devise_ldap_authenticatable 0.1.2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Curtis Schiewek
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,120 @@
+Devise LDAP Authenticatable - Based on Devise-Imapable
+=================
+
+Devise LDAP Authenticatable is a LDAP based authentication strategy for the [Devise](http://github.com/plataformatec/devise) authentication framework.
+
+If you are building applications for use within your organization which require authentication and you want to use LDAP, this plugin is for you.
+
+Requirements
+------------
+
+- Rails 2.3.5
+- Devise 1.0.6
+- Net-LDAP 0.1.1 
+
+**_Please Note_**
+
+You must use the net-ldap gem and _NOT_ the ruby-net-ldap gem.  
+
+Installation
+------------
+
+script/plugin install git@github.com:cschiewek/devise\_ldap\_authenticatable.git
+
+Setup
+-----
+
+Once devise\_ldap\_authenticatable is installed, all you need to do is setup the user model which includes a small addition to the model itself and to the schema.
+
+First the schema :
+
+    create_table :users do |t|
+      t.ldap_authenticatable, :null => false
+    end
+
+and indexes (optional) :
+
+    add_index :login, :unique => true
+
+and don’t forget to migrate :
+
+    rake db:migrate.
+
+then the model :
+
+    class User < ActiveRecord::Base
+      devise :ldap_authenticatable, :rememberable, :trackable, :timeoutable
+
+      # Setup accessible (or protected) attributes for your model
+      attr_accessible :login, :password, :remember_me
+      ...
+    end
+
+and finally change the authentication key in the devise initializer :
+
+	Devise.setup do |config|
+	  ...
+	  config.authentication_keys = [ :login ]
+	  ...
+	end
+
+I recommend using :rememberable, :trackable, :timeoutable as it gives a full feature set for logins.
+
+Usage
+-----
+
+Devise LDAP Authenticatable works in replacement of Authenticatable, allowing for LDAP authentication via simple bind. The standard sign\_in routes and views work out of the box as these are just reused from devise. I recommend you run :
+
+    script/generate devise_views
+
+so you can customize your login pages.
+
+------------------------------------------------------------
+
+**_Please Note_**
+
+This devise plugin has not been tested with Authenticatable enabled at the same time. This is meant as a drop in replacement for Authenticatable allowing for a semi single sign on approach.
+
+
+Configuration
+----------------------
+
+In initializer  `config/initializers/devise.rb` :
+
+    Devise.setup do |config|
+      # Required
+      config.ldap_host = 'ldap.mydomain.com'
+      config.ldap_port = 389
+	
+	  # Optional, these will default to false or nil if not set
+	  config.ldap_ssl = true
+	  config.ldap_create_user = true
+    end
+
+* ldap\_host
+	* The host of your LDAP server
+* ldap\_port
+	* The port your LDAP service is listening on.  No default are set.
+* ldap\_ssl
+	* Enables SSL (ldaps) encryption.  START_TLS encryption will be added when the net-ldap gem adds support for it.
+* ldap\_create\_user
+	* If set to true, all valid LDAP users will be allowed to login and an appropriate user record will be created.
+      If set to false, you will have to create the user record before they will be allowed to login.
+
+
+References
+----------
+
+* [Devise](http://github.com/plataformatec/devise)
+* [Warden](http://github.com/hassox/warden)
+
+
+TODO
+----
+
+- Add support for defining DN format to make logins cleaner
+- Tests
+
+Released under the MIT license
+
+Copyright (c) 2010 Curtis Schiewek

data/Rakefile

@@ -0,0 +1,41 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_imapable plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the devise_ldap_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseLDAPAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_ldap_authenticatable"
+    gemspec.summary = "LDAP authentication module for Devise"
+    gemspec.description = "LDAP authentication module for Devise"
+    gemspec.email = "curtis.schiewek@gmail.com"
+    gemspec.homepage = "http://github.com/cschiewek/devise_ldap_authenticatable"
+    gemspec.authors = ["Curtis Schiewek"]
+    gemspec.add_runtime_dependency "devise", "> 1.0.4"
+    gemspec.add_runtime_dependency "net-ldap", ">= 0.0.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.2

data/lib/devise_ldap_authenticatable.rb

@@ -0,0 +1,31 @@
+# encoding: utf-8
+require 'devise'
+
+require 'devise_ldap_authenticatable/schema'
+require 'devise_ldap_authenticatable/ldap_adapter'
+require 'devise_ldap_authenticatable/routes'
+
+module Devise
+  # host
+  mattr_accessor :ldap_host
+  @@ldap_host = nil
+
+  # port
+  mattr_accessor :ldap_port
+  @@ldap_port = nil
+  
+  # Use SSL
+  mattr_accessor :ldap_ssl
+  @@ldap_ssl = false
+  
+  # Add valid users to database
+  mattr_accessor :ldap_create_user
+  @ldap_create_user = false
+end
+
+# Add ldap_authenticatable strategy to defaults.
+#
+Devise.add_module(:ldap_authenticatable,
+                  :strategy   => true,
+                  :controller => :sessions,
+                  :model  => 'devise_ldap_authenticatable/model')

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -0,0 +1,25 @@
+require 'net/ldap'
+
+module Devise
+
+  # simple adapter for ldap credential checking
+  # ::Devise.ldap_host
+  module LdapAdapter
+
+    def self.valid_credentials?(login, password)
+      @encryption = ::Devise.ldap_ssl ? :simple_tls : nil
+      ldap = Net::LDAP.new(:encryption => @encryption)
+      ldap.host = ::Devise.ldap_host
+      ldap.port = ::Devise.ldap_port
+      ldap.auth login, password
+      if ldap.bind
+        true
+      else
+        # errors.add_to_base(ldap.get_operation_result.message)
+        false
+      end
+    end
+
+  end
+
+end

data/lib/devise_ldap_authenticatable/model.rb

@@ -0,0 +1,68 @@
+require 'devise_ldap_authenticatable/strategy'
+
+module Devise
+  module Models
+    # LDAP Module, responsible for validating the user credentials via LDAP.
+    #
+    # Examples:
+    #
+    #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
+    #    User.find(1).valid_password?('password123')         # returns true/false
+    #
+    module LdapAuthenticatable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+
+          attr_accessor :password
+        end
+      end
+
+      # Set password to nil
+      def clean_up_passwords
+        self.password = nil
+      end
+
+      # Checks if a resource is valid upon authentication.
+      def valid_ldap_authentication?(password)
+        Devise::LdapAdapter.valid_credentials?(self.login, password)
+      end
+
+      module ClassMethods
+        # Authenticate a user based on configured attribute keys. Returns the
+        # authenticated user if it's valid or nil.
+        def authenticate_with_ldap(attributes={})
+          return unless attributes[:login].present?
+          conditions = attributes.slice(:login)
+
+          unless conditions[:login]
+            conditions[:login] = "#{conditions[:login]}"
+          end
+
+          resource = find_for_ldap_authentication(conditions)
+          resource = new(conditions) if (resource.nil? and ::Devise.ldap_create_user)
+           
+          if resource.try(:valid_ldap_authentication?, attributes[:password])
+             resource.new_record? ? create(conditions) : resource
+          end
+        end
+
+      protected
+
+        # Find first record based on conditions given (ie by the sign in form).
+        # Overwrite to add customized conditions, create a join, or maybe use a
+        # namedscope to filter records while authenticating.
+        # Example:
+        #
+        #   def self.find_for_imap_authentication(conditions={})
+        #     conditions[:active] = true
+        #     find(:first, :conditions => conditions)
+        #   end
+        #
+        def find_for_ldap_authentication(conditions)
+          find(:first, :conditions => conditions)
+        end
+      end
+    end
+  end
+end

data/lib/devise_ldap_authenticatable/routes.rb

@@ -0,0 +1,6 @@
+ActionController::Routing::RouteSet::Mapper.class_eval do
+
+  protected
+    # reuse the session routes and controller
+    alias :ldap_authenticatable :database_authenticatable
+end

data/lib/devise_ldap_authenticatable/schema.rb

@@ -0,0 +1,12 @@
+Devise::Schema.class_eval do
+    # Creates login
+    #
+    # == Options
+    # * :null - When true, allow columns to be null.
+    def ldap_authenticatable(options={})
+      null = options[:null] || false
+
+      apply_schema :login, String, :null => null
+    end
+
+end

data/lib/devise_ldap_authenticatable/strategy.rb

@@ -0,0 +1,36 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    # Strategy for signing in a user based on his login and password using LDAP.
+    # Redirects to sign_in page if it's not authenticated
+    class LdapAuthenticatable < Base
+      def valid?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
+      end
+
+      # Authenticate a user based on login and password params, returning to warden
+      # success and the authenticated user if everything is okay. Otherwise redirect
+      # to sign in page.
+      def authenticate!
+        if resource = mapping.to.authenticate_with_ldap(params[scope])
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+
+        def valid_controller?
+          params[:controller] == 'sessions'
+        end
+
+        def valid_params?
+          params[scope] && params[scope][:password].present?
+        end
+    end
+  end
+end
+
+Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)

data/rails/init.rb

@@ -0,0 +1,2 @@
+# Include hook code here
+require 'devise_ldap_authenticatable'

data/test/devise_ldap_authenticatable_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class DeviseLdapAuthenticatableTest < ActiveSupport::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'active_support'
+require 'active_support/test_case'

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification 
+name: devise_ldap_authenticatable
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 2
+  version: 0.1.2
+platform: ruby
+authors: 
+- Curtis Schiewek
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-04-25 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        - 4
+        version: 1.0.4
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: net-ldap
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 0
+        - 0
+        version: 0.0.0
+  type: :runtime
+  version_requirements: *id002
+description: LDAP authentication module for Devise
+email: curtis.schiewek@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- MIT-LICENSE
+- README.md
+- Rakefile
+- VERSION
+- lib/devise_ldap_authenticatable.rb
+- lib/devise_ldap_authenticatable/ldap_adapter.rb
+- lib/devise_ldap_authenticatable/model.rb
+- lib/devise_ldap_authenticatable/routes.rb
+- lib/devise_ldap_authenticatable/schema.rb
+- lib/devise_ldap_authenticatable/strategy.rb
+- rails/init.rb
+- test/devise_ldap_authenticatable_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/cschiewek/devise_ldap_authenticatable
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: LDAP authentication module for Devise
+test_files: 
+- test/devise_ldap_authenticatable_test.rb
+- test/test_helper.rb