devise_ldap_authenticatable 0.8.1 → 0.8.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +2 -1
  3. data/README.md +36 -32
  4. data/devise_ldap_authenticatable.gemspec +9 -9
  5. data/lib/devise_ldap_authenticatable.rb +20 -8
  6. data/lib/devise_ldap_authenticatable/ldap/adapter.rb +19 -12
  7. data/lib/devise_ldap_authenticatable/ldap/connection.rb +94 -28
  8. data/lib/devise_ldap_authenticatable/model.rb +28 -24
  9. data/lib/devise_ldap_authenticatable/strategy.rb +25 -4
  10. data/lib/devise_ldap_authenticatable/version.rb +2 -2
  11. data/lib/generators/devise_ldap_authenticatable/install_generator.rb +19 -17
  12. data/lib/generators/devise_ldap_authenticatable/templates/ldap.yml +8 -1
  13. data/spec/rails_app/config/initializers/devise.rb +5 -0
  14. data/spec/rails_app/config/ldap.yml +4 -2
  15. data/spec/rails_app/config/ldap_with_erb.yml +5 -3
  16. data/spec/rails_app/config/locales/devise.en.yml +1 -0
  17. data/spec/rails_app/db/migrate/20100708120448_devise_create_users.rb +1 -1
  18. data/spec/rails_app/db/schema.rb +12 -14
  19. data/spec/spec_helper.rb +9 -1
  20. data/spec/unit/adapter_spec.rb +21 -0
  21. data/spec/unit/connection_spec.rb +121 -0
  22. data/spec/unit/user_spec.rb +91 -30
  23. metadata +36 -41
data/spec/unit/user_spec.rb CHANGED
@@ -16,7 +16,7 @@ describe 'Users' do
16
16
  reset_ldap_server!
17
17
  end
18
18
 
19
- describe "look up and ldap user" do
19
+ describe "look up an ldap user" do
20
20
  it "should return true for a user that does exist in LDAP" do
21
21
  assert_equal true, ::Devise::LDAP::Adapter.valid_login?('example.user@test.com')
22
22
  end
@@ -48,7 +48,7 @@ describe 'Users' do
48
48
  should_be_validated @user, "secret"
49
49
  @user.password = "changed"
50
50
  @user.change_password!("secret")
51
- should_be_validated @user, "changed", "password was not changed properly on the LDAP sevrer"
51
+ should_be_validated @user, "changed", "password was not changed properly on the LDAP server"
52
52
  end
53
53
 
54
54
  it "should not allow to change password if setting is false" do
@@ -66,9 +66,10 @@ describe 'Users' do
66
66
  assert(User.all.blank?, "There shouldn't be any users in the database")
67
67
  end
68
68
 
69
- it "should don't create user in the database" do
70
- @user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
69
+ it "should not create user in the database" do
70
+ @user = User.find_for_ldap_authentication(:email => "example.user@test.com", :password => "secret")
71
71
  assert(User.all.blank?)
72
+ assert(@user.new_record?)
72
73
  end
73
74
 
74
75
  describe "creating users is enabled" do
@@ -77,18 +78,19 @@ describe 'Users' do
77
78
  end
78
79
 
79
80
  it "should create a user in the database" do
80
- @user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
81
+ @user = User.find_for_ldap_authentication(:email => "example.user@test.com", :password => "secret")
81
82
  assert_equal(User.all.size, 1)
82
- User.all.collect(&:email).should include("example.user@test.com")
83
+ expect(User.all.collect(&:email)).to include("example.user@test.com")
84
+ assert(@user.persisted?)
83
85
  end
84
86
 
85
87
  it "should not create a user in the database if the password is wrong_secret" do
86
- @user = User.authenticate_with_ldap(:email => "example.user", :password => "wrong_secret")
88
+ @user = User.find_for_ldap_authentication(:email => "example.user", :password => "wrong_secret")
87
89
  assert(User.all.blank?, "There's users in the database")
88
90
  end
89
91
 
90
- it "should create a user if the user is not in LDAP" do
91
- @user = User.authenticate_with_ldap(:email => "wrong_secret.user@test.com", :password => "wrong_secret")
92
+ it "should not create a user if the user is not in LDAP" do
93
+ @user = User.find_for_ldap_authentication(:email => "wrong_secret.user@test.com", :password => "wrong_secret")
92
94
  assert(User.all.blank?, "There's users in the database")
93
95
  end
94
96
 
@@ -97,7 +99,7 @@ describe 'Users' do
97
99
  @user = Factory.create(:user)
98
100
 
99
101
  expect do
100
- User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
102
+ User.find_for_ldap_authentication(:email => "EXAMPLE.user@test.com", :password => "secret")
101
103
  end.to change { User.count }.by(1)
102
104
  end
103
105
 
@@ -106,15 +108,15 @@ describe 'Users' do
106
108
  @user = Factory.create(:user)
107
109
 
108
110
  expect do
109
- User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
111
+ User.find_for_ldap_authentication(:email => "EXAMPLE.user@test.com", :password => "secret")
110
112
  end.to_not change { User.count }
111
113
  end
112
114
 
113
115
  it "should create a user with downcased email in the database if case insensitivity matters" do
114
116
  ::Devise.case_insensitive_keys = [:email]
115
117
 
116
- @user = User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
117
- User.all.collect(&:email).should include("example.user@test.com")
118
+ @user = User.find_for_ldap_authentication(:email => "EXAMPLE.user@test.com", :password => "secret")
119
+ expect(User.all.collect(&:email)).to include("example.user@test.com")
118
120
  end
119
121
  end
120
122
 
@@ -133,32 +135,55 @@ describe 'Users' do
133
135
  end
134
136
 
135
137
  it "should admin should have the proper groups set" do
136
- @admin.ldap_groups.should include('cn=admins,ou=groups,dc=test,dc=com')
138
+ expect(@admin.ldap_groups).to include('cn=admins,ou=groups,dc=test,dc=com')
137
139
  end
138
140
 
139
141
  it "should user should not be allowed in" do
140
142
  should_not_be_validated @user, "secret"
141
143
  end
142
144
  end
143
-
145
+
144
146
  describe "check group membership" do
145
147
  before do
146
148
  @admin = Factory.create(:admin)
147
149
  @user = Factory.create(:user)
148
150
  end
149
-
151
+
150
152
  it "should return true for admin being in the admins group" do
151
153
  assert_equal true, @admin.in_ldap_group?('cn=admins,ou=groups,dc=test,dc=com')
152
154
  end
153
-
155
+
154
156
  it "should return false for admin being in the admins group using the 'foobar' group attribute" do
155
157
  assert_equal false, @admin.in_ldap_group?('cn=admins,ou=groups,dc=test,dc=com', 'foobar')
156
158
  end
157
-
159
+
160
+ it "should return true for user being in the users group" do
161
+ assert_equal true, @user.in_ldap_group?('cn=users,ou=groups,dc=test,dc=com')
162
+ end
163
+
164
+ it "should return false for user being in the admins group" do
165
+ assert_equal false, @user.in_ldap_group?('cn=admins,ou=groups,dc=test,dc=com')
166
+ end
167
+
168
+ it "should return false for a user being in a nonexistent group" do
169
+ assert_equal false, @user.in_ldap_group?('cn=thisgroupdoesnotexist,ou=groups,dc=test,dc=com')
170
+ end
171
+ end
172
+
173
+ describe "check group membership w/out admin bind" do
174
+ before do
175
+ @user = Factory.create(:user)
176
+ ::Devise.ldap_check_group_membership_without_admin = true
177
+ end
178
+
179
+ after do
180
+ ::Devise.ldap_check_group_membership_without_admin = false
181
+ end
182
+
158
183
  it "should return true for user being in the users group" do
159
184
  assert_equal true, @user.in_ldap_group?('cn=users,ou=groups,dc=test,dc=com')
160
- end
161
-
185
+ end
186
+
162
187
  it "should return false for user being in the admins group" do
163
188
  assert_equal false, @user.in_ldap_group?('cn=admins,ou=groups,dc=test,dc=com')
164
189
  end
@@ -166,8 +191,15 @@ describe 'Users' do
166
191
  it "should return false for a user being in a nonexistent group" do
167
192
  assert_equal false, @user.in_ldap_group?('cn=thisgroupdoesnotexist,ou=groups,dc=test,dc=com')
168
193
  end
194
+
195
+ # TODO: add a test that confirms the user's own binding is used rather
196
+ # than the admin binding by creating an LDAP user who can't do group
197
+ # lookups perhaps?
198
+
199
+ # TODO: add a test to demonstrate this function won't work on a user
200
+ # after the initial login request if the password isn't available. This
201
+ # might have to be more of a full stack test.
169
202
  end
170
-
171
203
 
172
204
  describe "use role attribute for authorization" do
173
205
  before do
@@ -185,6 +217,26 @@ describe 'Users' do
185
217
  end
186
218
  end
187
219
 
220
+ describe "use attribute presence for authorization" do
221
+ before do
222
+ @admin = Factory.create(:admin)
223
+ @user = Factory.create(:user)
224
+ ::Devise.ldap_check_attributes_presence = true
225
+ end
226
+
227
+ after do
228
+ ::Devise.ldap_check_attributes_presence = false
229
+ end
230
+
231
+ it "should admin should not be allowed in" do
232
+ should_not_be_validated @admin, "admin_secret"
233
+ end
234
+
235
+ it "should user should be allowed in" do
236
+ should_be_validated @user, "secret"
237
+ end
238
+ end
239
+
188
240
  describe "use admin setting to bind" do
189
241
  before do
190
242
  @admin = Factory.create(:admin)
@@ -197,6 +249,19 @@ describe 'Users' do
197
249
  end
198
250
  end
199
251
 
252
+ describe 'check password expiration' do
253
+ before { allow_any_instance_of(Devise::LDAP::Connection).to receive(:authenticated?).and_return(false) }
254
+
255
+ it 'should return false for a user that has a fresh password' do
256
+ allow_any_instance_of(Devise::LDAP::Connection).to receive(:last_message_expired_credentials?).and_return(false)
257
+ assert_equal false, ::Devise::LDAP::Adapter.expired_valid_credentials?('example.user@test.com','secret')
258
+ end
259
+
260
+ it 'should return true for a user that has an expired password' do
261
+ allow_any_instance_of(Devise::LDAP::Connection).to receive(:last_message_expired_credentials?).and_return(true)
262
+ assert_equal true, ::Devise::LDAP::Adapter.expired_valid_credentials?('example.user@test.com','secret')
263
+ end
264
+ end
200
265
  end
201
266
 
202
267
  describe "use uid for login" do
@@ -225,9 +290,9 @@ describe 'Users' do
225
290
  end
226
291
 
227
292
  it "should create a user in the database" do
228
- @user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
293
+ @user = User.find_for_ldap_authentication(:uid => "example_user", :password => "secret")
229
294
  assert_equal(User.all.size, 1)
230
- User.all.collect(&:uid).should include("example_user")
295
+ expect(User.all.collect(&:uid)).to include("example_user")
231
296
  end
232
297
 
233
298
  it "should call ldap_before_save hooks" do
@@ -236,7 +301,7 @@ describe 'Users' do
236
301
  @foobar = 'foobar'
237
302
  end
238
303
  end
239
- user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
304
+ user = User.find_for_ldap_authentication(:uid => "example_user", :password => "secret")
240
305
  assert_equal 'foobar', user.instance_variable_get(:"@foobar")
241
306
  User.class_eval do
242
307
  undef ldap_before_save
@@ -244,9 +309,7 @@ describe 'Users' do
244
309
  end
245
310
 
246
311
  it "should not call ldap_before_save hook if not defined" do
247
- assert_nothing_raised do
248
- should_be_validated Factory.create(:user, :uid => "example_user"), "secret"
249
- end
312
+ should_be_validated Factory.create(:user, :uid => "example_user"), "secret"
250
313
  end
251
314
  end
252
315
  end
@@ -279,9 +342,7 @@ describe 'Users' do
279
342
  end
280
343
 
281
344
  it "should not fail if config file has ssl: true" do
282
- assert_nothing_raised do
283
- Devise::LDAP::Connection.new
284
- end
345
+ Devise::LDAP::Connection.new
285
346
  end
286
347
  end
287
348
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_ldap_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.1
4
+ version: 0.8.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Curtis Schiewek
@@ -10,180 +10,174 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-07-24 00:00:00.000000000 Z
13
+ date: 2020-07-23 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: devise
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - '>='
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
- version: '3.0'
21
+ version: 3.4.1
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
- - - '>='
26
+ - - ">="
27
27
  - !ruby/object:Gem::Version
28
- version: '3.0'
28
+ version: 3.4.1
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: net-ldap
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - '>='
33
+ - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: 0.3.1
36
- - - <
37
- - !ruby/object:Gem::Version
38
- version: 0.6.0
35
+ version: 0.16.0
39
36
  type: :runtime
40
37
  prerelease: false
41
38
  version_requirements: !ruby/object:Gem::Requirement
42
39
  requirements:
43
- - - '>='
44
- - !ruby/object:Gem::Version
45
- version: 0.3.1
46
- - - <
40
+ - - ">="
47
41
  - !ruby/object:Gem::Version
48
- version: 0.6.0
42
+ version: 0.16.0
49
43
  - !ruby/object:Gem::Dependency
50
44
  name: rake
51
45
  requirement: !ruby/object:Gem::Requirement
52
46
  requirements:
53
- - - '>='
47
+ - - ">="
54
48
  - !ruby/object:Gem::Version
55
49
  version: '0.9'
56
50
  type: :development
57
51
  prerelease: false
58
52
  version_requirements: !ruby/object:Gem::Requirement
59
53
  requirements:
60
- - - '>='
54
+ - - ">="
61
55
  - !ruby/object:Gem::Version
62
56
  version: '0.9'
63
57
  - !ruby/object:Gem::Dependency
64
58
  name: rdoc
65
59
  requirement: !ruby/object:Gem::Requirement
66
60
  requirements:
67
- - - '>='
61
+ - - ">="
68
62
  - !ruby/object:Gem::Version
69
63
  version: '3'
70
64
  type: :development
71
65
  prerelease: false
72
66
  version_requirements: !ruby/object:Gem::Requirement
73
67
  requirements:
74
- - - '>='
68
+ - - ">="
75
69
  - !ruby/object:Gem::Version
76
70
  version: '3'
77
71
  - !ruby/object:Gem::Dependency
78
72
  name: rails
79
73
  requirement: !ruby/object:Gem::Requirement
80
74
  requirements:
81
- - - '>='
75
+ - - ">="
82
76
  - !ruby/object:Gem::Version
83
77
  version: '4.0'
84
78
  type: :development
85
79
  prerelease: false
86
80
  version_requirements: !ruby/object:Gem::Requirement
87
81
  requirements:
88
- - - '>='
82
+ - - ">="
89
83
  - !ruby/object:Gem::Version
90
84
  version: '4.0'
91
85
  - !ruby/object:Gem::Dependency
92
86
  name: sqlite3
93
87
  requirement: !ruby/object:Gem::Requirement
94
88
  requirements:
95
- - - '>='
89
+ - - ">="
96
90
  - !ruby/object:Gem::Version
97
91
  version: '0'
98
92
  type: :development
99
93
  prerelease: false
100
94
  version_requirements: !ruby/object:Gem::Requirement
101
95
  requirements:
102
- - - '>='
96
+ - - ">="
103
97
  - !ruby/object:Gem::Version
104
98
  version: '0'
105
99
  - !ruby/object:Gem::Dependency
106
100
  name: factory_girl_rails
107
101
  requirement: !ruby/object:Gem::Requirement
108
102
  requirements:
109
- - - ~>
103
+ - - "~>"
110
104
  - !ruby/object:Gem::Version
111
105
  version: '1.0'
112
106
  type: :development
113
107
  prerelease: false
114
108
  version_requirements: !ruby/object:Gem::Requirement
115
109
  requirements:
116
- - - ~>
110
+ - - "~>"
117
111
  - !ruby/object:Gem::Version
118
112
  version: '1.0'
119
113
  - !ruby/object:Gem::Dependency
120
114
  name: factory_girl
121
115
  requirement: !ruby/object:Gem::Requirement
122
116
  requirements:
123
- - - ~>
117
+ - - "~>"
124
118
  - !ruby/object:Gem::Version
125
119
  version: '2.0'
126
120
  type: :development
127
121
  prerelease: false
128
122
  version_requirements: !ruby/object:Gem::Requirement
129
123
  requirements:
130
- - - ~>
124
+ - - "~>"
131
125
  - !ruby/object:Gem::Version
132
126
  version: '2.0'
133
127
  - !ruby/object:Gem::Dependency
134
128
  name: rspec-rails
135
129
  requirement: !ruby/object:Gem::Requirement
136
130
  requirements:
137
- - - '>='
131
+ - - ">="
138
132
  - !ruby/object:Gem::Version
139
133
  version: '0'
140
134
  type: :development
141
135
  prerelease: false
142
136
  version_requirements: !ruby/object:Gem::Requirement
143
137
  requirements:
144
- - - '>='
138
+ - - ">="
145
139
  - !ruby/object:Gem::Version
146
140
  version: '0'
147
141
  - !ruby/object:Gem::Dependency
148
142
  name: database_cleaner
149
143
  requirement: !ruby/object:Gem::Requirement
150
144
  requirements:
151
- - - '>='
145
+ - - ">="
152
146
  - !ruby/object:Gem::Version
153
147
  version: '0'
154
148
  type: :development
155
149
  prerelease: false
156
150
  version_requirements: !ruby/object:Gem::Requirement
157
151
  requirements:
158
- - - '>='
152
+ - - ">="
159
153
  - !ruby/object:Gem::Version
160
154
  version: '0'
161
155
  - !ruby/object:Gem::Dependency
162
156
  name: capybara
163
157
  requirement: !ruby/object:Gem::Requirement
164
158
  requirements:
165
- - - '>='
159
+ - - ">="
166
160
  - !ruby/object:Gem::Version
167
161
  version: '0'
168
162
  type: :development
169
163
  prerelease: false
170
164
  version_requirements: !ruby/object:Gem::Requirement
171
165
  requirements:
172
- - - '>='
166
+ - - ">="
173
167
  - !ruby/object:Gem::Version
174
168
  version: '0'
175
169
  - !ruby/object:Gem::Dependency
176
170
  name: launchy
177
171
  requirement: !ruby/object:Gem::Requirement
178
172
  requirements:
179
- - - '>='
173
+ - - ">="
180
174
  - !ruby/object:Gem::Version
181
175
  version: '0'
182
176
  type: :development
183
177
  prerelease: false
184
178
  version_requirements: !ruby/object:Gem::Requirement
185
179
  requirements:
186
- - - '>='
180
+ - - ">="
187
181
  - !ruby/object:Gem::Version
188
182
  version: '0'
189
183
  description: Devise extension to allow authentication via LDAP
@@ -192,7 +186,7 @@ executables: []
192
186
  extensions: []
193
187
  extra_rdoc_files: []
194
188
  files:
195
- - .gitignore
189
+ - ".gitignore"
196
190
  - CHANGELOG.md
197
191
  - Gemfile
198
192
  - MIT-LICENSE
@@ -277,6 +271,8 @@ files:
277
271
  - spec/rails_app/script/rails
278
272
  - spec/spec_helper.rb
279
273
  - spec/support/factories.rb
274
+ - spec/unit/adapter_spec.rb
275
+ - spec/unit/connection_spec.rb
280
276
  - spec/unit/user_spec.rb
281
277
  homepage: https://github.com/cschiewek/devise_ldap_authenticatable
282
278
  licenses:
@@ -288,17 +284,16 @@ require_paths:
288
284
  - lib
289
285
  required_ruby_version: !ruby/object:Gem::Requirement
290
286
  requirements:
291
- - - '>='
287
+ - - ">="
292
288
  - !ruby/object:Gem::Version
293
289
  version: '0'
294
290
  required_rubygems_version: !ruby/object:Gem::Requirement
295
291
  requirements:
296
- - - '>='
292
+ - - ">="
297
293
  - !ruby/object:Gem::Version
298
294
  version: '0'
299
295
  requirements: []
300
- rubyforge_project:
301
- rubygems_version: 2.0.3
296
+ rubygems_version: 3.1.2
302
297
  signing_key:
303
298
  specification_version: 4
304
299
  summary: Devise extension to allow authentication via LDAP