lita-activedirectory 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5bcc4c302e0bb34938f608adecfc61e59af84944
-  data.tar.gz: a51c8b92f84a66cb2b9a81ebf83b96a81e4a33f4
+  metadata.gz: e234fdbf176937e5e6a4ad5bf906999bebcef275
+  data.tar.gz: 86900dd8e120905eb003469ead17984d458221d4
 SHA512:
-  metadata.gz: e687c2bb220786475a9c1b8bc441cece10c41f33df9a5ec180ccc6322513cb545ead93b7ade21246d9cdcef9faa28377b2c33d4ae693c0cd78b1ff873774cbb5
-  data.tar.gz: 21b58e4727eac412db4a6b73f622c342fe89c1dcb18f692ea962ce827a7c3b25d3051e8068b8fa8d5d24696bb33a2c4bd0a940b6acc3f7b36a7bb9c6543483f8
+  metadata.gz: 98f81d6e24790574f06bbcd2f625dacba7f1a4078e3a2aec1b6f2f458677ae1556fb19668176209a8d27fbbc1d625748a9b94973db71ad36d6169218efcc94b7
+  data.tar.gz: 52fd9a7603db8f5d968c2b3e544a1ebf7900bf702544aaf5626f8a9f0c4f402e69d67692dc7ff60b79ae887908cd6607781863d499eb7cb4659d2a6e12030635

data/README.md

@@ -30,7 +30,7 @@ gem "lita-activedirectory"
 
 Requires membership in `ad_admins` authorization group.
 
-The user account specified in `config.handlers.activedirectory.username` must have permission to write the lockouttime attribute for unlocking to succeed. We leave it up to you to secure this account accordingly. 
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the lockouttime attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.
 
 ### List a User's Group Memberships
 `<username> groups>`
@@ -38,4 +38,16 @@ The user account specified in `config.handlers.activedirectory.username` must ha
 ### List a Group's Members
 `group <groupname> members`
 
+### Add a User to a Group
+`add <username> to <groupname>`
 
+Requires membership in `ad_admins` authorization group.
+
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
+
+### Remove a User from a Group
+`remove <username> from <groupname>`
+
+Requires membership in `ad_admins` authorization group.
+
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.

data/Rakefile

@@ -5,4 +5,4 @@ require 'rubocop/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new(:rubocop)
 
-task default: [:spec, :rubocop]
+task default: %i[spec rubocop]

data/lib/lita/handlers/activedirectory.rb

@@ -39,6 +39,22 @@ module Lita
         help: { t('help.group_members.syntax') => t('help.group_members.desc') }
       )
 
+      route(
+        /^remove\s+(\S+)\s+from\s+(\S+)$/i,
+        :remove_group_member,
+        command: true,
+        restrict_to: :ad_admins,
+        help: { t('help.remove_member.syntax') => t('help.remove_member.desc') }
+      )
+
+      route(
+        /^add\s+(\S+)\s+to\s+(\S+)$/i,
+        :add_group_member,
+        command: true,
+        restrict_to: :ad_admins,
+        help: { t('help.add_member.syntax') => t('help.add_member.desc') }
+      )
+
       include ::Utils::Cratususer
 
       def user_locked?(response)
@@ -84,6 +100,36 @@ module Lita
         end
       end
 
+      def add_group_member(response)
+        user  = response.matches[0][0]
+        group = response.matches[0][1]
+
+        response.reply_with_mention(t('replies.add_member.working'))
+        result = add_user_to_group(user, group)
+        response.reply_with_mention(
+          if result.nil?
+            t('replies.add_member.error', user: user, group: group)
+          else
+            t('replies.add_member.success', user: user, group: group)
+          end
+        )
+      end
+
+      def remove_group_member(response)
+        user  = response.matches[0][0]
+        group = response.matches[0][1]
+
+        response.reply_with_mention(t('replies.remove_member.working'))
+        result = remove_user_from_group(user, group)
+        response.reply_with_mention(
+          if result.nil?
+            t('replies.remove_member.error', user: user, group: group)
+          else
+            t('replies.remove_member.success', user: user, group: group)
+          end
+        )
+      end
+
       private
 
       def handle_user_query(response, user, result)

data/lib/utils/cratususer.rb

@@ -49,9 +49,39 @@ module Utils
       end
     end
 
+    def add_user_to_group(username, groupname)
+      cratus_connect
+      begin
+        user  = Cratus::User.new(username.to_s)
+        group = Cratus::Group.new(groupname.to_s)
+        raise 'InvalidUser' unless user
+        raise 'InvalidGroup' unless group
+        group.add_user(user)
+      rescue
+        nil
+      end
+    end
+
+    def remove_user_from_group(username, groupname)
+      cratus_connect
+      begin
+        user  = Cratus::User.new(username.to_s)
+        group = Cratus::Group.new(groupname.to_s)
+        raise 'InvalidUser' unless user
+        raise 'InvalidGroup' unless group
+        group.remove_user(user)
+      rescue
+        nil
+      end
+    end
+
     def unlock_user(username)
-      ldap = Cratus::LDAP.connection
-      ldap.replace_attribute Cratus::User.new(username.to_s).dn, :lockouttime, '0'
+      cratus_connect
+      begin
+        Cratus::User.new(username.to_s).unlock
+      rescue
+        nil
+      end
     end
   end
 end

data/lita-activedirectory.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |spec|
   spec.name          = 'lita-activedirectory'
-  spec.version       = '1.0.0'
-  spec.authors       = ['Daniel Schaaff']
+  spec.version       = '1.1.0'
+  spec.authors       = ['Daniel Schaaff', 'Jonathan Gnagy']
   spec.email         = ['dschaaff@knuedge.com']
   spec.description   = 'ldap/active directory instructions for Lita'
   spec.summary       = 'Allow Lita to interact with Active Directory'
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '~> 2.2'
 
   spec.add_runtime_dependency 'lita', '>= 4.7'
-  spec.add_runtime_dependency 'cratus'
+  spec.add_runtime_dependency 'cratus', '~> 0.5'
 
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'pry-byebug'

data/locales/en.yml

@@ -15,6 +15,12 @@ en:
           group_members:
             syntax: group <groupname> members
             desc: lists all members of the given group
+          add_member:
+            syntax: add <username> to <groupname>
+            desc: add a user to an LDAP group
+          remove_member:
+            syntax: remove <username> from <groupname>
+            desc: remove a user from an LDAP group
         replies:
           user_locked?:
             working: let me check on that
@@ -33,3 +39,11 @@ en:
           group_members:
             working: Give me a second to search
             error: "That did not work, double check the '%{group}' is a valid group name"
+          add_member:
+            working: I'll get that user added
+            error: "That did not work, double check that '%{user}' and '%{group}' are valid"
+            success: "'%{user}' is now a member of '%{group}'"
+          remove_member:
+            working: Give me just a second to remove that user from the group
+            error: "That did not work, double check that '%{user}' and '%{group}' are valid"
+            success: "'%{user}' is no longer a member of '%{group}'"

data/spec/lita/handlers/activedirectory_spec.rb

@@ -18,42 +18,86 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     is_expected.to route_command('unlock jdoe').with_authorization_for(:ad_admins).to(:unlock)
     is_expected.to route_command('jdoe groups').to(:user_groups)
     is_expected.to route_command('group foo members').to(:group_members)
+    is_expected.to route_command('add foo to bar')
+      .with_authorization_for(:ad_admins).to(:add_group_member)
+    is_expected.to route_command('remove foo from bar')
+      .with_authorization_for(:ad_admins).to(:remove_group_member)
   end
+
+  let(:fake_group1) do
+    instance_double(
+      'Cratus::Group',
+      name: 'lame_group1',
+      members: [fake_user]
+    )
+  end
+
+  let(:fake_group2) do
+    instance_double(
+      'Cratus::Group',
+      name: 'lame_group2'
+    )
+  end
+
+  let(:fake_user) do
+    allow(Cratus::LDAP).to receive(:connect).and_return(true)
+    allow(Cratus::LDAP).to receive(:connection).and_return(true)
+    instance_double(
+      'Cratus::User',
+      dn: 'cn=fbar,dc=example,dc=com',
+      username: 'fabar',
+      fullname: 'Foo Bar',
+      member_of: [],
+      lockouttime: '0',
+      locked?: false
+    )
+  end
+
   let(:locked_user) do
-    testuser = instance_double(
+    instance_double(
       'Cratus::User',
       dn: 'cn=jdoe,dc=example,dc=com',
+      member_of: [fake_group1, fake_group2],
       lockouttime: '124',
-      locked?: true
+      locked?: true,
+      unlock: true
     )
+  end
+
+  let(:false_user) do
     allow(Cratus::LDAP).to receive(:connect).and_return(true)
     allow(Cratus::LDAP).to receive(:connection).and_return(true)
-    testuser
+    nil
   end
 
   let(:unlocked_user) do
-    testuser = instance_double(
+    instance_double(
       'Cratus::User',
       dn: 'cn=jdoe,dc=example,dc=com',
-      member_of: "['cn=foo,dc=example,dc=com','cn=bar,dc=example,dc=com']",
+      username: 'jdoe',
+      member_of: [fake_group1, fake_group2],
       lockouttime: '0',
       locked?: false
     )
-    allow(Cratus::LDAP).to receive(:connect).and_return(true)
-    allow(Cratus::LDAP).to receive(:connection).and_return(true)
-    testuser
+  end
+
+  let(:simple_group) do
+    instance_double(
+      'Cratus::Group',
+      dn: 'cn=testgroup,dc=example,dc=com',
+      add_user: true,
+      remove_user: true
+    )
   end
 
   describe '#user_locked?' do
     it 'lets you know if the user is locked' do
-      allow(Cratus::LDAP).to receive(:connect).and_return(true)
       allow(Cratus::User).to receive(:new).and_return(locked_user)
       send_command('is jdoe locked?')
       expect(replies.first).to eq('let me check on that')
       expect(replies.last).to eq("looks like 'jdoe' is locked")
     end
     it 'lets you know if a user is not locked' do
-      allow(Cratus::LDAP).to receive(:connect).and_return(true)
       allow(Cratus::User).to receive(:new).and_return(unlocked_user)
       send_command('is jdoe locked?')
       expect(replies.first).to eq('let me check on that')
@@ -67,7 +111,6 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     end
     it 'unlocks the user when locked' do
       allow(Cratus::User).to receive(:new).and_return(locked_user)
-      allow(Cratus::LDAP.connection).to receive(:replace_attribute).and_return(true)
       send_command('unlock jdoe', as: lita_user)
       expect(replies.first).to eq('lets see what we can do')
       expect(replies.last).to eq("'jdoe' has been unlocked")
@@ -81,9 +124,39 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     end
   end
 
+  describe '#add_group_member' do
+    before do
+      robot.auth.add_user_to_group!(lita_user, :ad_admins)
+    end
+    it 'adds a user to a group' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::User).to receive(:new).and_return(unlocked_user)
+      allow(Cratus::Group).to receive(:new).and_return(simple_group)
+      send_command('add jdoe to testgroup', as: lita_user)
+      expect(replies.first).to eq("I'll get that user added")
+      expect(replies.last).to eq("'jdoe' is now a member of 'testgroup'")
+    end
+  end
+
+  describe '#remove_group_member' do
+    before do
+      robot.auth.add_user_to_group!(lita_user, :ad_admins)
+    end
+    it 'removes a user from a group' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::User).to receive(:new).and_return(unlocked_user)
+      allow(Cratus::Group).to receive(:new).and_return(simple_group)
+      send_command('remove jdoe from testgroup', as: lita_user)
+      expect(replies.first).to eq('Give me just a second to remove that user from the group')
+      expect(replies.last).to eq("'jdoe' is no longer a member of 'testgroup'")
+    end
+  end
+
   describe '#user_groups' do
     it 'should return proper error mesage' do
-      allow(Cratus::User).to receive(:new).and_return(unlocked_user)
+      allow(Cratus::User).to receive(:new).and_return(false_user)
       send_command('fbar groups')
       expect(replies.first).to eq('Give me a second to search')
       expect(replies.last)
@@ -91,8 +164,18 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     end
     it 'should return group membership' do
       allow(Cratus::User).to receive(:new).and_return(unlocked_user)
-      send_command('fjdoe groups')
+      send_command('jdoe groups')
+      expect(replies.first).to eq('Give me a second to search')
+      expect(replies.last).to eq("lame_group1\nlame_group2")
+    end
+  end
+
+  describe '#group_members' do
+    it 'should return members of the group' do
+      allow(Cratus::Group).to receive(:new).and_return(fake_group1)
+      send_command('group fake_group1 members')
       expect(replies.first).to eq('Give me a second to search')
+      expect(replies.last).to eq('Foo Bar')
     end
   end
 end

data/spec/utils/cratususer_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe Utils::Cratususer do
+  let(:fake_group1) do
+    instance_double(
+      'Cratus::Group',
+      name: 'lame_group1',
+      members: [fake_user2]
+    )
+  end
+  let(:fake_group2) do
+    instance_double(
+      'Cratus::Group',
+      name: 'lame_group2'
+    )
+  end
+  let(:fake_user) do
+    fakeuser = instance_double(
+      'Cratus::User',
+      dn: 'cn=jdoe,dc=example,dc=com',
+      username: 'jdoe',
+      fullname: 'John Doe',
+      member_of: [fake_group1, fake_group2],
+      lockouttime: '0',
+      locked?: false
+    )
+    fakeuser
+  end
+
+  let(:fake_user2) do
+    fakeuser = instance_double(
+      'Cratus::User',
+      dn: 'cn=fbar,dc=example,dc=com',
+      username: 'fabar',
+      fullname: 'Foo Bar',
+      member_of: [],
+      lockouttime: '0',
+      locked?: false
+    )
+    fakeuser
+  end
+
+  subject do
+    # shut up rspec
+    class Dummy
+      include Utils::Cratususer
+      def config
+        conf = OpenStruct.new
+        conf.host = 'localhost'
+        conf
+      end
+    end
+    allow(Cratus::LDAP).to receive(:connect).and_return(true)
+    allow(Cratus::LDAP).to receive(:connection).and_return(true)
+    Dummy.new
+  end
+
+  describe '#user_groups_query' do
+    it 'should return the group memberships' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::User).to receive(:new).and_return(fake_user)
+      expect(subject.user_groups_query('jdoe')).to eq("lame_group1\nlame_group2")
+    end
+  end
+
+  describe '#group_mem_query' do
+    it 'should return members of the group' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::Group).to receive(:new).and_return(fake_group1)
+      expect(subject.group_mem_query('foo')).to eq('Foo Bar')
+    end
+  end
+end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: lita-activedirectory
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Daniel Schaaff
+- Jonathan Gnagy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-22 00:00:00.000000000 Z
+date: 2017-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: lita
@@ -28,16 +29,16 @@ dependencies:
   name: cratus
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -200,6 +201,7 @@ files:
 - locales/en.yml
 - spec/lita/handlers/activedirectory_spec.rb
 - spec/spec_helper.rb
+- spec/utils/cratususer_spec.rb
 - templates/.gitkeep
 homepage: https://github.com/knuedge/lita-activedirectory
 licenses:
@@ -222,10 +224,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Allow Lita to interact with Active Directory
 test_files:
 - spec/lita/handlers/activedirectory_spec.rb
 - spec/spec_helper.rb
+- spec/utils/cratususer_spec.rb