ldap_groups_lookup 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 03dc7b2a955c218d89b8f2e50c630c132763812ba9ab49d40d8ec943f1d18ed6
-  data.tar.gz: 8e7f97b9c2ecb249ba28878b62f25334439da70b697c158ca632c6856c9fbe01
+  metadata.gz: 4d6da72dceefbf3ea333aeb46b7288da0d3ec3517c05fbcbc77f53eb3fc955f2
+  data.tar.gz: 1720d92a5e416dbb2f4fafec7c2fc85239d82bb8ef6982909646217260d91457
 SHA512:
-  metadata.gz: d093962f123dea981ef105d2186d760205671d2f529465bdd1f9c235e03b81c822d37a31e3e057c9ee2c06ef628b6d23fa63c844fe527f4f8792a1ff33017234
-  data.tar.gz: c8100e276441ffa86ac707844bc41cb2e199e7acacdcd15cf06c45507c8ccd22ff966222e78b0100e925e40d1724e6557fe9d42596c5bb48a28ba1515c677e98
+  metadata.gz: b05d74e63567fb0e0272cf2242a395c9a0dc0125306112e1671eba47bd9460c73c1fff154d1b5708fc4669f0877d9d30dd87320256fcbdf7f39ca56269d8d9cc
+  data.tar.gz: 5becbdb0a9356bfa9b53df4133d9ffc955b77a0c50757265d80457ee7a0c86b59d74cca811732fefbb8700879d1210de3cd120c50095bd81cc4fb464f686f468

data/lib/ldap_groups_lookup/configuration.rb

@@ -4,12 +4,17 @@ require 'erb'
 # Provides access to the configuration YAML file.
 module LDAPGroupsLookup
   module Configuration
+    attr_writer :config
 
     # Attempts to create a connection to LDAP and returns a cached Net::LDAP instance if successful.
     def service
       return nil if config[:enabled] == false
       if @ldap_service.nil?
-        @ldap_service = Net::LDAP.new(host: config[:host], port: config[:port] || Net::LDAP::DefaultPort, auth: config[:auth])
+        if config[:config].is_a? Hash
+          @ldap_service = Net::LDAP.new(**config[:config])
+        else
+          @ldap_service = Net::LDAP.new(host: config[:host], port: config[:port] || Net::LDAP::DefaultPort, auth: config[:auth])
+        end
         raise Net::LDAP::Error unless @ldap_service.bind
       end
       @ldap_service

data/lib/ldap_groups_lookup/version.rb

@@ -1,5 +1,5 @@
 # Gem version release tracking
 module LDAPGroupsLookup
   # Define release version
-  VERSION = '0.8.0'.freeze
+  VERSION = '0.10.0'.freeze
 end

data/spec/lib/ldap_groups_lookup_spec.rb

@@ -13,245 +13,263 @@ RSpec.describe LDAPGroupsLookup do
   end
   let(:user) { user_class.new }
 
-  # Load the example config from fixtures
-  let(:config) { YAML.load(ERB.new(File.read(File.join(File.dirname(__dir__), 'fixtures', 'ldap_groups_lookup.yml.example'))).result) }
-
-  before do
-    allow(LDAPGroupsLookup).to receive(:config).and_return(config)
-  end
-
   after do
     LDAPGroupsLookup.reset
   end
 
-  describe '#service' do
-    context 'when the config file is missing' do
-      before do
-        allow(LDAPGroupsLookup).to receive(:config).and_call_original
-        expect(File).to receive(:exist?).with(/config\/ldap_groups_lookup\.yml$/)
-      end
-      it 'should return nil' do
-        expect(LDAPGroupsLookup.service).to be_nil
-      end
+  describe '#config' do
+    it 'sets the config directly' do
+      LDAPGroupsLookup.config = { direct_config: 'works' }
+      expect(LDAPGroupsLookup.config).to eq({ direct_config: 'works' })
     end
-    context 'when disabled in the configuration file' do
-      before do
-        config[:enabled] = false
-      end
-      it 'should return nil' do
-        expect(LDAPGroupsLookup.service).to be_nil
-      end
+  end
+
+  context 'with a config file' do
+    # Load the example config from fixtures
+    let(:config) { YAML.load(ERB.new(File.read(File.join(File.dirname(__dir__), 'fixtures', 'ldap_groups_lookup.yml.example'))).result) }
+
+    before do
+      allow(LDAPGroupsLookup).to receive(:config).and_return(config)
     end
-    context 'when enabled in the configuration file' do
-      it 'should be enabled' do
-        expect(config[:enabled]).to eq(true)
-      end
-      context 'when the auth credentials are incorrect' do
+
+    describe '#service' do
+      context 'when the config file is missing' do
         before do
-          allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(false)
+          allow(LDAPGroupsLookup).to receive(:config).and_call_original
+          expect(File).to receive(:exist?).with(/config\/ldap_groups_lookup\.yml$/)
         end
-        it 'should raise an LdapError' do
-          expect { LDAPGroupsLookup.service }.to raise_error(Net::LDAP::Error)
+        it 'should return nil' do
+          expect(LDAPGroupsLookup.service).to be_nil
         end
       end
-      context 'when the auth credentials are correct' do
+      context 'when disabled in the configuration file' do
         before do
-          allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
+          config[:enabled] = false
         end
-        it 'should return a Net::LDAP instance' do
-          expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
+        it 'should return nil' do
+          expect(LDAPGroupsLookup.service).to be_nil
         end
       end
-    end
-  end
+      context 'when enabled in the configuration file' do
+        it 'should be enabled' do
+          expect(config[:enabled]).to eq(true)
+        end
+        context 'when the auth credentials are incorrect' do
+          before do
+            allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(false)
+          end
+          it 'should raise an LdapError' do
+            expect { LDAPGroupsLookup.service }.to raise_error(Net::LDAP::Error)
+          end
+        end
+        context 'when the auth credentials are correct' do
+          before do
+            allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
+          end
+          it 'should return a Net::LDAP instance' do
+            expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
+          end
 
-  describe '#ldap_mail' do
-    before(:each) do
-      entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
-      entry['mail'] = ['user@domain.ext']
-      allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
-      allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
-    end
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return ''' do
-        expect(user.ldap_mail).to eq('')
+          context 'when the :config key is set' do
+            let(:config_hash) { { host: 'localhost', port: 636, encryption: { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS } } }
+            before { config[:config] = config_hash }
+            it 'uses that config' do
+              expect(Net::LDAP).to receive(:new).with(config_hash).and_call_original
+              expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
+            end
+          end
+        end
       end
     end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return ''' do
-        expect(user.ldap_mail).to eq('')
+
+    describe '#ldap_mail' do
+      before(:each) do
+        entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
+        entry['mail'] = ['user@domain.ext']
+        allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
+        allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
       end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return ''' do
+          expect(user.ldap_mail).to eq('')
         end
-        it 'should return a blank string' do
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
+        it 'should return ''' do
           expect(user.ldap_mail).to eq('')
         end
       end
-      context 'when LDAP is configured' do
-        it 'user should should have a mail attribute in mock LDAP' do
-          expect(user.ldap_mail).to eq 'user@domain.ext'
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
+          end
+          it 'should return a blank string' do
+            expect(user.ldap_mail).to eq('')
+          end
+        end
+        context 'when LDAP is configured' do
+          it 'user should should have a mail attribute in mock LDAP' do
+            expect(user.ldap_mail).to eq 'user@domain.ext'
+          end
         end
       end
     end
-  end
 
-  describe '#ldap_groups' do
-    before(:each) do
-      entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
-      entry['memberof'] = ['CN=Group1,DC=ads,DC=example,DC=net',
-                           'CN=Group2,DC=ads,DC=example,DC=net']
-      allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
-      allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
-    end
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return []' do
-        expect(user.ldap_groups).to eq([])
+    describe '#ldap_groups' do
+      before(:each) do
+        entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
+        entry['memberof'] = ['CN=Group1,DC=ads,DC=example,DC=net',
+                             'CN=Group2,DC=ads,DC=example,DC=net']
+        allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
+        allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
       end
-    end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return []' do
-        expect(user.ldap_groups).to eq([])
-      end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return []' do
+          expect(user.ldap_groups).to eq([])
         end
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
         it 'should return []' do
           expect(user.ldap_groups).to eq([])
         end
       end
-      context 'when LDAP is configured' do
-        it 'user should belong to Group1 and Group2 in mock LDAP' do
-          expect(user.ldap_groups).to eq(%w(Group1 Group2))
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
+          end
+          it 'should return []' do
+            expect(user.ldap_groups).to eq([])
+          end
+        end
+        context 'when LDAP is configured' do
+          it 'user should belong to Group1 and Group2 in mock LDAP' do
+            expect(user.ldap_groups).to eq(%w(Group1 Group2))
+          end
         end
       end
     end
-  end
 
-  describe '#member_of_ldap_group?' do
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return false' do
-        expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
-      end
-    end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return false' do
-        expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
-      end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+    describe '#member_of_ldap_group?' do
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return false' do
+          expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
         end
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
         it 'should return false' do
           expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
         end
       end
-      context 'when LDAP is configured' do
-        before(:each) do
-          @service = double('ldap_service')
-          allow(LDAPGroupsLookup).to receive(:service).and_return(@service)
-
-          allow(LDAPGroupsLookup).to receive(:lookup_dn) do |args|
-            Net::LDAP::Entry.new("CN=#{args},DC=ads,DC=example,DC=net").dn
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
           end
+          it 'should return false' do
+            expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
+          end
+        end
+        context 'when LDAP is configured' do
+          before(:each) do
+            @service = double('ldap_service')
+            allow(LDAPGroupsLookup).to receive(:service).and_return(@service)
 
-          @other_group = Net::LDAP::Entry.new('CN=Other-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @other_group['member;range=0-*'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
+            allow(LDAPGroupsLookup).to receive(:lookup_dn) do |args|
+              Net::LDAP::Entry.new("CN=#{args},DC=ads,DC=example,DC=net").dn
+            end
 
-          @nested_group_page_1 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @nested_group_page_1['member;range=0-0'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
+            @other_group = Net::LDAP::Entry.new('CN=Other-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @other_group['member;range=0-*'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
 
-          @nested_group_page_2 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @nested_group_page_2['member;range=1-*'] = ['CN=user,DC=ads,DC=example,DC=net']
+            @nested_group_page_1 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @nested_group_page_1['member;range=0-0'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
 
-          @top_group = Net::LDAP::Entry.new('CN=Top-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @top_group['member;range=0-*'] = ['CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net']
+            @nested_group_page_2 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @nested_group_page_2['member;range=1-*'] = ['CN=user,DC=ads,DC=example,DC=net']
 
-          @no_member_group = Net::LDAP::Entry.new('CN=No-Member-Group,OU=Groups,DC=ads,DC=example,DC=net')
-        end
-        context 'when searching for a group that does not exist' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Fake-Group'))).and_return([])
-            expect(user.member_of_ldap_group?('Fake-Group')).to eq(false)
-          end
-        end
-        context 'when searching for a group that user is not a member of' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Other-Group'))).and_return([@other_group])
-            expect(user.member_of_ldap_group?('Other-Group')).to eq(false)
-          end
-        end
-        context 'when searching for a group that has no members' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'No-Member-Group'))).and_return([@no_member_group])
-            expect(user.member_of_ldap_group?('No-Member-Group')).to eq(false)
+            @top_group = Net::LDAP::Entry.new('CN=Top-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @top_group['member;range=0-*'] = ['CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net']
+
+            @no_member_group = Net::LDAP::Entry.new('CN=No-Member-Group,OU=Groups,DC=ads,DC=example,DC=net')
           end
-        end
-        context 'when searching for a group that user is a direct member of on the second page' do
-          it 'should return true' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
-            expect(user.member_of_ldap_group?('Nested-Group')).to eq(true)
+          context 'when searching for a group that does not exist' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Fake-Group'))).and_return([])
+              expect(user.member_of_ldap_group?('Fake-Group')).to eq(false)
+            end
           end
-        end
-        context 'when searching for a group that user is a nested member of' do
-          before do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Top-Group'))).and_return([@top_group])
-            allow(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
-            allow(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
+          context 'when searching for a group that user is not a member of' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Other-Group'))).and_return([@other_group])
+              expect(user.member_of_ldap_group?('Other-Group')).to eq(false)
+            end
           end
-          context 'when the group is whitelisted' do
-            before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Groups'])
+          context 'when searching for a group that has no members' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'No-Member-Group'))).and_return([@no_member_group])
+              expect(user.member_of_ldap_group?('No-Member-Group')).to eq(false)
             end
+          end
+          context 'when searching for a group that user is a direct member of on the second page' do
             it 'should return true' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
+              expect(user.member_of_ldap_group?('Nested-Group')).to eq(true)
             end
           end
-          context 'when the whitelist is empty' do
+          context 'when searching for a group that user is a nested member of' do
             before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return([])
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Top-Group'))).and_return([@top_group])
+              allow(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
+              allow(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
             end
-            it 'should return true (whitelisting is disabled)' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+            context 'when the group is whitelisted' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Groups'])
+              end
+              it 'should return true' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              end
             end
-          end
-          context 'when the group is not whitelisted' do
-            before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Not-A-Match'])
+            context 'when the whitelist is empty' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return([])
+              end
+              it 'should return true (whitelisting is disabled)' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              end
             end
-            it 'should return false' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(false)
+            context 'when the group is not whitelisted' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Not-A-Match'])
+              end
+              it 'should return false' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(false)
+              end
             end
           end
         end
       end
     end
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ldap_groups_lookup
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Adam Ploshay