devise_active_directory_authenticatable 0.3.3 → 0.4.0

data/README.md

@@ -17,7 +17,7 @@ These gems are dependencies of the gem:
 
 - Devise 1.1.5
 - active_directory 1.2.4
-- ancestry 1.2.3 _(For storing the group heirarchy)_
+- activerecord-import 0.2.0
 
 Installation
 ------------
@@ -57,12 +57,16 @@ Options:
 
 The rest of this documentation needs to be revised.  To get going on this, run the installer which will add some configuration options to config/intializers/devise.rb
 
+Update your user and group tables in the database with migrations.  Check attributes that are set in config/initializers/devise.rb to see which ones you will have to add.
+
 In your user model add:
-  devise :ad_user
+
+    devise :ad_user
 
 In your group model add:
-  devise :ad_group
 
+    devise :ad_group
+    
 
 Usage
 -----
@@ -106,6 +110,8 @@ In initializer  `config/initializers/devise.rb` :
 * ad\_update\_user\_memberships _(default: true)_ _[unimplemented]_
   * If true, devise will allow the memberships for groups and users to be updated.  It will also update the memberships when a user logs in.
 
+* ad\_caching _(default: true)_
+  * If true, this will instruct the plugin to use the active_directory caching feature.  This greatly speeds up queries that are using the distinguishedname such as querying for group and user memberships.
 
 
 References

data/Rakefile

@@ -1,3 +1,4 @@
+require 'psych' #fix a bug with hoe
 require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
@@ -22,7 +23,7 @@ begin
     gemspec.homepage = "http://github.com/ajrkerr/devise_activedirectory_authenticatable"
     gemspec.authors = ["Adam Kerr"]
     gemspec.add_dependency "devise", ">= 1.1.5"
-    gemspec.add_dependency "active_directory", ">= 1.2.4"
+    gemspec.add_dependency "active_directory", ">= 1.5.1"
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError

data/VERSION

@@ -1 +1 @@
-0.3.3
+0.4.0

data/devise_active_directory_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_active_directory_authenticatable}
-  s.version = "0.3.3"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Adam Kerr"]
-  s.date = %q{2011-02-23}
+  s.date = %q{2011-03-03}
   s.description = %q{Active Directory authentication module for Devise, based off of LDAP Authentication}
   s.email = %q{ajrkerr@gmail.com}
   s.extra_rdoc_files = [
@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/ajrkerr/devise_activedirectory_authenticatable}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.5.2}
+  s.rubygems_version = %q{1.6.0}
   s.summary = %q{Active Directory authentication module for Devise}
 
   if s.respond_to? :specification_version then
@@ -42,14 +42,14 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_runtime_dependency(%q<active_directory>, [">= 1.2.4"])
+      s.add_runtime_dependency(%q<active_directory>, [">= 1.5.1"])
     else
       s.add_dependency(%q<devise>, [">= 1.1.5"])
-      s.add_dependency(%q<active_directory>, [">= 1.2.4"])
+      s.add_dependency(%q<active_directory>, [">= 1.5.1"])
     end
   else
     s.add_dependency(%q<devise>, [">= 1.1.5"])
-    s.add_dependency(%q<active_directory>, [">= 1.2.4"])
+    s.add_dependency(%q<active_directory>, [">= 1.5.1"])
   end
 end
 

data/lib/devise_active_directory_authenticatable.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 require 'devise'
 require 'active_directory'
+require 'active_record'
 
 require 'devise_active_directory_authenticatable/exception'
 require 'devise_active_directory_authenticatable/logger'
@@ -80,9 +81,13 @@ module Devise
   ##Update the user memberships from the AD
   mattr_accessor :ad_update_user_memberships
   @@ad_update_user_memberships = true
+
+  ##Enable Active Directory caching.  This speeds up group/membership queries significantly.
+  mattr_accessor :ad_caching
+  @@ad_caching = true
 end
 
-# Add ldap_authenticatable strategy to defaults.
+# Add active_directory_authenticatable strategy to defaults.
 #
 Devise.add_module(:ad_user,
                   :route => :session, ## This will add the routes, rather than in the routes.rb

data/lib/devise_active_directory_authenticatable/models/ad_group.rb

@@ -9,6 +9,34 @@ module Devise
       extend ActiveSupport::Concern
       include AdObject
 
+      #Remember to check for cycles in the graph
+      #BFS or DFS?
+      def find_all_parents
+      end
+
+      def find_all_children
+      end
+
+      #Remember to check for cycles in the graph
+      #BFS or DFS?
+      def find_all_members type = :all
+        case type
+          when :all
+
+          when :users
+
+          when :groups
+
+          else
+            throw "Invalid argument"
+        end
+      end
+
+
+
+
+      #Perhaps build a translation layer for the current way attributes are synced
+
       module ClassMethods
         # TODO find a way to get rid of this with metaprogramming
         def devise_model
@@ -18,13 +46,6 @@ module Devise
         def activedirectory_class
           ActiveDirectory::Group
         end
-
-        def sync_all
-          return false unless connected_to_activedirectory?
-          find_or_create_from_activedirectory.each do |gp|
-            gp.save
-          end
-        end
       end
 
     end

data/lib/devise_active_directory_authenticatable/models/ad_object.rb

@@ -5,70 +5,162 @@ module Devise
 
     Logger = DeviseActiveDirectoryAuthenticatable::Logger
 
+    def attr_map
+      @attr_map ||= ::Devise.ad_attr_mapping[klass.devise_model_name.to_sym]
+    end
+
     def klass
       self.class
     end
 
+    def ad_obj
+      @ad_obj ||= klass.find_activedirectory_objs(:objectguid => self.objectguid).first
+    end
+
     # Update the attributes of the current object from the AD
     # Defaults to current user if no parameters given
     def activedirectory_sync! params = {}
       params[:objectguid] = self.objectguid if params.empty?
-      ad_obj = params[:object] || klass.find_in_activedirectory(params).first
-      copy_from_activedirectory ad_obj unless ad_obj.nil?
+      @ad_obj ||= params[:object] || klass.find_activedirectory_objs(params).first
+      copy_from_activedirectory @ad_obj unless @ad_obj.nil?
+      update_memberships
     end
 
     # Update the attributes of the current object from the AD
     # Defaults to current user if no parameters given
-    def update_from_activedirectory! params = {}
-      params[:objectguid] = self.objectguid if params.empty?
-      ad_obj = params[:object] || klass.find_in_activedirectory(params).first
-      copy_from_activedirectory ad_obj unless ad_obj.nil?
+    def copy_from_activedirectory! params = {}
+      #Allows for caching, object, or AD search
+      params[:objectguid] = self[:objectguid] if params.empty?
+      @ad_obj ||= params[:object] || klass.find_activedirectory_objs(params).first
+      copy_from_activedirectory @ad_obj unless @ad_obj.nil?
+      # update_memberships
     end
 
+
+
     # Update the local object using an Active Directory entry
     def copy_from_activedirectory ad_obj
-      ::Devise.ad_attr_mapping[klass.devise_model_name.to_sym].each do |local_attr, active_directory_attr|
-        self[local_attr] = ad_obj.send(active_directory_attr)
+      attr_map.each do |local_attr, active_directory_attr|
+        self[local_attr] = ad_obj[active_directory_attr]
+      end
+    end
+
+    ##
+    # Updates the members and memberofs stored in the database
+    # and by update, I mean overwrite
+    # TODO find a way to update, or at least not molest non-AD associations
+    def update_memberships
+      update_children
+      update_parents
+    end
+
+    def update_children
+      #Set the members
+      if ad_obj[:member].is_a? Array
+        update_membership(ad_obj[:member], klass.member_users) if defined? klass.member_users
+        update_membership(ad_obj[:member], klass.member_groups) if defined? klass.member_groups
+      end
+    end
+
+    def update_parents
+      # MemberOf Relationship
+      if ad_obj[:memberof].is_a? Array and defined? klass.memberof
+        update_membership(ad_obj[:memberof], klass.memberof)
       end
     end
 
-    def find_in_activedirectory
-      klass.find_in_activedirectory :objectGUID => objectGUID
+    def update_membership ad_objs, params
+      # Create the objects of the right type, then sets them
+      klass = params[:class]
+      field = params[:field]
+
+      ad_objs = klass.find_from_activedirectory(:object => ad_objs)
+      self.send "#{field}=", ad_objs
     end
 
     module ClassMethods
 
+      attr_accessor :member_groups, :member_users, :memberof
+
       def login_with
         ::Devise.authentication_keys.first
       end
 
+      def set_devise_ad_options field, params = {}
+        ret = {}
+        ret[:field] = field.to_s
+        ret[:class_name] = (params[:class_name] || field).to_s.classify
+        ret[:class] = Kernel.const_get(ret[:class_name])
+
+        unless ret[:class].include? AdObject
+          raise "#{ret[:class_name]} does not include any of the Devise Active Directory modules.  Please consult the documentation." 
+        end
+
+        return ret
+      end
+
+      def devise_ad_memberof field, params = {}
+        @memberof = set_devise_ad_options field, params
+      end
+
+      def devise_ad_member_groups field, params = {}
+        @member_groups = set_devise_ad_options field, params
+      end
+
+      def devise_ad_member_users field, params = {}
+        @member_users = set_devise_ad_options field, params
+      end
+  
       def devise_model_name
-        devise_model.name[/.*::(.*)/, 1]
+        @devise_model ||= devise_model.name[/.*::(.*)/, 1]
       end
 
       def activedirectory_class_name
-        activedirectory_class.name[/.*::(.*)/, 1]
+        @ad_class ||= activedirectory_class.name[/.*::(.*)/, 1]
       end
 
+
       #Search based on GUID, DN or Username primarily
-      def find_in_activedirectory(local_params = {})
+      def find_activedirectory_objs local_params = {}
+        #Sometimes we're provide the objects
+        if local_params.key? :object
+          return [local_params[:object]] unless local_params[:object].kind_of? Array
+          return local_params[:object]
+        end
+
         #Reverse mappings for user
-        ad_params = local_attrs_to_ad local_params
-        Logger.send "Translated #{local_params.inspect} to #{ad_params.inspect}"
-        return find_all_in_activedirectory if ad_params.empty?
+        ad_params = local_attrs_to_ad(local_params)
 
         activedirectory_class.find(:all, ad_params)
       end
 
-      def find_or_create_from_activedirectory params = {}
-        ad_objs = find_in_activedirectory params
+      def find_from_activedirectory local_params = {}
+        ad_objs = find_activedirectory_objs local_params
+        guids = ad_objs.collect { |obj| obj[:objectguid] }
+        scoped.where(:objectguid => guids)
+      end
+
+      ##
+      # Does a search using AD terms and either finds the corresponding
+      # object in the database, or creates it
+      # TODO change attributes to not be statically mapped to objectguid
+      def find_or_create_from_activedirectory local_params = {}
+        ad_objs = find_activedirectory_objs local_params
         local_objs = []
 
-        ad_objs.each do |ad_obj|
-          obj = scoped.where(:objectguid => ad_obj.objectguid).first
-          obj = new if obj.blank?
+        #Grab all of the objects in one query by GUID for efficiency
+        guids = ad_objs.collect { |obj| obj[:objectguid] }
+        db_objs_by_guid = {}
+
+        #Make a hash map to do quick lookups
+        scoped.where(:objectguid => guids).each do |db_obj|
+          db_objs_by_guid[db_obj.objectguid] = db_obj
+        end
 
-          obj.activedirectory_sync! :object => ad_obj
+        ad_objs.each do |ad_obj|
+          guid = ad_obj[:objectguid]
+          obj = db_objs_by_guid[guid] || new
+          obj.copy_from_activedirectory!(:object => ad_obj) if obj.new_record?
 
           local_objs << obj
         end
@@ -76,21 +168,41 @@ module Devise
         local_objs
       end
 
-      def find_all_in_activedirectory
-        activedirectory_class.find(:all)
+      def sync_all
+        return false unless connected_to_activedirectory?
+
+        db_objs = find_or_create_from_activedirectory
+
+        ActiveRecord::Base.transaction do
+          #Save the new ones
+          db_objs.each { |obj| obj.save if obj.new_record? }
+
+          #Then update the memberships
+          #If we're updating all of them, then updating just the parents will do
+          db_objs.each do |obj| 
+            obj.update_parents
+          end
+        end
       end
 
+      ##
+      # Checks to see if a conection with AD has been established
       def connected_to_activedirectory?
         ActiveDirectory::Base.connected?
       end
 
-      # Initializes connection with active directory
+      ##
+      # Sets the username and password for the connection
+      # params {:username => 'joe.user', :password => 'top_secret' }
       def set_activedirectory_credentials(params = {})
-        #Used for username and password
+        #Used for username and password only
         ::Devise.ad_settings[:auth].merge! params
       end
 
+      ##
+      # Attempts to connect with the activedirectory based on the configuration options
       def activedirectory_connect
+        ActiveDirectory::Base.enable_cache if ::Devise.ad_caching
         ActiveDirectory::Base.setup(::Devise.ad_settings)
         raise DeviseActiveDirectoryAuthenticatable::ActiveDirectoryException, "Invalid Username or Password" unless ActiveDirectory::Base.connected?
       end

data/lib/devise_active_directory_authenticatable/models/ad_user.rb

@@ -12,19 +12,14 @@ module Devise
 
       Logger = DeviseActiveDirectoryAuthenticatable::Logger
 
-      included do
-        #has_and_belongs_to_many :member, :class_name, :join_table
-      end
-
       ## Devise key
       def login_with
         self[::Devise.authentication_keys.first]
       end
 
       # Login event handler.  Triggered after authentication.
+      # Maybe
       def login
-        activedirectory_sync!
-
         super if defined? super
       end
 
@@ -55,10 +50,6 @@ module Devise
           activedirectory_connect
           Logger.send "Attempt Result: #{ActiveDirectory::Base.error}"
 
-
-          # ad_user = find_in_activedirectory(@login_with => username)
-          # return false unless ad_user
-
           # Find them in the local database
           user = find_or_create_from_activedirectory(login_with => attributes[login_with]).first
 

data/lib/generators/devise_active_directory_authenticatable/install_generator.rb

@@ -91,6 +91,8 @@ module DeviseActiveDirectoryAuthenticatable
   ##Update the user memberships from the AD
   # config.ad_update_user_memberships = true
 
+  ##Uses caching when doing AD queries for DNs.  This speeds things up significantly.
+  # config.ad_caching = true
         eof
       
       settings

metadata

@@ -1,64 +1,47 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: devise_active_directory_authenticatable
-version: !ruby/object:Gem::Version 
-  hash: 21
+version: !ruby/object:Gem::Version
+  version: 0.4.0
   prerelease: 
-  segments: 
-  - 0
-  - 3
-  - 3
-  version: 0.3.3
 platform: ruby
-authors: 
+authors:
 - Adam Kerr
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-02-23 00:00:00 -05:00
+date: 2011-03-03 00:00:00.000000000 -05:00
 default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+dependencies:
+- !ruby/object:Gem::Dependency
   name: devise
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &2153561640 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 1
-        - 1
-        - 5
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.1.5
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: active_directory
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *2153561640
+- !ruby/object:Gem::Dependency
+  name: active_directory
+  requirement: &2153561160 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 2
-        - 4
-        version: 1.2.4
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.5.1
   type: :runtime
-  version_requirements: *id002
-description: Active Directory authentication module for Devise, based off of LDAP Authentication
+  prerelease: false
+  version_requirements: *2153561160
+description: Active Directory authentication module for Devise, based off of LDAP
+  Authentication
 email: ajrkerr@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.md
-files: 
+files:
 - MIT-LICENSE
 - README.md
 - Rakefile
@@ -77,36 +60,26 @@ files:
 has_rdoc: true
 homepage: http://github.com/ajrkerr/devise_activedirectory_authenticatable
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.5.2
+rubygems_version: 1.6.0
 signing_key: 
 specification_version: 3
 summary: Active Directory authentication module for Devise
 test_files: []
-