github-ldap 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/github-ldap.gemspec +1 -1
- data/lib/github/ldap.rb +40 -0
- data/lib/github/ldap/membership_validators.rb +9 -1
- data/lib/github/ldap/membership_validators/detect.rb +69 -0
- data/script/changelog +3 -3
- data/test/ldap_test.rb +28 -0
- data/test/membership_validators/active_directory_test.rb +62 -4
- data/test/membership_validators/detect_test.rb +49 -0
- data/test/support/vm/activedirectory/.gitignore +1 -0
- data/test/support/vm/activedirectory/README.md +26 -0
- data/test/support/vm/activedirectory/env.sh.example +8 -0
- data/test/support/vm/activedirectory/reset-env.sh +6 -0
- data/test/support/vm/openldap/README.md +2 -2
- data/test/test_helper.rb +10 -1
- metadata +28 -19
- data/test/membership_validators_test.rb +0 -46
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f94f5af944845beec077b7ae4f67f73bcdcd3324
|
4
|
+
data.tar.gz: d0cbf4bb74c1fedfce35a886967b084061c95cfb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cd8ca33063aff485c5e0d4df63ca8e5d6c83641d202d3dddc02ace9d373710e511f152197a2d9c36e71e9dfe67ce56692859183a7ced2fe7fb847caeb2fcc1bb
|
7
|
+
data.tar.gz: 75a413369b9d935499bae900382569314b90f71259ac5b813cd059328ca92f6533acdb106947c7d9139228f4f3597599d405a4be5bada4609d1aaef7e43c521d
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# CHANGELOG
|
2
2
|
|
3
|
+
## v1.5.0
|
4
|
+
|
5
|
+
* Automatically detect membership validator strategy by default [#58](https://github.com/github/github-ldap/pull/58) [#62](https://github.com/github/github-ldap/pull/62)
|
6
|
+
* Document local integration testing with Active Directory [#61](https://github.com/github/github-ldap/pull/61)
|
7
|
+
|
3
8
|
## v1.4.0
|
4
9
|
|
5
10
|
* Document constructor options [#57](https://github.com/github/github-ldap/pull/57)
|
data/github-ldap.gemspec
CHANGED
data/lib/github/ldap.rb
CHANGED
@@ -34,6 +34,7 @@ module GitHub
|
|
34
34
|
def_delegator :@connection, :open
|
35
35
|
|
36
36
|
attr_reader :uid, :search_domains, :virtual_attributes,
|
37
|
+
:membership_validator,
|
37
38
|
:instrumentation_service
|
38
39
|
|
39
40
|
# Build a new GitHub::Ldap instance
|
@@ -87,6 +88,9 @@ module GitHub
|
|
87
88
|
# when a base is not explicitly provided.
|
88
89
|
@search_domains = Array(options[:search_domains])
|
89
90
|
|
91
|
+
# configure which strategy should be used to validate user membership
|
92
|
+
configure_membership_validation_strategy(options[:membership_validator])
|
93
|
+
|
90
94
|
# enables instrumenting queries
|
91
95
|
@instrumentation_service = options[:instrumentation_service]
|
92
96
|
end
|
@@ -182,6 +186,23 @@ module GitHub
|
|
182
186
|
end
|
183
187
|
end
|
184
188
|
|
189
|
+
# Internal: Searches the host LDAP server's Root DSE for capabilities and
|
190
|
+
# extensions.
|
191
|
+
#
|
192
|
+
# Returns a Net::LDAP::Entry object.
|
193
|
+
def capabilities
|
194
|
+
@capabilities ||=
|
195
|
+
instrument "capabilities.github_ldap" do |payload|
|
196
|
+
begin
|
197
|
+
@connection.search_root_dse
|
198
|
+
rescue Net::LDAP::LdapError => error
|
199
|
+
payload[:error] = error
|
200
|
+
# stubbed result
|
201
|
+
Net::LDAP::Entry.new
|
202
|
+
end
|
203
|
+
end
|
204
|
+
end
|
205
|
+
|
185
206
|
# Internal - Determine whether to use encryption or not.
|
186
207
|
#
|
187
208
|
# encryption: is the encryption method, either 'ssl', 'tls', 'simple_tls' or 'start_tls'.
|
@@ -214,5 +235,24 @@ module GitHub
|
|
214
235
|
VirtualAttributes.new(false)
|
215
236
|
end
|
216
237
|
end
|
238
|
+
|
239
|
+
# Internal: Configure the membership validation strategy.
|
240
|
+
#
|
241
|
+
# Used by GitHub::Ldap::MembershipValidators::Detect to force a specific
|
242
|
+
# strategy (instead of detecting host capabilities and deciding at runtime).
|
243
|
+
#
|
244
|
+
# If `strategy` is not provided, or doesn't match a known strategy,
|
245
|
+
# defaults to `:detect`. Otherwise the configured strategy is selected.
|
246
|
+
#
|
247
|
+
# Returns the selected membership validator strategy Symbol.
|
248
|
+
def configure_membership_validation_strategy(strategy = nil)
|
249
|
+
@membership_validator =
|
250
|
+
case strategy.to_s
|
251
|
+
when "classic", "recursive", "active_directory"
|
252
|
+
strategy.to_sym
|
253
|
+
else
|
254
|
+
:detect
|
255
|
+
end
|
256
|
+
end
|
217
257
|
end
|
218
258
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'github/ldap/membership_validators/base'
|
2
|
+
require 'github/ldap/membership_validators/detect'
|
2
3
|
require 'github/ldap/membership_validators/classic'
|
3
4
|
require 'github/ldap/membership_validators/recursive'
|
4
5
|
require 'github/ldap/membership_validators/active_directory'
|
@@ -13,6 +14,13 @@ module GitHub
|
|
13
14
|
# validator = GitHub::Ldap::MembershipValidators::Classic.new(ldap, groups)
|
14
15
|
# validator.perform(entry) #=> true
|
15
16
|
#
|
16
|
-
module MembershipValidators
|
17
|
+
module MembershipValidators
|
18
|
+
# Internal: Mapping of strategy name to class.
|
19
|
+
STRATEGIES = {
|
20
|
+
:classic => GitHub::Ldap::MembershipValidators::Classic,
|
21
|
+
:recursive => GitHub::Ldap::MembershipValidators::Recursive,
|
22
|
+
:active_directory => GitHub::Ldap::MembershipValidators::ActiveDirectory
|
23
|
+
}
|
24
|
+
end
|
17
25
|
end
|
18
26
|
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
module GitHub
|
2
|
+
class Ldap
|
3
|
+
module MembershipValidators
|
4
|
+
# Detects the LDAP host's capabilities and determines the appropriate
|
5
|
+
# membership validation strategy at runtime. Currently detects for
|
6
|
+
# ActiveDirectory in-chain membership validation. An explicit strategy can
|
7
|
+
# also be defined via `GitHub::Ldap#membership_validator=`. See also
|
8
|
+
# `GitHub::Ldap#configure_membership_validation_strategy`.
|
9
|
+
class Detect < Base
|
10
|
+
# Internal: The capability required to use the ActiveDirectory strategy.
|
11
|
+
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
|
12
|
+
ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
|
13
|
+
|
14
|
+
def perform(entry)
|
15
|
+
# short circuit validation if there are no groups to check against
|
16
|
+
return true if groups.empty?
|
17
|
+
|
18
|
+
strategy.perform(entry)
|
19
|
+
end
|
20
|
+
|
21
|
+
# Internal: Returns the membership validation strategy object.
|
22
|
+
def strategy
|
23
|
+
@strategy ||= begin
|
24
|
+
strategy = detect_strategy
|
25
|
+
strategy.new(ldap, groups)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# Internal: Detects LDAP host's capabilities and chooses the best
|
30
|
+
# strategy for the host.
|
31
|
+
#
|
32
|
+
# If the strategy has been set explicitly, skips detection and uses the
|
33
|
+
# configured strategy instead.
|
34
|
+
#
|
35
|
+
# Returns the strategy class.
|
36
|
+
def detect_strategy
|
37
|
+
case
|
38
|
+
when GitHub::Ldap::MembershipValidators::STRATEGIES.key?(strategy_config)
|
39
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[strategy_config]
|
40
|
+
when active_directory_capability?
|
41
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[:active_directory]
|
42
|
+
else
|
43
|
+
GitHub::Ldap::MembershipValidators::STRATEGIES[:recursive]
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# Internal: Returns the configured membership validator strategy Symbol.
|
48
|
+
def strategy_config
|
49
|
+
ldap.membership_validator
|
50
|
+
end
|
51
|
+
|
52
|
+
# Internal: Detect whether the LDAP host is an ActiveDirectory server.
|
53
|
+
#
|
54
|
+
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
|
55
|
+
#
|
56
|
+
# Returns true if the host is an ActiveDirectory server, false otherwise.
|
57
|
+
def active_directory_capability?
|
58
|
+
capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
|
59
|
+
end
|
60
|
+
|
61
|
+
# Internal: Returns the Net::LDAP::Entry object describing the LDAP
|
62
|
+
# host's capabilities (via the Root DSE).
|
63
|
+
def capabilities
|
64
|
+
ldap.capabilities
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/script/changelog
CHANGED
@@ -13,16 +13,16 @@ set -e
|
|
13
13
|
[ $# -eq 0 ] && set -- --help
|
14
14
|
|
15
15
|
# parse args
|
16
|
-
repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4-)
|
16
|
+
repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4- | sed 's/\.git//')
|
17
17
|
base=$(git tag -l | sort -n | tail -n 1)
|
18
18
|
head="HEAD"
|
19
19
|
api_url="https://api.github.com"
|
20
20
|
|
21
|
-
echo "# $base..$head"
|
21
|
+
echo "# $repo $base..$head"
|
22
22
|
echo
|
23
23
|
|
24
24
|
# get merged PR's. Better way is to query the API for these, but this is easier
|
25
|
-
for pr in $(git log --oneline
|
25
|
+
for pr in $(git log --oneline $base..$head | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
|
26
26
|
do
|
27
27
|
# frustrated with trying to pull out the right values, fell back to ruby
|
28
28
|
curl -s "$api_url/repos/$repo/pulls/$pr" | ruby -rjson -e 'pr=JSON.parse(STDIN.read); puts "* #{pr[%q(title)]} [##{pr[%q(number)]}](#{pr[%q(html_url)]})"'
|
data/test/ldap_test.rb
CHANGED
@@ -72,6 +72,34 @@ module GitHubLdapTestCases
|
|
72
72
|
assert_equal "(uid=user1)", payload[:filter].to_s
|
73
73
|
assert_equal "dc=github,dc=com", payload[:base]
|
74
74
|
end
|
75
|
+
|
76
|
+
def test_membership_validator_default
|
77
|
+
assert_equal :detect, @ldap.membership_validator
|
78
|
+
end
|
79
|
+
|
80
|
+
def test_membership_validator_configured_to_classic_strategy
|
81
|
+
@ldap.configure_membership_validation_strategy :classic
|
82
|
+
assert_equal :classic, @ldap.membership_validator
|
83
|
+
end
|
84
|
+
|
85
|
+
def test_membership_validator_configured_to_recursive_strategy
|
86
|
+
@ldap.configure_membership_validation_strategy :recursive
|
87
|
+
assert_equal :recursive, @ldap.membership_validator
|
88
|
+
end
|
89
|
+
|
90
|
+
def test_membership_validator_configured_to_active_directory_strategy
|
91
|
+
@ldap.configure_membership_validation_strategy :active_directory
|
92
|
+
assert_equal :active_directory, @ldap.membership_validator
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_membership_validator_misconfigured_to_unrecognized_strategy_falls_back_to_default
|
96
|
+
@ldap.configure_membership_validation_strategy :unknown
|
97
|
+
assert_equal :detect, @ldap.membership_validator
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_capabilities
|
101
|
+
assert_kind_of Net::LDAP::Entry, @ldap.capabilities
|
102
|
+
end
|
75
103
|
end
|
76
104
|
|
77
105
|
class GitHubLdapTest < GitHub::Ldap::Test
|
@@ -1,10 +1,11 @@
|
|
1
1
|
require_relative '../test_helper'
|
2
2
|
|
3
|
-
|
4
|
-
#
|
5
|
-
|
3
|
+
class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
|
4
|
+
# Only run when AD integration tests aren't run
|
5
|
+
def run(*)
|
6
|
+
self.class.test_env != "activedirectory" ? super : self
|
7
|
+
end
|
6
8
|
|
7
|
-
class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
|
8
9
|
def setup
|
9
10
|
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
|
10
11
|
@domain = @ldap.domain("dc=github,dc=com")
|
@@ -66,3 +67,60 @@ class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
|
|
66
67
|
end
|
67
68
|
end
|
68
69
|
end
|
70
|
+
|
71
|
+
# See test/support/vm/activedirectory/README.md for details
|
72
|
+
class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
|
73
|
+
# Only run this test suite if ActiveDirectory is configured
|
74
|
+
def run(*)
|
75
|
+
self.class.test_env == "activedirectory" ? super : self
|
76
|
+
end
|
77
|
+
|
78
|
+
def setup
|
79
|
+
@ldap = GitHub::Ldap.new(options)
|
80
|
+
@domain = @ldap.domain(options[:search_domains])
|
81
|
+
@entry = @domain.user?('user1')
|
82
|
+
@validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
|
83
|
+
end
|
84
|
+
|
85
|
+
def make_validator(groups)
|
86
|
+
groups = @domain.groups(groups)
|
87
|
+
@validator.new(@ldap, groups)
|
88
|
+
end
|
89
|
+
|
90
|
+
def test_validates_user_in_group
|
91
|
+
validator = make_validator(%w(nested-group1))
|
92
|
+
assert validator.perform(@entry)
|
93
|
+
end
|
94
|
+
|
95
|
+
def test_validates_user_in_child_group
|
96
|
+
validator = make_validator(%w(n-depth-nested-group1))
|
97
|
+
assert validator.perform(@entry)
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_validates_user_in_grandchild_group
|
101
|
+
validator = make_validator(%w(n-depth-nested-group2))
|
102
|
+
assert validator.perform(@entry)
|
103
|
+
end
|
104
|
+
|
105
|
+
def test_validates_user_in_great_grandchild_group
|
106
|
+
validator = make_validator(%w(n-depth-nested-group3))
|
107
|
+
assert validator.perform(@entry)
|
108
|
+
end
|
109
|
+
|
110
|
+
def test_does_not_validate_user_not_in_group
|
111
|
+
validator = make_validator(%w(ghe-admins))
|
112
|
+
refute validator.perform(@entry)
|
113
|
+
end
|
114
|
+
|
115
|
+
def test_does_not_validate_user_not_in_any_group
|
116
|
+
skip "update AD ldif to have a groupless user"
|
117
|
+
@entry = @domain.user?('groupless-user1')
|
118
|
+
validator = make_validator(%w(all-users))
|
119
|
+
refute validator.perform(@entry)
|
120
|
+
end
|
121
|
+
|
122
|
+
def test_validates_user_in_posix_group
|
123
|
+
validator = make_validator(%w(posix-group1))
|
124
|
+
assert validator.perform(@entry)
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require_relative '../test_helper'
|
2
|
+
|
3
|
+
# NOTE: Since this strategy is targeted at detecting ActiveDirectory
|
4
|
+
# capabilities, and we don't have AD setup in CI, we stub out actual queries
|
5
|
+
# and test against what AD *would* respond with.
|
6
|
+
|
7
|
+
class GitHubLdapDetectMembershipValidatorsTest < GitHub::Ldap::Test
|
8
|
+
def setup
|
9
|
+
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
|
10
|
+
@domain = @ldap.domain("dc=github,dc=com")
|
11
|
+
@entry = @domain.user?('user1')
|
12
|
+
@validator = GitHub::Ldap::MembershipValidators::Detect
|
13
|
+
end
|
14
|
+
|
15
|
+
def make_validator(groups)
|
16
|
+
groups = @domain.groups(groups)
|
17
|
+
@validator.new(@ldap, groups)
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_defers_to_configured_strategy
|
21
|
+
@ldap.configure_membership_validation_strategy(:classic)
|
22
|
+
validator = make_validator(%w(group))
|
23
|
+
|
24
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::Classic, validator.strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
def test_detects_active_directory
|
28
|
+
caps = Net::LDAP::Entry.new
|
29
|
+
caps[:supportedcapabilities] =
|
30
|
+
[GitHub::Ldap::MembershipValidators::Detect::ACTIVE_DIRECTORY_V61_R2_OID]
|
31
|
+
|
32
|
+
validator = make_validator(%w(group))
|
33
|
+
@ldap.stub :capabilities, caps do
|
34
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::ActiveDirectory,
|
35
|
+
validator.strategy
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def test_falls_back_to_recursive
|
40
|
+
caps = Net::LDAP::Entry.new
|
41
|
+
caps[:supportedcapabilities] = []
|
42
|
+
|
43
|
+
validator = make_validator(%w(group))
|
44
|
+
@ldap.stub :capabilities, caps do
|
45
|
+
assert_kind_of GitHub::Ldap::MembershipValidators::Recursive,
|
46
|
+
validator.strategy
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
env.sh
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Local ActiveDirectory Integration Testing
|
2
|
+
|
3
|
+
Integration tests are not run for ActiveDirectory in continuous integration
|
4
|
+
because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
|
5
|
+
configure a local VM with AD running (this is left as an exercise for the
|
6
|
+
reader).
|
7
|
+
|
8
|
+
To run integration tests against the local ActiveDirectory VM, from the project
|
9
|
+
root run:
|
10
|
+
|
11
|
+
``` bash
|
12
|
+
# duplicate example env.sh for specific config
|
13
|
+
$ cp test/support/vm/activedirectory/env.sh{.example,}
|
14
|
+
|
15
|
+
# edit env.sh and fill in with your VM's values, then
|
16
|
+
$ source test/support/vm/activedirectory/env.sh
|
17
|
+
|
18
|
+
# run all tests against AD
|
19
|
+
$ time bundle exec rake
|
20
|
+
|
21
|
+
# run a specific test file against AD
|
22
|
+
$ time bundle exec ruby test/membership_validators/active_directory_test.rb
|
23
|
+
|
24
|
+
# reset environment to test other LDAP servers
|
25
|
+
$ source test/support/vm/activedirectory/reset-env.sh
|
26
|
+
```
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Copy this to ad-env.sh, and fill in with your own values
|
2
|
+
|
3
|
+
export TESTENV=activedirectory
|
4
|
+
export INTEGRATION_HOST=123.123.123.123
|
5
|
+
export INTEGRATION_PORT=389
|
6
|
+
export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
|
7
|
+
export INTEGRATION_PASSWORD='passworD1'
|
8
|
+
export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'
|
@@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
|
|
16
16
|
$ cd ../../../..
|
17
17
|
|
18
18
|
# run all tests against OpenLDAP
|
19
|
-
$ time TESTENV=openldap
|
19
|
+
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake
|
20
20
|
|
21
21
|
# run a specific test file against OpenLDAP
|
22
|
-
$ time TESTENV=openldap
|
22
|
+
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
|
23
23
|
|
24
24
|
# run OpenLDAP tests by default
|
25
25
|
$ export TESTENV=openldap
|
data/test/test_helper.rb
CHANGED
@@ -71,7 +71,7 @@ class GitHub::Ldap::Test < Minitest::Test
|
|
71
71
|
instrumentation_service: @service
|
72
72
|
when "openldap"
|
73
73
|
{
|
74
|
-
host: ENV.fetch("
|
74
|
+
host: ENV.fetch("INTEGRATION_HOST", "localhost"),
|
75
75
|
port: 389,
|
76
76
|
admin_user: 'uid=admin,dc=github,dc=com',
|
77
77
|
admin_password: 'passworD1',
|
@@ -79,6 +79,15 @@ class GitHub::Ldap::Test < Minitest::Test
|
|
79
79
|
uid: 'uid',
|
80
80
|
instrumentation_service: @service
|
81
81
|
}
|
82
|
+
when "activedirectory"
|
83
|
+
{
|
84
|
+
host: ENV.fetch("INTEGRATION_HOST"),
|
85
|
+
port: ENV.fetch("INTEGRATION_PORT", 389),
|
86
|
+
admin_user: ENV.fetch("INTEGRATION_USER"),
|
87
|
+
admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
|
88
|
+
search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
|
89
|
+
instrumentation_service: @service
|
90
|
+
}
|
82
91
|
end
|
83
92
|
end
|
84
93
|
end
|
metadata
CHANGED
@@ -1,83 +1,83 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github-ldap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Calavera
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-11-
|
11
|
+
date: 2014-11-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: net-ldap
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 0.9.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 0.9.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - ~>
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '1.3'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - ~>
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '1.3'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: ladle
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: minitest
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - ~>
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '5'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- - ~>
|
66
|
+
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '5'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- -
|
73
|
+
- - ">="
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- -
|
80
|
+
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
83
|
description: Ldap authentication for humans
|
@@ -87,8 +87,8 @@ executables: []
|
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files: []
|
89
89
|
files:
|
90
|
-
- .gitignore
|
91
|
-
- .travis.yml
|
90
|
+
- ".gitignore"
|
91
|
+
- ".travis.yml"
|
92
92
|
- CHANGELOG.md
|
93
93
|
- Gemfile
|
94
94
|
- LICENSE.txt
|
@@ -105,6 +105,7 @@ files:
|
|
105
105
|
- lib/github/ldap/membership_validators/active_directory.rb
|
106
106
|
- lib/github/ldap/membership_validators/base.rb
|
107
107
|
- lib/github/ldap/membership_validators/classic.rb
|
108
|
+
- lib/github/ldap/membership_validators/detect.rb
|
108
109
|
- lib/github/ldap/membership_validators/recursive.rb
|
109
110
|
- lib/github/ldap/posix_group.rb
|
110
111
|
- lib/github/ldap/server.rb
|
@@ -126,9 +127,13 @@ files:
|
|
126
127
|
- test/ldap_test.rb
|
127
128
|
- test/membership_validators/active_directory_test.rb
|
128
129
|
- test/membership_validators/classic_test.rb
|
130
|
+
- test/membership_validators/detect_test.rb
|
129
131
|
- test/membership_validators/recursive_test.rb
|
130
|
-
- test/membership_validators_test.rb
|
131
132
|
- test/posix_group_test.rb
|
133
|
+
- test/support/vm/activedirectory/.gitignore
|
134
|
+
- test/support/vm/activedirectory/README.md
|
135
|
+
- test/support/vm/activedirectory/env.sh.example
|
136
|
+
- test/support/vm/activedirectory/reset-env.sh
|
132
137
|
- test/support/vm/openldap/.gitignore
|
133
138
|
- test/support/vm/openldap/README.md
|
134
139
|
- test/support/vm/openldap/Vagrantfile
|
@@ -143,17 +148,17 @@ require_paths:
|
|
143
148
|
- lib
|
144
149
|
required_ruby_version: !ruby/object:Gem::Requirement
|
145
150
|
requirements:
|
146
|
-
- -
|
151
|
+
- - ">="
|
147
152
|
- !ruby/object:Gem::Version
|
148
153
|
version: '0'
|
149
154
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
150
155
|
requirements:
|
151
|
-
- -
|
156
|
+
- - ">="
|
152
157
|
- !ruby/object:Gem::Version
|
153
158
|
version: '0'
|
154
159
|
requirements: []
|
155
160
|
rubyforge_project:
|
156
|
-
rubygems_version: 2.
|
161
|
+
rubygems_version: 2.2.2
|
157
162
|
signing_key:
|
158
163
|
specification_version: 4
|
159
164
|
summary: Ldap client authentication wrapper without all the boilerplate
|
@@ -168,9 +173,13 @@ test_files:
|
|
168
173
|
- test/ldap_test.rb
|
169
174
|
- test/membership_validators/active_directory_test.rb
|
170
175
|
- test/membership_validators/classic_test.rb
|
176
|
+
- test/membership_validators/detect_test.rb
|
171
177
|
- test/membership_validators/recursive_test.rb
|
172
|
-
- test/membership_validators_test.rb
|
173
178
|
- test/posix_group_test.rb
|
179
|
+
- test/support/vm/activedirectory/.gitignore
|
180
|
+
- test/support/vm/activedirectory/README.md
|
181
|
+
- test/support/vm/activedirectory/env.sh.example
|
182
|
+
- test/support/vm/activedirectory/reset-env.sh
|
174
183
|
- test/support/vm/openldap/.gitignore
|
175
184
|
- test/support/vm/openldap/README.md
|
176
185
|
- test/support/vm/openldap/Vagrantfile
|
@@ -1,46 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
|
3
|
-
module GitHubLdapMembershipValidatorsTestCases
|
4
|
-
def make_validator(groups)
|
5
|
-
groups = @domain.groups(groups)
|
6
|
-
@validator.new(@ldap, groups)
|
7
|
-
end
|
8
|
-
|
9
|
-
def test_validates_user_in_group
|
10
|
-
validator = make_validator(%w(ghe-users))
|
11
|
-
assert validator.perform(@entry)
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_does_not_validate_user_not_in_group
|
15
|
-
validator = make_validator(%w(ghe-admins))
|
16
|
-
refute validator.perform(@entry)
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_does_not_validate_user_not_in_any_group
|
20
|
-
@entry = @domain.user?('groupless-user1')
|
21
|
-
validator = make_validator(%w(ghe-users ghe-admins))
|
22
|
-
refute validator.perform(@entry)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
class GitHubLdapMembershipValidatorsClassicTest < GitHub::Ldap::Test
|
27
|
-
include GitHubLdapMembershipValidatorsTestCases
|
28
|
-
|
29
|
-
def setup
|
30
|
-
@ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
|
31
|
-
@domain = @ldap.domain("dc=github,dc=com")
|
32
|
-
@entry = @domain.user?('user1')
|
33
|
-
@validator = GitHub::Ldap::MembershipValidators::Classic
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
class GitHubLdapMembershipValidatorsRecursiveTest < GitHub::Ldap::Test
|
38
|
-
include GitHubLdapMembershipValidatorsTestCases
|
39
|
-
|
40
|
-
def setup
|
41
|
-
@ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
|
42
|
-
@domain = @ldap.domain("dc=github,dc=com")
|
43
|
-
@entry = @domain.user?('user1')
|
44
|
-
@validator = GitHub::Ldap::MembershipValidators::Recursive
|
45
|
-
end
|
46
|
-
end
|