devise_ldap_authenticatable 0.4.3 → 0.4.4

data/README.md

@@ -32,7 +32,7 @@ This will *only* work for Rails 3 applications.
 In the Gemfile for your application:
 
     gem "devise", "1.1.1"
-    gem "devise_ldap_authenticatable", "0.4.3"
+    gem "devise_ldap_authenticatable", "0.4.4"
     
 To get the latest version, pull directly from github instead of the gem:
 
@@ -44,17 +44,18 @@ Setup
 
 Run the rails generator
 
-    rails generate devise_ldap_authenticatable:install
+    rails generate devise_ldap_authenticatable:install [options]
 
 This will install the sample.yml, update the devise.rb initializer, and update your user model. There are some options you can pass to it:
 
-    [--user-model=USER_MODEL]  # Model to update
-                               # Default: user
-    [--update-model]           # Update model to change from database_authenticatable to ldap_authenticatable
-                               # Default: true
-    [--add-rescue]             # Update Application Controller with resuce_from for DeviseLdapAuthenticatable::LdapException
-                               # Default: true
-
+Options:
+  [--user-model=USER_MODEL]  # Model to update
+                             # Default: user
+  [--update-model]           # Update model to change from database_authenticatable to ldap_authenticatable
+                             # Default: true
+  [--add-rescue]             # Update Application Controller with resuce_from for DeviseLdapAuthenticatable::LdapException
+                             # Default: true
+  [--advanced]               # Add advanced config options to the devise initializer
 
 
 Usage
@@ -96,6 +97,15 @@ In initializer  `config/initializers/devise.rb` :
 * ldap\_use\_admin\_to\_bind _(default: false)_
   * When set to true, the admin user will be used to bind to the LDAP server during authentication.
 
+
+Advanced Configuration
+----------------------
+
+These parameters will be added to `config/initializers/devise.rb` when you pass the `--advanced` switch to the generator:
+
+* ldap\_auth\_username\_builder _(default: `Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }`)_
+  * You can pass a proc to the username option to explicitly specify the format that you search for a users' DN on your LDAP server.
+
 Testing
 -------
 
@@ -139,7 +149,7 @@ This will allow requests to go to the test LDAP server without being signed by a
 References
 ----------
 
-* [Original Plugin](http://github.com/cschiewek/devise_ldap_authenticatable)
+* [OpenLDAP](http://www.openldap.org/)
 * [Devise](http://github.com/plataformatec/devise)
 * [Warden](http://github.com/hassox/warden)
 

data/VERSION

@@ -1 +1 @@
-0.4.3
+0.4.4

data/devise_ldap_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_ldap_authenticatable}
-  s.version = "0.4.3"
+  s.version = "0.4.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Curtis Schiewek", "Daniel McNevin"]
-  s.date = %q{2010-08-05}
+  s.date = %q{2010-08-14}
   s.description = %q{LDAP authentication module for Devise}
   s.email = %q{curtis.schiewek@gmail.com}
   s.extra_rdoc_files = [

data/lib/devise_ldap_authenticatable.rb

@@ -31,6 +31,9 @@ module Devise
   
   mattr_accessor :ldap_use_admin_to_bind
   @@ldap_use_admin_to_bind = false
+  
+  mattr_accessor :ldap_auth_username_builder
+  @@ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }
 end
 
 # Add ldap_authenticatable strategy to defaults.

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -5,8 +5,11 @@ module Devise
   module LdapAdapter
     
     def self.valid_credentials?(login, password_plaintext)
-      options = {:login => login, :password => password_plaintext}
-      options.merge!({ :admin => true }) if ::Devise.ldap_use_admin_to_bind
+      options = {:login => login, 
+                 :password => password_plaintext, 
+                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                 :admin => ::Devise.ldap_use_admin_to_bind}
+                 
       resource = LdapConnect.new(options)
       resource.authorized?
     end
@@ -35,6 +38,7 @@ module Devise
         @ldap.port = ldap_config["port"]
         @ldap.base = ldap_config["base"]
         @attribute = ldap_config["attribute"]
+        @ldap_auth_username_builder = params[:ldap_auth_username_builder]
         
         @group_base = ldap_config["group_base"]
         @required_groups = ldap_config["required_groups"]        
@@ -53,7 +57,7 @@ module Devise
         ldap_entry = nil
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
         if ldap_entry.nil?
-          "#{@attribute}=#{@login},#{@ldap.base}"
+          @ldap_auth_username_builder.call(@attribute,@login,@ldap)
         else
           ldap_entry.dn
         end

data/lib/devise_ldap_authenticatable/version.rb

@@ -1,4 +1,4 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.4.3"
+  VERSION = "0.4.4"
 end
 

data/lib/generators/devise_ldap_authenticatable/install_generator.rb

@@ -5,6 +5,7 @@ module DeviseLdapAuthenticatable
     class_option :user_model, :type => :string, :default => "user", :desc => "Model to update"
     class_option :update_model, :type => :boolean, :default => true, :desc => "Update model to change from database_authenticatable to ldap_authenticatable"
     class_option :add_rescue, :type => :boolean, :default => true, :desc => "Update Application Controller with resuce_from for DeviseLdapAuthenticatable::LdapException"
+    class_option :advanced, :type => :boolean, :desc => "Add advanced config options to the devise initializer"
     
     
     def create_ldap_config
@@ -26,7 +27,7 @@ module DeviseLdapAuthenticatable
     private
     
     def default_devise_settings
-      <<-eof
+      settings = <<-eof
   # ==> LDAP Configuration 
   # config.ldap_logger = true
   # config.ldap_create_user = false
@@ -37,6 +38,15 @@ module DeviseLdapAuthenticatable
   # config.ldap_use_admin_to_bind = false
   
       eof
+      if options.advanced?  
+        settings << <<-eof  
+  # ==> Advanced LDAP Configuration
+  # config.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "\#{attribute}=\#{login},\#{ldap.base}" }
+  
+        eof
+      end
+      
+      settings
     end
     
     def rescue_from_exception
@@ -48,4 +58,4 @@ module DeviseLdapAuthenticatable
     end
     
   end
-end
+end

data/test/ldap/base.ldif

@@ -10,6 +10,10 @@ dn: ou=people,dc=test,dc=com
 objectClass: organizationalUnit
 ou: people
 
+dn: ou=others,dc=test,dc=com
+objectClass: organizationalUnit
+ou: others
+
 dn: ou=groups,dc=test,dc=com
 objectClass: organizationalUnit
 ou: groups
@@ -26,6 +30,19 @@ authorizationRole: blogUser
 userPassword:: e1NTSEF9ZXRYaE9NcjRjOGFiTjlqYUxyczZKSll5MFlaZUF1NURCVWhhY0E9PQ=
  =
 
+# other.user@test.com
+dn: cn=other.user@test.com,ou=others,dc=test,dc=com
+objectClass: inetOrgPerson
+objectClass: authorizations
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+sn: Other
+uid: other_user
+cn: other.user@test.com
+authorizationRole: blogUser
+userPassword:: e1NIQX1IQXdtdk13RGF1ZUpyZDhwakxXMzZ6Yi9jTUU9
+
 # example.admin@test.com, people, test.com
 dn: cn=example.admin@test.com,ou=people,dc=test,dc=com
 objectClass: inetOrgPerson

data/test/ldap/clear.ldif

@@ -10,11 +10,17 @@ changetype: delete
 dn: cn=example.user@test.com,ou=people,dc=test,dc=com
 changetype: delete
 
+dn: cn=other.user@test.com,ou=others,dc=test,dc=com
+changetype: delete
+
 dn: ou=groups,dc=test,dc=com
 changetype: delete
 
 dn: ou=people,dc=test,dc=com
 changetype: delete
 
+dn: ou=others,dc=test,dc=com
+changetype: delete
+
 dn: dc=test,dc=com
 changetype: delete

data/test/rails_app/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: /Users/dpmcnevin/Rails/devise_ldap_authenticatable
   specs:
-    devise_ldap_authenticatable (0.4.2)
+    devise_ldap_authenticatable (0.4.3)
       devise (> 1.0.4)
       net-ldap (>= 0.1.1)
 

data/test/rails_app/test/factories/users.rb

@@ -6,4 +6,9 @@ end
 Factory.define :admin, :class => "user" do |f|
   f.email "example.admin@test.com"
   f.password "admin_secret"
+end
+
+Factory.define :other, :class => "user" do |f|
+  f.email "other.user@test.com"
+  f.password "other_secret"
 end

data/test/rails_app/test/test_helper.rb

@@ -21,6 +21,7 @@ class ActiveSupport::TestCase
     ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap.yml"
     ::Devise.ldap_check_group_membership = false
     ::Devise.ldap_check_attributes = false
+    ::Devise.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }
     ::Devise.authentication_keys = [:email]
   end
   

data/test/rails_app/test/unit/user_test.rb

@@ -20,7 +20,7 @@ class UserTest < ActiveSupport::TestCase
       setup do
         @user = Factory(:user)
       end
-
+  
       should "check for password validation" do
         assert_equal(@user.email, "example.user@test.com")
         should_be_validated @user, "secret"
@@ -33,7 +33,7 @@ class UserTest < ActiveSupport::TestCase
       setup do
         @user = Factory(:user)
       end
-
+  
       should "change password" do
         should_be_validated @user, "secret"
         @user.reset_password!("changed","changed")
@@ -70,7 +70,7 @@ class UserTest < ActiveSupport::TestCase
           assert_equal(User.all.size, 1)
           assert_contains(User.all.collect(&:email), "example.user@test.com", "user not in database")
         end
-
+  
         should "not create a user in the database if the password is wrong_secret" do
           @user = User.authenticate_with_ldap(:email => "example.user", :password => "wrong_secret")
           assert(User.all.blank?, "There's users in the database")
@@ -91,7 +91,7 @@ class UserTest < ActiveSupport::TestCase
         ::Devise.authentication_keys = [:email]
         ::Devise.ldap_check_group_membership = true
       end
-
+  
       should "admin should be allowed in" do
         should_be_validated @admin, "admin_secret"
       end
@@ -111,7 +111,7 @@ class UserTest < ActiveSupport::TestCase
         @user = Factory(:user)
         ::Devise.ldap_check_attributes = true
       end
-
+  
       should "admin should be allowed in" do
         should_be_validated @admin, "admin_secret"
       end
@@ -127,7 +127,7 @@ class UserTest < ActiveSupport::TestCase
         @user = Factory(:user)
         ::Devise.ldap_use_admin_to_bind = true
       end
-
+  
       should "description" do
         should_be_validated @admin, "admin_secret"
       end
@@ -142,13 +142,13 @@ class UserTest < ActiveSupport::TestCase
       ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_uid.yml"
       ::Devise.authentication_keys = [:uid]
     end
-
+  
     context "description" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user, :uid => "example_user")
       end
-
+  
       should "be able to authenticate using uid" do
         should_be_validated @user, "secret"
         should_not_be_validated @admin, "admin_secret"
@@ -159,7 +159,7 @@ class UserTest < ActiveSupport::TestCase
       setup do
         ::Devise.ldap_create_user = true
       end
-
+  
       should "create a user in the database" do
         @user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
         assert_equal(User.all.size, 1)
@@ -174,13 +174,13 @@ class UserTest < ActiveSupport::TestCase
       reset_ldap_server!
       ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_erb.yml"
     end
-
+  
     context "authenticate" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user)
       end
-
+  
       should "be able to authenticate" do
         should_be_validated @user, "secret"
         should_be_validated @admin, "admin_secret"
@@ -188,6 +188,19 @@ class UserTest < ActiveSupport::TestCase
     end
   end
   
-  
+  context "use username builder" do
+    setup do
+      default_devise_settings!
+      reset_ldap_server!
+      ::Devise.ldap_auth_username_builder = Proc.new() do |attribute, login, ldap|
+        "#{attribute}=#{login},ou=others,dc=test,dc=com"
+      end
+      @other = Factory(:other)
+    end
+
+    should "be able to authenticate" do
+      should_be_validated @other, "other_secret"
+    end
+  end
   
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_ldap_authenticatable
 version: !ruby/object:Gem::Version 
-  hash: 9
+  hash: 7
   prerelease: false
   segments: 
   - 0
   - 4
-  - 3
-  version: 0.4.3
+  - 4
+  version: 0.4.4
 platform: ruby
 authors: 
 - Curtis Schiewek
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-05 00:00:00 -04:00
+date: 2010-08-14 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency