lita-activedirectory 0.2.9 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2a9d811b2a55da1f304adb94d24f64b1c671b78c
-  data.tar.gz: 76110a39bf0ddc404474ee176471bfa22e7c3dce
+  metadata.gz: 5bcc4c302e0bb34938f608adecfc61e59af84944
+  data.tar.gz: a51c8b92f84a66cb2b9a81ebf83b96a81e4a33f4
 SHA512:
-  metadata.gz: b4858e4b0ffe69969da69201e849a21e804d427437f43aa510581fdf439454cefbb1674869453a2d3ee94ef8da4cd1043e01b37e1aef28b327e9bdbaad1f60e2
-  data.tar.gz: 9f87dc9bfa1421dc8a6c3b7f35e19c0924dc28bad291c2ddda519ccb34bccb405e1b07aa861e02d513d4ed4089a4aa56634b3442a6b985fb54f5d073e04ba9af
+  metadata.gz: e687c2bb220786475a9c1b8bc441cece10c41f33df9a5ec180ccc6322513cb545ead93b7ade21246d9cdcef9faa28377b2c33d4ae693c0cd78b1ff873774cbb5
+  data.tar.gz: 21b58e4727eac412db4a6b73f622c342fe89c1dcb18f692ea962ce827a7c3b25d3051e8068b8fa8d5d24696bb33a2c4bd0a940b6acc3f7b36a7bb9c6543483f8

data/README.md

@@ -1,5 +1,5 @@
 # lita-activedirectory
-[![Build Status](https://travis-ci.org/knuedge/lita-activedirectory.svg?branch=master)](https://travis-ci.org/knuedge/lita-activedirectory) [![MIT License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://tldrlegal.com/license/mit-license) [![Gem](https://img.shields.io/gem/v/formatador.svg)](https://rubygems.org/gems/lita-activedirectory) [![Code Climate](https://codeclimate.com/github/knuedge/lita-activedirectory/badges/gpa.svg)](https://codeclimate.com/github/knuedge/lita-activedirectory)
+[![Build Status](https://travis-ci.org/knuedge/lita-activedirectory.svg?branch=master)](https://travis-ci.org/knuedge/lita-activedirectory) [![MIT License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://tldrlegal.com/license/mit-license) [![Gem Version](https://badge.fury.io/rb/lita-activedirectory.svg)](https://badge.fury.io/rb/lita-activedirectory) [![Code Climate](https://codeclimate.com/github/knuedge/lita-activedirectory/badges/gpa.svg)](https://codeclimate.com/github/knuedge/lita-activedirectory)
 
 A [Lita](https://www.lita.io/) handler plugin for basic interactions with Active Directory.
 
@@ -28,6 +28,8 @@ gem "lita-activedirectory"
 ### Unlock a user account
 `unlock <username>`
 
+Requires membership in `ad_admins` authorization group.
+
 The user account specified in `config.handlers.activedirectory.username` must have permission to write the lockouttime attribute for unlocking to succeed. We leave it up to you to secure this account accordingly. 
 
 ### List a User's Group Memberships

data/lib/lita/handlers/activedirectory.rb

@@ -21,6 +21,7 @@ module Lita
         /^(unlock)\s+(\S+)/i,
         :unlock,
         command: true,
+        restrict_to: :ad_admins,
         help: { t('help.unlock.syntax') => t('help.unlock.desc') }
       )
 

data/lita-activedirectory.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = 'lita-activedirectory'
-  spec.version       = '0.2.9'
+  spec.version       = '1.0.0'
   spec.authors       = ['Daniel Schaaff']
   spec.email         = ['dschaaff@knuedge.com']
   spec.description   = 'ldap/active directory instructions for Lita'

data/spec/lita/handlers/activedirectory_spec.rb

@@ -10,14 +10,15 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     registry.config.handlers.activedirectory.password = 'pass'
   end
 
+  let(:lita_user) { Lita::User.create('User', name: 'A User', mention_name: 'user') }
+
   it 'should have the necessary routes' do
     is_expected.to route_command('is jdoe locked').to(:user_locked?)
     is_expected.to route_command('is jdoe locked?').to(:user_locked?)
-    is_expected.to route_command('unlock jdoe').to(:unlock)
+    is_expected.to route_command('unlock jdoe').with_authorization_for(:ad_admins).to(:unlock)
     is_expected.to route_command('jdoe groups').to(:user_groups)
     is_expected.to route_command('group foo members').to(:group_members)
   end
-
   let(:locked_user) do
     testuser = instance_double(
       'Cratus::User',
@@ -25,6 +26,8 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
       lockouttime: '124',
       locked?: true
     )
+    allow(Cratus::LDAP).to receive(:connect).and_return(true)
+    allow(Cratus::LDAP).to receive(:connection).and_return(true)
     testuser
   end
 
@@ -32,9 +35,12 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
     testuser = instance_double(
       'Cratus::User',
       dn: 'cn=jdoe,dc=example,dc=com',
+      member_of: "['cn=foo,dc=example,dc=com','cn=bar,dc=example,dc=com']",
       lockouttime: '0',
       locked?: false
     )
+    allow(Cratus::LDAP).to receive(:connect).and_return(true)
+    allow(Cratus::LDAP).to receive(:connection).and_return(true)
     testuser
   end
 
@@ -56,23 +62,37 @@ describe Lita::Handlers::Activedirectory, lita_handler: true do
   end
 
   describe '#unlock' do
+    before do
+      robot.auth.add_user_to_group!(lita_user, :ad_admins)
+    end
     it 'unlocks the user when locked' do
-      allow(Cratus::LDAP).to receive(:connect).and_return(true)
-      allow(Cratus::LDAP).to receive(:connection).and_return(true)
       allow(Cratus::User).to receive(:new).and_return(locked_user)
       allow(Cratus::LDAP.connection).to receive(:replace_attribute).and_return(true)
-      send_command('unlock jdoe')
+      send_command('unlock jdoe', as: lita_user)
       expect(replies.first).to eq('lets see what we can do')
       expect(replies.last).to eq("'jdoe' has been unlocked")
     end
     it 'lets you know if the user is not locked' do
-      allow(Cratus::LDAP).to receive(:connect).and_return(true)
-      allow(Cratus::LDAP).to receive(:connection).and_return(true)
       allow(Cratus::User).to receive(:new).and_return(unlocked_user)
       allow(Cratus::LDAP.connection).to receive(:replace_attribute).and_return(true)
-      send_command('unlock jdoe')
+      send_command('unlock jdoe', as: lita_user)
       expect(replies.first).to eq('lets see what we can do')
       expect(replies.last).to eq("'jdoe' is not locked")
     end
   end
+
+  describe '#user_groups' do
+    it 'should return proper error mesage' do
+      allow(Cratus::User).to receive(:new).and_return(unlocked_user)
+      send_command('fbar groups')
+      expect(replies.first).to eq('Give me a second to search')
+      expect(replies.last)
+        .to eq("That did not work, double check that 'fbar' is a valid samAccountName")
+    end
+    it 'should return group membership' do
+      allow(Cratus::User).to receive(:new).and_return(unlocked_user)
+      send_command('fjdoe groups')
+      expect(replies.first).to eq('Give me a second to search')
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lita-activedirectory
 version: !ruby/object:Gem::Version
-  version: 0.2.9
+  version: 1.0.0
 platform: ruby
 authors:
 - Daniel Schaaff
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-21 00:00:00.000000000 Z
+date: 2017-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: lita