RubyGems - devise_active_directory_authenticatable - Versions diffs - 0.3.3 → 0.4.0 - Mend

devise_active_directory_authenticatable 0.3.3 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/README.md +9 -3
data/Rakefile +2 -1
data/VERSION +1 -1
data/devise_active_directory_authenticatable.gemspec +6 -6
data/lib/devise_active_directory_authenticatable.rb +6 -1
data/lib/devise_active_directory_authenticatable/models/ad_group.rb +28 -7
data/lib/devise_active_directory_authenticatable/models/ad_object.rb +138 -26
data/lib/devise_active_directory_authenticatable/models/ad_user.rb +1 -10
data/lib/generators/devise_active_directory_authenticatable/install_generator.rb +2 -0
metadata +37 -64

data/README.md CHANGED Viewed

@@ -17,7 +17,7 @@ These gems are dependencies of the gem:
 - Devise 1.1.5
 - active_directory 1.2.4
-- ancestry 1.2.3 _(For storing the group heirarchy)_
+- activerecord-import 0.2.0
 Installation
 ------------
@@ -57,12 +57,16 @@ Options:
 The rest of this documentation needs to be revised.  To get going on this, run the installer which will add some configuration options to config/intializers/devise.rb
+Update your user and group tables in the database with migrations.  Check attributes that are set in config/initializers/devise.rb to see which ones you will have to add.
 In your user model add:
-  devise :ad_user
+    devise :ad_user
 In your group model add:
-  devise :ad_group
+    devise :ad_group
 Usage
 -----
@@ -106,6 +110,8 @@ In initializer  `config/initializers/devise.rb` :
 * ad\_update\_user\_memberships _(default: true)_ _[unimplemented]_
   * If true, devise will allow the memberships for groups and users to be updated.  It will also update the memberships when a user logs in.
+* ad\_caching _(default: true)_
+  * If true, this will instruct the plugin to use the active_directory caching feature.  This greatly speeds up queries that are using the distinguishedname such as querying for group and user memberships.
 References

data/Rakefile CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'psych' #fix a bug with hoe
 require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
@@ -22,7 +23,7 @@ begin
     gemspec.homepage = "http://github.com/ajrkerr/devise_activedirectory_authenticatable"
     gemspec.authors = ["Adam Kerr"]
     gemspec.add_dependency "devise", ">= 1.1.5"
-    gemspec.add_dependency "active_directory", ">= 1.2.4"
+    gemspec.add_dependency "active_directory", ">= 1.5.1"
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.3.3
1	+ 0.4.0

data/devise_active_directory_authenticatable.gemspec CHANGED Viewed

@@ -5,11 +5,11 @@
 Gem::Specification.new do |s|
   s.name = %q{devise_active_directory_authenticatable}
-  s.version = "0.3.3"
+  s.version = "0.4.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Adam Kerr"]
-  s.date = %q{2011-02-23}
+  s.date = %q{2011-03-03}
   s.description = %q{Active Directory authentication module for Devise, based off of LDAP Authentication}
   s.email = %q{ajrkerr@gmail.com}
   s.extra_rdoc_files = [
@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/ajrkerr/devise_activedirectory_authenticatable}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.5.2}
+  s.rubygems_version = %q{1.6.0}
   s.summary = %q{Active Directory authentication module for Devise}
   if s.respond_to? :specification_version then
@@ -42,14 +42,14 @@ Gem::Specification.new do |s|
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_runtime_dependency(%q<active_directory>, [">= 1.2.4"])
+      s.add_runtime_dependency(%q<active_directory>, [">= 1.5.1"])
     else
       s.add_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_dependency(%q<active_directory>, [">= 1.2.4"])
+      s.add_dependency(%q<active_directory>, [">= 1.5.1"])
     end
   else
     s.add_dependency(%q<devise>, [">= 1.1.5"])
-    s.add_dependency(%q<active_directory>, [">= 1.2.4"])
+    s.add_dependency(%q<active_directory>, [">= 1.5.1"])
   end
 end

data/lib/devise_active_directory_authenticatable.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # encoding: utf-8
 require 'devise'
 require 'active_directory'
+require 'active_record'
 require 'devise_active_directory_authenticatable/exception'
 require 'devise_active_directory_authenticatable/logger'
@@ -80,9 +81,13 @@ module Devise
   ##Update the user memberships from the AD
   mattr_accessor :ad_update_user_memberships
   @@ad_update_user_memberships = true
+  ##Enable Active Directory caching.  This speeds up group/membership queries significantly.
+  mattr_accessor :ad_caching
+  @@ad_caching = true
 end
-# Add ldap_authenticatable strategy to defaults.
+# Add active_directory_authenticatable strategy to defaults.
 #
 Devise.add_module(:ad_user,
                   :route => :session, ## This will add the routes, rather than in the routes.rb

data/lib/devise_active_directory_authenticatable/models/ad_group.rb CHANGED Viewed

@@ -9,6 +9,34 @@ module Devise
       extend ActiveSupport::Concern
       include AdObject
+      #Remember to check for cycles in the graph
+      #BFS or DFS?
+      def find_all_parents
+      end
+      def find_all_children
+      end
+      #Remember to check for cycles in the graph
+      #BFS or DFS?
+      def find_all_members type = :all
+        case type
+          when :all
+          when :users
+          when :groups
+          else
+            throw "Invalid argument"
+        end
+      end
+      #Perhaps build a translation layer for the current way attributes are synced
       module ClassMethods
         # TODO find a way to get rid of this with metaprogramming
         def devise_model
@@ -18,13 +46,6 @@ module Devise
         def activedirectory_class
           ActiveDirectory::Group
         end
-        def sync_all
-          return false unless connected_to_activedirectory?
-          find_or_create_from_activedirectory.each do |gp|
-            gp.save
-          end
-        end
       end
     end

data/lib/devise_active_directory_authenticatable/models/ad_object.rb CHANGED Viewed

@@ -5,70 +5,162 @@ module Devise
     Logger = DeviseActiveDirectoryAuthenticatable::Logger
+    def attr_map
+      @attr_map ||= ::Devise.ad_attr_mapping[klass.devise_model_name.to_sym]
+    end
     def klass
       self.class
     end
+    def ad_obj
+      @ad_obj ||= klass.find_activedirectory_objs(:objectguid => self.objectguid).first
+    end
     # Update the attributes of the current object from the AD
     # Defaults to current user if no parameters given
     def activedirectory_sync! params = {}
       params[:objectguid] = self.objectguid if params.empty?
-      ad_obj = params[:object] || klass.find_in_activedirectory(params).first
-      copy_from_activedirectory ad_obj unless ad_obj.nil?
+      @ad_obj ||= params[:object] || klass.find_activedirectory_objs(params).first
+      copy_from_activedirectory @ad_obj unless @ad_obj.nil?
+      update_memberships
     end
     # Update the attributes of the current object from the AD
     # Defaults to current user if no parameters given
-    def update_from_activedirectory! params = {}
-      params[:objectguid] = self.objectguid if params.empty?
-      ad_obj = params[:object] || klass.find_in_activedirectory(params).first
-      copy_from_activedirectory ad_obj unless ad_obj.nil?
+    def copy_from_activedirectory! params = {}
+      #Allows for caching, object, or AD search
+      params[:objectguid] = self[:objectguid] if params.empty?
+      @ad_obj ||= params[:object] || klass.find_activedirectory_objs(params).first
+      copy_from_activedirectory @ad_obj unless @ad_obj.nil?
+      # update_memberships
     end
     # Update the local object using an Active Directory entry
     def copy_from_activedirectory ad_obj
-      ::Devise.ad_attr_mapping[klass.devise_model_name.to_sym].each do |local_attr, active_directory_attr|
-        self[local_attr] = ad_obj.send(active_directory_attr)
+      attr_map.each do |local_attr, active_directory_attr|
+        self[local_attr] = ad_obj[active_directory_attr]
+      end
+    end
+    ##
+    # Updates the members and memberofs stored in the database
+    # and by update, I mean overwrite
+    # TODO find a way to update, or at least not molest non-AD associations
+    def update_memberships
+      update_children
+      update_parents
+    end
+    def update_children
+      #Set the members
+      if ad_obj[:member].is_a? Array
+        update_membership(ad_obj[:member], klass.member_users) if defined? klass.member_users
+        update_membership(ad_obj[:member], klass.member_groups) if defined? klass.member_groups
+      end
+    end
+    def update_parents
+      # MemberOf Relationship
+      if ad_obj[:memberof].is_a? Array and defined? klass.memberof
+        update_membership(ad_obj[:memberof], klass.memberof)
       end
     end
-    def find_in_activedirectory
-      klass.find_in_activedirectory :objectGUID => objectGUID
+    def update_membership ad_objs, params
+      # Create the objects of the right type, then sets them
+      klass = params[:class]
+      field = params[:field]
+      ad_objs = klass.find_from_activedirectory(:object => ad_objs)
+      self.send "#{field}=", ad_objs
     end
     module ClassMethods
+      attr_accessor :member_groups, :member_users, :memberof
       def login_with
         ::Devise.authentication_keys.first
       end
+      def set_devise_ad_options field, params = {}
+        ret = {}
+        ret[:field] = field.to_s
+        ret[:class_name] = (params[:class_name] || field).to_s.classify
+        ret[:class] = Kernel.const_get(ret[:class_name])
+        unless ret[:class].include? AdObject
+          raise "#{ret[:class_name]} does not include any of the Devise Active Directory modules.  Please consult the documentation."
+        end
+        return ret
+      end
+      def devise_ad_memberof field, params = {}
+        @memberof = set_devise_ad_options field, params
+      end
+      def devise_ad_member_groups field, params = {}
+        @member_groups = set_devise_ad_options field, params
+      end
+      def devise_ad_member_users field, params = {}
+        @member_users = set_devise_ad_options field, params
+      end
       def devise_model_name
-        devise_model.name[/.*::(.*)/, 1]
+        @devise_model ||= devise_model.name[/.*::(.*)/, 1]
       end
       def activedirectory_class_name
-        activedirectory_class.name[/.*::(.*)/, 1]
+        @ad_class ||= activedirectory_class.name[/.*::(.*)/, 1]
       end
       #Search based on GUID, DN or Username primarily
-      def find_in_activedirectory(local_params = {})
+      def find_activedirectory_objs local_params = {}
+        #Sometimes we're provide the objects
+        if local_params.key? :object
+          return [local_params[:object]] unless local_params[:object].kind_of? Array
+          return local_params[:object]
+        end
         #Reverse mappings for user
-        ad_params = local_attrs_to_ad local_params
-        Logger.send "Translated #{local_params.inspect} to #{ad_params.inspect}"
-        return find_all_in_activedirectory if ad_params.empty?
+        ad_params = local_attrs_to_ad(local_params)
         activedirectory_class.find(:all, ad_params)
       end
-      def find_or_create_from_activedirectory params = {}
-        ad_objs = find_in_activedirectory params
+      def find_from_activedirectory local_params = {}
+        ad_objs = find_activedirectory_objs local_params
+        guids = ad_objs.collect { |obj| obj[:objectguid] }
+        scoped.where(:objectguid => guids)
+      end
+      ##
+      # Does a search using AD terms and either finds the corresponding
+      # object in the database, or creates it
+      # TODO change attributes to not be statically mapped to objectguid
+      def find_or_create_from_activedirectory local_params = {}
+        ad_objs = find_activedirectory_objs local_params
         local_objs = []
-        ad_objs.each do |ad_obj|
-          obj = scoped.where(:objectguid => ad_obj.objectguid).first
-          obj = new if obj.blank?
+        #Grab all of the objects in one query by GUID for efficiency
+        guids = ad_objs.collect { |obj| obj[:objectguid] }
+        db_objs_by_guid = {}
+        #Make a hash map to do quick lookups
+        scoped.where(:objectguid => guids).each do |db_obj|
+          db_objs_by_guid[db_obj.objectguid] = db_obj
+        end
-          obj.activedirectory_sync! :object => ad_obj
+        ad_objs.each do |ad_obj|
+          guid = ad_obj[:objectguid]
+          obj = db_objs_by_guid[guid] || new
+          obj.copy_from_activedirectory!(:object => ad_obj) if obj.new_record?
           local_objs << obj
         end
@@ -76,21 +168,41 @@ module Devise
         local_objs
       end
-      def find_all_in_activedirectory
-        activedirectory_class.find(:all)
+      def sync_all
+        return false unless connected_to_activedirectory?
+        db_objs = find_or_create_from_activedirectory
+        ActiveRecord::Base.transaction do
+          #Save the new ones
+          db_objs.each { |obj| obj.save if obj.new_record? }
+          #Then update the memberships
+          #If we're updating all of them, then updating just the parents will do
+          db_objs.each do |obj|
+            obj.update_parents
+          end
+        end
       end
+      ##
+      # Checks to see if a conection with AD has been established
       def connected_to_activedirectory?
         ActiveDirectory::Base.connected?
       end
-      # Initializes connection with active directory
+      ##
+      # Sets the username and password for the connection
+      # params {:username => 'joe.user', :password => 'top_secret' }
       def set_activedirectory_credentials(params = {})
-        #Used for username and password
+        #Used for username and password only
         ::Devise.ad_settings[:auth].merge! params
       end
+      ##
+      # Attempts to connect with the activedirectory based on the configuration options
       def activedirectory_connect
+        ActiveDirectory::Base.enable_cache if ::Devise.ad_caching
         ActiveDirectory::Base.setup(::Devise.ad_settings)
         raise DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException, "Invalid Username or Password" unless ActiveDirectory::Base.connected?
       end

data/lib/devise_active_directory_authenticatable/models/ad_user.rb CHANGED Viewed

@@ -12,19 +12,14 @@ module Devise
       Logger = DeviseActiveDirectoryAuthenticatable::Logger
-      included do
-        #has_and_belongs_to_many :member, :class_name, :join_table
-      end
       ## Devise key
       def login_with
         self[::Devise.authentication_keys.first]
       end
       # Login event handler.  Triggered after authentication.
+      # Maybe
       def login
-        activedirectory_sync!
         super if defined? super
       end
@@ -55,10 +50,6 @@ module Devise
           activedirectory_connect
           Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
-          # ad_user = find_in_activedirectory(@login_with => username)
-          # return false unless ad_user
           # Find them in the local database
           user = find_or_create_from_activedirectory(login_with => attributes[login_with]).first

data/lib/generators/devise_active_directory_authenticatable/install_generator.rb CHANGED Viewed

@@ -91,6 +91,8 @@ module DeviseActiveDirectoryAuthenticatable
   ##Update the user memberships from the AD
   # config.ad_update_user_memberships = true
+  ##Uses caching when doing AD queries for DNs.  This speeds things up significantly.
+  # config.ad_caching = true
         eof
       settings

metadata CHANGED Viewed

@@ -1,64 +1,47 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: devise_active_directory_authenticatable
-version: !ruby/object:Gem::Version
-  hash: 21
+version: !ruby/object:Gem::Version
+  version: 0.4.0
   prerelease:
-  segments:
-  - 0
-  - 3
-  - 3
-  version: 0.3.3
 platform: ruby
-authors:
+authors:
 - Adam Kerr
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-02-23 00:00:00 -05:00
+date: 2011-03-03 00:00:00.000000000 -05:00
 default_executable:
-dependencies:
-- !ruby/object:Gem::Dependency
+dependencies:
+- !ruby/object:Gem::Dependency
   name: devise
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: &2153561640 !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 25
-        segments:
-        - 1
-        - 1
-        - 5
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.1.5
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: active_directory
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  version_requirements: *2153561640
+- !ruby/object:Gem::Dependency
+  name: active_directory
+  requirement: &2153561160 !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 23
-        segments:
-        - 1
-        - 2
-        - 4
-        version: 1.2.4
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.5.1
   type: :runtime
-  version_requirements: *id002
-description: Active Directory authentication module for Devise, based off of LDAP Authentication
+  prerelease: false
+  version_requirements: *2153561160
+description: Active Directory authentication module for Devise, based off of LDAP
+  Authentication
 email: ajrkerr@gmail.com
 executables: []
 extensions: []
-extra_rdoc_files:
+extra_rdoc_files:
 - README.md
-files:
+files:
 - MIT-LICENSE
 - README.md
 - Rakefile
@@ -77,36 +60,26 @@ files:
 has_rdoc: true
 homepage: http://github.com/ajrkerr/devise_activedirectory_authenticatable
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.5.2
+rubygems_version: 1.6.0
 signing_key:
 specification_version: 3
 summary: Active Directory authentication module for Devise
 test_files: []