RubyGems - devise_ldap_authenticatable - Versions diffs - 0.6.0 → 0.6.1 - Mend

devise_ldap_authenticatable 0.6.0 → 0.6.1

Files changed (10) hide show

data/Gemfile +3 -4
data/Gemfile.lock +62 -8
data/README.md +3 -10
data/lib/devise_ldap_authenticatable/ldap_adapter.rb +83 -46
data/lib/devise_ldap_authenticatable/model.rb +6 -0
data/lib/devise_ldap_authenticatable/version.rb +1 -1
data/test/rails_app/config/ldap_with_check_membership_off.yml +23 -0
data/test/rails_app/config/ldap_with_check_membership_on.yml +23 -0
data/test/rails_app/test/unit/user_test.rb +46 -11
metadata +99 -8

data/Gemfile CHANGED Viewed

@@ -5,8 +5,7 @@ gemspec
 gem 'devise', '~> 2.0.0'
 gem 'net-ldap', '~> 0.2.2'
-platforms :mri_18 do
-  group :test do
-    gem 'ruby-debug', '>= 0.10.3'
-  end
+group :test do
+  gem 'ruby-debug', '>= 0.10.3', :platform => :mri_18
+  gem 'debugger', :platform => :ruby_19
 end

data/Gemfile.lock CHANGED Viewed

@@ -1,38 +1,92 @@
 PATH
   remote: .
   specs:
-    devise_ldap_authenticatable (0.5.1)
-      devise (~> 1.5.0)
+    devise_ldap_authenticatable (0.6.0)
+      devise (>= 2.0.0)
       net-ldap (~> 0.2.2)
 GEM
   remote: http://rubygems.org/
   specs:
+    actionpack (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+    activesupport (3.2.6)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
     bcrypt-ruby (3.0.1)
+    builder (3.0.0)
     columnize (0.3.6)
-    devise (1.5.3)
+    debugger (1.1.4)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.1.1)
+      debugger-ruby_core_source (~> 1.1.3)
+    debugger-linecache (1.1.1)
+      debugger-ruby_core_source (>= 1.1.1)
+    debugger-ruby_core_source (1.1.3)
+    devise (2.0.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
-      warden (~> 1.1)
+      railties (~> 3.1)
+      warden (~> 1.1.1)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.4)
+    json (1.7.3)
     linecache (0.46)
       rbx-require-relative (> 0.0.4)
+    multi_json (1.3.6)
     net-ldap (0.2.2)
-    orm_adapter (0.0.6)
-    rack (1.4.0)
+    orm_adapter (0.0.7)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    railties (3.2.6)
+      actionpack (= 3.2.6)
+      activesupport (= 3.2.6)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (0.9.2.2)
     rbx-require-relative (0.0.5)
+    rdoc (3.12)
+      json (~> 1.4)
     ruby-debug (0.10.4)
       columnize (>= 0.1)
       ruby-debug-base (~> 0.10.4.0)
     ruby-debug-base (0.10.4)
       linecache (>= 0.3)
-    warden (1.1.0)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.15.3)
+    tilt (1.3.3)
+    warden (1.1.1)
       rack (>= 1.0)
 PLATFORMS
   ruby
 DEPENDENCIES
-  devise (~> 1.5.0)
+  debugger
+  devise (~> 2.0.0)
   devise_ldap_authenticatable!
   net-ldap (~> 0.2.2)
   ruby-debug (>= 0.10.3)

data/README.md CHANGED Viewed

@@ -19,7 +19,7 @@ Requirements
 These gems are dependencies of the gem:
-- Devise ~> 1.4.0
+- Devise ~> 2.0.0
 - net-ldap ~> 0.2.2
 Installation
@@ -31,7 +31,7 @@ This will *only* work for Rails 3 applications.
 In the Gemfile for your application:
-    gem "devise", "~> 1.4"
+    gem "devise", "~> 2.0"
     gem "devise_ldap_authenticatable"
 To get the latest version, pull directly from github instead of the gem:
@@ -173,13 +173,6 @@ References
 * [Devise](http://github.com/plataformatec/devise)
 * [Warden](http://github.com/hassox/warden)
-TODO
-----
-View on [Pivotal Tracker](http://www.pivotaltracker.com/projects/97318).
 Released under the MIT license
-Copyright (c) 2010 Curtis Schiewek, Daniel McNevin
+Copyright (c) 2010 Curtis Schiewek, Daniel McNevin, Steven Xu

data/lib/devise_ldap_authenticatable/ldap_adapter.rb CHANGED Viewed

@@ -3,29 +3,33 @@ require "net/ldap"
 module Devise
   module LdapAdapter
     def self.valid_credentials?(login, password_plaintext)
-      options = {:login => login,
-                 :password => password_plaintext,
+      options = {:login => login,
+                 :password => password_plaintext,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
       resource = LdapConnect.new(options)
       resource.authorized?
     end
     def self.update_password(login, new_password)
       options = {:login => login,
                  :new_password => new_password,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
       resource = LdapConnect.new(options)
-      resource.change_password! if new_password.present?
+      resource.change_password! if new_password.present?
+    end
+    def self.update_own_password(login, new_password, current_password)
+      set_ldap_param(login, :userpassword, new_password, current_password)
     end
     def self.ldap_connect(login)
-      options = {:login => login,
+      options = {:login => login,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
@@ -39,11 +43,29 @@ module Devise
     def self.get_groups(login)
       self.ldap_connect(login).user_groups
     end
     def self.get_dn(login)
       self.ldap_connect(login).dn
     end
+    def self.set_ldap_param(login, param, new_value, password = nil)
+      options = { :login => login,
+                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                  :password => password }
+      resource = LdapConnect.new(options)
+      resource.set_param(param, new_value)
+    end
+    def self.delete_ldap_param(login, param, password = nil)
+      options = { :login => login,
+                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                  :password => password }
+      resource = LdapConnect.new(options)
+      resource.delete_param(param)
+    end
     def self.get_ldap_param(login,param)
       resource = self.ldap_connect(login)
       resource.ldap_param_value(param)
@@ -69,18 +91,27 @@ module Devise
         @ldap.base = ldap_config["base"]
         @attribute = ldap_config["attribute"]
         @ldap_auth_username_builder = params[:ldap_auth_username_builder]
         @group_base = ldap_config["group_base"]
-        @required_groups = ldap_config["required_groups"]
+        @check_group_membership = ldap_config.has_key?("check_group_membership") ? ldap_config["check_group_membership"] : ::Devise.ldap_check_group_membership
+        @required_groups = ldap_config["required_groups"]
         @required_attributes = ldap_config["require_attribute"]
-        @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
+        @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
         @login = params[:login]
         @password = params[:password]
         @new_password = params[:new_password]
       end
+      def delete_param(param)
+        update_ldap [[:delete, param.to_sym, nil]]
+      end
+      def set_param(param, new_value)
+        update_ldap( { param.to_sym => new_value } )
+      end
       def dn
         DeviseLdapAuthenticatable::Logger.send("LDAP dn lookup: #{@attribute}=#{@login}")
         ldap_entry = search_for_login
@@ -91,16 +122,17 @@ module Devise
         end
       end
-			def ldap_param_value(param)
-				filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
+      def ldap_param_value(param)
+        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
         ldap_entry = nil
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
-        if ldap_entry
+        if ldap_entry
           if ldap_entry[param]
             DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{ldap_entry.send(param)}")
             value = ldap_entry.send(param)
             value = value.first if value.is_a?(Array) and value.count == 1
+            value
           else
             DeviseLdapAuthenticatable::Logger.send("Requested param #{param} does not exist")
             value = nil
@@ -109,8 +141,8 @@ module Devise
           DeviseLdapAuthenticatable::Logger.send("Requested ldap entry does not exist")
           value = nil
         end
-			end
+      end
       def authenticate!
         @ldap.auth(dn, @password)
         @ldap.bind
@@ -119,24 +151,24 @@ module Devise
       def authenticated?
         authenticate!
       end
       def authorized?
         DeviseLdapAuthenticatable::Logger.send("Authorizing user #{dn}")
         authenticated? && in_required_groups? && has_required_attribute?
       end
       def change_password!
         update_ldap(:userpassword => Net::LDAP::Password.generate(:sha, @new_password))
       end
-      def in_required_groups?
-        return true unless ::Devise.ldap_check_group_membership
+      def in_required_groups?
+        return true unless @check_group_membership
         ## FIXME set errors here, the ldap.yml isn't set properly.
-        return false if @required_groups.nil?
+        return false if @required_groups.nil?
         admin_ldap = LdapConnect.admin
         for group in @required_groups
           if group.is_a?(Array)
             group_attribute, group_name = group
@@ -154,9 +186,9 @@ module Devise
           else
             # AD optimization - extension will recursively check sub-groups with one query
             # "(memberof:1.2.840.113556.1.4.1941:=group_name)"
-            search_result = admin_ldap.search(:base => dn,
+            search_result = admin_ldap.search(:base => dn,
                               :filter => Net::LDAP::Filter.ex("memberof:1.2.840.113556.1.4.1941", group_name),
-                              :scope => Net::LDAP::SearchScope_BaseObject)
+                              :scope => Net::LDAP::SearchScope_BaseObject)
             # Will return  the user entry if belongs to group otherwise nothing
             unless search_result.length == 1 && search_result[0].dn.eql?(dn)
               DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
@@ -164,27 +196,27 @@ module Devise
             end
           end
         end
         return true
       end
       def has_required_attribute?
         return true unless ::Devise.ldap_check_attributes
         admin_ldap = LdapConnect.admin
         user = find_ldap_user(admin_ldap)
         @required_attributes.each do |key,val|
           unless user[key].include? val
             DeviseLdapAuthenticatable::Logger.send("User #{dn} did not match attribute #{key}:#{val}")
-            return false
+            return false
           end
         end
         return true
       end
       def user_groups
         admin_ldap = LdapConnect.admin
@@ -207,25 +239,25 @@ module Devise
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
         ldap_entry
       end
       private
       def self.admin
         ldap = LdapConnect.new(:admin => true).ldap
         unless ldap.bind
           DeviseLdapAuthenticatable::Logger.send("Cannot bind to admin LDAP user")
           raise DeviseLdapAuthenticatable::LdapException, "Cannot connect to admin LDAP user"
         end
         return ldap
       end
       def find_ldap_user(ldap)
         DeviseLdapAuthenticatable::Logger.send("Finding user: #{dn}")
         ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject).try(:first)
       end
       def update_ldap(ops)
         operations = []
         if ops.is_a? Hash
@@ -236,10 +268,15 @@ module Devise
           operations = ops
         end
-        admin_ldap = LdapConnect.admin
+        if ::Devise.ldap_use_admin_to_bind
+          privileged_ldap = LdapConnect.admin
+        else
+          authenticate!
+          privileged_ldap = self.ldap
+        end
         DeviseLdapAuthenticatable::Logger.send("Modifying user #{dn}")
-        admin_ldap.modify(:dn => dn, :operations => operations)
+        privileged_ldap.modify(:dn => dn, :operations => operations)
       end
     end

data/lib/devise_ldap_authenticatable/model.rb CHANGED Viewed

@@ -22,6 +22,12 @@ module Devise
         self[@login_with]
       end
+      def change_password!(current_password)
+        raise "Need to set new password first" if @password.blank?
+        Devise::LdapAdapter.update_own_password(login_with, @password, current_password)
+      end
       def reset_password!(new_password, new_password_confirmation)
         if new_password == new_password_confirmation && ::Devise.ldap_update_password
           Devise::LdapAdapter.update_password(login_with, new_password)

data/lib/devise_ldap_authenticatable/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.6.0".freeze
+  VERSION = "0.6.1".freeze
 end

data/test/rails_app/config/ldap_with_check_membership_off.yml ADDED Viewed

@@ -0,0 +1,23 @@
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: ou=groups,dc=test,dc=com
+  check_group_membership: false
+  required_groups:
+    - cn=admins,ou=groups,dc=test,dc=com
+    - ["authorizationRole", "cn=users,ou=groups,dc=test,dc=com"]
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+test: &TEST
+  host: localhost
+  port: 3389
+  attribute: cn
+  base: ou=people,dc=test,dc=com
+  admin_user: cn=admin,dc=test,dc=com
+  admin_password: secret
+  ssl: false
+  <<: *AUTHORIZATIONS
+development:
+  <<: *TEST

data/test/rails_app/config/ldap_with_check_membership_on.yml ADDED Viewed

@@ -0,0 +1,23 @@
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: ou=groups,dc=test,dc=com
+  check_group_membership: true
+  required_groups:
+    - cn=admins,ou=groups,dc=test,dc=com
+    - ["authorizationRole", "cn=users,ou=groups,dc=test,dc=com"]
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+test: &TEST
+  host: localhost
+  port: 3389
+  attribute: cn
+  base: ou=people,dc=test,dc=com
+  admin_user: cn=admin,dc=test,dc=com
+  admin_password: secret
+  ssl: false
+  <<: *AUTHORIZATIONS
+development:
+  <<: *TEST

data/test/rails_app/test/unit/user_test.rb CHANGED Viewed

@@ -127,21 +127,56 @@ class UserTest < ActiveSupport::TestCase
         ::Devise.ldap_check_group_membership = true
       end
-      should "admin should be allowed in" do
-        should_be_validated @admin, "admin_secret"
-      end
+      context "config check_group_membership is not defined" do
+        should "admin should be allowed in" do
+          should_be_validated @admin, "admin_secret"
+        end
-      should "admin should have the proper groups set" do
-        assert_contains(@admin.ldap_groups, /cn=admins/, "groups attribute not being set properly")
-      end
+        should "admin should have the proper groups set" do
+          assert_contains(@admin.ldap_groups, /cn=admins/, "groups attribute not being set properly")
+        end
-      should "user should not be allowed in" do
-        should_not_be_validated @user, "secret"
+        should "user should not be allowed in" do
+          should_not_be_validated @user, "secret"
+        end
+        should "not be validated if group with different attribute is removed" do
+          `ldapmodify #{ldap_connect_string} -f ../ldap/delete_authorization_role.ldif`
+          should_not_be_validated @admin, "admin_secret"
+        end
       end
-      should "not be validated if group with different attribute is removed" do
-        `ldapmodify #{ldap_connect_string} -f ../ldap/delete_authorization_role.ldif`
-        should_not_be_validated @admin, "admin_secret"
+      context "config file check_group_membership is defined" do
+        setup do
+          default_devise_settings!
+          reset_ldap_server!
+        end
+        context "check_group_membership is turned on" do
+          setup do
+            ::Devise.ldap_config = "#{Rails.root}/config/ldap_with_check_membership_on.yml"
+            ::Devise.ldap_check_group_membership = false
+          end
+          # Config file value has precedence over ldap_check_group_membership
+          should "user should not be allowed in" do
+            should_not_be_validated @user, "secret"
+          end
+        end
+        context "check_group_membership is turned off" do
+          setup do
+            ::Devise.ldap_config = "#{Rails.root}/config/ldap_with_check_membership_off.yml"
+            ::Devise.ldap_check_group_membership = true
+          end
+          # Config file value has precedence over ldap_check_group_membership
+          should "user should be allowed in" do
+            should_be_validated @user, "secret"
+          end
+        end
       end
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_ldap_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
   prerelease:
 platform: ruby
 authors:
@@ -11,11 +11,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-02-07 00:00:00.000000000 Z
+date: 2012-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &21244260 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -23,10 +23,15 @@ dependencies:
         version: 2.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *21244260
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: net-ldap
-  requirement: &21243760 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -34,7 +39,12 @@ dependencies:
         version: 0.2.2
   type: :runtime
   prerelease: false
-  version_requirements: *21243760
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.2.2
 description: Devise extension to allow authentication via LDAP
 email: curtis.schiewek@gmail.com
 executables: []
@@ -97,6 +107,8 @@ files:
 - test/rails_app/config/initializers/session_store.rb
 - test/rails_app/config/ldap.yml
 - test/rails_app/config/ldap_with_boolean_ssl.yml
+- test/rails_app/config/ldap_with_check_membership_off.yml
+- test/rails_app/config/ldap_with_check_membership_on.yml
 - test/rails_app/config/ldap_with_erb.yml
 - test/rails_app/config/ldap_with_uid.yml
 - test/rails_app/config/locales/devise.en.yml
@@ -157,8 +169,87 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.11
+rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Devise extension to allow authentication via LDAP
-test_files: []
+test_files:
+- test/devise_ldap_authenticatable_test.rb
+- test/ldap/base.ldif
+- test/ldap/clear.ldif
+- test/ldap/local.schema
+- test/ldap/openldap-data/run/.gitkeep
+- test/ldap/run-server.sh
+- test/ldap/server.pem
+- test/ldap/slapd-ssl-test.conf
+- test/ldap/slapd-test.conf
+- test/rails_app/Gemfile
+- test/rails_app/Gemfile.lock
+- test/rails_app/Rakefile
+- test/rails_app/app/controllers/application_controller.rb
+- test/rails_app/app/controllers/posts_controller.rb
+- test/rails_app/app/helpers/application_helper.rb
+- test/rails_app/app/helpers/posts_helper.rb
+- test/rails_app/app/models/post.rb
+- test/rails_app/app/models/user.rb
+- test/rails_app/app/views/layouts/application.html.erb
+- test/rails_app/app/views/posts/index.html.erb
+- test/rails_app/config.ru
+- test/rails_app/config/application.rb
+- test/rails_app/config/boot.rb
+- test/rails_app/config/cucumber.yml
+- test/rails_app/config/database.yml
+- test/rails_app/config/environment.rb
+- test/rails_app/config/environments/development.rb
+- test/rails_app/config/environments/production.rb
+- test/rails_app/config/environments/test.rb
+- test/rails_app/config/initializers/backtrace_silencers.rb
+- test/rails_app/config/initializers/devise.rb
+- test/rails_app/config/initializers/inflections.rb
+- test/rails_app/config/initializers/mime_types.rb
+- test/rails_app/config/initializers/secret_token.rb
+- test/rails_app/config/initializers/session_store.rb
+- test/rails_app/config/ldap.yml
+- test/rails_app/config/ldap_with_boolean_ssl.yml
+- test/rails_app/config/ldap_with_check_membership_off.yml
+- test/rails_app/config/ldap_with_check_membership_on.yml
+- test/rails_app/config/ldap_with_erb.yml
+- test/rails_app/config/ldap_with_uid.yml
+- test/rails_app/config/locales/devise.en.yml
+- test/rails_app/config/locales/en.yml
+- test/rails_app/config/routes.rb
+- test/rails_app/config/ssl_ldap.yml
+- test/rails_app/config/ssl_ldap_with_erb.yml
+- test/rails_app/config/ssl_ldap_with_uid.yml
+- test/rails_app/db/migrate/20100708120302_create_posts.rb
+- test/rails_app/db/migrate/20100708120448_devise_create_users.rb
+- test/rails_app/db/schema.rb
+- test/rails_app/db/seeds.rb
+- test/rails_app/features/manage_logins.feature
+- test/rails_app/features/step_definitions/login_steps.rb
+- test/rails_app/features/step_definitions/web_steps.rb
+- test/rails_app/features/support/env.rb
+- test/rails_app/features/support/paths.rb
+- test/rails_app/lib/tasks/.gitkeep
+- test/rails_app/lib/tasks/cucumber.rake
+- test/rails_app/public/404.html
+- test/rails_app/public/422.html
+- test/rails_app/public/500.html
+- test/rails_app/public/images/rails.png
+- test/rails_app/public/javascripts/application.js
+- test/rails_app/public/javascripts/controls.js
+- test/rails_app/public/javascripts/dragdrop.js
+- test/rails_app/public/javascripts/effects.js
+- test/rails_app/public/javascripts/prototype.js
+- test/rails_app/public/javascripts/rails.js
+- test/rails_app/public/stylesheets/.gitkeep
+- test/rails_app/script/cucumber
+- test/rails_app/script/rails
+- test/rails_app/test/factories/users.rb
+- test/rails_app/test/functional/posts_controller_test.rb
+- test/rails_app/test/performance/browsing_test.rb
+- test/rails_app/test/test_helper.rb
+- test/rails_app/test/unit/helpers/posts_helper_test.rb
+- test/rails_app/test/unit/post_test.rb
+- test/rails_app/test/unit/user_test.rb
+- test/test_helper.rb