devise_ldap_authenticatable 0.8.0.pre → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 548528afb06b9937883443ff08dcdfe51c050929
-  data.tar.gz: c35125610a1d1837b33ad0de333da30ed021f11c
+  metadata.gz: eedf5d7bc24d165792c969025ab40f505186c860
+  data.tar.gz: f64f68c2cdd55964cd11eb716ab0aa792d2609dc
 SHA512:
-  metadata.gz: 72004032d5c0d27b2b9e370822c285da8b32e69df6b45291693317abab9337ba31701d41f8ffdf1b5a6e7275c569077e82c3f33cf9abb59c6192046800bb5ffc
-  data.tar.gz: de5183334fa0256b030c89b9dfd0385f6e52242a94142f42096410543beaabb464c1600926d2ded18a7aaa649b7e6e299ab07ca0f7c4c403fc5ea61074aeb8dc
+  metadata.gz: 97f84af5cc16c2339e14ac95c232e98c0e3579a59114c105ee52960403b8d688c9af536f3b1cbe2b7651c0bcdb1b84b742846b1f2d04980a522d1b6b83be7f49
+  data.tar.gz: 1bbc5971f9d6c7e864f5841036da504844c54176772a51e84766429cf148547e87623bc7545483c11b4a9bd1a3d4f63eeed4546c41e5e6c009175c982a0d40de

data/Gemfile

@@ -3,6 +3,6 @@ source "http://rubygems.org"
 gemspec
 
 group :development, :test do
-  gem 'ruby-debug', '>= 0.10.3', :platform => :mri_18
-  gem 'debugger', :platform => :ruby_19
+  gem 'debugger', platform: :ruby_19
+  gem 'byebug', platform: :ruby_20
 end

data/README.md

@@ -1,5 +1,9 @@
 Devise LDAP Authenticatable
 ===========================
+[![Gem Version](https://badge.fury.io/rb/devise_ldap_authenticatable.png)](http://badge.fury.io/rb/devise_ldap_authenticatable)
+[![Code Climate](https://codeclimate.com/github/cschiewek/devise_ldap_authenticatable.png)](https://codeclimate.com/github/cschiewek/devise_ldap_authenticatable)
+[![Dependency Status](https://gemnasium.com/cschiewek/devise_ldap_authenticatable.png)](https://gemnasium.com/cschiewek/devise_ldap_authenticatable)
+
 Devise LDAP Authenticatable is a LDAP based authentication strategy for the [Devise](http://github.com/plataformatec/devise) authentication framework.
 
 If you are building applications for use within your organization which require authentication and you want to use LDAP, this plugin is for you.
@@ -100,6 +104,11 @@ Troubleshooting
 
 **SSL certificate invalid:** If you're using a test LDAP server running a self-signed SSL certificate, make sure the appropriate root certificate is installed on your system. Alternately, you may temporarily disable certificate checking for SSL by modifying your system LDAP configuration (e.g., `/etc/openldap/ldap.conf` or `/etc/ldap/ldap.conf`) to read `TLS_REQCERT never`.
 
+Discussion Group
+------------
+
+For additional support, questions or discussions, please see the discussion forum on [Google Groups](https://groups.google.com/forum/#!forum/devise_ldap_authenticatable)
+
 Development guide
 ------------
 To contribute to `devise_ldap_authentication`, you should be able to run a test OpenLDAP server. Specifically, you need the `slapd`, `ldapadd`, and `ldapmodify` binaries.

data/devise_ldap_authenticatable.gemspec

@@ -11,14 +11,15 @@ Gem::Specification.new do |s|
   s.homepage = 'https://github.com/cschiewek/devise_ldap_authenticatable'
   s.description = s.summary
   s.authors = ['Curtis Schiewek', 'Daniel McNevin', 'Steven Xu']
+  s.license = 'MIT'
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  s.add_dependency('devise', '3.0.0.rc')
-  s.add_dependency('net-ldap', '~> 0.3.1')
+  s.add_dependency('devise', '>= 3.0')
+  s.add_dependency('net-ldap', '>= 0.3.1', '< 0.5.0')
 
   s.add_development_dependency('rake', '>= 0.9')
   s.add_development_dependency('rdoc', '>= 3')

data/lib/devise_ldap_authenticatable.rb

@@ -3,9 +3,8 @@ require 'devise'
 
 require 'devise_ldap_authenticatable/exception'
 require 'devise_ldap_authenticatable/logger'
-require 'devise_ldap_authenticatable/schema'
-require 'devise_ldap_authenticatable/ldap_adapter'
-require 'devise_ldap_authenticatable/routes'
+require 'devise_ldap_authenticatable/ldap/adapter'
+require 'devise_ldap_authenticatable/ldap/connection'
 
 # Get ldap information from config/ldap.yml now
 module Devise
@@ -45,4 +44,4 @@ Devise.add_module(:ldap_authenticatable,
                   :route => :session, ## This will add the routes, rather than in the routes.rb
                   :strategy   => true,
                   :controller => :sessions,
-                  :model  => 'devise_ldap_authenticatable/model')
+                  :model  => 'devise_ldap_authenticatable/model')

data/lib/devise_ldap_authenticatable/ldap/adapter.rb

@@ -0,0 +1,87 @@
+require "net/ldap"
+
+module Devise
+  module LDAP
+    DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY = 'uniqueMember'
+    
+    module Adapter
+      def self.valid_credentials?(login, password_plaintext)
+        options = {:login => login,
+                   :password => password_plaintext,
+                   :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                   :admin => ::Devise.ldap_use_admin_to_bind}
+
+        resource = Devise::LDAP::Connection.new(options)
+        resource.authorized?
+      end
+
+      def self.update_password(login, new_password)
+        options = {:login => login,
+                   :new_password => new_password,
+                   :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                   :admin => ::Devise.ldap_use_admin_to_bind}
+
+        resource = Devise::LDAP::Connection.new(options)
+        resource.change_password! if new_password.present?
+      end
+
+      def self.update_own_password(login, new_password, current_password)
+        set_ldap_param(login, :userpassword, Net::LDAP::Password.generate(:sha, new_password), current_password)
+      end
+
+      def self.ldap_connect(login)
+        options = {:login => login,
+                   :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                   :admin => ::Devise.ldap_use_admin_to_bind}
+
+        resource = Devise::LDAP::Connection.new(options)
+      end
+
+      def self.valid_login?(login)
+        self.ldap_connect(login).valid_login?
+      end
+
+      def self.get_groups(login)
+        self.ldap_connect(login).user_groups
+      end
+
+      def self.in_ldap_group?(login, group_name, group_attribute = nil)
+        self.ldap_connect(login).in_group?(group_name, group_attribute)
+      end
+
+      def self.get_dn(login)
+        self.ldap_connect(login).dn
+      end
+
+      def self.set_ldap_param(login, param, new_value, password = nil)
+        options = { :login => login,
+                    :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                    :password => password }
+
+        resource = Devise::LDAP::Connection.new(options)
+        resource.set_param(param, new_value)
+      end
+
+      def self.delete_ldap_param(login, param, password = nil)
+        options = { :login => login,
+                    :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                    :password => password }
+
+        resource = Devise::LDAP::Connection.new(options)
+        resource.delete_param(param)
+      end
+
+      def self.get_ldap_param(login,param)
+        resource = self.ldap_connect(login)
+        resource.ldap_param_value(param)
+      end
+
+      def self.get_ldap_entry(login)
+        self.ldap_connect(login).search_for_login
+      end
+
+    end
+
+  end
+
+end

data/lib/devise_ldap_authenticatable/{ldap_adapter.rb → ldap/connection.rb}

@@ -1,86 +1,6 @@
-require "net/ldap"
-
 module Devise
-  module LdapAdapter
-    DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY = 'uniqueMember'
-
-    def self.valid_credentials?(login, password_plaintext)
-      options = {:login => login,
-                 :password => password_plaintext,
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
-
-      resource = LdapConnect.new(options)
-      resource.authorized?
-    end
-
-    def self.update_password(login, new_password)
-      options = {:login => login,
-                 :new_password => new_password,
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
-
-      resource = LdapConnect.new(options)
-      resource.change_password! if new_password.present?
-    end
-
-    def self.update_own_password(login, new_password, current_password)
-      set_ldap_param(login, :userpassword, Net::LDAP::Password.generate(:sha, new_password), current_password)
-    end
-
-    def self.ldap_connect(login)
-      options = {:login => login,
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
-
-      resource = LdapConnect.new(options)
-    end
-
-    def self.valid_login?(login)
-      self.ldap_connect(login).valid_login?
-    end
-
-    def self.get_groups(login)
-      self.ldap_connect(login).user_groups
-    end
-
-    def self.in_ldap_group?(login, group_name, group_attribute = nil)
-      self.ldap_connect(login).in_group?(group_name, group_attribute)
-    end
-
-    def self.get_dn(login)
-      self.ldap_connect(login).dn
-    end
-
-    def self.set_ldap_param(login, param, new_value, password = nil)
-      options = { :login => login,
-                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                  :password => password }
-
-      resource = LdapConnect.new(options)
-      resource.set_param(param, new_value)
-    end
-
-    def self.delete_ldap_param(login, param, password = nil)
-      options = { :login => login,
-                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                  :password => password }
-
-      resource = LdapConnect.new(options)
-      resource.delete_param(param)
-    end
-
-    def self.get_ldap_param(login,param)
-      resource = self.ldap_connect(login)
-      resource.ldap_param_value(param)
-    end
-
-    def self.get_ldap_entry(login)
-      self.ldap_connect(login).search_for_login
-    end
-
-    class LdapConnect
-
+  module LDAP
+    class Connection
       attr_reader :ldap, :login
 
       def initialize(params = {})
@@ -132,10 +52,9 @@ module Devise
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
 
         if ldap_entry
-          if ldap_entry[param]
-            DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{ldap_entry.send(param)}")
+          unless ldap_entry[param].empty?
             value = ldap_entry.send(param)
-            value = value.first if value.is_a?(Array) and value.count == 1
+            DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{value}")
             value
           else
             DeviseLdapAuthenticatable::Logger.send("Requested param #{param} does not exist")
@@ -192,10 +111,10 @@ module Devise
         return true
       end
 
-      def in_group?(group_name, group_attribute = DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY)
+      def in_group?(group_name, group_attribute = LDAP::DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY)
         in_group = false
 
-        admin_ldap = LdapConnect.admin
+        admin_ldap = Connection.admin
 
         unless ::Devise.ldap_ad_group_check
           admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
@@ -225,7 +144,7 @@ module Devise
       def has_required_attribute?
         return true unless ::Devise.ldap_check_attributes
 
-        admin_ldap = LdapConnect.admin
+        admin_ldap = Connection.admin
 
         user = find_ldap_user(admin_ldap)
 
@@ -240,7 +159,7 @@ module Devise
       end
 
       def user_groups
-        admin_ldap = LdapConnect.admin
+        admin_ldap = Connection.admin
 
         DeviseLdapAuthenticatable::Logger.send("Getting groups for #{dn}")
         filter = Net::LDAP::Filter.eq("uniqueMember", dn)
@@ -267,7 +186,7 @@ module Devise
       private
 
       def self.admin
-        ldap = LdapConnect.new(:admin => true).ldap
+        ldap = Connection.new(:admin => true).ldap
 
         unless ldap.bind
           DeviseLdapAuthenticatable::Logger.send("Cannot bind to admin LDAP user")
@@ -293,7 +212,7 @@ module Devise
         end
 
         if ::Devise.ldap_use_admin_to_bind
-          privileged_ldap = LdapConnect.admin
+          privileged_ldap = Connection.admin
         else
           authenticate!
           privileged_ldap = self.ldap
@@ -302,9 +221,6 @@ module Devise
         DeviseLdapAuthenticatable::Logger.send("Modifying user #{dn}")
         privileged_ldap.modify(:dn => dn, :operations => operations)
       end
-
     end
-
   end
-
-end
+end

data/lib/devise_ldap_authenticatable/model.rb

@@ -25,12 +25,12 @@ module Devise
       def change_password!(current_password)
         raise "Need to set new password first" if @password.blank?
 
-        Devise::LdapAdapter.update_own_password(login_with, @password, current_password)
+        Devise::LDAP::Adapter.update_own_password(login_with, @password, current_password)
       end
       
       def reset_password!(new_password, new_password_confirmation)
         if new_password == new_password_confirmation && ::Devise.ldap_update_password
-          Devise::LdapAdapter.update_password(login_with, new_password)
+          Devise::LDAP::Adapter.update_password(login_with, new_password)
         end
         clear_reset_password_token if valid?
         save
@@ -38,11 +38,14 @@ module Devise
 
       def password=(new_password)
         @password = new_password
+        if defined?(password_digest) && @password.present? && respond_to?(:encrypted_password=)
+          self.encrypted_password = password_digest(@password) 
+        end
       end
 
       # Checks if a resource is valid upon authentication.
       def valid_ldap_authentication?(password)
-        if Devise::LdapAdapter.valid_credentials?(login_with, password)
+        if Devise::LDAP::Adapter.valid_credentials?(login_with, password)
           return true
         else
           return false
@@ -50,19 +53,19 @@ module Devise
       end
 
       def ldap_groups
-        Devise::LdapAdapter.get_groups(login_with)
+        Devise::LDAP::Adapter.get_groups(login_with)
       end
 
-      def in_ldap_group?(group_name, group_attribute = LdapAdapter::DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY)
-        Devise::LdapAdapter.in_ldap_group?(login_with, group_name, group_attribute)
+      def in_ldap_group?(group_name, group_attribute = LDAP::DEFAULT_GROUP_UNIQUE_MEMBER_LIST_KEY)
+        Devise::LDAP::Adapter.in_ldap_group?(login_with, group_name, group_attribute)
       end
 
       def ldap_dn
-        Devise::LdapAdapter.get_dn(login_with)
+        Devise::LDAP::Adapter.get_dn(login_with)
       end
 
       def ldap_get_param(login_with, param)
-        Devise::LdapAdapter.get_ldap_param(login_with,param)
+        Devise::LDAP::Adapter.get_ldap_param(login_with,param)
       end
 
       #
@@ -95,7 +98,7 @@ module Devise
           if resource.try(:valid_ldap_authentication?, attributes[:password])
             if resource.new_record?
               resource.ldap_before_save if resource.respond_to?(:ldap_before_save)
-              resource.save
+              resource.save!
             end
             return resource
           else

data/lib/devise_ldap_authenticatable/strategy.rb

@@ -2,24 +2,17 @@ require 'devise/strategies/authenticatable'
 
 module Devise
   module Strategies
-    # Strategy for signing in a user based on his login and password using LDAP.
-    # Redirects to sign_in page if it's not authenticated
     class LdapAuthenticatable < Authenticatable
-      # Authenticate a user based on login and password params, returning to warden
-      # success and the authenticated user if everything is okay. Otherwise redirect
-      # to sign in page.
       def authenticate!
-        resource = valid_password? && mapping.to.authenticate_with_ldap(params[scope])
-        return fail(:invalid) if resource.nil?
+        resource = valid_password? && mapping.to.authenticate_with_ldap(authentication_hash.merge(password: password))
+        return fail(:invalid) unless resource
 
         if validate(resource)
           success!(resource)
-        else
-          fail(:invalid)
         end
       end
     end
   end
 end
 
-Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
+Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)

data/lib/devise_ldap_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.8.0.pre".freeze
+  VERSION = "0.8.0".freeze
 end

data/spec/rails_app/db/schema.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
@@ -8,27 +9,27 @@
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
 # you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20100708120448) do
+ActiveRecord::Schema.define(version: 20100708120448) do
 
-  create_table "users", :force => true do |t|
-    t.string   "email",                  :default => "", :null => false
-    t.string   "encrypted_password",     :default => "", :null => false
+  create_table "users", force: true do |t|
+    t.string   "email",                  default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
     t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          :default => 0
+    t.integer  "sign_in_count",          default: 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
     t.string   "last_sign_in_ip"
     t.string   "uid"
-    t.datetime "created_at",                             :null => false
-    t.datetime "updated_at",                             :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "users", ["email"], :name => "index_users_on_email", :unique => true
-  add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
+  add_index "users", ["email"], name: "index_users_on_email", unique: true
+  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
 
 end

data/spec/unit/user_spec.rb

@@ -18,11 +18,11 @@ describe 'Users' do
 
     describe "look up and ldap user" do
       it "should return true for a user that does exist in LDAP" do
-        assert_equal true, ::Devise::LdapAdapter.valid_login?('example.user@test.com')
+        assert_equal true, ::Devise::LDAP::Adapter.valid_login?('example.user@test.com')
       end
 
       it "should return false for a user that doesn't exist in LDAP" do
-        assert_equal false, ::Devise::LdapAdapter.valid_login?('barneystinson')
+        assert_equal false, ::Devise::LDAP::Adapter.valid_login?('barneystinson')
       end
     end
 
@@ -280,7 +280,7 @@ describe 'Users' do
 
     it "should not fail if config file has ssl: true" do
       assert_nothing_raised do
-        Devise::LdapAdapter::LdapConnect.new
+        Devise::LDAP::Connection.new
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_ldap_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.8.0.pre
+  version: 0.8.0
 platform: ruby
 authors:
 - Curtis Schiewek
@@ -10,36 +10,42 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-02 00:00:00.000000000 Z
+date: 2013-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 3.0.0.rc
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 3.0.0.rc
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
         version: 0.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
         version: 0.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -195,11 +201,10 @@ files:
 - devise_ldap_authenticatable.gemspec
 - lib/devise_ldap_authenticatable.rb
 - lib/devise_ldap_authenticatable/exception.rb
-- lib/devise_ldap_authenticatable/ldap_adapter.rb
+- lib/devise_ldap_authenticatable/ldap/adapter.rb
+- lib/devise_ldap_authenticatable/ldap/connection.rb
 - lib/devise_ldap_authenticatable/logger.rb
 - lib/devise_ldap_authenticatable/model.rb
-- lib/devise_ldap_authenticatable/routes.rb
-- lib/devise_ldap_authenticatable/schema.rb
 - lib/devise_ldap_authenticatable/strategy.rb
 - lib/devise_ldap_authenticatable/version.rb
 - lib/generators/devise_ldap_authenticatable/install_generator.rb
@@ -274,7 +279,8 @@ files:
 - spec/support/factories.rb
 - spec/unit/user_spec.rb
 homepage: https://github.com/cschiewek/devise_ldap_authenticatable
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -287,9 +293,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.3

data/lib/devise_ldap_authenticatable/routes.rb

@@ -1,8 +0,0 @@
-## No routes needed anymore since Devise.add_module with the :route parameter will take care of it.
-
-# ActionController::Routing::RouteSet::Mapper.class_eval do
-# 
-#   protected
-#     # reuse the session routes and controller
-#     alias :ldap_authenticatable :database_authenticatable
-# end

data/lib/devise_ldap_authenticatable/schema.rb

@@ -1,14 +0,0 @@
-## Using email now instead of login. Will add an option later on.
-
-# Devise::Schema.class_eval do
-#     # Creates login
-#     #
-#     # == Options
-#     # * :null - When true, allow columns to be null.
-#     def ldap_authenticatable(options={})
-#       null = options[:null] || false
-# 
-#       apply_schema :login, String, :null => null
-#     end
-# 
-# end