ldap_groups_lookup 0.9.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87571e7afbf4949aab968013b93e8aef388659e5196346d1b1d70cf9bdfa34ed
-  data.tar.gz: 4ffba8461216819da410a872d463fe8a49e73495c8f7d4ca3e96aeff6e81123d
+  metadata.gz: 4d6da72dceefbf3ea333aeb46b7288da0d3ec3517c05fbcbc77f53eb3fc955f2
+  data.tar.gz: 1720d92a5e416dbb2f4fafec7c2fc85239d82bb8ef6982909646217260d91457
 SHA512:
-  metadata.gz: '009ec292b50df3a270bca37bdf49ce1dfa3cc82c21dd0efb9764743489d5ec16cf983af3446019aed0a58923d174abb0e2e8af2122a583b11e633ba210d37cfe'
-  data.tar.gz: 9ac84ea34432eb8430793031d9a4f45e34eb06cba597e59d0f8c7978af13608cdb25fe91d4e99fc236cbeddb42ea2f03b95a0166359d0a9f3fec1012aaba5471
+  metadata.gz: b05d74e63567fb0e0272cf2242a395c9a0dc0125306112e1671eba47bd9460c73c1fff154d1b5708fc4669f0877d9d30dd87320256fcbdf7f39ca56269d8d9cc
+  data.tar.gz: 5becbdb0a9356bfa9b53df4133d9ffc955b77a0c50757265d80457ee7a0c86b59d74cca811732fefbb8700879d1210de3cd120c50095bd81cc4fb464f686f468

data/lib/ldap_groups_lookup/configuration.rb

@@ -4,6 +4,7 @@ require 'erb'
 # Provides access to the configuration YAML file.
 module LDAPGroupsLookup
   module Configuration
+    attr_writer :config
 
     # Attempts to create a connection to LDAP and returns a cached Net::LDAP instance if successful.
     def service

data/lib/ldap_groups_lookup/version.rb

@@ -1,5 +1,5 @@
 # Gem version release tracking
 module LDAPGroupsLookup
   # Define release version
-  VERSION = '0.9.0'.freeze
+  VERSION = '0.10.0'.freeze
 end

data/spec/lib/ldap_groups_lookup_spec.rb

@@ -13,254 +13,263 @@ RSpec.describe LDAPGroupsLookup do
   end
   let(:user) { user_class.new }
 
-  # Load the example config from fixtures
-  let(:config) { YAML.load(ERB.new(File.read(File.join(File.dirname(__dir__), 'fixtures', 'ldap_groups_lookup.yml.example'))).result) }
-
-  before do
-    allow(LDAPGroupsLookup).to receive(:config).and_return(config)
-  end
-
   after do
     LDAPGroupsLookup.reset
   end
 
-  describe '#service' do
-    context 'when the config file is missing' do
-      before do
-        allow(LDAPGroupsLookup).to receive(:config).and_call_original
-        expect(File).to receive(:exist?).with(/config\/ldap_groups_lookup\.yml$/)
-      end
-      it 'should return nil' do
-        expect(LDAPGroupsLookup.service).to be_nil
-      end
+  describe '#config' do
+    it 'sets the config directly' do
+      LDAPGroupsLookup.config = { direct_config: 'works' }
+      expect(LDAPGroupsLookup.config).to eq({ direct_config: 'works' })
     end
-    context 'when disabled in the configuration file' do
-      before do
-        config[:enabled] = false
-      end
-      it 'should return nil' do
-        expect(LDAPGroupsLookup.service).to be_nil
-      end
+  end
+
+  context 'with a config file' do
+    # Load the example config from fixtures
+    let(:config) { YAML.load(ERB.new(File.read(File.join(File.dirname(__dir__), 'fixtures', 'ldap_groups_lookup.yml.example'))).result) }
+
+    before do
+      allow(LDAPGroupsLookup).to receive(:config).and_return(config)
     end
-    context 'when enabled in the configuration file' do
-      it 'should be enabled' do
-        expect(config[:enabled]).to eq(true)
-      end
-      context 'when the auth credentials are incorrect' do
+
+    describe '#service' do
+      context 'when the config file is missing' do
         before do
-          allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(false)
+          allow(LDAPGroupsLookup).to receive(:config).and_call_original
+          expect(File).to receive(:exist?).with(/config\/ldap_groups_lookup\.yml$/)
         end
-        it 'should raise an LdapError' do
-          expect { LDAPGroupsLookup.service }.to raise_error(Net::LDAP::Error)
+        it 'should return nil' do
+          expect(LDAPGroupsLookup.service).to be_nil
         end
       end
-      context 'when the auth credentials are correct' do
+      context 'when disabled in the configuration file' do
         before do
-          allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
+          config[:enabled] = false
         end
-        it 'should return a Net::LDAP instance' do
-          expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
+        it 'should return nil' do
+          expect(LDAPGroupsLookup.service).to be_nil
         end
-
-        context 'when the :config key is set' do
-          let(:config_hash) { { host: 'localhost', port: 636, encryption: { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS } } }
-          before { config[:config] = config_hash }
-          it 'uses that config' do
-            expect(Net::LDAP).to receive(:new).with(config_hash).and_call_original
+      end
+      context 'when enabled in the configuration file' do
+        it 'should be enabled' do
+          expect(config[:enabled]).to eq(true)
+        end
+        context 'when the auth credentials are incorrect' do
+          before do
+            allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(false)
+          end
+          it 'should raise an LdapError' do
+            expect { LDAPGroupsLookup.service }.to raise_error(Net::LDAP::Error)
+          end
+        end
+        context 'when the auth credentials are correct' do
+          before do
+            allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
+          end
+          it 'should return a Net::LDAP instance' do
             expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
           end
+
+          context 'when the :config key is set' do
+            let(:config_hash) { { host: 'localhost', port: 636, encryption: { method: :simple_tls, tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS } } }
+            before { config[:config] = config_hash }
+            it 'uses that config' do
+              expect(Net::LDAP).to receive(:new).with(config_hash).and_call_original
+              expect(LDAPGroupsLookup.service).to be_an_instance_of(Net::LDAP)
+            end
+          end
         end
       end
     end
-  end
 
-  describe '#ldap_mail' do
-    before(:each) do
-      entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
-      entry['mail'] = ['user@domain.ext']
-      allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
-      allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
-    end
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return ''' do
-        expect(user.ldap_mail).to eq('')
+    describe '#ldap_mail' do
+      before(:each) do
+        entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
+        entry['mail'] = ['user@domain.ext']
+        allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
+        allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
       end
-    end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return ''' do
-        expect(user.ldap_mail).to eq('')
-      end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return ''' do
+          expect(user.ldap_mail).to eq('')
         end
-        it 'should return a blank string' do
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
+        it 'should return ''' do
           expect(user.ldap_mail).to eq('')
         end
       end
-      context 'when LDAP is configured' do
-        it 'user should should have a mail attribute in mock LDAP' do
-          expect(user.ldap_mail).to eq 'user@domain.ext'
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
+          end
+          it 'should return a blank string' do
+            expect(user.ldap_mail).to eq('')
+          end
+        end
+        context 'when LDAP is configured' do
+          it 'user should should have a mail attribute in mock LDAP' do
+            expect(user.ldap_mail).to eq 'user@domain.ext'
+          end
         end
       end
     end
-  end
 
-  describe '#ldap_groups' do
-    before(:each) do
-      entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
-      entry['memberof'] = ['CN=Group1,DC=ads,DC=example,DC=net',
-                           'CN=Group2,DC=ads,DC=example,DC=net']
-      allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
-      allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
-    end
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return []' do
-        expect(user.ldap_groups).to eq([])
-      end
-    end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return []' do
-        expect(user.ldap_groups).to eq([])
+    describe '#ldap_groups' do
+      before(:each) do
+        entry = Net::LDAP::Entry.new('CN=user,DC=ads,DC=example,DC=net')
+        entry['memberof'] = ['CN=Group1,DC=ads,DC=example,DC=net',
+                             'CN=Group2,DC=ads,DC=example,DC=net']
+        allow_any_instance_of(Net::LDAP).to receive(:search).and_return([entry])
+        allow_any_instance_of(Net::LDAP).to receive(:bind).and_return(true)
       end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return []' do
+          expect(user.ldap_groups).to eq([])
         end
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
         it 'should return []' do
           expect(user.ldap_groups).to eq([])
         end
       end
-      context 'when LDAP is configured' do
-        it 'user should belong to Group1 and Group2 in mock LDAP' do
-          expect(user.ldap_groups).to eq(%w(Group1 Group2))
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
+          end
+          it 'should return []' do
+            expect(user.ldap_groups).to eq([])
+          end
+        end
+        context 'when LDAP is configured' do
+          it 'user should belong to Group1 and Group2 in mock LDAP' do
+            expect(user.ldap_groups).to eq(%w(Group1 Group2))
+          end
         end
       end
     end
-  end
 
-  describe '#member_of_ldap_group?' do
-    context 'when subject does not provide ldap_lookup_key method' do
-      before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
-      it 'should return false' do
-        expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
-      end
-    end
-    context 'when subject does not provide ldap_lookup_key value' do
-      before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
-      it 'should return false' do
-        expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
-      end
-    end
-    context 'when subject provides ldap_lookup_key' do
-      context 'when LDAP is not configured' do
-        before(:each) do
-          config[:enabled] = false
+    describe '#member_of_ldap_group?' do
+      context 'when subject does not provide ldap_lookup_key method' do
+        before(:each) { user.class.send(:remove_method, :ldap_lookup_key) }
+        it 'should return false' do
+          expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
         end
+      end
+      context 'when subject does not provide ldap_lookup_key value' do
+        before(:each) { allow(user).to receive(:ldap_lookup_key).and_return(nil) }
         it 'should return false' do
           expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
         end
       end
-      context 'when LDAP is configured' do
-        before(:each) do
-          @service = double('ldap_service')
-          allow(LDAPGroupsLookup).to receive(:service).and_return(@service)
-
-          allow(LDAPGroupsLookup).to receive(:lookup_dn) do |args|
-            Net::LDAP::Entry.new("CN=#{args},DC=ads,DC=example,DC=net").dn
+      context 'when subject provides ldap_lookup_key' do
+        context 'when LDAP is not configured' do
+          before(:each) do
+            config[:enabled] = false
           end
+          it 'should return false' do
+            expect(user.member_of_ldap_group?('Test-Group')).to eq(false)
+          end
+        end
+        context 'when LDAP is configured' do
+          before(:each) do
+            @service = double('ldap_service')
+            allow(LDAPGroupsLookup).to receive(:service).and_return(@service)
 
-          @other_group = Net::LDAP::Entry.new('CN=Other-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @other_group['member;range=0-*'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
+            allow(LDAPGroupsLookup).to receive(:lookup_dn) do |args|
+              Net::LDAP::Entry.new("CN=#{args},DC=ads,DC=example,DC=net").dn
+            end
 
-          @nested_group_page_1 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @nested_group_page_1['member;range=0-0'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
+            @other_group = Net::LDAP::Entry.new('CN=Other-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @other_group['member;range=0-*'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
 
-          @nested_group_page_2 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @nested_group_page_2['member;range=1-*'] = ['CN=user,DC=ads,DC=example,DC=net']
+            @nested_group_page_1 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @nested_group_page_1['member;range=0-0'] = ['CN=otheruser,DC=ads,DC=example,DC=net']
 
-          @top_group = Net::LDAP::Entry.new('CN=Top-Group,OU=Groups,DC=ads,DC=example,DC=net')
-          @top_group['member;range=0-*'] = ['CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net']
+            @nested_group_page_2 = Net::LDAP::Entry.new('CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @nested_group_page_2['member;range=1-*'] = ['CN=user,DC=ads,DC=example,DC=net']
 
-          @no_member_group = Net::LDAP::Entry.new('CN=No-Member-Group,OU=Groups,DC=ads,DC=example,DC=net')
-        end
-        context 'when searching for a group that does not exist' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Fake-Group'))).and_return([])
-            expect(user.member_of_ldap_group?('Fake-Group')).to eq(false)
-          end
-        end
-        context 'when searching for a group that user is not a member of' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Other-Group'))).and_return([@other_group])
-            expect(user.member_of_ldap_group?('Other-Group')).to eq(false)
-          end
-        end
-        context 'when searching for a group that has no members' do
-          it 'should return false' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'No-Member-Group'))).and_return([@no_member_group])
-            expect(user.member_of_ldap_group?('No-Member-Group')).to eq(false)
+            @top_group = Net::LDAP::Entry.new('CN=Top-Group,OU=Groups,DC=ads,DC=example,DC=net')
+            @top_group['member;range=0-*'] = ['CN=Nested-Group,OU=Groups,DC=ads,DC=example,DC=net']
+
+            @no_member_group = Net::LDAP::Entry.new('CN=No-Member-Group,OU=Groups,DC=ads,DC=example,DC=net')
           end
-        end
-        context 'when searching for a group that user is a direct member of on the second page' do
-          it 'should return true' do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
-            expect(user.member_of_ldap_group?('Nested-Group')).to eq(true)
+          context 'when searching for a group that does not exist' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Fake-Group'))).and_return([])
+              expect(user.member_of_ldap_group?('Fake-Group')).to eq(false)
+            end
           end
-        end
-        context 'when searching for a group that user is a nested member of' do
-          before do
-            expect(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Top-Group'))).and_return([@top_group])
-            allow(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
-            allow(@service).to receive(:search).with(
-                hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
-                               attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
+          context 'when searching for a group that user is not a member of' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Other-Group'))).and_return([@other_group])
+              expect(user.member_of_ldap_group?('Other-Group')).to eq(false)
+            end
           end
-          context 'when the group is whitelisted' do
-            before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Groups'])
+          context 'when searching for a group that has no members' do
+            it 'should return false' do
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'No-Member-Group'))).and_return([@no_member_group])
+              expect(user.member_of_ldap_group?('No-Member-Group')).to eq(false)
             end
+          end
+          context 'when searching for a group that user is a direct member of on the second page' do
             it 'should return true' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
+              expect(user.member_of_ldap_group?('Nested-Group')).to eq(true)
             end
           end
-          context 'when the whitelist is empty' do
+          context 'when searching for a group that user is a nested member of' do
             before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return([])
+              expect(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Top-Group'))).and_return([@top_group])
+              allow(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=0-*'])).and_return([@nested_group_page_1])
+              allow(@service).to receive(:search).with(
+                  hash_including(filter: Net::LDAP::Filter.equals('cn', 'Nested-Group'),
+                                 attributes: ['member;range=1-*'])).and_return([@nested_group_page_2])
             end
-            it 'should return true (whitelisting is disabled)' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+            context 'when the group is whitelisted' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Groups'])
+              end
+              it 'should return true' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              end
             end
-          end
-          context 'when the group is not whitelisted' do
-            before do
-              allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Not-A-Match'])
+            context 'when the whitelist is empty' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return([])
+              end
+              it 'should return true (whitelisting is disabled)' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(true)
+              end
             end
-            it 'should return false' do
-              expect(user.member_of_ldap_group?('Top-Group')).to eq(false)
+            context 'when the group is not whitelisted' do
+              before do
+                allow(LDAPGroupsLookup).to receive(:member_whitelist).and_return(['OU=Not-A-Match'])
+              end
+              it 'should return false' do
+                expect(user.member_of_ldap_group?('Top-Group')).to eq(false)
+              end
             end
           end
         end
       end
     end
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ldap_groups_lookup
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Adam Ploshay