lita-activedirectory 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e234fdbf176937e5e6a4ad5bf906999bebcef275
-  data.tar.gz: 86900dd8e120905eb003469ead17984d458221d4
+  metadata.gz: 46e9aa5d62f8db695f7b993ce7809a5893197786
+  data.tar.gz: 61e92a97b680089344b4e671dc67dd89041c74c3
 SHA512:
-  metadata.gz: 98f81d6e24790574f06bbcd2f625dacba7f1a4078e3a2aec1b6f2f458677ae1556fb19668176209a8d27fbbc1d625748a9b94973db71ad36d6169218efcc94b7
-  data.tar.gz: 52fd9a7603db8f5d968c2b3e544a1ebf7900bf702544aaf5626f8a9f0c4f402e69d67692dc7ff60b79ae887908cd6607781863d499eb7cb4659d2a6e12030635
+  metadata.gz: fd17187c82e1e5f09f80ae101c249a01b43c95858c5b37dd0ac83cb1c85186195c322642ad29ec1c98f219c080c4c9753cd8fe9d756cf46e5c00d70ec514ad88
+  data.tar.gz: a4fd26f6d23164ac1b3cabc24cd691b9c6ba522f7141c84b9b60fd03ef753c1ff4b74eea8ec55e348590eedd6fc8de49e8bcc72315df932fc0e1696e2f9510ae

data/.rubocop.yml

@@ -16,7 +16,7 @@ Metrics/MethodLength:
   Max: 20
 
 Metrics/ClassLength:
-  Max: 150
+  Max: 200
 
 Metrics/BlockLength:
   Max: 30

data/README.md

@@ -30,7 +30,7 @@ gem "lita-activedirectory"
 
 Requires membership in `ad_admins` authorization group.
 
-The user account specified in `config.handlers.activedirectory.username` must have permission to write the lockouttime attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the `lockouttime` attribute for unlocking to succeed. We leave it up to you to secure this account accordingly.
 
 ### List a User's Group Memberships
 `<username> groups>`
@@ -43,11 +43,25 @@ The user account specified in `config.handlers.activedirectory.username` must ha
 
 Requires membership in `ad_admins` authorization group.
 
-The user account specified in `config.handlers.activedirectory.username` must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the `member` attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
 
 ### Remove a User from a Group
 `remove <username> from <groupname>`
 
 Requires membership in `ad_admins` authorization group.
 
-The user account specified in `config.handlers.activedirectory.username` must have permission to write the member attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the `member` attribute on groups for the membership change to succeed. We leave it up to you to secure this account accordingly.
+
+### Disable a User
+`disable user <username>`
+
+Requires membership in `ad_admins` authorization group.
+
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the `userAccountControl` attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.
+
+### Enable a User
+`enable user <username>`
+
+Requires membership in `ad_admins` authorization group.
+
+The user account specified in `config.handlers.activedirectory.username` must have permission to write the `userAccountControl` attribute on groups for the change to succeed. We leave it up to you to secure this account accordingly.

data/lib/lita/handlers/activedirectory.rb

@@ -55,6 +55,22 @@ module Lita
         help: { t('help.add_member.syntax') => t('help.add_member.desc') }
       )
 
+      route(
+        /^disable\s+user\s+(\S+)$/i,
+        :disable_user,
+        command: true,
+        restrict_to: :ad_admins,
+        help: { t('help.disable_user.syntax') => t('help.disable_user.desc') }
+      )
+
+      route(
+        /^enable\s+user\s+(\S+)$/i,
+        :enable_user,
+        command: true,
+        restrict_to: :ad_admins,
+        help: { t('help.enable_user.syntax') => t('help.enable_user.desc') }
+      )
+
       include ::Utils::Cratususer
 
       def user_locked?(response)
@@ -130,6 +146,34 @@ module Lita
         )
       end
 
+      def disable_user(response)
+        user = response.matches[0][0]
+
+        response.reply_with_mention(t('replies.disable_user.working'))
+        result = disable_ldap_user(user)
+        response.reply_with_mention(
+          if result.nil?
+            t('replies.disable_user.error', user: user)
+          else
+            t('replies.disable_user.success', user: user)
+          end
+        )
+      end
+
+      def enable_user(response)
+        user = response.matches[0][0]
+
+        response.reply_with_mention(t('replies.enable_user.working'))
+        result = enable_ldap_user(user)
+        response.reply_with_mention(
+          if result.nil?
+            t('replies.enable_user.error', user: user)
+          else
+            t('replies.enable_user.success', user: user)
+          end
+        )
+      end
+
       private
 
       def handle_user_query(response, user, result)

data/lib/utils/cratususer.rb

@@ -83,5 +83,23 @@ module Utils
         nil
       end
     end
+
+    def disable_ldap_user(username)
+      cratus_connect
+      begin
+        Cratus::User.new(username.to_s).disable
+      rescue
+        nil
+      end
+    end
+
+    def enable_ldap_user(username)
+      cratus_connect
+      begin
+        Cratus::User.new(username.to_s).enable
+      rescue
+        nil
+      end
+    end
   end
 end

data/lita-activedirectory.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = 'lita-activedirectory'
-  spec.version       = '1.1.0'
+  spec.version       = '1.2.0'
   spec.authors       = ['Daniel Schaaff', 'Jonathan Gnagy']
   spec.email         = ['dschaaff@knuedge.com']
   spec.description   = 'ldap/active directory instructions for Lita'

data/locales/en.yml

@@ -21,6 +21,12 @@ en:
           remove_member:
             syntax: remove <username> from <groupname>
             desc: remove a user from an LDAP group
+          disable_user:
+            syntax: disable user <username>
+            desc: disable an active directory user
+          enable_user:
+            syntax: enable user <username>
+            desc: enable an active directory user
         replies:
           user_locked?:
             working: let me check on that
@@ -47,3 +53,11 @@ en:
             working: Give me just a second to remove that user from the group
             error: "That did not work, double check that '%{user}' and '%{group}' are valid"
             success: "'%{user}' is no longer a member of '%{group}'"
+          disable_user:
+            working: Let's stop that user from logging in then
+            error: "That did not work, double check that '%{user}' is a valid user"
+            success: "'%{user}' is now disabled"
+          enable_user:
+            working: I'll allow this user to login again
+            error: "That did not work, double check that '%{user}' is a valid user"
+            success: "'%{user}' is now enabled"

data/spec/lita/handlers/activedirectory_spec.rb

@@ -22,6 +22,10 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
       .with_authorization_for(:ad_admins).to(:add_group_member)
     is_expected.to route_command('remove foo from bar')
       .with_authorization_for(:ad_admins).to(:remove_group_member)
+    is_expected.to route_command('disable user foo')
+      .with_authorization_for(:ad_admins).to(:disable_user)
+    is_expected.to route_command('enable user foo')
+      .with_authorization_for(:ad_admins).to(:enable_user)
   end
 
   let(:fake_group1) do
@@ -49,7 +53,9 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
       fullname: 'Foo Bar',
       member_of: [],
       lockouttime: '0',
-      locked?: false
+      locked?: false,
+      disable: true,
+      enable: true
     )
   end
 
@@ -154,6 +160,34 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     end
   end
 
+  describe '#disable_user' do
+    before do
+      robot.auth.add_user_to_group!(lita_user, :ad_admins)
+    end
+    it 'disables a user' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::User).to receive(:new).and_return(fake_user)
+      send_command('disable user jdoe', as: lita_user)
+      expect(replies.first).to eq("Let's stop that user from logging in then")
+      expect(replies.last).to eq("'jdoe' is now disabled")
+    end
+  end
+
+  describe '#enable_user' do
+    before do
+      robot.auth.add_user_to_group!(lita_user, :ad_admins)
+    end
+    it 'enables a user' do
+      allow(Cratus::LDAP).to receive(:connect).and_return(true)
+      allow(Cratus::LDAP).to receive(:connection).and_return(true)
+      allow(Cratus::User).to receive(:new).and_return(fake_user)
+      send_command('enable user jdoe', as: lita_user)
+      expect(replies.first).to eq("I'll allow this user to login again")
+      expect(replies.last).to eq("'jdoe' is now enabled")
+    end
+  end
+
   describe '#user_groups' do
     it 'should return proper error mesage' do
       allow(Cratus::User).to receive(:new).and_return(false_user)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lita-activedirectory
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Daniel Schaaff
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-10 00:00:00.000000000 Z
+date: 2017-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: lita