{user_attr} = #{user.send(active_directory_attr)}"
-          self[user_attr] = user.send(active_directory_attr)
-        end
-      end
-
       # Login event handler.  Triggered after authentication.
       def login
-        sync_with_activedirectory
-        super if defined? super 
+        activedirectory_sync!
+
+        super if defined? super
       end
 
+      def authenticate_with_activedirectory params = {}
+        params[:username] ||= self[login_with]
+        set_activedirectory_credentials params
+        activedirectory_connect
+      end
 
       module ClassMethods
+        def activedirectory_class
+          ActiveDirectory::User
+        end
+
+        def devise_model
+          AdUser
+        end
 
         # Authenticate a user based on configured attribute keys. Returns the
         # authenticated user if it's valid or nil.
@@ -54,61 +49,27 @@ module Devise
           password = attributes[:password]
 
           Logger.send "Attempting to login :#{@login_with} => #{username}"
-          ad_connect(:username => username, :password => password)
-          ad_user = find_in_activedirectory(:username => username)
+          set_activedirectory_credentials :username => username, :password => password
+          activedirectory_connect
           Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
 
-          raise ADConnect::ActiveDirectoryException, "Could not connect with Active Directory.  Check your username, password, and ensure that your account is not locked." unless ad_user
 
-          # Find them in the local database
-          user = scoped.where(@login_with => attributes[@login_with]).first
+          # ad_user = find_in_activedirectory(@login_with => username)
+          # return false unless ad_user
 
-          if user.blank? and ::Devise.ad_create_user
-            Logger.send "Creating new user in database"
-            user = new
-            user[@login_with] = attributes[@login_with]
-            user.sync_with_activedirectory(:user => ad_user)
-            Logger.send "Created: #{user.inspect}"
-          end
+          # Find them in the local database
+          user = find_or_create_from_activedirectory(@login_with => attributes[@login_with]).first
           Logger.send "User: #{user.inspect}"
-          Logger.send "Checking: #{ad_user.objectGUID.inspect} == #{user.objectGUID.inspect}"
+
           # Check to see if we have the same user
-          if ad_user == user
-            user.save if user.new_record?
+          unless user.nil?
+            user.save if user.new_record? and ::Devise.ad_create_user
             user.login if user.respond_to?(:login)
             return user
           else
-            raise ADConnect::ActiveDirectoryException, "Invalid Username or Password.  Possible database inconsistency."
+            raise DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException, "Active Directory user and entry in local database have different GUIDs. Possible database inconsistency."
           end
-
         end
-
-        #Search based on GUID, DN or Username primarily
-        def find_in_activedirectory(params = {})
-          
-          #Reverse mappings
-          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
-          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
-
-          params.delete(:username)
-          params.delete(@login_with)
-
-          Logger.send "Searching for #{params.inspect}"
-          user = ADUser.find(:first, params)
-          Logger.send "Found: #{user}"
-
-          return user
-        end
-
-        private
-
-        def ad_connect(params = {})
-          #Used for username and password
-          ::Devise.ad_settings[:auth].merge! params
-
-          ActiveDirectory::Base.setup(::Devise.ad_settings)
-          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
-        end 
       end
     end
   end

data/lib/generators/devise_active_directory_authenticatable/install_generator.rb

@@ -36,15 +36,25 @@ module DeviseActiveDirectoryAuthenticatable
   #   }
   # }
 
+
   ##Attribute mapping for user object
-  # config.ad_attr_mapping = {
-  #   :objectGUID => :objectGUID, #Required
-  #   :username => :userPrincipalName,
+  # config.ad_user_mapping = {
+  #   :objectguid => :objectguid, #Required
+  #   :username => :userprincipalname,
   #   :dn => :dn,
-  #   :firstname => :givenName,
+  #   :firstname => :givenname,
   #   :lastname => :sn
   # }
 
+  # config.ad_group_mapping = {
+  #   :objectguid => :objectguid, #Required
+  #   :dn => :dn,
+  #   :name => :name,
+  #   :description => :description,
+  #   :whencreated => :whencreated,
+  #   :whenchanged => :whenchanged,
+  # }
+
   ##Username attribute
   ##Maps to :login_with in the devise configuration
   # config.ad_username = :userPrincipalName

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_active_directory_authenticatable
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 19
   prerelease: 
   segments: 
   - 0
-  - 2
+  - 3
   - 0
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors: 
 - Adam Kerr
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-10 00:00:00 -05:00
+date: 2011-02-17 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency