el_dap 0.0.2 → 0.0.3

data/CHANGELOG

@@ -1,3 +1,9 @@
+0.0.3
+=====
+
+* When using multiple servers, return the first valid result. Only use additional servers on a timeout exception.
+* An InvalidCredentialsError exception will be thrown on a search if the user credentials are invalid i.e. cannot bind
+
 0.0.2
 =====
 

data/README.rdoc

@@ -24,7 +24,25 @@ Just add this to your gem file:
 
 == Usage
 
-Assuming we have an Active Directory called *ad.domain.com* which can also be referred to simply as *ad*, 
+=== Confguration
+
+To perform any ElDap operation you will need to provide at least two configuration values:
+
+* *server_ips*: an array of server IP addresses
+* *treebase*: a comma-seperated list of domain components
+
+For search operations you will also need to provide the following configuration settings:
+
+* *username*: the username of the account that will perform the search (typically this would be a service account)
+* *password*: the password of the account that will perform the search
+
+You also have the option of providing a timeout value:
+
+* *timeout*: timeout in seconds for ElDap operations (default is 15 seconds)
+
+=== Examples
+
+Assuming we have an Active Directory called <b>ad.domain.com</b> which can also be referred to simply as *ad*, 
 the following examples are valid:
 
 === Authenticate a user

data/TODO.rdoc

@@ -0,0 +1,5 @@
+== TODO
+
+* validate the configuration settings prior to executing ElDap operation
+* provide more meaningful exception messages
+* implement bang methods

data/lib/el_dap.rb

@@ -1,7 +1,11 @@
 require 'net/ldap'
 require 'timeout'
+
 require 'el_dap/api_methods'
 require 'el_dap/constants'
+require 'el_dap/exceptions'
+require 'el_dap/validator'
+require 'el_dap/worker'
 require 'el_dap/base'
 
 module ElDap

data/lib/el_dap/base.rb

@@ -1,7 +1,5 @@
 module ElDap
   class Base
-    include Constants
-    
     attr_accessor :server_ips, :username, :password, :timeout, :treebase
     
     def initialize
@@ -10,69 +8,39 @@ module ElDap
       yield(self) if block_given?
     end
     
-    def validate(uname, pword)
-      return false if uname.nil? || uname.empty? || pword.nil? || pword.empty?
-      workers(uname, pword).each do |worker|
+    def validate(username, password)
+      return false if Validator.blank?(username, password)
+      
+      @server_ips.each do |ip_address|
         begin
           Timeout::timeout(self.timeout) do
+            worker = Worker.new(:username => username, :password => password, :ip_address => ip_address)
             return worker.bind
           end
         rescue Timeout::Error
           next
         end
       end
-      false
     end
     
     def search(search_string)
-      return nil if search_string.nil? || search_string.empty?
-      search_result = nil
-      workers(self.username, self.password).each do |worker|
+      return nil if Validator.blank?(search_string)
+      
+      search_result = []
+      
+      @server_ips.each do |ip_address|
         begin
           Timeout::timeout(self.timeout) do
-            search_result ||= search_active_directory(worker, search_string)
+            worker = Worker.new(:username => self.username, :password => self.password, :ip_address => ip_address)
+            
+            raise(InvalidCredentialsError, 'The user credentials provided are invalid') unless worker.bind
+            
+            return worker.search_directory(search_string, self.treebase)
           end
         rescue Timeout::Error
           next
         end
       end
-      create_result_collection search_result
-    end
-    
-    private
-    def workers(uname = self.username, pword = self.password)
-      self.server_ips.map do |ip|
-        create_worker uname, pword, ip
-      end
-    end
-
-    def create_worker(uname, pword, server_ip)
-      obj = ::Net::LDAP.new
-      obj.host = server_ip
-      obj.auth uname, pword
-      obj
-    end
-    
-    def search_active_directory(worker, search_string)
-      filters = LDAP_FILTERS & ::Net::LDAP::Filter.eq(LDAP_SEARCH_FIELD, "*#{search_string}*")
-      result = worker.search(:base => self.treebase,
-                             :filter => filters,
-                             :attributes => LDAP_ATTRS,
-                             :return_result => true)
-      # search will return false if unable to bind
-      # e.g. service account credentials have expired
-      result || []
-    end
-
-    def create_result_collection(collection = [])
-      collection ||= []
-      collection.map { |entry| create_struct entry }
-    end
-
-    def create_struct(hash = {})
-      key_values = {}
-      hash.each{|k, v| key_values[k] = v[0]}
-      OpenStruct.new(key_values)
     end
     
   end

data/lib/el_dap/exceptions.rb

@@ -0,0 +1,3 @@
+module ElDap  
+  class InvalidCredentialsError < StandardError; end
+end

data/lib/el_dap/validator.rb

@@ -0,0 +1,11 @@
+module ElDap
+  class Validator
+    
+    def self.blank?(*strings)
+      strings.inject(false) do |result, s|
+        result || s.nil? || s.empty?
+      end
+    end
+    
+  end
+end

data/lib/el_dap/version.rb

@@ -1,3 +1,3 @@
 module ElDap
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/lib/el_dap/worker.rb

@@ -0,0 +1,38 @@
+module ElDap
+  class Worker < ::Net::LDAP
+    include Constants
+    
+    def initialize(args = {})
+      super args
+      self.host = args[:ip_address]
+      self.auth args[:username], args[:password]
+      self
+    end
+    
+    def search_directory(search_string, treebase)
+      filters = LDAP_FILTERS & ::Net::LDAP::Filter.eq(LDAP_SEARCH_FIELD, "*#{search_string}*")
+      search_result = search(:base => treebase,
+                             :filter => filters,
+                             :attributes => LDAP_ATTRS,
+                             :return_result => true)
+      # search will return false if unable to bind
+      # e.g. service account credentials have expired
+      return [] unless search_result
+      create_result_collection search_result
+    end
+    
+    private
+
+    def create_result_collection(collection = [])
+      collection ||= []
+      collection.map { |entry| create_struct entry }
+    end
+
+    def create_struct(hash = {})
+      key_values = {}
+      hash.each{|k, v| key_values[k] = v[0]}
+      OpenStruct.new(key_values)
+    end
+    
+  end
+end

data/spec/el_dap/base_spec.rb

@@ -2,110 +2,83 @@ require 'spec_helper'
 
 module ElDap
   describe Base do
-    
     before(:each) do
-      @instance = Base.new
-      @ldap = mock(Net::LDAP)
+      @instance = Base.new do |i|
+        i.username = 'name'
+        i.password = 'password'
+        i.server_ips = ['1.1.1.1', '2.2.2.2']
+        i.timeout = 10
+        i.treebase = 'tree'
+      end
+      Validator.stub!(:blank?)
+      Worker.stub!(:new)
+    end
+      
+    it "should initialize with a block" do
+      @instance.username.should == 'name'
+      @instance.password.should == 'password'
+      @instance.server_ips.should == ['1.1.1.1', '2.2.2.2']
+      @instance.timeout.should == 10
+      @instance.treebase.should == 'tree'
     end
 
-    describe "ElDap check for blank parameters" do
-      it "should not attempt validation if username or password are blank" do
-        @instance.validate('username', '').should be_false
-        @instance.validate('username', nil).should be_false
-        @instance.validate('', 'password').should be_false
-        @instance.validate(nil, 'password').should be_false
-        @instance.validate('', '').should be_false
+    describe '#Validate' do
+      before(:each) do
+        @worker = mock(Worker, :bind => true)
+        Worker.stub!(:new).and_return(@worker)
+      end
+      
+      it "should check that username and password are not blank" do
+        Validator.should_receive(:blank?).and_return(true)
         @instance.validate(nil, nil).should be_false
       end
-
-      it "should not attempt to search if no search criteria are provided" do
-        @worker.should_not_receive(:search)
-        @instance.search('').should be_false
-        @instance.search(nil).should be_nil
+      
+      it "should create a new worker for the first ip address" do
+        Worker.should_receive(:new).and_return(@worker)
+        @instance.validate('name', 'password')
       end
-    end
-
-    describe "protected methods" do
-      it "should create an internal worker for each ip address" do
-        @instance.stub!(:server_ips).and_return(['1.1.1.1', '2.2.2.2'])
-        @instance.should_receive(:create_worker).with('username', 'password', '1.1.1.1').and_return('worker1')
-        @instance.should_receive(:create_worker).with('username', 'password', '2.2.2.2').and_return('worker2')
-        @instance.send(:workers, 'username', 'password').should == ['worker1', 'worker2']
+      
+      it "should return the result of the validation" do
+        @instance.validate('name', 'password').should be_true
       end
-
-      it "should create a Net::LDAP instance with the correct parameters" do
-        Net::LDAP.should_receive(:new).and_return(@ldap)
-        @ldap.should_receive(:host=).with('1.1.1.1')
-        @ldap.should_receive(:auth).with(/username/, /password/)
-        @instance.send(:create_worker, 'username', 'password', '1.1.1.1').should == @ldap
+      
+      it "should use the second ip address when the first one times out" do
+        @worker.should_receive(:bind).ordered.and_raise(Timeout::Error)
+        @worker.should_receive(:bind).ordered.and_return(true)
+        @instance.validate('name', 'password').should be_true
       end
-
-      it "should transform a search result into a collection of structs" do
-        @instance.stub!(:create_struct).and_return('struct')
-        @instance.send(:create_result_collection, ['result']).should == ['struct']
+    end
+    
+    describe '#Search' do
+      it "should check that username and password are not blank" do
+        Validator.should_receive(:blank?).and_return(true)
+        @instance.search(nil).should be_nil
       end
-
-      it "should create a struct from a search result hash" do
-        search_result = {:cn => ['cn'], :mail => ['mail']}
-        struct = OpenStruct.new(:cn => 'cn',:mail => 'mail')
-        @instance.send(:create_struct, search_result).should == struct
+      
+      it "should create a new worker for the first ip address" do
+        @worker = mock(Worker, :search_directory => [], :bind => true)
+        Worker.should_receive(:new).and_return(@worker)
+        @instance.search('name')
       end
-
-      describe "search_active_directory method" do
-        it "should search active directory using the correct filters and parameters" do
-          filter1 = Net::LDAP::Filter.eq("objectcategory", "person")
-          filter2 = Net::LDAP::Filter.eq("cn", "*search-string*")
-          @ldap.should_receive(:search).with(
-            :base => @instance.treebase,
-            :filter => filter1 & filter2,
-            :attributes => Base.const_get('LDAP_ATTRS'),
-            :return_result => true
-          ).and_return(['result'])
-          @instance.send(:search_active_directory, @ldap, 'search-string').should == ['result']
-        end
-
-        it "should return a valid result when search cannot bind to the domain" do
-          @ldap.should_receive(:search).and_return(false)
-          @instance.send(:search_active_directory, @ldap, 'search-string').should == []
-        end
+      
+      it "should return the result of the search" do
+        @worker = mock(Worker, :search_directory => ['result'], :bind => true)
+        Worker.stub!(:new).and_return(@worker)
+        @instance.search('name').should == ['result']
       end
-
-      describe "validate method" do
-        it "should attempt validation when username and password are provided" do
-          @instance.should_receive(:workers).with(/username/, /password/).and_return([@ldap])
-          @ldap.should_receive(:bind).and_return(true)
-          @instance.validate('username', 'password').should be_true
-        end
-
-        it "should stop the validation cycle when the first result if received" do
-          ldap2 = mock(Net::LDAP)
-          ldap2.should_not_receive(:bind)
-          @ldap.should_receive(:bind).and_return(true)
-          @instance.stub!(:workers).and_return([@ldap, ldap2])
-          @instance.validate('username', 'password').should be_true
-        end
-
-        it "should return false when a timeout occurs" do
-          @instance.stub!(:workers).and_return([@ldap])
-          @ldap.should_receive(:bind).and_raise(Timeout::Error)
-          @instance.validate('username', 'password').should be_false
-        end
+      
+      it "should use the second ip address when the first one times out" do
+        @worker.stub(:bind).and_return(true)
+        @worker.should_receive(:search_directory).ordered.and_raise(Timeout::Error)
+        @worker.should_receive(:search_directory).ordered.and_return(['result'])
+        @instance.search('name').should == ['result']
       end
-
-      describe 'search method' do
-        it "should complete gracefully if invalid credentials are used for search (search returns false)" do
-          @instance.should_receive(:workers).and_return([@ldap])
-          @ldap.should_receive(:search).and_return(false)
-          @instance.search('string').should == []
-        end
-
-        it "should sanitize the Net::LDAP search result into an array of generic structures" do
-          @instance.should_receive(:workers).and_return([])
-          @instance.should_receive(:create_result_collection).and_return([])
-          @instance.search('search-string').should == []
-        end
+      
+      it "should throw an exception if the search user credentials are invalid" do
+        @worker.should_receive(:bind).and_return(false)
+        lambda{ @instance.search('name') }.should raise_error(InvalidCredentialsError, 'The user credentials provided are invalid')
       end
     end
-
+    
   end
 end

data/spec/el_dap/validator_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+module ElDap
+  describe Validator do
+    
+    it "should return false when a string is not nil or empty" do
+      Validator.blank?('string').should be_false
+    end
+    
+    it "should return false when all the strings are not nil or empty" do
+      Validator.blank?('string', 'thing').should be_false
+    end
+    
+    it "should return true when a string is nil or empty" do
+      Validator.blank?('').should be_true
+      Validator.blank?(nil).should be_true
+      Validator.blank?(nil, '').should be_true
+    end
+    
+    it "should return true when any string is nil or empty" do
+      Validator.blank?('', '').should be_true
+      Validator.blank?(nil, nil).should be_true
+      Validator.blank?('', 'string', nil).should be_true
+    end
+    
+    it "should return false when all strings are not nil or empty" do
+      Validator.blank?('string', 'string', 'string').should be_false
+    end
+    
+  end
+end

data/spec/el_dap/worker_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+module ElDap
+  describe Worker do
+    before(:each) do
+      @instance = Worker.new(:ip_address => '1.1.1.1', :username => 'name', :password => 'password')
+    end
+    
+    it "should instantiate with the correct arguments" do
+      @instance.host.should == '1.1.1.1'
+      @instance.instance_variable_get(:@auth).should == {:method=>:simple, :username=>"name", :password=>"password"}
+    end
+    
+    it "should search the directory using the correct filters and parameters" do
+      filter1 = Net::LDAP::Filter.eq("objectcategory", "person")
+      filter2 = Net::LDAP::Filter.eq("cn", "*string*")
+      @instance.should_receive(:search).with(
+        :base => 'treebase',
+        :filter => filter1 & filter2,
+        :attributes => Worker.const_get('LDAP_ATTRS'),
+        :return_result => true
+      ).and_return([])
+      @instance.search_directory('string', 'treebase').should == []
+    end
+    
+    it "should transform a search result into a collection of structs" do
+      @instance.stub!(:create_struct).and_return('struct')
+      @instance.send(:create_result_collection, ['result']).should == ['struct']
+    end
+
+    it "should create a struct from a search result hash" do
+      search_result = {:cn => ['cn'], :mail => ['mail']}
+      struct = OpenStruct.new(:cn => 'cn',:mail => 'mail')
+      @instance.send(:create_struct, search_result).should == struct
+    end
+    
+    it "should complete gracefully if invalid credentials are used for search (search returns false)" do
+      @instance.should_receive(:search).and_return(false)
+      @instance.search_directory('string', 'treebase').should == []
+    end
+    
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: el_dap
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-04-19 00:00:00.000000000Z
+date: 2011-04-20 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
-  requirement: &78758470 !ruby/object:Gem::Requirement
+  requirement: &83249460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,7 +21,7 @@ dependencies:
         version: 0.2.2
   type: :runtime
   prerelease: false
-  version_requirements: *78758470
+  version_requirements: *83249460
 description: A simple search and authentication tool for Active Directory using LDAP.
 email:
 - ed.james.email@gmail.com
@@ -37,16 +37,22 @@ files:
 - LICENSE
 - README.rdoc
 - Rakefile
+- TODO.rdoc
 - el_dap.gemspec
 - lib/el_dap.rb
 - lib/el_dap/.rvmrc
 - lib/el_dap/api_methods.rb
 - lib/el_dap/base.rb
 - lib/el_dap/constants.rb
+- lib/el_dap/exceptions.rb
+- lib/el_dap/validator.rb
 - lib/el_dap/version.rb
+- lib/el_dap/worker.rb
 - spec/el_dap/api_methods_spec.rb
 - spec/el_dap/base_spec.rb
 - spec/el_dap/constants_spec.rb
+- spec/el_dap/validator_spec.rb
+- spec/el_dap/worker_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/edjames/el_dap
 licenses: []