RubyGems - github-ldap - Versions diffs - 1.7.1 → 1.8.0 - Mend

github-ldap 1.7.1 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/github-ldap.gemspec +1 -1
data/lib/github/ldap/member_search/recursive.rb +71 -46
data/test/domain_test.rb +2 -2
data/test/filter_test.rb +0 -4
metadata +17 -17

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86f3bd21421aabe109b8af71be658b017b08047b
-  data.tar.gz: 49bd35020463ab9de002862722002b710de18a4d
+  metadata.gz: 63e7bb9628728108464971db755993e0e5458935
+  data.tar.gz: 9391bca357f0499ad0b15dbc0ff78188ef1889d6
 SHA512:
-  metadata.gz: 35ff3762ffbf255ac0fdaedfbe13ef12ee06b1f10b60dade2aa5e1a0ee412db9faaba4d5fc28941755fd227f1146814247e4115311ddafb487ba023663c83732
-  data.tar.gz: 452730b8945d65395ce3b977b232c83c1596753527cc6b142d696bb0e2e7d0e2827eb2a5a62e6343eb519acf771a4628de2f63491930793860795494415a9c01
+  metadata.gz: 2652b4a99be3d991f5ee4364001acd394b1709271131b1c99f6c7d749e5b59a44f5111637f2c0f7728886ce823e6ec630d2375874334b89f59dc8a269704fffd
+  data.tar.gz: 4f86400238df2e26b07faac9a199ef276e5a3a94ece6d47e634bdaac63ee27c178f52cd87b0d2ed74250881ca7c9636c6ada932f8a40a0a5db5e034b89e722ce

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 # CHANGELOG
+# v1.8.0
+* Optimize Recursive *Member Search* strategy [#78](https://github.com/github/github-ldap/pull/78)
 # v1.7.1
 * Add Active Directory group filter [#75](https://github.com/github/github-ldap/pull/75)

data/github-ldap.gemspec CHANGED Viewed

@@ -2,7 +2,7 @@
 Gem::Specification.new do |spec|
   spec.name          = "github-ldap"
-  spec.version       = "1.7.1"
+  spec.version       = "1.8.0"
   spec.authors       = ["David Calavera", "Matt Todd"]
   spec.email         = ["david.calavera@gmail.com", "chiology@gmail.com"]
   spec.description   = %q{LDAP authentication for humans}

data/lib/github/ldap/member_search/recursive.rb CHANGED Viewed

@@ -34,73 +34,98 @@ module GitHub
         #
         # Returns Array of Net::LDAP::Entry objects.
         def perform(group)
+          # track groups found
           found = Hash.new
-          # find members (N queries)
-          entries = member_entries(group)
-          return [] if entries.empty?
+          # track all DNs searched for (so we don't repeat searches)
+          searched = Set.new
-          # track found entries
-          entries.each do |entry|
-            found[entry.dn] = entry
+          # if this is a posixGroup, return members immediately (no nesting)
+          uids = member_uids(group)
+          return entries_by_uid(uids) if uids.any?
+          # track group
+          searched << group.dn
+          found[group.dn] = group
+          # pull out base group's member DNs
+          dns = member_dns(group)
+          # search for base group's subgroups
+          groups = dns.each_with_object([]) do |dn, groups|
+            groups.concat find_groups_by_dn(dn)
+            searched << dn
           end
-          # descend to `depth` levels, at most
-          depth.times do |n|
-            # find every (new, unique) member entry
-            depth_subentries = entries.each_with_object([]) do |entry, depth_entries|
-              submembers = entry["member"]
+          # track found groups
+          groups.each { |g| found[g.dn] = g }
-              # skip any members we've already found
-              submembers.reject! { |dn| found.key?(dn) }
+          # recursively find subgroups
+          unless groups.empty?
+            depth.times do |n|
+              # pull out subgroups' member DNs to search through
+              sub_dns = groups.each_with_object([]) do |subgroup, sub_dns|
+                sub_dns.concat member_dns(subgroup)
+              end
-              # find members of subgroup, including subgroups (N queries)
-              subentries = member_entries(entry)
-              next if subentries.empty?
+              # filter out if already searched for
+              sub_dns.reject! { |dn| searched.include?(dn) }
-              # track found subentries
-              subentries.each { |entry| found[entry.dn] = entry }
+              # give up if there's nothing else to search for
+              break if sub_dns.empty?
-              # collect all entries for this depth
-              depth_entries.concat subentries
-            end
+              # search for subgroups
+              subgroups = sub_dns.each_with_object([]) do |dn, subgroups|
+                subgroups.concat find_groups_by_dn(dn)
+                searched << dn
+              end
-            # stop if there are no more subgroups to search
-            break if depth_subentries.empty?
+              # give up if there were no subgroups found
+              break if subgroups.empty?
-            # go one level deeper
-            entries = depth_subentries
+              # track found subgroups
+              subgroups.each { |g| found[g.dn] = g }
+              # descend another level
+              groups = subgroups
+            end
           end
-          # return all found entries
-          found.values
-        end
+          # entries to return
+          entries  = []
-        # Internal: Fetch member entries, including subgroups, for the given
-        # entry.
-        #
-        # Returns an Array of Net::LDAP::Entry objects.
-        def member_entries(entry)
-          entries = []
-          dns     = member_dns(entry)
-          uids    = member_uids(entry)
+          # collect all member DNs, discarding dupes and subgroup DNs
+          members = found.values.each_with_object([]) do |group, dns|
+            entries << group
+            dns.concat member_dns(group)
+          end.uniq.reject { |dn| found.key?(dn) }
-          entries.concat entries_by_uid(uids) unless uids.empty?
-          entries.concat entries_by_dn(dns)   unless dns.empty?
+          # wrap member DNs in Net::LDAP::Entry objects
+          entries.concat members.map! { |dn| Net::LDAP::Entry.new(dn) }
           entries
         end
-        private :member_entries
-        # Internal: Bind a list of DNs to their respective entries.
+        # Internal: Search for Groups by DN.
         #
-        # Returns an Array of Net::LDAP::Entry objects.
-        def entries_by_dn(members)
-          members.map do |dn|
-            ldap.domain(dn).bind(attributes: attrs)
-          end.compact
+        # Given a Distinguished Name (DN) String value, find the Group entry
+        # that matches it. The DN may map to a `person` entry, but we want to
+        # filter those out.
+        #
+        # This will find zero or one entry most of the time, but it's not
+        # guaranteed so we account for the possibility of more.
+        #
+        # This method is intended to be used with `Array#concat` by the caller.
+        #
+        # Returns an Array of zero or more Net::LDAP::Entry objects.
+        def find_groups_by_dn(dn)
+          ldap.search \
+            base: dn,
+            scope: Net::LDAP::SearchScope_BaseObject,
+            attributes: attrs,
+            filter: ALL_GROUPS_FILTER
         end
-        private :entries_by_dn
+        private :find_groups_by_dn
         # Internal: Fetch entries by UID.
         #

data/test/domain_test.rb CHANGED Viewed

@@ -227,11 +227,11 @@ end
 class GitHubLdapActiveDirectoryGroupsTest < GitHub::Ldap::Test
   def run(*)
-    self.class.test_env != "activedirectory" ? super : self
+    self.class.test_env == "activedirectory" ? super : self
   end
   def test_filter_groups
-    domain = @ldap.domain("DC=ad,DC=ghe,DC=local")
+    domain = GitHub::Ldap.new(options).domain("DC=ad,DC=ghe,DC=local")
     results = domain.filter_groups("ghe-admins")
     assert_equal 1, results.size
   end

data/test/filter_test.rb CHANGED Viewed

@@ -78,8 +78,4 @@ class FilterTest < Minitest::Test
     assert_equal "(|(uid=calavera)(uid=mtodd))",
       @subject.all_members_by_uid(%w(calavera mtodd), :uid).to_s
   end
-  def test_active_directory_group
-  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: github-ldap
 version: !ruby/object:Gem::Version
-  version: 1.7.1
+  version: 1.8.0
 platform: ruby
 authors:
 - David Calavera
@@ -9,76 +9,76 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-24 00:00:00.000000000 Z
+date: 2015-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: ladle
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: LDAP authentication for humans
@@ -89,8 +89,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -156,17 +156,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: LDAP client authentication wrapper without all the boilerplate