devise_ldap_authenticatable 0.4.9 → 0.4.10

data/README.md

@@ -140,9 +140,9 @@ All unit and functional tests are part of a sample rails application under test/
 Build / Start Instructions for Test LDAP Server
 -----------------------------------------------
 
-Make sure that directories test/ldap/openldap-data and test/ldap/openldap-data/run exist.
+These instructions require the current directory context to be the `test/ldap` directory relative to the project root.
 
-  1. To start the server, run `./run_server.sh`
+  1. To start the server, run `./run-server.sh`
   2. Add the basic structure: `ldapadd -x -h localhost -p 3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
     * this creates the users / passwords:
       * cn=admin,dc=test,com / secret
@@ -151,7 +151,7 @@ Make sure that directories test/ldap/openldap-data and test/ldap/openldap-data/r
   
   _For a LDAP server running SSL_
   
-  1. To start the server, run: `./run_server.sh --ssl`
+  1. To start the server, run: `./run-server.sh --ssl`
   2. Add the basic structure: `ldapadd -x -H ldaps://localhost:3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
     * this creates the users / passwords:
       * cn=admin,dc=test,com / secret

data/VERSION

@@ -1 +1 @@
-0.4.9
+0.4.10

data/devise_ldap_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_ldap_authenticatable}
-  s.version = "0.4.9"
+  s.version = "0.4.10"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Curtis Schiewek", "Daniel McNevin"]
-  s.date = %q{2011-07-06}
+  s.authors = ["Curtis Schiewek", "Daniel McNevin", "Steven Xu"]
+  s.date = %q{2011-10-17}
   s.description = %q{LDAP authentication module for Devise}
   s.email = %q{curtis.schiewek@gmail.com}
   s.extra_rdoc_files = [

data/lib/devise_ldap_authenticatable.rb

@@ -34,6 +34,9 @@ module Devise
   
   mattr_accessor :ldap_auth_username_builder
   @@ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }
+
+  mattr_accessor :ldap_ad_group_check
+  @@ldap_ad_group_check = false
 end
 
 # Add ldap_authenticatable strategy to defaults.

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -13,6 +13,14 @@ module Devise
       resource = LdapConnect.new(options)
       resource.authorized?
     end
+
+    def self.valid_login?(login)
+      options = {:login => login, 
+                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                 :admin => ::Devise.ldap_use_admin_to_bind}
+      resource = LdapConnect.new(options)
+      resource.valid_login?
+    end
     
     def self.update_password(login, new_password)
       options = {:login => login,
@@ -56,7 +64,8 @@ module Devise
       def initialize(params = {})
         ldap_config = YAML.load(ERB.new(File.read(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")).result)[Rails.env]
         ldap_options = params
-        ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]
+        ldap_config["ssl"] = :simple_tls if ldap_config["ssl"] === true
+        ldap_options[:encryption] = ldap_config["ssl"].to_sym if ldap_config["ssl"]
 
         @ldap = Net::LDAP.new(ldap_options)
         @ldap.host = ldap_config["host"]
@@ -77,10 +86,8 @@ module Devise
       end
 
       def dn
-        DeviseLdapAuthenticatable::Logger.send("LDAP search: #{@attribute}=#{@login}")
-        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
-        ldap_entry = nil
-        @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
+        DeviseLdapAuthenticatable::Logger.send("LDAP dn lookup: #{@attribute}=#{@login}")
+        ldap_entry = search_for_login
         if ldap_entry.nil?
           @ldap_auth_username_builder.call(@attribute,@login,@ldap)
         else
@@ -94,7 +101,7 @@ module Devise
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
 
 				DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{ldap_entry.send(param)}")
-				ldap_entry.send(param).to_s
+				ldap_entry.send(param)
 			end
 			
       def authenticate!
@@ -130,14 +137,27 @@ module Devise
             group_attribute = "uniqueMember"
             group_name = group
           end
-          admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
-            unless entry[group_attribute].include? dn
+          unless ::Devise.ldap_ad_group_check
+            admin_ldap.search(:base => group_name, :scope => Net::LDAP::SearchScope_BaseObject) do |entry|
+              unless entry[group_attribute].include? dn
+                DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
+                return false
+              end
+            end
+          else
+            # AD optimization - extension will recursively check sub-groups with one query
+            # "(memberof:1.2.840.113556.1.4.1941:=group_name)"
+            search_result = admin_ldap.search(:base => dn, 
+                              :filter => Net::LDAP::Filter.ex("memberof:1.2.840.113556.1.4.1941", group_name),
+                              :scope => Net::LDAP::SearchScope_BaseObject) 
+            # Will return  the user entry if belongs to group otherwise nothing
+            unless search_result.length == 1 && search_result[0].dn.eql?(dn)
               DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
               return false
             end
           end
         end
-        
+ 
         return true
       end
       
@@ -165,6 +185,10 @@ module Devise
         filter = Net::LDAP::Filter.eq("uniqueMember", dn)
         admin_ldap.search(:filter => filter, :base => @group_base).collect(&:dn)
       end
+
+      def valid_login?
+        !search_for_login.nil?
+      end
       
       private
       
@@ -183,6 +207,17 @@ module Devise
         DeviseLdapAuthenticatable::Logger.send("Finding user: #{dn}")
         ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject).try(:first)
       end
+
+      # Searches the LDAP for the login
+      #
+      # @return [Object] the LDAP entry found; nil if not found
+      def search_for_login
+        DeviseLdapAuthenticatable::Logger.send("LDAP search for login: #{@attribute}=#{@login}")
+        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
+        ldap_entry = nil
+        @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
+        ldap_entry
+      end
       
       def update_ldap(ops)
         operations = []

data/lib/devise_ldap_authenticatable/model.rb

@@ -18,7 +18,8 @@ module Devise
       end
 
       def login_with
-        self[::Devise.authentication_keys.first]
+        @login_with ||= Devise.mappings[self.class.to_s.underscore.to_sym].to.authentication_keys.first
+        self[@login_with]
       end
       
       def reset_password!(new_password, new_password_confirmation)
@@ -54,25 +55,36 @@ module Devise
         Devise::LdapAdapter.get_ldap_param(login_with,param)
       end
 
+      #
+      # callbacks
+      #
+
+      # # Called before the ldap record is saved automatically
+      # def ldap_before_save
+      # end
+
 
       module ClassMethods
         # Authenticate a user based on configured attribute keys. Returns the
         # authenticated user if it's valid or nil.
         def authenticate_with_ldap(attributes={}) 
-          @login_with = ::Devise.authentication_keys.first
-          return nil unless attributes[@login_with].present? 
-          
+          auth_key = self.authentication_keys.first
+          return nil unless attributes[auth_key].present? 
+
           # resource = find_for_ldap_authentication(conditions)
-          resource = where(@login_with => attributes[@login_with]).first
+          resource = where(auth_key => attributes[auth_key]).first
                     
           if (resource.blank? and ::Devise.ldap_create_user)
             resource = new
-            resource[@login_with] = attributes[@login_with]
+            resource[auth_key] = attributes[auth_key]
             resource.password = attributes[:password]
           end
                     
           if resource.try(:valid_ldap_authentication?, attributes[:password])
-            resource.save if resource.new_record?
+            if resource.new_record?
+              resource.ldap_before_save if resource.respond_to?(:ldap_before_save)
+              resource.save 
+            end
             return resource
           else
             return nil

data/lib/generators/devise_ldap_authenticatable/install_generator.rb

@@ -36,6 +36,7 @@ module DeviseLdapAuthenticatable
   # config.ldap_check_group_membership = false
   # config.ldap_check_attributes = false
   # config.ldap_use_admin_to_bind = false
+  # config.ldap_ad_group_check = false
   
       eof
       if options.advanced?  

data/lib/generators/devise_ldap_authenticatable/templates/ldap.yml

@@ -37,7 +37,7 @@ test:
   base: ou=people,dc=test,dc=com
   admin_user: cn=admin,dc=test,dc=com
   admin_password: admin_password
-  ssl: false
+  ssl: simple_tls
   # <<: *AUTHORIZATIONS
 
 production:
@@ -47,5 +47,5 @@ production:
   base: ou=people,dc=test,dc=com
   admin_user: cn=admin,dc=test,dc=com
   admin_password: admin_password
-  ssl: true
-  # <<: *AUTHORIZATIONS
+  ssl: start_tls
+  # <<: *AUTHORIZATIONS

data/test/rails_app/Gemfile

@@ -3,7 +3,7 @@ source 'http://rubygems.org'
 gem 'rails', '3.0.0'
 gem 'sqlite3-ruby', :require => 'sqlite3'
 
-gem "devise", "1.1.2"
+gem "devise", "~> 1.4.0"
 gem "devise_ldap_authenticatable", :path => "../../"
 
 group :test do

data/test/rails_app/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
-  remote: /Users/dpmcnevin/Rails/devise_ldap_authenticatable
+  remote: ../../
   specs:
-    devise_ldap_authenticatable (0.4.5)
-      devise (= 1.1.2)
-      net-ldap (= 0.1.1)
+    devise_ldap_authenticatable (0.4.9)
+      devise (~> 1.4.0)
+      net-ldap (~> 0.2.2)
 
 GEM
   remote: http://rubygems.org/
@@ -43,7 +43,7 @@ GEM
       autotest (>= 4.2.4)
     autotest-rails (4.1.0)
       ZenTest
-    bcrypt-ruby (2.1.2)
+    bcrypt-ruby (3.0.1)
     builder (2.1.2)
     capybara (0.3.9)
       culerity (>= 0.2.4)
@@ -64,9 +64,10 @@ GEM
       cucumber (>= 0.8.0)
     culerity (0.2.12)
     database_cleaner (0.5.2)
-    devise (1.1.2)
-      bcrypt-ruby (~> 2.1.2)
-      warden (~> 0.10.7)
+    devise (1.4.7)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.0.3)
+      warden (~> 1.0.3)
     diff-lcs (1.1.2)
     erubis (2.6.6)
       abstract (>= 1.0.0)
@@ -91,8 +92,9 @@ GEM
     mime-types (1.16)
     mocha (0.9.8)
       rake
-    net-ldap (0.1.1)
+    net-ldap (0.2.2)
     nokogiri (1.4.3.1)
+    orm_adapter (0.0.5)
     polyglot (0.3.1)
     rack (1.2.1)
     rack-mount (0.6.12)
@@ -132,8 +134,8 @@ GEM
       polyglot (>= 0.3.1)
     trollop (1.16.2)
     tzinfo (0.3.23)
-    warden (0.10.7)
-      rack (>= 1.0.0)
+    warden (1.0.5)
+      rack (>= 1.0)
 
 PLATFORMS
   ruby
@@ -145,7 +147,7 @@ DEPENDENCIES
   capybara
   cucumber-rails
   database_cleaner
-  devise (= 1.1.2)
+  devise (~> 1.4.0)
   devise_ldap_authenticatable!
   factory_girl_rails
   launchy

data/test/rails_app/db/schema.rb

@@ -1,8 +1,8 @@
-# This file is auto-generated from the current state of the database. Instead 
+# This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your 
+# Note that this schema.rb definition is the authoritative source for your
 # database schema. If you need to create the application database on another
 # system, you should be using db:schema:load, not running all the migrations
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
@@ -22,7 +22,6 @@ ActiveRecord::Schema.define(:version => 20100708120448) do
   create_table "users", :force => true do |t|
     t.string   "email",                               :default => "", :null => false
     t.string   "encrypted_password",   :limit => 128, :default => "", :null => false
-    t.string   "password_salt",                       :default => "", :null => false
     t.string   "reset_password_token"
     t.string   "remember_token"
     t.datetime "remember_created_at"

data/test/rails_app/test/unit/user_test.rb

@@ -15,6 +15,16 @@ class UserTest < ActiveSupport::TestCase
       default_devise_settings!
       reset_ldap_server!
     end
+
+    context "look up and ldap user" do
+      should "return true for a user that does exist in LDAP" do
+        assert_equal true, ::Devise::LdapAdapter.valid_login?('example.user@test.com')
+      end
+
+      should "return false for a user that doesn't exist in LDAP" do
+        assert_equal false, ::Devise::LdapAdapter.valid_login?('barneystinson')
+      end
+    end
   
     context "create a basic user" do
       setup do
@@ -170,6 +180,25 @@ class UserTest < ActiveSupport::TestCase
         assert_equal(User.all.size, 1)
         assert_contains(User.all.collect(&:uid), "example_user", "user not in database")
       end
+
+      should "call ldap_before_save hooks" do
+        User.class_eval do
+          def ldap_before_save
+            @foobar = 'foobar'
+          end
+        end
+        user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
+        assert_equal 'foobar', user.instance_variable_get(:"@foobar")
+        User.class_eval do
+          undef ldap_before_save
+        end
+      end
+
+      should "not call ldap_before_save hook if not defined" do
+        assert_nothing_raised do
+          should_be_validated Factory(:user, :uid => "example_user"), "secret"
+        end
+      end
     end    
   end
   
@@ -192,6 +221,20 @@ class UserTest < ActiveSupport::TestCase
       end
     end
   end
+
+  context "using variants in the config file" do
+    setup do
+      default_devise_settings!
+      reset_ldap_server!
+      ::Devise.ldap_config = Rails.root.join 'config', 'ldap_with_boolean_ssl.yml'
+    end
+
+    should "not fail if config file has ssl: true" do
+      assert_nothing_raised do
+        Devise::LdapAdapter::LdapConnect.new
+      end
+    end
+  end
   
   context "use username builder" do
     setup do

metadata

@@ -1,65 +1,47 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: devise_ldap_authenticatable
-version: !ruby/object:Gem::Version 
-  hash: 29
+version: !ruby/object:Gem::Version
+  version: 0.4.10
   prerelease: 
-  segments: 
-  - 0
-  - 4
-  - 9
-  version: 0.4.9
 platform: ruby
-authors: 
+authors:
 - Curtis Schiewek
 - Daniel McNevin
+- Steven Xu
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-07-06 00:00:00 -04:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2011-10-17 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: devise
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &14061140 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        - 0
+      - !ruby/object:Gem::Version
         version: 1.4.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: net-ldap
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *14061140
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: &14060660 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 0
-        - 2
-        - 2
+      - !ruby/object:Gem::Version
         version: 0.2.2
   type: :runtime
-  version_requirements: *id002
+  prerelease: false
+  version_requirements: *14060660
 description: LDAP authentication module for Devise
 email: curtis.schiewek@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.md
-files: 
+files:
 - MIT-LICENSE
 - README.md
 - Rakefile
@@ -152,39 +134,28 @@ files:
 - test/rails_app/test/unit/post_test.rb
 - test/rails_app/test/unit/user_test.rb
 - test/test_helper.rb
-has_rdoc: true
 homepage: http://github.com/cschiewek/devise_ldap_authenticatable
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.5.2
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: LDAP authentication module for Devise
 test_files: []
-