github-ldap 1.0.9 → 1.0.10

data/README.md

@@ -1,4 +1,4 @@
-![Build Status](https://travis-ci.org/github/github-ldap.png)
+<a href="https://travis-ci.org/github/github-ldap">![Build Status](https://travis-ci.org/github/github-ldap.png)</a>
 
 # Github::Ldap
 

data/github-ldap.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |spec|
   spec.name          = "github-ldap"
-  spec.version       = "1.0.9"
+  spec.version       = "1.0.10"
   spec.authors       = ["David Calavera"]
   spec.email         = ["david.calavera@gmail.com"]
   spec.description   = %q{Ldap authentication for humans}

data/lib/github/ldap.rb

@@ -2,6 +2,7 @@ module GitHub
   class Ldap
     require 'net/ldap'
     require 'forwardable'
+    require 'github/ldap/filter'
     require 'github/ldap/domain'
 
     extend Forwardable

data/lib/github/ldap/domain.rb

@@ -12,31 +12,19 @@ module GitHub
     # domain = GitHub::Ldap.new(options).domain("dc=github,dc=com")
     #
     class Domain
+      include Filter
+
       def initialize(base_name, connection, uid)
         @base_name, @connection, @uid = base_name, connection, uid
       end
 
-      # Generate a filter to get the configured groups in the ldap server.
-      # Takes the list of the group names and generate a filter for the groups
-      # with cn that match and also include members:
-      #
-      # group_names: is an array of group CNs.
-      #
-      # Returns the ldap filter.
-      def group_filter(group_names)
-        or_filters = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
-        Net::LDAP::Filter.pres("member") & or_filters
-      end
-
       # List the groups in the ldap server that match the configured ones.
       #
       # group_names: is an array of group CNs.
       #
       # Returns a list of ldap entries for the configured groups.
       def groups(group_names)
-        filter = group_filter(group_names)
-
-        search(attributes: %w{ou cn dn sAMAccountName member}, filter: filter)
+        search(filter: group_filter(group_names))
       end
 
       # List the groups that a user is member of.
@@ -46,10 +34,7 @@ module GitHub
       #
       # Return an Array with the groups that the given user is member of that belong to the given group list.
       def membership(user_dn, group_names)
-        or_filters    = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
-        member_filter = Net::LDAP::Filter.eq("member", user_dn) & or_filters
-
-        search(attributes: %w{ou cn dn sAMAccountName member}, filter: member_filter)
+        search(filter: group_filter(group_names, user_dn))
       end
 
       # Check if the user is include in any of the configured groups.
@@ -76,13 +61,30 @@ module GitHub
       # Returns a Ldap::Entry if the credentials are valid.
       # Returns nil if the credentials are invalid.
       def valid_login?(login, password)
-        result = @connection.bind_as(
-          base:     @base_name,
-          limit:    1,
-          filter:   Net::LDAP::Filter.eq(@uid, login),
-          password: password)
+        if user = user?(login) and auth(user, password)
+          return user
+        end
+      end
+
+      # Check if a user exists based in the `uid`.
+      #
+      # login: is the user's login
+      #
+      # Returns the user if the login matches any `uid`.
+      # Returns nil if there are no matches.
+      def user?(login)
+        rs = search(limit: 1, filter: Net::LDAP::Filter.eq(@uid, login))
+        rs and rs.first
+      end
 
-        return result.first if result.is_a?(Array)
+      # Check if a user can be bound with a password.
+      #
+      # user: is a ldap entry representing the user.
+      # password: is the user's password.
+      #
+      # Returns true if the user can be bound.
+      def auth(user, password)
+        @connection.bind(method: :simple, username: user.dn, password: password)
       end
 
       # Authenticate a user with the ldap server.
@@ -109,6 +111,7 @@ module GitHub
       # Returns nil if there are no entries.
       def search(options)
         options[:base] = @base_name
+        options[:attributes] ||= %w{ou cn dn sAMAccountName member}
 
         @connection.search(options)
       end

data/lib/github/ldap/filter.rb

@@ -0,0 +1,31 @@
+module GitHub
+  class Ldap
+    module Filter
+      # Filter to get the configured groups in the ldap server.
+      # Takes the list of the group names and generate a filter for the groups
+      # with cn that match and also include members:
+      #
+      # group_names: is an array of group CNs.
+      # user_dn: is an optional member to scope the search to.
+      #
+      # Returns a Net::LDAP::Filter.
+      def group_filter(group_names, user_dn = nil)
+        or_filters = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
+        member_filter(user_dn) & or_filters
+      end
+
+      # Filter to check a group membership.
+      #
+      # user_dn: is an optional user_dn to scope the search to.
+      #
+      # Returns a Net::LDAP::Filter.
+      def member_filter(user_dn = nil)
+        if user_dn
+          Net::LDAP::Filter.eq("member", user_dn)
+        else
+          Net::LDAP::Filter.pres("member")
+        end
+      end
+    end
+  end
+end

data/test/domain_test.rb

@@ -100,5 +100,23 @@ class GitHubLdapDomainTest < Minitest::Test
       attributes: %w(uid),
       filter: Net::LDAP::Filter.eq('uid', 'calavera')).size
   end
+
+  def test_user_exists
+    assert_equal 'uid=calavera,dc=github,dc=com', @domain.user?('calavera').dn
+  end
+
+  def test_user_does_not_exist
+    assert !@domain.user?('foobar'), 'Expected uid `foobar` to not exist.'
+  end
+
+  def test_auth_binds
+    user = @domain.user?('calavera')
+    assert @domain.auth(user, 'secret'), 'Expected user to be bound.'
+  end
+
+  def test_auth_does_not_bind
+    user = @domain.user?('calavera')
+    assert !@domain.auth(user, 'foo'), 'Expected user not to be bound.'
+  end
 end
 

data/test/filter_test.rb

@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class FilterTest < Minitest::Test
+  class Subject; include GitHub::Ldap::Filter; end
+
+  def setup
+    @subject = Subject.new
+    @me = 'uid=calavera,dc=github,dc=com'
+  end
+
+  def test_member_present
+    assert_equal "(member=*)", @subject.member_filter.to_s
+  end
+
+  def test_member_equal
+    assert_equal "(member=#{@me})", @subject.member_filter(@me).to_s
+  end
+
+  def test_groups_reduced
+    assert_equal "(&(member=*)(|(cn=Enterprise)(cn=People)))",
+      @subject.group_filter(%w(Enterprise People)).to_s
+  end
+
+  def test_groups_for_member
+    assert_equal "(&(member=#{@me})(|(cn=Enterprise)(cn=People)))",
+      @subject.group_filter(%w(Enterprise People), @me).to_s
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: github-ldap
 version: !ruby/object:Gem::Version
-  version: 1.0.9
+  version: 1.0.10
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-22 00:00:00.000000000 Z
+date: 2013-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -107,9 +107,11 @@ files:
 - github-ldap.gemspec
 - lib/github/ldap.rb
 - lib/github/ldap/domain.rb
+- lib/github/ldap/filter.rb
 - lib/github/ldap/fixtures.ldif
 - lib/github/ldap/server.rb
 - test/domain_test.rb
+- test/filter_test.rb
 - test/ldap_test.rb
 - test/test_helper.rb
 homepage: https://github.com/github/github-ldap
@@ -139,6 +141,7 @@ specification_version: 3
 summary: Ldap client authentication wrapper without all the boilerplate
 test_files:
 - test/domain_test.rb
+- test/filter_test.rb
 - test/ldap_test.rb
 - test/test_helper.rb
 has_rdoc: