github-ldap 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 053a59e45e7ee63a06ee943da318bf9362455306
4
- data.tar.gz: d2b435150ad904b336490fa9e5bc863b6ab6d38d
3
+ metadata.gz: f94f5af944845beec077b7ae4f67f73bcdcd3324
4
+ data.tar.gz: d0cbf4bb74c1fedfce35a886967b084061c95cfb
5
5
  SHA512:
6
- metadata.gz: 195ae9040327fb236460618d6efeaf5588f07d33edc06220d312790643d81b6892ec063045dac7e4de5dd73444e8cead35baf1555ed57659855d519d0e297a15
7
- data.tar.gz: a5a047f799e6653cfbfc83749ed452ea2e3b0af1452930cdae78b51bf94461ce0bbb23ebe5a2b1672f348a1826a21633552680ae16cff56ddfffcc0a249e1b07
6
+ metadata.gz: cd8ca33063aff485c5e0d4df63ca8e5d6c83641d202d3dddc02ace9d373710e511f152197a2d9c36e71e9dfe67ce56692859183a7ced2fe7fb847caeb2fcc1bb
7
+ data.tar.gz: 75a413369b9d935499bae900382569314b90f71259ac5b813cd059328ca92f6533acdb106947c7d9139228f4f3597599d405a4be5bada4609d1aaef7e43c521d
@@ -1,5 +1,10 @@
1
1
  # CHANGELOG
2
2
 
3
+ ## v1.5.0
4
+
5
+ * Automatically detect membership validator strategy by default [#58](https://github.com/github/github-ldap/pull/58) [#62](https://github.com/github/github-ldap/pull/62)
6
+ * Document local integration testing with Active Directory [#61](https://github.com/github/github-ldap/pull/61)
7
+
3
8
  ## v1.4.0
4
9
 
5
10
  * Document constructor options [#57](https://github.com/github/github-ldap/pull/57)
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |spec|
4
4
  spec.name = "github-ldap"
5
- spec.version = "1.4.0"
5
+ spec.version = "1.5.0"
6
6
  spec.authors = ["David Calavera"]
7
7
  spec.email = ["david.calavera@gmail.com"]
8
8
  spec.description = %q{Ldap authentication for humans}
@@ -34,6 +34,7 @@ module GitHub
34
34
  def_delegator :@connection, :open
35
35
 
36
36
  attr_reader :uid, :search_domains, :virtual_attributes,
37
+ :membership_validator,
37
38
  :instrumentation_service
38
39
 
39
40
  # Build a new GitHub::Ldap instance
@@ -87,6 +88,9 @@ module GitHub
87
88
  # when a base is not explicitly provided.
88
89
  @search_domains = Array(options[:search_domains])
89
90
 
91
+ # configure which strategy should be used to validate user membership
92
+ configure_membership_validation_strategy(options[:membership_validator])
93
+
90
94
  # enables instrumenting queries
91
95
  @instrumentation_service = options[:instrumentation_service]
92
96
  end
@@ -182,6 +186,23 @@ module GitHub
182
186
  end
183
187
  end
184
188
 
189
+ # Internal: Searches the host LDAP server's Root DSE for capabilities and
190
+ # extensions.
191
+ #
192
+ # Returns a Net::LDAP::Entry object.
193
+ def capabilities
194
+ @capabilities ||=
195
+ instrument "capabilities.github_ldap" do |payload|
196
+ begin
197
+ @connection.search_root_dse
198
+ rescue Net::LDAP::LdapError => error
199
+ payload[:error] = error
200
+ # stubbed result
201
+ Net::LDAP::Entry.new
202
+ end
203
+ end
204
+ end
205
+
185
206
  # Internal - Determine whether to use encryption or not.
186
207
  #
187
208
  # encryption: is the encryption method, either 'ssl', 'tls', 'simple_tls' or 'start_tls'.
@@ -214,5 +235,24 @@ module GitHub
214
235
  VirtualAttributes.new(false)
215
236
  end
216
237
  end
238
+
239
+ # Internal: Configure the membership validation strategy.
240
+ #
241
+ # Used by GitHub::Ldap::MembershipValidators::Detect to force a specific
242
+ # strategy (instead of detecting host capabilities and deciding at runtime).
243
+ #
244
+ # If `strategy` is not provided, or doesn't match a known strategy,
245
+ # defaults to `:detect`. Otherwise the configured strategy is selected.
246
+ #
247
+ # Returns the selected membership validator strategy Symbol.
248
+ def configure_membership_validation_strategy(strategy = nil)
249
+ @membership_validator =
250
+ case strategy.to_s
251
+ when "classic", "recursive", "active_directory"
252
+ strategy.to_sym
253
+ else
254
+ :detect
255
+ end
256
+ end
217
257
  end
218
258
  end
@@ -1,4 +1,5 @@
1
1
  require 'github/ldap/membership_validators/base'
2
+ require 'github/ldap/membership_validators/detect'
2
3
  require 'github/ldap/membership_validators/classic'
3
4
  require 'github/ldap/membership_validators/recursive'
4
5
  require 'github/ldap/membership_validators/active_directory'
@@ -13,6 +14,13 @@ module GitHub
13
14
  # validator = GitHub::Ldap::MembershipValidators::Classic.new(ldap, groups)
14
15
  # validator.perform(entry) #=> true
15
16
  #
16
- module MembershipValidators; end
17
+ module MembershipValidators
18
+ # Internal: Mapping of strategy name to class.
19
+ STRATEGIES = {
20
+ :classic => GitHub::Ldap::MembershipValidators::Classic,
21
+ :recursive => GitHub::Ldap::MembershipValidators::Recursive,
22
+ :active_directory => GitHub::Ldap::MembershipValidators::ActiveDirectory
23
+ }
24
+ end
17
25
  end
18
26
  end
@@ -0,0 +1,69 @@
1
+ module GitHub
2
+ class Ldap
3
+ module MembershipValidators
4
+ # Detects the LDAP host's capabilities and determines the appropriate
5
+ # membership validation strategy at runtime. Currently detects for
6
+ # ActiveDirectory in-chain membership validation. An explicit strategy can
7
+ # also be defined via `GitHub::Ldap#membership_validator=`. See also
8
+ # `GitHub::Ldap#configure_membership_validation_strategy`.
9
+ class Detect < Base
10
+ # Internal: The capability required to use the ActiveDirectory strategy.
11
+ # See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
12
+ ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
13
+
14
+ def perform(entry)
15
+ # short circuit validation if there are no groups to check against
16
+ return true if groups.empty?
17
+
18
+ strategy.perform(entry)
19
+ end
20
+
21
+ # Internal: Returns the membership validation strategy object.
22
+ def strategy
23
+ @strategy ||= begin
24
+ strategy = detect_strategy
25
+ strategy.new(ldap, groups)
26
+ end
27
+ end
28
+
29
+ # Internal: Detects LDAP host's capabilities and chooses the best
30
+ # strategy for the host.
31
+ #
32
+ # If the strategy has been set explicitly, skips detection and uses the
33
+ # configured strategy instead.
34
+ #
35
+ # Returns the strategy class.
36
+ def detect_strategy
37
+ case
38
+ when GitHub::Ldap::MembershipValidators::STRATEGIES.key?(strategy_config)
39
+ GitHub::Ldap::MembershipValidators::STRATEGIES[strategy_config]
40
+ when active_directory_capability?
41
+ GitHub::Ldap::MembershipValidators::STRATEGIES[:active_directory]
42
+ else
43
+ GitHub::Ldap::MembershipValidators::STRATEGIES[:recursive]
44
+ end
45
+ end
46
+
47
+ # Internal: Returns the configured membership validator strategy Symbol.
48
+ def strategy_config
49
+ ldap.membership_validator
50
+ end
51
+
52
+ # Internal: Detect whether the LDAP host is an ActiveDirectory server.
53
+ #
54
+ # See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
55
+ #
56
+ # Returns true if the host is an ActiveDirectory server, false otherwise.
57
+ def active_directory_capability?
58
+ capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
59
+ end
60
+
61
+ # Internal: Returns the Net::LDAP::Entry object describing the LDAP
62
+ # host's capabilities (via the Root DSE).
63
+ def capabilities
64
+ ldap.capabilities
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
@@ -13,16 +13,16 @@ set -e
13
13
  [ $# -eq 0 ] && set -- --help
14
14
 
15
15
  # parse args
16
- repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4-)
16
+ repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4- | sed 's/\.git//')
17
17
  base=$(git tag -l | sort -n | tail -n 1)
18
18
  head="HEAD"
19
19
  api_url="https://api.github.com"
20
20
 
21
- echo "# $base..$head"
21
+ echo "# $repo $base..$head"
22
22
  echo
23
23
 
24
24
  # get merged PR's. Better way is to query the API for these, but this is easier
25
- for pr in $(git log --oneline v1.3.6..HEAD | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
25
+ for pr in $(git log --oneline $base..$head | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
26
26
  do
27
27
  # frustrated with trying to pull out the right values, fell back to ruby
28
28
  curl -s "$api_url/repos/$repo/pulls/$pr" | ruby -rjson -e 'pr=JSON.parse(STDIN.read); puts "* #{pr[%q(title)]} [##{pr[%q(number)]}](#{pr[%q(html_url)]})"'
@@ -72,6 +72,34 @@ module GitHubLdapTestCases
72
72
  assert_equal "(uid=user1)", payload[:filter].to_s
73
73
  assert_equal "dc=github,dc=com", payload[:base]
74
74
  end
75
+
76
+ def test_membership_validator_default
77
+ assert_equal :detect, @ldap.membership_validator
78
+ end
79
+
80
+ def test_membership_validator_configured_to_classic_strategy
81
+ @ldap.configure_membership_validation_strategy :classic
82
+ assert_equal :classic, @ldap.membership_validator
83
+ end
84
+
85
+ def test_membership_validator_configured_to_recursive_strategy
86
+ @ldap.configure_membership_validation_strategy :recursive
87
+ assert_equal :recursive, @ldap.membership_validator
88
+ end
89
+
90
+ def test_membership_validator_configured_to_active_directory_strategy
91
+ @ldap.configure_membership_validation_strategy :active_directory
92
+ assert_equal :active_directory, @ldap.membership_validator
93
+ end
94
+
95
+ def test_membership_validator_misconfigured_to_unrecognized_strategy_falls_back_to_default
96
+ @ldap.configure_membership_validation_strategy :unknown
97
+ assert_equal :detect, @ldap.membership_validator
98
+ end
99
+
100
+ def test_capabilities
101
+ assert_kind_of Net::LDAP::Entry, @ldap.capabilities
102
+ end
75
103
  end
76
104
 
77
105
  class GitHubLdapTest < GitHub::Ldap::Test
@@ -1,10 +1,11 @@
1
1
  require_relative '../test_helper'
2
2
 
3
- # NOTE: Since this strategy is targeted at ActiveDirectory and we don't have
4
- # AD setup in CI, we stub out actual queries and test against what AD *would*
5
- # respond with.
3
+ class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
4
+ # Only run when AD integration tests aren't run
5
+ def run(*)
6
+ self.class.test_env != "activedirectory" ? super : self
7
+ end
6
8
 
7
- class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
8
9
  def setup
9
10
  @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
10
11
  @domain = @ldap.domain("dc=github,dc=com")
@@ -66,3 +67,60 @@ class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
66
67
  end
67
68
  end
68
69
  end
70
+
71
+ # See test/support/vm/activedirectory/README.md for details
72
+ class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
73
+ # Only run this test suite if ActiveDirectory is configured
74
+ def run(*)
75
+ self.class.test_env == "activedirectory" ? super : self
76
+ end
77
+
78
+ def setup
79
+ @ldap = GitHub::Ldap.new(options)
80
+ @domain = @ldap.domain(options[:search_domains])
81
+ @entry = @domain.user?('user1')
82
+ @validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
83
+ end
84
+
85
+ def make_validator(groups)
86
+ groups = @domain.groups(groups)
87
+ @validator.new(@ldap, groups)
88
+ end
89
+
90
+ def test_validates_user_in_group
91
+ validator = make_validator(%w(nested-group1))
92
+ assert validator.perform(@entry)
93
+ end
94
+
95
+ def test_validates_user_in_child_group
96
+ validator = make_validator(%w(n-depth-nested-group1))
97
+ assert validator.perform(@entry)
98
+ end
99
+
100
+ def test_validates_user_in_grandchild_group
101
+ validator = make_validator(%w(n-depth-nested-group2))
102
+ assert validator.perform(@entry)
103
+ end
104
+
105
+ def test_validates_user_in_great_grandchild_group
106
+ validator = make_validator(%w(n-depth-nested-group3))
107
+ assert validator.perform(@entry)
108
+ end
109
+
110
+ def test_does_not_validate_user_not_in_group
111
+ validator = make_validator(%w(ghe-admins))
112
+ refute validator.perform(@entry)
113
+ end
114
+
115
+ def test_does_not_validate_user_not_in_any_group
116
+ skip "update AD ldif to have a groupless user"
117
+ @entry = @domain.user?('groupless-user1')
118
+ validator = make_validator(%w(all-users))
119
+ refute validator.perform(@entry)
120
+ end
121
+
122
+ def test_validates_user_in_posix_group
123
+ validator = make_validator(%w(posix-group1))
124
+ assert validator.perform(@entry)
125
+ end
126
+ end
@@ -0,0 +1,49 @@
1
+ require_relative '../test_helper'
2
+
3
+ # NOTE: Since this strategy is targeted at detecting ActiveDirectory
4
+ # capabilities, and we don't have AD setup in CI, we stub out actual queries
5
+ # and test against what AD *would* respond with.
6
+
7
+ class GitHubLdapDetectMembershipValidatorsTest < GitHub::Ldap::Test
8
+ def setup
9
+ @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
10
+ @domain = @ldap.domain("dc=github,dc=com")
11
+ @entry = @domain.user?('user1')
12
+ @validator = GitHub::Ldap::MembershipValidators::Detect
13
+ end
14
+
15
+ def make_validator(groups)
16
+ groups = @domain.groups(groups)
17
+ @validator.new(@ldap, groups)
18
+ end
19
+
20
+ def test_defers_to_configured_strategy
21
+ @ldap.configure_membership_validation_strategy(:classic)
22
+ validator = make_validator(%w(group))
23
+
24
+ assert_kind_of GitHub::Ldap::MembershipValidators::Classic, validator.strategy
25
+ end
26
+
27
+ def test_detects_active_directory
28
+ caps = Net::LDAP::Entry.new
29
+ caps[:supportedcapabilities] =
30
+ [GitHub::Ldap::MembershipValidators::Detect::ACTIVE_DIRECTORY_V61_R2_OID]
31
+
32
+ validator = make_validator(%w(group))
33
+ @ldap.stub :capabilities, caps do
34
+ assert_kind_of GitHub::Ldap::MembershipValidators::ActiveDirectory,
35
+ validator.strategy
36
+ end
37
+ end
38
+
39
+ def test_falls_back_to_recursive
40
+ caps = Net::LDAP::Entry.new
41
+ caps[:supportedcapabilities] = []
42
+
43
+ validator = make_validator(%w(group))
44
+ @ldap.stub :capabilities, caps do
45
+ assert_kind_of GitHub::Ldap::MembershipValidators::Recursive,
46
+ validator.strategy
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,26 @@
1
+ # Local ActiveDirectory Integration Testing
2
+
3
+ Integration tests are not run for ActiveDirectory in continuous integration
4
+ because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
5
+ configure a local VM with AD running (this is left as an exercise for the
6
+ reader).
7
+
8
+ To run integration tests against the local ActiveDirectory VM, from the project
9
+ root run:
10
+
11
+ ``` bash
12
+ # duplicate example env.sh for specific config
13
+ $ cp test/support/vm/activedirectory/env.sh{.example,}
14
+
15
+ # edit env.sh and fill in with your VM's values, then
16
+ $ source test/support/vm/activedirectory/env.sh
17
+
18
+ # run all tests against AD
19
+ $ time bundle exec rake
20
+
21
+ # run a specific test file against AD
22
+ $ time bundle exec ruby test/membership_validators/active_directory_test.rb
23
+
24
+ # reset environment to test other LDAP servers
25
+ $ source test/support/vm/activedirectory/reset-env.sh
26
+ ```
@@ -0,0 +1,8 @@
1
+ # Copy this to ad-env.sh, and fill in with your own values
2
+
3
+ export TESTENV=activedirectory
4
+ export INTEGRATION_HOST=123.123.123.123
5
+ export INTEGRATION_PORT=389
6
+ export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
7
+ export INTEGRATION_PASSWORD='passworD1'
8
+ export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'
@@ -0,0 +1,6 @@
1
+ unset TESTENV
2
+ unset INTEGRATION_HOST
3
+ unset INTEGRATION_PORT
4
+ unset INTEGRATION_USER
5
+ unset INTEGRATION_PASSWORD
6
+ unset INTEGRATION_SEARCH_DOMAINS
@@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
16
16
  $ cd ../../../..
17
17
 
18
18
  # run all tests against OpenLDAP
19
- $ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
19
+ $ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake
20
20
 
21
21
  # run a specific test file against OpenLDAP
22
- $ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
22
+ $ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
23
23
 
24
24
  # run OpenLDAP tests by default
25
25
  $ export TESTENV=openldap
@@ -71,7 +71,7 @@ class GitHub::Ldap::Test < Minitest::Test
71
71
  instrumentation_service: @service
72
72
  when "openldap"
73
73
  {
74
- host: ENV.fetch("OPENLDAP_HOST", "localhost"),
74
+ host: ENV.fetch("INTEGRATION_HOST", "localhost"),
75
75
  port: 389,
76
76
  admin_user: 'uid=admin,dc=github,dc=com',
77
77
  admin_password: 'passworD1',
@@ -79,6 +79,15 @@ class GitHub::Ldap::Test < Minitest::Test
79
79
  uid: 'uid',
80
80
  instrumentation_service: @service
81
81
  }
82
+ when "activedirectory"
83
+ {
84
+ host: ENV.fetch("INTEGRATION_HOST"),
85
+ port: ENV.fetch("INTEGRATION_PORT", 389),
86
+ admin_user: ENV.fetch("INTEGRATION_USER"),
87
+ admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
88
+ search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
89
+ instrumentation_service: @service
90
+ }
82
91
  end
83
92
  end
84
93
  end
metadata CHANGED
@@ -1,83 +1,83 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: github-ldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Calavera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-04 00:00:00.000000000 Z
11
+ date: 2014-11-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: net-ldap
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: 0.9.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 0.9.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: '1.3'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '1.3'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: ladle
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '>='
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: minitest
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: '5'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - '>='
73
+ - - ">="
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - '>='
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
83
  description: Ldap authentication for humans
@@ -87,8 +87,8 @@ executables: []
87
87
  extensions: []
88
88
  extra_rdoc_files: []
89
89
  files:
90
- - .gitignore
91
- - .travis.yml
90
+ - ".gitignore"
91
+ - ".travis.yml"
92
92
  - CHANGELOG.md
93
93
  - Gemfile
94
94
  - LICENSE.txt
@@ -105,6 +105,7 @@ files:
105
105
  - lib/github/ldap/membership_validators/active_directory.rb
106
106
  - lib/github/ldap/membership_validators/base.rb
107
107
  - lib/github/ldap/membership_validators/classic.rb
108
+ - lib/github/ldap/membership_validators/detect.rb
108
109
  - lib/github/ldap/membership_validators/recursive.rb
109
110
  - lib/github/ldap/posix_group.rb
110
111
  - lib/github/ldap/server.rb
@@ -126,9 +127,13 @@ files:
126
127
  - test/ldap_test.rb
127
128
  - test/membership_validators/active_directory_test.rb
128
129
  - test/membership_validators/classic_test.rb
130
+ - test/membership_validators/detect_test.rb
129
131
  - test/membership_validators/recursive_test.rb
130
- - test/membership_validators_test.rb
131
132
  - test/posix_group_test.rb
133
+ - test/support/vm/activedirectory/.gitignore
134
+ - test/support/vm/activedirectory/README.md
135
+ - test/support/vm/activedirectory/env.sh.example
136
+ - test/support/vm/activedirectory/reset-env.sh
132
137
  - test/support/vm/openldap/.gitignore
133
138
  - test/support/vm/openldap/README.md
134
139
  - test/support/vm/openldap/Vagrantfile
@@ -143,17 +148,17 @@ require_paths:
143
148
  - lib
144
149
  required_ruby_version: !ruby/object:Gem::Requirement
145
150
  requirements:
146
- - - '>='
151
+ - - ">="
147
152
  - !ruby/object:Gem::Version
148
153
  version: '0'
149
154
  required_rubygems_version: !ruby/object:Gem::Requirement
150
155
  requirements:
151
- - - '>='
156
+ - - ">="
152
157
  - !ruby/object:Gem::Version
153
158
  version: '0'
154
159
  requirements: []
155
160
  rubyforge_project:
156
- rubygems_version: 2.0.14
161
+ rubygems_version: 2.2.2
157
162
  signing_key:
158
163
  specification_version: 4
159
164
  summary: Ldap client authentication wrapper without all the boilerplate
@@ -168,9 +173,13 @@ test_files:
168
173
  - test/ldap_test.rb
169
174
  - test/membership_validators/active_directory_test.rb
170
175
  - test/membership_validators/classic_test.rb
176
+ - test/membership_validators/detect_test.rb
171
177
  - test/membership_validators/recursive_test.rb
172
- - test/membership_validators_test.rb
173
178
  - test/posix_group_test.rb
179
+ - test/support/vm/activedirectory/.gitignore
180
+ - test/support/vm/activedirectory/README.md
181
+ - test/support/vm/activedirectory/env.sh.example
182
+ - test/support/vm/activedirectory/reset-env.sh
174
183
  - test/support/vm/openldap/.gitignore
175
184
  - test/support/vm/openldap/README.md
176
185
  - test/support/vm/openldap/Vagrantfile
@@ -1,46 +0,0 @@
1
- require_relative 'test_helper'
2
-
3
- module GitHubLdapMembershipValidatorsTestCases
4
- def make_validator(groups)
5
- groups = @domain.groups(groups)
6
- @validator.new(@ldap, groups)
7
- end
8
-
9
- def test_validates_user_in_group
10
- validator = make_validator(%w(ghe-users))
11
- assert validator.perform(@entry)
12
- end
13
-
14
- def test_does_not_validate_user_not_in_group
15
- validator = make_validator(%w(ghe-admins))
16
- refute validator.perform(@entry)
17
- end
18
-
19
- def test_does_not_validate_user_not_in_any_group
20
- @entry = @domain.user?('groupless-user1')
21
- validator = make_validator(%w(ghe-users ghe-admins))
22
- refute validator.perform(@entry)
23
- end
24
- end
25
-
26
- class GitHubLdapMembershipValidatorsClassicTest < GitHub::Ldap::Test
27
- include GitHubLdapMembershipValidatorsTestCases
28
-
29
- def setup
30
- @ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
31
- @domain = @ldap.domain("dc=github,dc=com")
32
- @entry = @domain.user?('user1')
33
- @validator = GitHub::Ldap::MembershipValidators::Classic
34
- end
35
- end
36
-
37
- class GitHubLdapMembershipValidatorsRecursiveTest < GitHub::Ldap::Test
38
- include GitHubLdapMembershipValidatorsTestCases
39
-
40
- def setup
41
- @ldap = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
42
- @domain = @ldap.domain("dc=github,dc=com")
43
- @entry = @domain.user?('user1')
44
- @validator = GitHub::Ldap::MembershipValidators::Recursive
45
- end
46
- end