devise_ldap_authenticatable 0.4.5 → 0.4.6

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -32,7 +32,7 @@ This will *only* work for Rails 3 applications.
32
32
  In the Gemfile for your application:
33
33
 
34
34
  gem "devise", "1.1.2"
35
- gem "devise_ldap_authenticatable", "0.4.5"
35
+ gem "devise_ldap_authenticatable"
36
36
 
37
37
  To get the latest version, pull directly from github instead of the gem:
38
38
 
@@ -96,7 +96,6 @@ In initializer `config/initializers/devise.rb` :
96
96
  * ldap\_check\_group_membership _(default: false)_
97
97
  * When set to true, the user trying to login will be checked to make sure they are in all of groups specified in the ldap.yml file.
98
98
 
99
-
100
99
  * ldap\_check\_attributes _(default: false)_
101
100
  * When set to true, the user trying to login will be checked to make sure they have all of the attributes in the ldap.yml file.
102
101
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.4.5
1
+ 0.4.6
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{devise_ldap_authenticatable}
8
- s.version = "0.4.5"
8
+ s.version = "0.4.6"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Curtis Schiewek", "Daniel McNevin"]
12
- s.date = %q{2010-08-30}
12
+ s.date = %q{2010-09-23}
13
13
  s.description = %q{LDAP authentication module for Devise}
14
14
  s.email = %q{curtis.schiewek@gmail.com}
15
15
  s.extra_rdoc_files = [
@@ -90,9 +90,15 @@ module Devise
90
90
  admin_ldap = LdapConnect.admin
91
91
 
92
92
  for group in @required_groups
93
- admin_ldap.search(:base => group, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
94
- unless entry.uniqueMember.include? dn
95
- DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group}")
93
+ if group.is_a?(Array)
94
+ group_attribute, group_name = group
95
+ else
96
+ group_attribute = "uniqueMember"
97
+ group_name = group
98
+ end
99
+ admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
100
+ unless entry[group_attribute].include? dn
101
+ DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
96
102
  return false
97
103
  end
98
104
  end
@@ -1,4 +1,4 @@
1
1
  module DeviseLdapAuthenticatable
2
- VERSION = "0.4.5"
2
+ VERSION = "0.4.6"
3
3
  end
4
4
 
@@ -7,8 +7,11 @@ authorizations: &AUTHORIZATIONS
7
7
  ## Requires config.ldap_check_group_membership in devise.rb be true
8
8
  # Can have multiple values, must match all to be authorized
9
9
  required_groups:
10
+ # If only a group name is given, membership will be checked against "uniqueMember"
10
11
  - cn=admins,ou=groups,dc=test,dc=com
11
12
  - cn=users,ou=groups,dc=test,dc=com
13
+ # If an array is given, the first element will be the attribute to check against, the second the group name
14
+ - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
12
15
  ## Requires config.ldap_check_attributes in devise.rb to be true
13
16
  ## Can have multiple attributes and values, must match all to be authorized
14
17
  require_attribute:
data/test/ldap/base.ldif CHANGED
@@ -58,9 +58,11 @@ userPassword:: e1NIQX0wcUNXaERISGFwWmc3ekJxZWRRanBzNW1EUDA9
58
58
 
59
59
  # users, groups, test.com
60
60
  dn: cn=users,ou=groups,dc=test,dc=com
61
+ objectClass: authorizations
61
62
  objectClass: groupOfUniqueNames
62
63
  objectClass: top
63
64
  uniqueMember: cn=example.user@test.com,ou=people,dc=test,dc=com
65
+ authorizationRole: cn=example.admin@test.com,ou=people,dc=test,dc=com
64
66
  cn: users
65
67
 
66
68
  # users, groups, test.com
@@ -1,9 +1,9 @@
1
1
  PATH
2
2
  remote: /Users/dpmcnevin/Rails/devise_ldap_authenticatable
3
3
  specs:
4
- devise_ldap_authenticatable (0.4.4)
5
- devise (> 1.0.4)
6
- net-ldap (>= 0.1.1)
4
+ devise_ldap_authenticatable (0.4.5)
5
+ devise (= 1.1.2)
6
+ net-ldap (= 0.1.1)
7
7
 
8
8
  GEM
9
9
  remote: http://rubygems.org/
@@ -52,6 +52,7 @@ GEM
52
52
  rack (>= 1.0.0)
53
53
  rack-test (>= 0.5.4)
54
54
  selenium-webdriver (>= 0.0.3)
55
+ columnize (0.3.1)
55
56
  configuration (1.1.0)
56
57
  cucumber (0.8.5)
57
58
  builder (~> 2.1.2)
@@ -82,6 +83,7 @@ GEM
82
83
  launchy (0.3.7)
83
84
  configuration (>= 0.0.5)
84
85
  rake (>= 0.8.1)
86
+ linecache (0.43)
85
87
  mail (2.2.5)
86
88
  activesupport (>= 2.3.6)
87
89
  mime-types
@@ -111,6 +113,12 @@ GEM
111
113
  rake (>= 0.8.4)
112
114
  thor (~> 0.14.0)
113
115
  rake (0.8.7)
116
+ redgreen (1.2.2)
117
+ ruby-debug (0.10.3)
118
+ columnize (>= 0.1)
119
+ ruby-debug-base (~> 0.10.3.0)
120
+ ruby-debug-base (0.10.3)
121
+ linecache (>= 0.3)
114
122
  rubyzip (0.9.4)
115
123
  selenium-webdriver (0.0.28)
116
124
  ffi (>= 0.6.1)
@@ -143,5 +151,7 @@ DEPENDENCIES
143
151
  launchy
144
152
  mocha
145
153
  rails (= 3.0.0)
154
+ redgreen
155
+ ruby-debug
146
156
  shoulda
147
157
  sqlite3-ruby
@@ -3,6 +3,7 @@ authorizations: &AUTHORIZATIONS
3
3
  group_base: ou=groups,dc=test,dc=com
4
4
  required_groups:
5
5
  - cn=admins,ou=groups,dc=test,dc=com
6
+ - ["authorizationRole", "cn=users,ou=groups,dc=test,dc=com"]
6
7
  require_attribute:
7
8
  objectClass: inetOrgPerson
8
9
  authorizationRole: blogAdmin
@@ -4,13 +4,21 @@ require 'rails/test_help'
4
4
 
5
5
  class ActiveSupport::TestCase
6
6
 
7
+ def ldap_connect_string
8
+ if ENV["LDAP_SSL"]
9
+ "-x -H ldaps://localhost:3389 -D 'cn=admin,dc=test,dc=com' -w secret"
10
+ else
11
+ "-x -h localhost -p 3389 -D 'cn=admin,dc=test,dc=com' -w secret"
12
+ end
13
+ end
14
+
7
15
  def reset_ldap_server!
8
16
  if ENV["LDAP_SSL"]
9
- `ldapmodify -x -H ldaps://localhost:3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/clear.ldif`
10
- `ldapadd -x -H ldaps://localhost:3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/base.ldif`
17
+ `ldapmodify #{ldap_connect_string} -f ../ldap/clear.ldif`
18
+ `ldapadd #{ldap_connect_string} -f ../ldap/base.ldif`
11
19
  else
12
- `ldapmodify -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/clear.ldif`
13
- `ldapadd -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/base.ldif`
20
+ `ldapmodify #{ldap_connect_string} -f ../ldap/clear.ldif`
21
+ `ldapadd #{ldap_connect_string} -f ../ldap/base.ldif`
14
22
  end
15
23
  end
16
24
 
@@ -1,8 +1,4 @@
1
1
  require 'test_helper'
2
2
 
3
3
  class PostTest < ActiveSupport::TestCase
4
- # Replace this with your real tests.
5
- test "the truth" do
6
- assert true
7
- end
8
4
  end
@@ -103,6 +103,11 @@ class UserTest < ActiveSupport::TestCase
103
103
  should "user should not be allowed in" do
104
104
  should_not_be_validated @user, "secret"
105
105
  end
106
+
107
+ should "not be validated if group with different attribute is removed" do
108
+ `ldapmodify #{ldap_connect_string} -f ../ldap/delete_authorization_role.ldif`
109
+ should_not_be_validated @admin, "admin_secret"
110
+ end
106
111
  end
107
112
 
108
113
  context "use role attribute for authorization" do
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_ldap_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- hash: 5
4
+ hash: 3
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 4
9
- - 5
10
- version: 0.4.5
9
+ - 6
10
+ version: 0.4.6
11
11
  platform: ruby
12
12
  authors:
13
13
  - Curtis Schiewek
@@ -16,7 +16,7 @@ autorequire:
16
16
  bindir: bin
17
17
  cert_chain: []
18
18
 
19
- date: 2010-08-30 00:00:00 -04:00
19
+ date: 2010-09-23 00:00:00 -04:00
20
20
  default_executable:
21
21
  dependencies:
22
22
  - !ruby/object:Gem::Dependency