devise_ldap_authenticatable 0.4.0 → 0.4.1

data/.gitignore

@@ -0,0 +1,5 @@
+.bundle
+log
+*.sqlite3
+openldap-data
+test/rails_app/tmp

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Curtis Schiewek
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -62,6 +62,7 @@ Devise LDAP Authenticatable works in replacement of Database Authenticatable
 
 This devise plugin has not been tested with DatabaseAuthenticatable enabled at the same time. This is meant as a drop in replacement for DatabaseAuthenticatable allowing for a semi single sign on approach.
 
+The field that is used for logins is the first key that's configured in the `config/devise.rb` file under `config.authentication_keys`, which by default is email. For help changing this, please see the [Railscast](http://railscasts.com/episodes/210-customizing-devise) that goes through how to customize Devise.
 
 Configuration
 -------------
@@ -81,7 +82,6 @@ In initializer  `config/initializers/devise.rb` :
 * ldap\_update\_password _(default: true)_
   * When doing password resets, if true will update the LDAP server. Requires admin password in the ldap.yml
 
-
 * ldap\_check\_group_membership _(default: false)_
   * When set to true, the user trying to login will be checked to make sure they are in all of groups specified in the ldap.yml file.
 
@@ -89,6 +89,9 @@ In initializer  `config/initializers/devise.rb` :
 * ldap\_check\_attributes _(default: false)_
   * When set to true, the user trying to login will be checked to make sure they have all of the attributes in the ldap.yml file.
 
+* ldap\_use\_admin\_to\_bind _(default: false)_
+  * When set to true, the admin user will be used to bind to the LDAP server during authentication.
+
 Testing
 -------
 

data/Rakefile

@@ -0,0 +1,52 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_imapable plugin.'
+Rake::TestTask.new(:test) do |t|
+  # t.libs << 'lib'
+  # t.libs << 'test'
+  # t.pattern = 'test/**/*_test.rb'
+  # t.verbose = true
+  puts <<-eof
+
+*** NOTICE ***
+
+All tests are done in the sample Rails app. 
+
+Please go to test/rails_app and run the tests there. 
+
+Make sure to bundle install and rake db:migrate
+
+  eof
+end
+
+desc 'Generate documentation for the devise_ldap_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseLDAPAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_ldap_authenticatable"
+    gemspec.summary = "LDAP authentication module for Devise"
+    gemspec.description = "LDAP authentication module for Devise"
+    gemspec.email = "curtis.schiewek@gmail.com"
+    gemspec.homepage = "http://github.com/cschiewek/devise_ldap_authenticatable"
+    gemspec.authors = ["Curtis Schiewek"]
+    gemspec.add_runtime_dependency "devise", "> 1.0.4"
+    gemspec.add_runtime_dependency "net-ldap", ">= 0.0.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+0.4.1

data/devise_ldap_authenticatable.gemspec

@@ -0,0 +1,166 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{devise_ldap_authenticatable}
+  s.version = "0.4.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Curtis Schiewek"]
+  s.date = %q{2010-08-01}
+  s.description = %q{LDAP authentication module for Devise}
+  s.email = %q{curtis.schiewek@gmail.com}
+  s.extra_rdoc_files = [
+    "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+     "MIT-LICENSE",
+     "README.md",
+     "Rakefile",
+     "VERSION",
+     "devise_ldap_authenticatable.gemspec",
+     "lib/devise_ldap_authenticatable.rb",
+     "lib/devise_ldap_authenticatable/exception.rb",
+     "lib/devise_ldap_authenticatable/ldap_adapter.rb",
+     "lib/devise_ldap_authenticatable/logger.rb",
+     "lib/devise_ldap_authenticatable/model.rb",
+     "lib/devise_ldap_authenticatable/routes.rb",
+     "lib/devise_ldap_authenticatable/schema.rb",
+     "lib/devise_ldap_authenticatable/strategy.rb",
+     "lib/devise_ldap_authenticatable/version.rb",
+     "lib/generators/devise_ldap_authenticatable/install_generator.rb",
+     "lib/generators/devise_ldap_authenticatable/templates/ldap.yml",
+     "rails/init.rb",
+     "test/devise_ldap_authenticatable_test.rb",
+     "test/ldap/base.ldif",
+     "test/ldap/clear.ldif",
+     "test/ldap/local.schema",
+     "test/ldap/run-server.sh",
+     "test/ldap/slapd-test.conf",
+     "test/rails_app/Gemfile",
+     "test/rails_app/Rakefile",
+     "test/rails_app/app/controllers/application_controller.rb",
+     "test/rails_app/app/controllers/posts_controller.rb",
+     "test/rails_app/app/helpers/application_helper.rb",
+     "test/rails_app/app/helpers/posts_helper.rb",
+     "test/rails_app/app/models/post.rb",
+     "test/rails_app/app/models/user.rb",
+     "test/rails_app/app/views/layouts/application.html.erb",
+     "test/rails_app/app/views/posts/index.html.erb",
+     "test/rails_app/config.ru",
+     "test/rails_app/config/application.rb",
+     "test/rails_app/config/boot.rb",
+     "test/rails_app/config/cucumber.yml",
+     "test/rails_app/config/database.yml",
+     "test/rails_app/config/environment.rb",
+     "test/rails_app/config/environments/development.rb",
+     "test/rails_app/config/environments/production.rb",
+     "test/rails_app/config/environments/test.rb",
+     "test/rails_app/config/initializers/backtrace_silencers.rb",
+     "test/rails_app/config/initializers/devise.rb",
+     "test/rails_app/config/initializers/inflections.rb",
+     "test/rails_app/config/initializers/mime_types.rb",
+     "test/rails_app/config/initializers/secret_token.rb",
+     "test/rails_app/config/initializers/session_store.rb",
+     "test/rails_app/config/ldap.yml",
+     "test/rails_app/config/ldap_with_uid.yml",
+     "test/rails_app/config/locales/devise.en.yml",
+     "test/rails_app/config/locales/en.yml",
+     "test/rails_app/config/routes.rb",
+     "test/rails_app/db/migrate/20100708120302_create_posts.rb",
+     "test/rails_app/db/migrate/20100708120448_devise_create_users.rb",
+     "test/rails_app/db/schema.rb",
+     "test/rails_app/db/seeds.rb",
+     "test/rails_app/features/manage_logins.feature",
+     "test/rails_app/features/step_definitions/login_steps.rb",
+     "test/rails_app/features/step_definitions/web_steps.rb",
+     "test/rails_app/features/support/env.rb",
+     "test/rails_app/features/support/paths.rb",
+     "test/rails_app/lib/tasks/.gitkeep",
+     "test/rails_app/lib/tasks/cucumber.rake",
+     "test/rails_app/public/404.html",
+     "test/rails_app/public/422.html",
+     "test/rails_app/public/500.html",
+     "test/rails_app/public/images/rails.png",
+     "test/rails_app/public/javascripts/application.js",
+     "test/rails_app/public/javascripts/controls.js",
+     "test/rails_app/public/javascripts/dragdrop.js",
+     "test/rails_app/public/javascripts/effects.js",
+     "test/rails_app/public/javascripts/prototype.js",
+     "test/rails_app/public/javascripts/rails.js",
+     "test/rails_app/public/stylesheets/.gitkeep",
+     "test/rails_app/script/cucumber",
+     "test/rails_app/script/rails",
+     "test/rails_app/test/factories/users.rb",
+     "test/rails_app/test/functional/posts_controller_test.rb",
+     "test/rails_app/test/performance/browsing_test.rb",
+     "test/rails_app/test/test_helper.rb",
+     "test/rails_app/test/unit/helpers/posts_helper_test.rb",
+     "test/rails_app/test/unit/post_test.rb",
+     "test/rails_app/test/unit/user_test.rb",
+     "test/test_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/cschiewek/devise_ldap_authenticatable}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{LDAP authentication module for Devise}
+  s.test_files = [
+    "test/devise_ldap_authenticatable_test.rb",
+     "test/rails_app/app/controllers/application_controller.rb",
+     "test/rails_app/app/controllers/posts_controller.rb",
+     "test/rails_app/app/helpers/application_helper.rb",
+     "test/rails_app/app/helpers/posts_helper.rb",
+     "test/rails_app/app/models/post.rb",
+     "test/rails_app/app/models/user.rb",
+     "test/rails_app/config/application.rb",
+     "test/rails_app/config/boot.rb",
+     "test/rails_app/config/environment.rb",
+     "test/rails_app/config/environments/development.rb",
+     "test/rails_app/config/environments/production.rb",
+     "test/rails_app/config/environments/test.rb",
+     "test/rails_app/config/initializers/backtrace_silencers.rb",
+     "test/rails_app/config/initializers/devise.rb",
+     "test/rails_app/config/initializers/inflections.rb",
+     "test/rails_app/config/initializers/mime_types.rb",
+     "test/rails_app/config/initializers/secret_token.rb",
+     "test/rails_app/config/initializers/session_store.rb",
+     "test/rails_app/config/routes.rb",
+     "test/rails_app/db/migrate/20100708120302_create_posts.rb",
+     "test/rails_app/db/migrate/20100708120448_devise_create_users.rb",
+     "test/rails_app/db/schema.rb",
+     "test/rails_app/db/seeds.rb",
+     "test/rails_app/features/step_definitions/login_steps.rb",
+     "test/rails_app/features/step_definitions/web_steps.rb",
+     "test/rails_app/features/support/env.rb",
+     "test/rails_app/features/support/paths.rb",
+     "test/rails_app/test/factories/users.rb",
+     "test/rails_app/test/functional/posts_controller_test.rb",
+     "test/rails_app/test/performance/browsing_test.rb",
+     "test/rails_app/test/test_helper.rb",
+     "test/rails_app/test/unit/helpers/posts_helper_test.rb",
+     "test/rails_app/test/unit/post_test.rb",
+     "test/rails_app/test/unit/user_test.rb",
+     "test/test_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<devise>, ["> 1.0.4"])
+      s.add_runtime_dependency(%q<net-ldap>, [">= 0.0.0"])
+    else
+      s.add_dependency(%q<devise>, ["> 1.0.4"])
+      s.add_dependency(%q<net-ldap>, [">= 0.0.0"])
+    end
+  else
+    s.add_dependency(%q<devise>, ["> 1.0.4"])
+    s.add_dependency(%q<net-ldap>, [">= 0.0.0"])
+  end
+end
+

data/lib/devise_ldap_authenticatable.rb

@@ -28,6 +28,9 @@ module Devise
   
   mattr_accessor :ldap_check_attributes
   @@ldap_check_role_attribute = false
+  
+  mattr_accessor :ldap_use_admin_to_bind
+  @@ldap_use_admin_to_bind = false
 end
 
 # Add ldap_authenticatable strategy to defaults.

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -5,7 +5,9 @@ module Devise
   module LdapAdapter
     
     def self.valid_credentials?(login, password_plaintext)
-      resource = LdapConnect.new(:login => login, :password => password_plaintext)
+      options = {:login => login, :password => password_plaintext}
+      options.merge({ :admin => true }) if ::Devise.ldap_use_admin_to_bind
+      resource = LdapConnect.new(options)
       resource.authorized?
     end
     
@@ -21,7 +23,7 @@ module Devise
 
     class LdapConnect
 
-      attr_reader :ldap, :login #, :base, :attribute, :required_groups, :login, :password, :new_password
+      attr_reader :ldap, :login
 
       def initialize(params = {})
         ldap_config = YAML.load_file(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")[Rails.env]
@@ -45,7 +47,15 @@ module Devise
       end
 
       def dn
-        "#{@attribute}=#{@login},#{@ldap.base}"
+        DeviseLdapAuthenticatable::Logger.send("LDAP search: #{@attribute}=#{@login}")
+        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
+        ldap_entry = nil
+        @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
+        if ldap_entry.nil?
+          "#{@attribute}=#{@login},#{@ldap.base}"
+        else
+          ldap_entry.dn
+        end
       end
 
       def authenticate!
@@ -149,4 +159,4 @@ module Devise
 
   end
 
-end
+end

data/lib/devise_ldap_authenticatable/model.rb

@@ -13,25 +13,29 @@ module Devise
       extend ActiveSupport::Concern
 
       included do
-        attr_reader :password, :current_password
+        attr_reader :current_password, :password
         attr_accessor :password_confirmation
       end
 
-      def password=(new_password)
-        @password = new_password
-        
-        if @password.present?
-          Devise::LdapAdapter.update_password(self.email, password) if ::Devise.ldap_update_password
+      def login_with
+        self[::Devise.authentication_keys.first]
+      end
+      
+      def reset_password!(new_password, new_password_confirmation)
+        if new_password == new_password_confirmation && ::Devise.ldap_update_password
+          Devise::LdapAdapter.update_password(login_with, new_password)
         end
+        clear_reset_password_token if valid?
+        save
       end
 
-      ## FIXME find out how to get rid of this.
-      def clean_up_passwords
+      def password=(new_password)
+        @password = new_password
       end
 
       # Checks if a resource is valid upon authentication.
       def valid_ldap_authentication?(password)
-        if Devise::LdapAdapter.valid_credentials?(self.email, password)
+        if Devise::LdapAdapter.valid_credentials?(login_with, password)
           return true
         else
           return false
@@ -39,39 +43,35 @@ module Devise
       end
       
       def ldap_groups
-         Devise::LdapAdapter.get_groups(self.email)
+        Devise::LdapAdapter.get_groups(login_with)
       end
 
       module ClassMethods
         # Authenticate a user based on configured attribute keys. Returns the
         # authenticated user if it's valid or nil.
         def authenticate_with_ldap(attributes={}) 
-          return nil unless attributes[:email].present? 
-          conditions = attributes.slice(:email)
+          @login_with = ::Devise.authentication_keys.first
+          return nil unless attributes[@login_with].present? 
 
-          unless conditions[:email]
-            conditions[:email] = "#{conditions[:email]}"
-          end
-
-          resource = find_for_ldap_authentication(conditions)
-          
+          # resource = find_for_ldap_authentication(conditions)
+          resource = scoped.where(@login_with => attributes[@login_with]).first
+                    
           if (resource.blank? and ::Devise.ldap_create_user)
-            resource = new(conditions.merge({:password => attributes[:password]}))
+            resource = new
+            resource[@login_with] = attributes[@login_with]
+            resource.password = attributes[:password]
           end
-           
+                    
           if resource.try(:valid_ldap_authentication?, attributes[:password])
             resource.save if resource.new_record?
             return resource
           else
             return nil
           end
-
         end
-
-        protected
-
-        def find_for_ldap_authentication(conditions)
-          scoped.where(conditions).first
+        
+        def update_with_password(resource)
+          puts "UPDATE_WITH_PASSWORD: #{resource.inspect}"
         end
         
       end

data/lib/devise_ldap_authenticatable/version.rb

@@ -1,4 +1,4 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.4.0"
+  VERSION = "0.4.1"
 end
 

data/lib/generators/devise_ldap_authenticatable/install_generator.rb

@@ -34,6 +34,8 @@ module DeviseLdapAuthenticatable
   # config.ldap_config = "\#{Rails.root}/config/ldap.yml"
   # config.ldap_check_group_membership = false
   # config.ldap_check_attributes = false
+  # config.ldap_use_admin_to_bind = false
+  
       eof
     end
     

data/rails/init.rb

@@ -0,0 +1,2 @@
+# Include hook code here
+require 'devise_ldap_authenticatable'

data/test/devise_ldap_authenticatable_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class DeviseLdapAuthenticatableTest < ActiveSupport::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end