github-ldap 1.4.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/github-ldap.gemspec +1 -1
- data/lib/github/ldap.rb +40 -0
- data/lib/github/ldap/membership_validators.rb +9 -1
- data/lib/github/ldap/membership_validators/detect.rb +69 -0
- data/script/changelog +3 -3
- data/test/ldap_test.rb +28 -0
- data/test/membership_validators/active_directory_test.rb +62 -4
- data/test/membership_validators/detect_test.rb +49 -0
- data/test/support/vm/activedirectory/.gitignore +1 -0
- data/test/support/vm/activedirectory/README.md +26 -0
- data/test/support/vm/activedirectory/env.sh.example +8 -0
- data/test/support/vm/activedirectory/reset-env.sh +6 -0
- data/test/support/vm/openldap/README.md +2 -2
- data/test/test_helper.rb +10 -1
- metadata +28 -19
- data/test/membership_validators_test.rb +0 -46
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f94f5af944845beec077b7ae4f67f73bcdcd3324
|
4
|
+
data.tar.gz: d0cbf4bb74c1fedfce35a886967b084061c95cfb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cd8ca33063aff485c5e0d4df63ca8e5d6c83641d202d3dddc02ace9d373710e511f152197a2d9c36e71e9dfe67ce56692859183a7ced2fe7fb847caeb2fcc1bb
|
7
|
+
data.tar.gz: 75a413369b9d935499bae900382569314b90f71259ac5b813cd059328ca92f6533acdb106947c7d9139228f4f3597599d405a4be5bada4609d1aaef7e43c521d
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# CHANGELOG
|
2
2
|
|
3
|
+
## v1.5.0
|
4
|
+
|
5
|
+
* Automatically detect membership validator strategy by default [#58](https://github.com/github/github-ldap/pull/58) [#62](https://github.com/github/github-ldap/pull/62)
|
6
|
+
* Document local integration testing with Active Directory [#61](https://github.com/github/github-ldap/pull/61)
|
7
|
+
|
3
8
|
## v1.4.0
|
4
9
|
|
5
10
|
* Document constructor options [#57](https://github.com/github/github-ldap/pull/57)
|
data/github-ldap.gemspec
CHANGED
data/lib/github/ldap.rb
CHANGED
@@ -34,6 +34,7 @@ module GitHub
|
|
34
34
|
def_delegator :@connection, :open
|
35
35
|
|
36
36
|
attr_reader :uid, :search_domains, :virtual_attributes,
|
37
|
+
:membership_validator,
|
37
38
|
:instrumentation_service
|
38
39
|
|
39
40
|
# Build a new GitHub::Ldap instance
|
@@ -87,6 +88,9 @@ module GitHub
|
|
87
88
|
# when a base is not explicitly provided.
|
88
89
|
@search_domains = Array(options[:search_domains])
|
89
90
|
|
91
|
+
# configure which strategy should be used to validate user membership
|
92
|
+
configure_membership_validation_strategy(options[:membership_validator])
|
93
|
+
|
90
94
|
# enables instrumenting queries
|
91
95
|
@instrumentation_service = options[:instrumentation_service]
|
92
96
|
end
|
@@ -182,6 +186,23 @@ module GitHub
|
|
182
186
|
end
|
183
187
|
end
|
184
188
|
|
189
|
+
# Internal: Searches the host LDAP server's Root DSE for capabilities and
|
190
|
+
# extensions.
|
191
|
+
#
|
192
|
+
# Returns a Net::LDAP::Entry object.
|
193
|
+
def capabilities
|
194
|
+
@capabilities ||=
|
195
|
+
instrument "capabilities.github_ldap" do |payload|
|
196
|
+
begin
|
197
|
+
@connection.search_root_dse
|
198
|
+
rescue Net::LDAP::LdapError => error
|
199
|
+
payload[:error] = error
|
200
|
+
# stubbed result
|
201
|
+
Net::LDAP::Entry.new
|
202
|
+
end
|
203
|
+
end
|
204
|
+
end
|
205
|
+
|
185
206
|
# Internal - Determine whether to use encryption or not.
|
186
207
|
#
|
187
208
|
# encryption: is the encryption method, either 'ssl', 'tls', 'simple_tls' or 'start_tls'.
|
@@ -214,5 +235,24 @@ module GitHub
|
|
214
235
|
VirtualAttributes.new(false)
|
215
236
|
end
|
216
237
|
end
|
238
|
+
|
239
|
+
# Internal: Configure the membership validation strategy.
|
240
|
+
#
|
241
|
+
# Used by GitHub::Ldap::MembershipValidators::Detect to force a specific
|
242
|
+
# strategy (instead of detecting host capabilities and deciding at runtime).
|
243
|
+
#
|
244
|
+
# If `strategy` is not provided, or doesn't match a known strategy,
|
245
|
+
# defaults to `:detect`. Otherwise the configured strategy is selected.
|
246
|
+
#
|
247
|
+
# Returns the selected membership validator strategy Symbol.
|
248
|
+
def configure_membership_validation_strategy(strategy = nil)
|
249
|
+
@membership_validator =
|
250
|
+
case strategy.to_s
|
251
|
+
when "classic", "recursive", "active_directory"
|
252
|
+
strategy.to_sym
|
253
|
+
else
|
254
|
+
:detect
|
255
|
+
end
|
256
|
+
end
|
217
257
|
end
|
218
258
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'github/ldap/membership_validators/base'
|
2
|
+
require 'github/ldap/membership_validators/detect'
|
2
3
|
require 'github/ldap/membership_validators/classic'
|
3
4
|
require 'github/ldap/membership_validators/recursive'
|
4
5
|
require 'github/ldap/membership_validators/active_directory'
|
@@ -13,6 +14,13 @@ module GitHub
|
|
13
14
|
# validator = GitHub::Ldap::MembershipValidators::Classic.new(ldap, groups)
|
14
15
|
# validator.perform(entry) #=> true
|
15
16
|
#
|
16
|
-
module MembershipValidators
|
17
|
+
module MembershipValidators
|
18
|
+
# Internal: Mapping of strategy name to class.
|
19
|
+
STRATEGIES = {
|
20
|
+
:classic => GitHub::Ldap::MembershipValidators::Classic,
|
21
|
+
:recursive => GitHub::Ldap::MembershipValidators::Recursive,
|
22
|
+
:active_directory => GitHub::Ldap::MembershipValidators::ActiveDirectory
|
23
|
+
}
|
24
|
+
end
|
17
25
|
end
|
18
26
|
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
module GitHub
|
2
|
+
class Ldap
|
3
|
+
module MembershipValidators
|
4
|
+
# Detects the LDAP host's capabilities and determines the appropriate
|
5
|
+
# membership validation strategy at runtime. Currently detects for
|
6
|
+
# ActiveDirectory in-chain membership validation. An explicit strategy can
|
7
|
+
# also be defined via `GitHub::Ldap#membership_validator=`. See also
|
8
|
+
# `GitHub::Ldap#configure_membership_validation_strategy`.
|
9
|
+
class Detect < Base
|
10
|
+
# Internal: The capability required to use the ActiveDirectory strategy.
|
11
|
+
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
|
12
|
+
ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
|
13
|
+
|
14
|
+
def perform(entry)
|
15
|
+
# short circuit validation if there are no groups to check against
|
16
|
+
return true if groups.empty?
|
17
|
+
|
18
|
+
strategy.perform(entry)
|
19
|
+
end
|
20
|
+
|
21
|
+
# Internal: Returns the membership validation strategy object.
|
22
|
+
def strategy
|
23
|
+
@strategy ||= begin
|
24
|
+
strategy = detect_strategy
|
25
|
+
strategy.new(ldap, groups)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# Internal: Detects LDAP host's capabilities and chooses the best
|
30
|
+
# strategy for the host.
|
31
|
+
#
|
32
|
+
# If the strategy has been set explicitly, skips detection and uses the
|
33
|
+
# configured strategy instead.
|
34
|
+
#
|
35
|
+
# Returns the strategy class.
|
36
|
+
def detect_strategy
|
37
|
+
case
|
38
|
+
when GitHub::Ldap::MembershipValidators::STRATEGIES.key?(strategy_config)
|
39
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[strategy_config]
|
40
|
+
when active_directory_capability?
|
41
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[:active_directory]
|
42
|
+
else
|
43
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[:recursive]
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# Internal: Returns the configured membership validator strategy Symbol.
|
48
|
+
def strategy_config
|
49
|
+
ldap.membership_validator
|
50
|
+
end
|
51
|
+
|
52
|
+
# Internal: Detect whether the LDAP host is an ActiveDirectory server.
|
53
|
+
#
|
54
|
+
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
|
55
|
+
#
|
56
|
+
# Returns true if the host is an ActiveDirectory server, false otherwise.
|
57
|
+
def active_directory_capability?
|
58
|
+
capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
|
59
|
+
end
|
60
|
+
|
61
|
+
# Internal: Returns the Net::LDAP::Entry object describing the LDAP
|
62
|
+
# host's capabilities (via the Root DSE).
|
63
|
+
def capabilities
|
64
|
+
ldap.capabilities
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/script/changelog
CHANGED
@@ -13,16 +13,16 @@ set -e
|
|
13
13
|
[ $# -eq 0 ] && set -- --help
|
14
14
|
|
15
15
|
# parse args
|
16
|
-
repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4-)
|
16
|
+
repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4- | sed 's/\.git//')
|
17
17
|
base=$(git tag -l | sort -n | tail -n 1)
|
18
18
|
head="HEAD"
|
19
19
|
api_url="https://api.github.com"
|
20
20
|
|
21
|
-
echo "# $base..$head"
|
21
|
+
echo "# $repo $base..$head"
|
22
22
|
echo
|
23
23
|
|
24
24
|
# get merged PR's. Better way is to query the API for these, but this is easier
|
25
|
-
for pr in $(git log --oneline
|
25
|
+
for pr in $(git log --oneline $base..$head | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
|
26
26
|
do
|
27
27
|
# frustrated with trying to pull out the right values, fell back to ruby
|
28
28
|
curl -s "$api_url/repos/$repo/pulls/$pr" | ruby -rjson -e 'pr=JSON.parse(STDIN.read); puts "* #{pr[%q(title)]} [##{pr[%q(number)]}](#{pr[%q(html_url)]})"'
|
data/test/ldap_test.rb
CHANGED
@@ -72,6 +72,34 @@ module GitHubLdapTestCases
|
|
72
72
|
assert_equal "(uid=user1)", payload[:filter].to_s
|
73
73
|
assert_equal "dc=github,dc=com", payload[:base]
|
74
74
|
end
|
75
|
+
|
76
|
+
def test_membership_validator_default
|
77
|
+
assert_equal :detect, @ldap.membership_validator
|
78
|
+
end
|
79
|
+
|
80
|
+
def test_membership_validator_configured_to_classic_strategy
|
81
|
+
@ldap.configure_membership_validation_strategy :classic
|
82
|
+
assert_equal :classic, @ldap.membership_validator
|
83
|
+
end
|
84
|
+
|
85
|
+
def test_membership_validator_configured_to_recursive_strategy
|
86
|
+
@ldap.configure_membership_validation_strategy :recursive
|
87
|
+
assert_equal :recursive, @ldap.membership_validator
|
88
|
+
end
|
89
|
+
|
90
|
+
def test_membership_validator_configured_to_active_directory_strategy
|
91
|
+
@ldap.configure_membership_validation_strategy :active_directory
|
92
|
+
assert_equal :active_directory, @ldap.membership_validator
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_membership_validator_misconfigured_to_unrecognized_strategy_falls_back_to_default
|
96
|
+
@ldap.configure_membership_validation_strategy :unknown
|
97
|
+
assert_equal :detect, @ldap.membership_validator
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_capabilities
|
101
|
+
assert_kind_of Net::LDAP::Entry, @ldap.capabilities
|
102
|
+
end
|
75
103
|
end
|
76
104
|
|
77
105
|
class GitHubLdapTest < GitHub::Ldap::Test
|
@@ -1,10 +1,11 @@
|
|
1
1
|
require_relative '../test_helper'
|
2
2
|
|
3
|
-
|
4
|
-
#
|
5
|
-
|
3
|
+
class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
|
4
|
+
# Only run when AD integration tests aren't run
|
5
|
+
def run(*)
|
6
|
+
self.class.test_env != "activedirectory" ? super : self
|
7
|
+
end
|
6
8
|
|
7
|
-
class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
|
8
9
|
def setup
|
9
10
|
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
|
10
11
|
@domain = @ldap.domain("dc=github,dc=com")
|
@@ -66,3 +67,60 @@ class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
|
|
66
67
|
end
|
67
68
|
end
|
68
69
|
end
|
70
|
+
|
71
|
+
# See test/support/vm/activedirectory/README.md for details
|
72
|
+
class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
|
73
|
+
# Only run this test suite if ActiveDirectory is configured
|
74
|
+
def run(*)
|
75
|
+
self.class.test_env == "activedirectory" ? super : self
|
76
|
+
end
|
77
|
+
|
78
|
+
def setup
|
79
|
+
@ldap = GitHub::Ldap.new(options)
|
80
|
+
@domain = @ldap.domain(options[:search_domains])
|
81
|
+
@entry = @domain.user?('user1')
|
82
|
+
@validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
|
83
|
+
end
|
84
|
+
|
85
|
+
def make_validator(groups)
|
86
|
+
groups = @domain.groups(groups)
|
87
|
+
@validator.new(@ldap, groups)
|
88
|
+
end
|
89
|
+
|
90
|
+
def test_validates_user_in_group
|
91
|
+
validator = make_validator(%w(nested-group1))
|
92
|
+
assert validator.perform(@entry)
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_validates_user_in_child_group
|
96
|
+
validator = make_validator(%w(n-depth-nested-group1))
|
97
|
+
assert validator.perform(@entry)
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_validates_user_in_grandchild_group
|
101
|
+
validator = make_validator(%w(n-depth-nested-group2))
|
102
|
+
assert validator.perform(@entry)
|
103
|
+
end
|
104
|
+
|
105
|
+
def test_validates_user_in_great_grandchild_group
|
106
|
+
validator = make_validator(%w(n-depth-nested-group3))
|
107
|
+
assert validator.perform(@entry)
|
108
|
+
end
|
109
|
+
|
110
|
+
def test_does_not_validate_user_not_in_group
|
111
|
+
validator = make_validator(%w(ghe-admins))
|
112
|
+
refute validator.perform(@entry)
|
113
|
+
end
|
114
|
+
|
115
|
+
def test_does_not_validate_user_not_in_any_group
|
116
|
+
skip "update AD ldif to have a groupless user"
|
117
|
+
@entry = @domain.user?('groupless-user1')
|
118
|
+
validator = make_validator(%w(all-users))
|
119
|
+
refute validator.perform(@entry)
|
120
|
+
end
|
121
|
+
|
122
|
+
def test_validates_user_in_posix_group
|
123
|
+
validator = make_validator(%w(posix-group1))
|
124
|
+
assert validator.perform(@entry)
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require_relative '../test_helper'
|
2
|
+
|
3
|
+
# NOTE: Since this strategy is targeted at detecting ActiveDirectory
|
4
|
+
# capabilities, and we don't have AD setup in CI, we stub out actual queries
|
5
|
+
# and test against what AD *would* respond with.
|
6
|
+
|
7
|
+
class GitHubLdapDetectMembershipValidatorsTest < GitHub::Ldap::Test
|
8
|
+
def setup
|
9
|
+
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
|
10
|
+
@domain = @ldap.domain("dc=github,dc=com")
|
11
|
+
@entry = @domain.user?('user1')
|
12
|
+
@validator = GitHub::Ldap::MembershipValidators::Detect
|
13
|
+
end
|
14
|
+
|
15
|
+
def make_validator(groups)
|
16
|
+
groups = @domain.groups(groups)
|
17
|
+
@validator.new(@ldap, groups)
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_defers_to_configured_strategy
|
21
|
+
@ldap.configure_membership_validation_strategy(:classic)
|
22
|
+
validator = make_validator(%w(group))
|
23
|
+
|
24
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::Classic, validator.strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
def test_detects_active_directory
|
28
|
+
caps = Net::LDAP::Entry.new
|
29
|
+
caps[:supportedcapabilities] =
|
30
|
+
[GitHub::Ldap::MembershipValidators::Detect::ACTIVE_DIRECTORY_V61_R2_OID]
|
31
|
+
|
32
|
+
validator = make_validator(%w(group))
|
33
|
+
@ldap.stub :capabilities, caps do
|
34
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::ActiveDirectory,
|
35
|
+
validator.strategy
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def test_falls_back_to_recursive
|
40
|
+
caps = Net::LDAP::Entry.new
|
41
|
+
caps[:supportedcapabilities] = []
|
42
|
+
|
43
|
+
validator = make_validator(%w(group))
|
44
|
+
@ldap.stub :capabilities, caps do
|
45
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::Recursive,
|
46
|
+
validator.strategy
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
env.sh
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Local ActiveDirectory Integration Testing
|
2
|
+
|
3
|
+
Integration tests are not run for ActiveDirectory in continuous integration
|
4
|
+
because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
|
5
|
+
configure a local VM with AD running (this is left as an exercise for the
|
6
|
+
reader).
|
7
|
+
|
8
|
+
To run integration tests against the local ActiveDirectory VM, from the project
|
9
|
+
root run:
|
10
|
+
|
11
|
+
``` bash
|
12
|
+
# duplicate example env.sh for specific config
|
13
|
+
$ cp test/support/vm/activedirectory/env.sh{.example,}
|
14
|
+
|
15
|
+
# edit env.sh and fill in with your VM's values, then
|
16
|
+
$ source test/support/vm/activedirectory/env.sh
|
17
|
+
|
18
|
+
# run all tests against AD
|
19
|
+
$ time bundle exec rake
|
20
|
+
|
21
|
+
# run a specific test file against AD
|
22
|
+
$ time bundle exec ruby test/membership_validators/active_directory_test.rb
|
23
|
+
|
24
|
+
# reset environment to test other LDAP servers
|
25
|
+
$ source test/support/vm/activedirectory/reset-env.sh
|
26
|
+
```
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Copy this to ad-env.sh, and fill in with your own values
|
2
|
+
|
3
|
+
export TESTENV=activedirectory
|
4
|
+
export INTEGRATION_HOST=123.123.123.123
|
5
|
+
export INTEGRATION_PORT=389
|
6
|
+
export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
|
7
|
+
export INTEGRATION_PASSWORD='passworD1'
|
8
|
+
export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'
|
@@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
|
|
16
16
|
$ cd ../../../..
|
17
17
|
|
18
18
|
# run all tests against OpenLDAP
|
19
|
-
$ time TESTENV=openldap
|
19
|
+
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake
|
20
20
|
|
21
21
|
# run a specific test file against OpenLDAP
|
22
|
-
$ time TESTENV=openldap
|
22
|
+
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
|
23
23
|
|
24
24
|
# run OpenLDAP tests by default
|
25
25
|
$ export TESTENV=openldap
|
data/test/test_helper.rb
CHANGED
@@ -71,7 +71,7 @@ class GitHub::Ldap::Test < Minitest::Test
|
|
71
71
|
instrumentation_service: @service
|
72
72
|
when "openldap"
|
73
73
|
{
|
74
|
-
host: ENV.fetch("
|
74
|
+
host: ENV.fetch("INTEGRATION_HOST", "localhost"),
|
75
75
|
port: 389,
|
76
76
|
admin_user: 'uid=admin,dc=github,dc=com',
|
77
77
|
admin_password: 'passworD1',
|
@@ -79,6 +79,15 @@ class GitHub::Ldap::Test < Minitest::Test
|
|
79
79
|
uid: 'uid',
|
80
80
|
instrumentation_service: @service
|
81
81
|
}
|
82
|
+
when "activedirectory"
|
83
|
+
{
|
84
|
+
host: ENV.fetch("INTEGRATION_HOST"),
|
85
|
+
port: ENV.fetch("INTEGRATION_PORT", 389),
|
86
|
+
admin_user: ENV.fetch("INTEGRATION_USER"),
|
87
|
+
admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
|
88
|
+
search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
|
89
|
+
instrumentation_service: @service
|
90
|
+
}
|
82
91
|
end
|
83
92
|
end
|
84
93
|
end
|
metadata
CHANGED
@@ -1,83 +1,83 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github-ldap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Calavera
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-11-
|
11
|
+
date: 2014-11-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: net-ldap
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 0.9.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 0.9.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - ~>
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '1.3'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - ~>
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '1.3'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: ladle
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: minitest
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - ~>
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '5'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- - ~>
|
66
|
+
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '5'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- -
|
73
|
+
- - ">="
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- -
|
80
|
+
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
83
|
description: Ldap authentication for humans
|
@@ -87,8 +87,8 @@ executables: []
|
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files: []
|
89
89
|
files:
|
90
|
-
- .gitignore
|
91
|
-
- .travis.yml
|
90
|
+
- ".gitignore"
|
91
|
+
- ".travis.yml"
|
92
92
|
- CHANGELOG.md
|
93
93
|
- Gemfile
|
94
94
|
- LICENSE.txt
|
@@ -105,6 +105,7 @@ files:
|
|
105
105
|
- lib/github/ldap/membership_validators/active_directory.rb
|
106
106
|
- lib/github/ldap/membership_validators/base.rb
|
107
107
|
- lib/github/ldap/membership_validators/classic.rb
|
108
|
+
- lib/github/ldap/membership_validators/detect.rb
|
108
109
|
- lib/github/ldap/membership_validators/recursive.rb
|
109
110
|
- lib/github/ldap/posix_group.rb
|
110
111
|
- lib/github/ldap/server.rb
|
@@ -126,9 +127,13 @@ files:
|
|
126
127
|
- test/ldap_test.rb
|
127
128
|
- test/membership_validators/active_directory_test.rb
|
128
129
|
- test/membership_validators/classic_test.rb
|
130
|
+
- test/membership_validators/detect_test.rb
|
129
131
|
- test/membership_validators/recursive_test.rb
|
130
|
-
- test/membership_validators_test.rb
|
131
132
|
- test/posix_group_test.rb
|
133
|
+
- test/support/vm/activedirectory/.gitignore
|
134
|
+
- test/support/vm/activedirectory/README.md
|
135
|
+
- test/support/vm/activedirectory/env.sh.example
|
136
|
+
- test/support/vm/activedirectory/reset-env.sh
|
132
137
|
- test/support/vm/openldap/.gitignore
|
133
138
|
- test/support/vm/openldap/README.md
|
134
139
|
- test/support/vm/openldap/Vagrantfile
|
@@ -143,17 +148,17 @@ require_paths:
|
|
143
148
|
- lib
|
144
149
|
required_ruby_version: !ruby/object:Gem::Requirement
|
145
150
|
requirements:
|
146
|
-
- -
|
151
|
+
- - ">="
|
147
152
|
- !ruby/object:Gem::Version
|
148
153
|
version: '0'
|
149
154
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
150
155
|
requirements:
|
151
|
-
- -
|
156
|
+
- - ">="
|
152
157
|
- !ruby/object:Gem::Version
|
153
158
|
version: '0'
|
154
159
|
requirements: []
|
155
160
|
rubyforge_project:
|
156
|
-
rubygems_version: 2.
|
161
|
+
rubygems_version: 2.2.2
|
157
162
|
signing_key:
|
158
163
|
specification_version: 4
|
159
164
|
summary: Ldap client authentication wrapper without all the boilerplate
|
@@ -168,9 +173,13 @@ test_files:
|
|
168
173
|
- test/ldap_test.rb
|
169
174
|
- test/membership_validators/active_directory_test.rb
|
170
175
|
- test/membership_validators/classic_test.rb
|
176
|
+
- test/membership_validators/detect_test.rb
|
171
177
|
- test/membership_validators/recursive_test.rb
|
172
|
-
- test/membership_validators_test.rb
|
173
178
|
- test/posix_group_test.rb
|
179
|
+
- test/support/vm/activedirectory/.gitignore
|
180
|
+
- test/support/vm/activedirectory/README.md
|
181
|
+
- test/support/vm/activedirectory/env.sh.example
|
182
|
+
- test/support/vm/activedirectory/reset-env.sh
|
174
183
|
- test/support/vm/openldap/.gitignore
|
175
184
|
- test/support/vm/openldap/README.md
|
176
185
|
- test/support/vm/openldap/Vagrantfile
|
@@ -1,46 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
|
3
|
-
module GitHubLdapMembershipValidatorsTestCases
|
4
|
-
def make_validator(groups)
|
5
|
-
groups = @domain.groups(groups)
|
6
|
-
@validator.new(@ldap, groups)
|
7
|
-
end
|
8
|
-
|
9
|
-
def test_validates_user_in_group
|
10
|
-
validator = make_validator(%w(ghe-users))
|
11
|
-
assert validator.perform(@entry)
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_does_not_validate_user_not_in_group
|
15
|
-
validator = make_validator(%w(ghe-admins))
|
16
|
-
refute validator.perform(@entry)
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_does_not_validate_user_not_in_any_group
|
20
|
-
@entry = @domain.user?('groupless-user1')
|
21
|
-
validator = make_validator(%w(ghe-users ghe-admins))
|
22
|
-
refute validator.perform(@entry)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
class GitHubLdapMembershipValidatorsClassicTest < GitHub::Ldap::Test
|
27
|
-
include GitHubLdapMembershipValidatorsTestCases
|
28
|
-
|
29
|
-
def setup
|
30
|
-
@ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
|
31
|
-
@domain = @ldap.domain("dc=github,dc=com")
|
32
|
-
@entry = @domain.user?('user1')
|
33
|
-
@validator = GitHub::Ldap::MembershipValidators::Classic
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
class GitHubLdapMembershipValidatorsRecursiveTest < GitHub::Ldap::Test
|
38
|
-
include GitHubLdapMembershipValidatorsTestCases
|
39
|
-
|
40
|
-
def setup
|
41
|
-
@ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
|
42
|
-
@domain = @ldap.domain("dc=github,dc=com")
|
43
|
-
@entry = @domain.user?('user1')
|
44
|
-
@validator = GitHub::Ldap::MembershipValidators::Recursive
|
45
|
-
end
|
46
|
-
end
|