devise_active_directory_authenticatable 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Adam Kerr
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,94 @@
+Devise Active Directory Authenticatable
+===========================
+
+Devise ActiveDirectory Authenticatable is a AD based authentication strategy for the [Devise](http://github.com/plataformatec/devise) authentication framework.
+
+If you are building applications for use within your organization which require authentication and you want to use AD, this plugin is for you.
+
+Requirements
+------------
+
+- An Active Directory server (tested on Server 2008)
+- Rails 3.0.0
+
+These gems are dependencies of the gem:
+
+- Devise 1.1.2
+- active_directory 1.0.4 from http://github.com/ajrkerr/activedirectory
+
+Installation
+------------
+
+**_Please Note_**
+
+This will *only* work for Rails 3 applications.
+
+In the Gemfile for your application:
+
+    gem "devise", ">=1.1.2"
+    gem "devise_active_directory_authenticatable"
+    
+To get the latest version, pull directly from github instead of the gem:
+
+    gem "devise_active_directory_authenticatable", :git => "git://github.com/ajrkerr/devise_active_directory_authenticatable.git"
+
+
+Setup
+-----
+
+Run the rails generators for devise (please check the [devise](http://github.com/plataformatec/devise) documents for further instructions)
+
+    rails generate devise:install
+    rails generate devise MODEL_NAME
+
+Run the rails generator for devise_active_directory_authenticatable
+
+    rails generate devise_active_directory_authenticatable:install [options]
+
+This will update the devise.rb initializer, and update your user model. There are some options you can pass to it:
+
+Options:
+
+    [--user-model=USER_MODEL]  # Model to update
+                               # Default: user
+    [--add-rescue]             # Update Application Controller with resuce_from for DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException
+                               # Default: true
+
+
+Usage
+-----
+
+**_Please Note_**
+
+This devise plugin has not been tested with DatabaseAuthenticatable enabled at the same time. This is meant as a drop in replacement for DatabaseAuthenticatable allowing for a semi single sign on approach.
+
+The field that is used for logins is the first key that's configured in the `config/devise.rb` file under `config.authentication_keys`, which by default is email. For help changing this, please see the [Railscast](http://railscasts.com/episodes/210-customizing-devise) that goes through how to customize Devise.
+
+Configuration
+-------------
+
+In initializer  `config/initializers/devise.rb` :
+
+* ad\_settigns
+  * Active Directory server configuration settings
+
+* ad\_attr\_mapping 
+  * Attribute mapping between active directory and the user model
+
+* ad\_username _(default: :userPrincipalName)_
+  * Username attribute on the AD to login with.  Maps with the login_with attribute from devise.
+
+* ad\_create\_user _(default: true)_
+  * If set to true, all valid Active Directory users will be allowed to login and an appropriate user record will be created.
+      If set to false, you will have to create the user record before they will be allowed to login.
+
+* ad\_logger _(default: true)_
+  * If set to true, will log Active Directory queries to the Rails logger.
+
+
+References
+----------
+
+* [Devise](http://github.com/plataformatec/devise)
+* [Warden](http://github.com/hassox/warden)
+

data/Rakefile

@@ -0,0 +1,52 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_imapable plugin.'
+Rake::TestTask.new(:test) do |t|
+  # t.libs << 'lib'
+  # t.libs << 'test'
+  # t.pattern = 'test/**/*_test.rb'
+  # t.verbose = true
+  puts <<-eof
+
+*** NOTICE ***
+
+All tests are done in the sample Rails app. 
+
+Please go to test/rails_app and run the tests there. 
+
+Make sure to bundle install and rake db:migrate
+
+  eof
+end
+
+desc 'Generate documentation for the devise_ldap_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseLDAPAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_active_directory_authenticatable"
+    gemspec.summary = "Active Directory authentication module for Devise"
+    gemspec.description = "Active Directory authentication module for Devise, based off of LDAP Authentication"
+    gemspec.email = "ajrkerr@gmail.com"
+    gemspec.homepage = "http://github.com/ajrkerr/devise_activedirectory_authenticatable"
+    gemspec.authors = ["Adam Kerr"]
+    gemspec.add_dependency "devise", ">= 1.1.5"
+    gemspec.add_dependency "activedirectory", ">= 1.0.4"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/ad_auth.sublime.proj

@@ -0,0 +1,315 @@
+{
+	"buffers":
+	[
+		{
+			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
+			"settings":
+			{
+				"buffer_size": 3917,
+				"line_ending": "Unix"
+			}
+		},
+		{
+			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/Rakefile",
+			"settings":
+			{
+				"buffer_size": 1525,
+				"line_ending": "Unix"
+			}
+		},
+		{
+			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable.rb",
+			"settings":
+			{
+				"buffer_size": 2719,
+				"line_ending": "Unix"
+			}
+		},
+		{
+			"file": "/Users/ajrkerr/test3.rb",
+			"settings":
+			{
+				"buffer_size": 1404,
+				"line_ending": "Unix"
+			}
+		},
+		{
+			"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/strategy.rb",
+			"settings":
+			{
+				"buffer_size": 1196,
+				"line_ending": "Unix"
+			}
+		}
+	],
+	"build_system": "",
+	"file_history":
+	[
+		"/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/schema.rb",
+		"/Users/ajrkerr/test.rb",
+		"/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/logger.rb",
+		"/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_active_directory_authenticatable.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_activedirectory_authenticatable/model.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_activedirectory_authenticatable/exception.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_activedirectory_authenticatable/strategy.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/Rakefile",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/devise_activedirectory_authenticatable.gemspec",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_activedirectory_authenticatable.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/rails/init.rb",
+		"/Users/ajrkerr/test4.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/strategy.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/ldap_adapter.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/MIT-LICENSE",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/devise_ldap_authenticatable.gemspec",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/logger.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/exception.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/model.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/lib/devise_ldap_authenticatable/version.rb",
+		"/Users/ajrkerr/github/devise_activedirectory_authenticatable/VERSION"
+	],
+	"find_in_files":
+	{
+		"include_history":
+		[
+			""
+		],
+		"location_history":
+		[
+			"<open folders>"
+		]
+	},
+	"find_state":
+	{
+		"case_sensitive": false,
+		"find_history":
+		[
+			"strategy",
+			"ldap",
+			"devise_active",
+			"ActiveDirectoryAuthenticatable",
+			"deviseadauthenti",
+			"DeviseLdapAuthenticatable"
+		],
+		"highlight": true,
+		"in_selection": false,
+		"preserve_case": false,
+		"regex": false,
+		"replace_history":
+		[
+			"DeviseActiveDirectoryAuthenticatable"
+		],
+		"reverse": false,
+		"show_context": true,
+		"use_buffer": false,
+		"whole_word": false,
+		"wrap": true
+	},
+	"folders":
+	{
+		"mount_points":
+		[
+			"/Users/ajrkerr/github/devise_active_directory_authenticatable"
+		]
+	},
+	"groups":
+	[
+		{
+			"selected": 0,
+			"sheets":
+			[
+				{
+					"buffer": 0,
+					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/model.rb",
+					"settings":
+					{
+						"buffer_size": 3917,
+						"regions":
+						{
+						},
+						"selection":
+						[
+							[
+								883,
+								883
+							]
+						],
+						"settings":
+						{
+							"syntax": "Packages/Ruby/Ruby.tmLanguage",
+							"tab_size": 2,
+							"translate_tabs_to_spaces": true
+						},
+						"translation.x": 0,
+						"translation.y": 1007,
+						"zoom_level": 1
+					},
+					"type": "text"
+				},
+				{
+					"buffer": 1,
+					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/Rakefile",
+					"settings":
+					{
+						"buffer_size": 1525,
+						"regions":
+						{
+						},
+						"selection":
+						[
+							[
+								366,
+								366
+							]
+						],
+						"settings":
+						{
+							"syntax": "Packages/Ruby/Ruby.tmLanguage",
+							"tab_size": 2,
+							"translate_tabs_to_spaces": true
+						},
+						"translation.x": 0,
+						"translation.y": 19,
+						"zoom_level": 1
+					},
+					"type": "text"
+				}
+			]
+		},
+		{
+			"selected": 0,
+			"sheets":
+			[
+				{
+					"buffer": 2,
+					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable.rb",
+					"settings":
+					{
+						"buffer_size": 2719,
+						"regions":
+						{
+						},
+						"selection":
+						[
+							[
+								705,
+								705
+							]
+						],
+						"settings":
+						{
+							"syntax": "Packages/Ruby/Ruby.tmLanguage",
+							"tab_size": 2,
+							"translate_tabs_to_spaces": true
+						},
+						"translation.x": 0,
+						"translation.y": 0,
+						"zoom_level": 1
+					},
+					"type": "text"
+				},
+				{
+					"buffer": 3,
+					"file": "/Users/ajrkerr/test3.rb",
+					"settings":
+					{
+						"buffer_size": 1404,
+						"regions":
+						{
+						},
+						"selection":
+						[
+							[
+								754,
+								754
+							]
+						],
+						"settings":
+						{
+							"syntax": "Packages/Ruby/Ruby.tmLanguage",
+							"tab_size": 2,
+							"translate_tabs_to_spaces": true
+						},
+						"translation.x": 0,
+						"translation.y": 0,
+						"zoom_level": 1
+					},
+					"type": "text"
+				},
+				{
+					"buffer": 4,
+					"file": "/Users/ajrkerr/github/devise_active_directory_authenticatable/lib/devise_active_directory_authenticatable/strategy.rb",
+					"settings":
+					{
+						"buffer_size": 1196,
+						"regions":
+						{
+						},
+						"selection":
+						[
+							[
+								738,
+								738
+							]
+						],
+						"settings":
+						{
+							"syntax": "Packages/Ruby/Ruby.tmLanguage",
+							"tab_size": 2,
+							"translate_tabs_to_spaces": true
+						},
+						"translation.x": 0,
+						"translation.y": 0,
+						"zoom_level": 1
+					},
+					"type": "text"
+				}
+			]
+		}
+	],
+	"layout":
+	{
+		"cells":
+		[
+			[
+				0,
+				0,
+				1,
+				1
+			],
+			[
+				1,
+				0,
+				2,
+				1
+			]
+		],
+		"cols":
+		[
+			0,
+			0.489053,
+			1
+		],
+		"rows":
+		[
+			0,
+			1
+		]
+	},
+	"save_all_on_build": true,
+	"select_file":
+	{
+		"height": 0,
+		"selected_items":
+		[
+		],
+		"width": 0
+	},
+	"show_minimap": false,
+	"show_tabs": true,
+	"side_bar_visible": true,
+	"side_bar_width": 132,
+	"status_bar_visible": true
+}

data/devise_active_directory_authenticatable.gemspec

@@ -0,0 +1,53 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{devise_active_directory_authenticatable}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Adam Kerr"]
+  s.date = %q{2011-02-10}
+  s.description = %q{Active Directory authentication module for Devise, based off of LDAP Authentication}
+  s.email = %q{ajrkerr@gmail.com}
+  s.extra_rdoc_files = [
+    "README.md"
+  ]
+  s.files = [
+    "MIT-LICENSE",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "ad_auth.sublime.proj",
+    "devise_active_directory_authenticatable.gemspec",
+    "lib/devise_active_directory_authenticatable.rb",
+    "lib/devise_active_directory_authenticatable/exception.rb",
+    "lib/devise_active_directory_authenticatable/logger.rb",
+    "lib/devise_active_directory_authenticatable/model.rb",
+    "lib/devise_active_directory_authenticatable/strategy.rb",
+    "lib/generators/devise_active_directory_authenticatable/install_generator.rb",
+    "rails/init.rb"
+  ]
+  s.homepage = %q{http://github.com/ajrkerr/devise_activedirectory_authenticatable}
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.5.0}
+  s.summary = %q{Active Directory authentication module for Devise}
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<devise>, [">= 1.1.5"])
+      s.add_runtime_dependency(%q<activedirectory>, [">= 1.0.4"])
+    else
+      s.add_dependency(%q<devise>, [">= 1.1.5"])
+      s.add_dependency(%q<activedirectory>, [">= 1.0.4"])
+    end
+  else
+    s.add_dependency(%q<devise>, [">= 1.1.5"])
+    s.add_dependency(%q<activedirectory>, [">= 1.0.4"])
+  end
+end
+

data/lib/devise_active_directory_authenticatable.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+require 'devise'
+require 'active_directory'
+
+require 'devise_active_directory_authenticatable/exception'
+require 'devise_active_directory_authenticatable/logger'
+
+# Get ldap information from config/ldap.yml now
+module Devise
+
+  ##TODO Revise these options/vars and their corresponding generator
+
+  #Active Directory settings
+  mattr_accessor :ad_settings
+  @@ad_settings = {
+    :host => 'domain-controller.example.local',
+    :base => 'dc=example,dc=local',
+    :port => 636,
+    :encryption => :simple_tls,
+    :auth => {
+      :method => :simple
+    }
+  }
+
+  #Attribute mapping for user object
+  mattr_accessor :ad_attr_mapping
+  @@ad_attr_mapping = {
+    :objectGUID => :objectGUID, #Required
+    :username => :userPrincipalName,
+    :dn => :dn,
+    :firstname => :givenName,
+    :lastname => :sn,
+  }
+
+  #Username attribute
+  mattr_accessor :ad_username
+  @@ad_username = :userPrincipalName
+
+  #Create the user if they're not found
+  mattr_accessor :ad_create_user
+  @@ad_create_user = true
+
+  # Log LDAP queries to the Rails logger
+  mattr_accessor :ad_logger
+  @@ad_logger = true
+end
+
+# Add ldap_authenticatable strategy to defaults.
+#
+Devise.add_module(:ad_user,
+                  :route => :session, ## This will add the routes, rather than in the routes.rb
+                  :strategy   => true,
+                  :controller => :sessions,
+                  :model  => 'devise_active_directory_authenticatable/model')

data/lib/devise_active_directory_authenticatable/exception.rb

@@ -0,0 +1,6 @@
+module DeviseActiveDirectoryAuthenticatable
+
+  class ActiveDirectoryException < Exception
+  end
+
+end

data/lib/devise_active_directory_authenticatable/logger.rb

@@ -0,0 +1,11 @@
+module DeviseActiveDirectoryAuthenticatable
+
+  class Logger    
+    def self.send(message, logger = Rails.logger)
+      if ::Devise.ad_logger
+        logger.add 0, "  \e[36mActiveDirectory:\e[0m #{message}"
+      end
+    end
+  end
+
+end

data/lib/devise_active_directory_authenticatable/model.rb

@@ -0,0 +1,124 @@
+require 'devise_active_directory_authenticatable/strategy'
+require 'devise_active_directory_authenticatable/exception'
+
+module Devise
+  module Models
+    # Active Directory Module, responsible for validating the user credentials via Active Directory
+    #
+    module AdUser
+
+      #Remove this before production
+      ADConnect = DeviseActiveDirectoryAuthenticatable
+      ADUser = ActiveDirectory::User
+      Logger = DeviseActiveDirectoryAuthenticatable::Logger
+
+      extend ActiveSupport::Concern
+
+      included do 
+        serialize :objectGUID
+      end
+
+      ## Devise key
+      def login_with
+        self[::Devise.authentication_keys.first]
+      end
+
+      # Update the attributes of the current object from the AD
+      # Defaults to current user if no parameters given
+      def sync_with_activedirectory(params = {})
+        params[:objectGUID] = self.objectGUID if params.empty?
+        user = params[:user] || User.find_in_activedirectory(params)
+
+        return false if user.nil?
+
+        Logger.send "Updating #{params.inspect}"
+
+        #Grab attributes from Devise mapping
+        ::Devise.ad_attr_mapping.each do |user_attr, active_directory_attr|
+          self[user_attr] = user.send(active_directory_attr)
+        end
+      end
+
+      # Login event handler.  Triggered after authentication.
+      def login
+        sync_with_activedirectory
+        super if defined? super 
+      end
+
+      def guid
+        objectGUID.unpack("H*")
+      end
+
+
+      module ClassMethods
+
+        # Authenticate a user based on configured attribute keys. Returns the
+        # authenticated user if it's valid or nil.
+        def authenticate_with_activedirectory(attributes={}) 
+          @login_with = ::Devise.authentication_keys.first
+
+          username = attributes[@login_with]
+          password = attributes[:password]
+
+          raise ADConnect::ActiveDirectoryException, "Annonymous binds are not permitted." unless attributes[@login_with].present?
+
+          Logger.send "Attempting to login :#{@login_with} => #{username}"
+          ad_connect(:username => username, :password => password)
+          ad_user = find_in_activedirectory(:username => username)
+          Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
+
+          raise ADConnect::ActiveDirectoryException, "Could not connect with Active Directory.  Check your username, password, and ensure that your account is not locked." unless ad_user
+
+          # Find them in the local database
+          user = scoped.where(@login_with => attributes[@login_with]).first
+
+          if user.blank? and ::Devise.ad_create_user
+            Logger.send "Creating new user in database"
+            user = new
+            user[@login_with] = attributes[@login_with]
+            user.sync_with_activedirectory(:user => ad_user)
+            Logger.send "Created: #{user.inspect}"
+          end
+          
+          Logger.send "Checking: #{ad_user.objectGUID} == #{user.objectGUID}"
+          # Check to see if we have the same user
+          if ad_user == user
+            user.save if user.new_record?
+            user.login if user.respond_to?(:login)
+            return user
+          else
+            raise ADConnect::ActiveDirectoryException, "Invalid Username or Password.  Possible database inconsistency."
+          end
+
+        end
+
+        #Search based on GUID, DN or Username primarily
+        def find_in_activedirectory(params = {})
+          
+          #Reverse mappings
+          params[::Devise.ad_username] ||= params[:username] if params[:username].present?
+          params[::Devise.ad_username] ||= params[@login_with] if params[@login_with].present?
+
+          params.delete(:username)
+          params.delete(@login_with)
+
+          Logger.send "Searching for #{params.inspect}"
+          user = ADUser.find(:first, params)
+          Logger.send "Found: #{user}"
+
+          return user
+        end
+
+        private
+
+        def ad_connect(params = {})
+          #Used for username and password
+          ::Devise.ad_settings[:auth].merge! params
+
+          ActiveDirectory::Base.setup(::Devise.ad_settings)
+          Logger.send "Connection Result: #{ActiveDirectory::Base.error}"
+        end 
+      end
+    end
+  end
+end

data/lib/devise_active_directory_authenticatable/strategy.rb

@@ -0,0 +1,37 @@
+require 'devise/strategies/authenticatable'
+
+module Devise
+  module Strategies
+    # Strategy for signing in a user based on his login and password using LDAP.
+    # Redirects to sign_in page if it's not authenticated
+    class ActiveDirectoryAuthenticatable < Authenticatable
+      def valid?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_activedirectory)
+      end
+
+      # Authenticate a user based on login and password params, returning to warden
+      # success and the authenticated user if everything is okay. Otherwise redirect
+      # to sign in page.
+      def authenticate!
+        if resource = mapping.to.authenticate_with_activedirectory(params[scope])
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+
+        def valid_controller?
+          params[:controller] == 'devise/sessions'
+        end
+
+        def valid_params?
+          @login_with = ::Devise.authentication_keys.first
+          params[scope] && params[scope][@login_with].present? && params[scope][:password].present?
+        end
+    end
+  end
+end
+
+Warden::Strategies.add(:ad_user, Devise::Strategies::ActiveDirectoryAuthenticatable)

data/lib/generators/devise_active_directory_authenticatable/install_generator.rb

@@ -0,0 +1,74 @@
+module DeviseActiveDirectoryAuthenticatable
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path("../templates", __FILE__)
+    
+    class_option :user_model, :type => :string, :default => "user", :desc => "Model to update"
+    class_option :update_model, :type => :boolean, :default => true, :desc => "Update model to change from database_authenticatable to active_directory_authenticatable"
+    class_option :add_rescue, :type => :boolean, :default => true, :desc => "Update Application Controller with resuce_from for DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException"
+    
+    
+    def create_default_devise_settings
+      inject_into_file "config/initializers/devise.rb", default_devise_settings, :after => "Devise.setup do |config|\n"   
+    end
+    
+    def update_user_model
+      gsub_file "app/models/#{options.user_model}.rb", /:database_authenticatable/, ":ad_user" if options.update_model?
+    end
+    
+    def update_application_controller
+      inject_into_class "app/controllers/application_controller.rb", ApplicationController, rescue_from_exception if options.add_rescue?
+    end
+    
+    private
+    
+    def default_devise_settings
+      settings = <<-eof
+  # ==> Basic Active Directory Configuration 
+  
+  ## Active Directory server settings
+  # config.ad_settings = {
+  #   :host => 'domain-controller.example.local',
+  #   :base => 'dc=example,dc=local',
+  #   :port => 636,
+  #   :encryption => :simple_tls,
+  #   :auth => {
+  #     :method => :simple
+  #   }
+  # }
+
+  ##Attribute mapping for user object
+  # mattr_accessor :ad_attr_mapping
+  # config.ad_attr_mapping = {
+  #   :objectGUID => :objectGUID, #Required
+  #   :username => :userPrincipalName,
+  #   :dn => :dn,
+  #   :firstname => :givenName,
+  #   :lastname => :sn
+  # }
+
+  ##Username attribute
+  ##Maps to :login_with in the devise configuration
+  # config.ad_username = :userPrincipalName
+
+  ##Create the user if they're not found
+  ##If this is false, you will need to create the user object before they will be allowed to login
+  # config.ad_create_user = true
+
+  ##Log LDAP queries to the Rails logger
+  # config.ad_logger = true
+
+        eof
+      
+      settings
+    end
+    
+    def rescue_from_exception
+      <<-eof
+  rescue_from DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException do |exception|
+    render :text => exception, :status => 500
+  end
+      eof
+    end
+    
+  end
+end

data/rails/init.rb

@@ -0,0 +1,2 @@
+# Include hook code here
+require 'devise_active_directory_authenticatable'

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification 
+name: devise_active_directory_authenticatable
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: 
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Adam Kerr
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-10 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 1
+        - 1
+        - 5
+        version: 1.1.5
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: activedirectory
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 1
+        - 0
+        - 4
+        version: 1.0.4
+  type: :runtime
+  version_requirements: *id002
+description: Active Directory authentication module for Devise, based off of LDAP Authentication
+email: ajrkerr@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- MIT-LICENSE
+- README.md
+- Rakefile
+- VERSION
+- ad_auth.sublime.proj
+- devise_active_directory_authenticatable.gemspec
+- lib/devise_active_directory_authenticatable.rb
+- lib/devise_active_directory_authenticatable/exception.rb
+- lib/devise_active_directory_authenticatable/logger.rb
+- lib/devise_active_directory_authenticatable/model.rb
+- lib/devise_active_directory_authenticatable/strategy.rb
+- lib/generators/devise_active_directory_authenticatable/install_generator.rb
+- rails/init.rb
+has_rdoc: true
+homepage: http://github.com/ajrkerr/devise_activedirectory_authenticatable
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: Active Directory authentication module for Devise
+test_files: []
+