ldap_groups_lookup 0.6.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89497393dbd1cb8187e740a5867c0758a6a47eb79ae4719bf2e09ba0952011ac
-  data.tar.gz: e9e7db4530168f315c7b7463beeb395d94aa49411fc2a7d92cba6152136600ce
+  metadata.gz: 03dc7b2a955c218d89b8f2e50c630c132763812ba9ab49d40d8ec943f1d18ed6
+  data.tar.gz: 8e7f97b9c2ecb249ba28878b62f25334439da70b697c158ca632c6856c9fbe01
 SHA512:
-  metadata.gz: be721599c153b22b93fc7769377610619d24d74973e3316f7ebd427341a1c5830cc71d45df67cb78671773347c865999b65e18e2cf349759e005d42c84b5b337
-  data.tar.gz: f5f4aa7a0d10008ee984cc495076fb669b6113bf8ac52012f8c6806f7b14cb8c1ac12bd340a98a1585168be8cb2101d29da1aa6aef154d04d8222e6f3e8c9f11
+  metadata.gz: d093962f123dea981ef105d2186d760205671d2f529465bdd1f9c235e03b81c822d37a31e3e057c9ee2c06ef628b6d23fa63c844fe527f4f8792a1ff33017234
+  data.tar.gz: c8100e276441ffa86ac707844bc41cb2e199e7acacdcd15cf06c45507c8ccd22ff966222e78b0100e925e40d1724e6557fe9d42596c5bb48a28ba1515c677e98

data/.github/workflows/ruby.yml

@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.7', '3.2']
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake

data/README.md

@@ -1,8 +1,10 @@
 # IU LDAP Groups Lookup
 
+## Usage
+
 Adds an LDAPGroupsLookup that can be included in a a class to provide an #ldap_groups instance method:
 
-```
+```ruby
 class User
   attr_accessor :ldap_lookup_key
   include LDAPGroupsLookup::Behavior
@@ -16,7 +18,7 @@ u.member_of_ldap_group?(['Some-Group'])
 
 The LDAP search will be run by the value of #ldap_lookup_key, so your instance object must provide that through some means:
 
-```
+```ruby
 class User < ActiveRecord::Base
   validates :username, presence: true, uniqueness: true
   alias_attribute :ldap_lookup_key, :username
@@ -27,3 +29,22 @@ u = User.find_by(username: 'some_username')
 u.ldap_groups
 u.member_of_ldap_group?(['Some-Group'])
 ```
+
+## Configuration
+
+Create a file `config/ldap_groups_lookup.yml` that looks like:
+
+```yaml
+:enabled: true
+:host: ads.example.net
+:port: 636
+:auth:
+  :method: :simple
+  :username: example
+  :password: changeme
+:tree: dc=ads,dc=example,dc=net
+:account_ou: ou=Accounts
+:group_ou: ou=Groups
+:member_whitelist:
+  - OU=Groups
+```

data/ldap_groups_lookup.gemspec

@@ -16,6 +16,7 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ['lib']
   gem.required_ruby_version = '>= 2.3.0'
+  gem.metadata      = { "rubygems_mfa_required" => "true" }
 
   gem.add_dependency 'net-ldap'
   gem.add_development_dependency 'rake'

data/lib/ldap_groups_lookup/configuration.rb

@@ -9,7 +9,7 @@ module LDAPGroupsLookup
     def service
       return nil if config[:enabled] == false
       if @ldap_service.nil?
-        @ldap_service = Net::LDAP.new(host: config[:host], auth: config[:auth])
+        @ldap_service = Net::LDAP.new(host: config[:host], port: config[:port] || Net::LDAP::DefaultPort, auth: config[:auth])
         raise Net::LDAP::Error unless @ldap_service.bind
       end
       @ldap_service
@@ -45,13 +45,17 @@ module LDAPGroupsLookup
       config[:tree]
     end
 
+    def member_whitelist
+      config[:member_whitelist].to_a
+    end
+
     private
 
     def configure(value)
       if value.nil? || value.is_a?(Hash)
         @config = value
       elsif value.is_a?(String)
-        if File.exists?(value)
+        if File.exist?(value)
           @config = YAML.load(ERB.new(File.read(value)).result)
         else
           @config = { enabled: false }

data/lib/ldap_groups_lookup/search.rb

@@ -57,7 +57,9 @@ module LDAPGroupsLookup
         next if seen.include? g
         seen << g
         member_groups = members.collect do |mg|
-          dn_to_cn(mg) if (mg.include?('OU=Groups') || mg.include?('OU=Applications'))
+          dn_to_cn(mg) if member_whitelist.empty? || member_whitelist.any? do |fil|
+            mg.include? fil
+          end
         end
         member_groups.compact!
         return true if walk_ldap_members(member_groups, dn, seen)

data/lib/ldap_groups_lookup/version.rb

@@ -1,5 +1,5 @@
 # Gem version release tracking
 module LDAPGroupsLookup
   # Define release version
-  VERSION = '0.6.1'.freeze
+  VERSION = '0.8.0'.freeze
 end

data/spec/fixtures/ldap_groups_lookup.yml.example

@@ -1,9 +1,12 @@
 :enabled: true
 :host: ads.example.net
+:port: 636
 :auth:
   :method: :simple
   :username: example
   :password: changeme
 :tree: dc=ads,dc=example,dc=net
 :account_ou: ou=Accounts
-:group_ou: ou=Groups
+:group_ou: ou=Groups
+:member_whitelist:
+  - OU=Groups

data/spec/lib/ldap_groups_lookup_spec.rb

@@ -28,7 +28,7 @@ RSpec.describe LDAPGroupsLookup do
     context 'when the config file is missing' do
       before do
         allow(LDAPGroupsLookup).to receive(:config).and_call_original
-        expect(File).to receive(:exists?).with(/config\/ldap_groups_lookup\.yml$/)
+        expect(File).to receive(:exist?).with(/config\/ldap_groups_lookup\.yml$/)
       end
       it 'should return nil' do
         expect(LDAPGroupsLookup.service).to be_nil
@@ -216,16 +216,39 @@ RSpec.describe LDAPGroupsLookup do
           end
         end
         context 'when searching for a group that user is a nested member of' do
-          it 'should return true' do
+          before do
             expect(@service).to receive(:search).with(
                 hash_including(filter: Net::LDAP::Filter.equals('cn', 'Top-Group'))).and_return([@top_group])
-            expect(@service).to receive(:search).with(
+            allow(@service).to receive(:search).with(
                 hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
                                attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
-            expect(@service).to receive(:search).with(
+            allow(@service).to receive(:search).with(
                 hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
                                attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
-            expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+          end
+          context 'when the group is whitelisted' do
+            before do
+              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Groups'])
+            end
+            it 'should return true' do
+              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+            end
+          end
+          context 'when the whitelist is empty' do
+            before do
+              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return([])
+            end
+            it 'should return true (whitelisting is disabled)' do
+              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+            end
+          end
+          context 'when the group is not whitelisted' do
+            before do
+              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Not-A-Match'])
+            end
+            it 'should return false' do
+              expect(user.member_of_ldap_group?('Top-Group')).to eq(false)
+            end
           end
         end
       end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: ldap_groups_lookup
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Adam Ploshay
 - Daniel Pierce
 - Avalon Media System
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-27 00:00:00.000000000 Z
+date: 2024-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -77,9 +77,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -95,8 +95,9 @@ files:
 - spec/spec_helper.rb
 homepage: http://github.com/IUBLibTech/ldap_groups_lookup
 licenses: []
-metadata: {}
-post_install_message: 
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -111,9 +112,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
-signing_key: 
+rubygems_version: 3.5.17
+signing_key:
 specification_version: 4
 summary: Provides easy access to the list of LDAP groups a username is a member of.
 test_files:

data/.travis.yml

@@ -1,5 +0,0 @@
-language: ruby
-rvm:
- - 2.3
- - 2.4
- - 2.5