oa-enterprise 0.1.6 → 0.2.0.beta1

data/README.rdoc

@@ -12,10 +12,9 @@ For the full auth suite:
 
     gem install omniauth
 
-CAS strategy    
-== Stand-Alone Example
+== CAS
 
-Use the strategy as a middleware in your application:
+Use the CAS strategy as a middleware in your application:
 
     require 'omniauth/enterprise'
     
@@ -23,13 +22,47 @@ Use the strategy as a middleware in your application:
     
 Then simply direct users to '/auth/cas' to have them sign in via your company's CAS server.
 See OmniAuth::Strategies::CAS::Configuration for more configuration options.
-    
-Then simply direct users to '/auth/cas' to have them sign in via your company's CAS server.
-See OmniAuth::Strategies::CAS::Configuration for more configuration options.
 
-== OmniAuth Builder
+== LDAP
 
-If CAS is one of several authentication strategies, use the OmniAuth Builder:
+Use the LDAP strategy as a middleware in your applicaiton:
+
+    require 'omniauth/enterprise'
+    use OmniAuth::Strategies::LDAP, 
+        :title => "My LDAP", 
+        :host => '10.101.10.1',
+        :port => 389,
+        :method => :plain,
+        :base => 'dc=intridea, dc=com',
+        :uid => 'sAMAccountName',
+        :name_proc => Proc.new {|name| name.gsub(/@.*$/,''}}
+
+All of the listed options are required, with the exception of :name_proc.
+Allowed values of :method are: :plain, :ssl, :tls.
+
+:uid is the LDAP attribute name for the user name in the login form. typically
+AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
+You can also use 'dn', if your user choose the put in the dn in the login form
+(but usually is too long for user to remember or know).
+
+:name_proc allows you to match the user name entered with the format of the
+:uid attributes. For example, value of 'sAMAccountName' in AD contains only the
+windows user name. If your user prefers use email to login, a name_proc as
+above will trim the email string down to just the windows name. In summary,
+:name_proc helps you to fill the gap between the authentication and user lookup
+process.
+ 
+:try_sasl and :sasl_mechanisms are optional. Use them to initialize a SASL
+connection to server. Allowed values are 'DIGEST-MD5' and 'GSS-SPNEGO'. If you
+are not familiar with these authentication methods, please just avoid them.
+
+Direct users to '/auth/ldap' to have them authenticated via your
+company's LDAP server.
+    
+== Multiple Strategies
+
+If you're using multiple strategies together, use OmniAuth's Builder. That's
+what it's there for:
 
     require 'omniauth/enterprise'
     require 'omniauth/oauth'  # for Campfire
@@ -39,20 +72,3 @@ If CAS is one of several authentication strategies, use the OmniAuth Builder:
       provider :cas, :server => 'http://cas.mycompany.com/cas'
       provider :campfire
     end
-
-LDAP strategy
-
-    use OmniAuth::Strategies::LDAP, :host => '10.101.10.1', :port => 389, :method => :plain, :base => 'dc=intridea, dc=com', :uid => 'sAMAccountName', :try_sasl => true, :sasl_mechanisms => "GSS-SPNEGO"
-		or
-    use OmniAuth::Builder do
-      provider :LDAP, :host => '10.101.10.1', :port => 389, :method => :plain, :base => 'dc=intridea, dc=com', :uid => 'sAMAccountName', :try_sasl => true, :sasl_mechanisms => "GSS-SPNEGO"
-    end
-		    
-    LDAP server's :host and :port are required, :method is also a required field, and allowed values are :plain, :ssl, and :tls.
-    :base is required, it is the distinguish name (DN) for your organization, all users should be searchable under this base.
-    :uid is required, it is the LDAP attribute name for the user name in the login form. typically AD would be 'sAMAccountName' or 'UniquePersonalIdentifier', while 
-    OpenLDAP is 'uid'. You can also use 'dn', if your user choose the put in the dn in the login form (but usually is too long for user to remember or know).
-    :try_sasl and :sasl_mechanisms are optional, use it to initial SASL connection to server. mechanism supported are DIGEST-MD5 and GSS-SPNEGO.
-
-Then simply direct users to '/auth/ldap' to have them authenticated via your company's LDAP server.
-    

data/lib/omniauth/strategies/cas.rb

@@ -8,8 +8,8 @@ module OmniAuth
       autoload :Configuration, 'omniauth/strategies/cas/configuration'
       autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
       
-      def initialize(app, options = {})
-        super(app, options.delete(:name) || :cas)
+      def initialize(app, options = {}, &block)
+        super(app, options.delete(:name) || :cas, options, &block)
         @configuration = OmniAuth::Strategies::CAS::Configuration.new(options)
       end
       

data/lib/omniauth/strategies/ldap/adaptor.rb

@@ -1,57 +1,66 @@
 #this code boughts pieces from activeldap and net-ldap
+
 require 'rack'
 require 'net/ldap'
 require 'net/ntlm'
 require 'uri'
+
 module OmniAuth
   module Strategies
     class LDAP
       class Adaptor
-				class LdapError < StandardError; end
-				class ConfigurationError < StandardError; end
-				class AuthenticationError < StandardError; end
-				class ConnectionError < StandardError; end
-	      VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password,
-	                                          :try_sasl, :sasl_mechanisms, :uid, :base]
-	      MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
-	      METHOD = {
-	        :ssl => :simple_tls,
-	        :tls => :start_tls,
-	        :plain => nil
-	      }     
-	      attr_accessor :bind_dn, :password                                     
-				attr_reader :connection, :uid, :base
-	      def initialize(configuration={})
-	        @connection = nil
-	        @disconnected = false
-	        @bound = false
-	        @configuration = configuration.dup
-	        @logger = @configuration.delete(:logger)
-	        message = []
-	        MUST_HAVE_KEYS.each do |name|
-	        	message << name if configuration[name].nil? 
-	        end
-	        raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
-	        VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
-	          instance_variable_set("@#{name}", configuration[name])
-	        end
-	      end
+		class LdapError < StandardError; end
+		class ConfigurationError < StandardError; end
+		class AuthenticationError < StandardError; end
+		class ConnectionError < StandardError; end
+	      
+        VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password,
+	                                        :try_sasl, :sasl_mechanisms, :uid, :base]
+	      
+        MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
+	      
+        METHOD = {
+	      :ssl => :simple_tls,
+	      :tls => :start_tls,
+	      :plain => nil
+	    }     
+	      
+        attr_accessor :bind_dn, :password                                     
+		attr_reader :connection, :uid, :base
+
+	    def initialize(configuration={})
+	      @connection = nil
+	      @disconnected = false
+	      @bound = false
+	      @configuration = configuration.dup
+          @logger = @configuration.delete(:logger)
+          message = []
+          MUST_HAVE_KEYS.each do |name|
+              message << name if configuration[name].nil? 
+          end
+          raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
+          VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
+            instance_variable_set("@#{name}", configuration[name])
+          end
+	    end
 	
-				def connect(options={})
-	        host = options[:host] || @host
-	        method = options[:method] || @method || :plain
-	        port = options[:port] || @port || ensure_port(method)
-	        method = ensure_method(method)
-	        @disconnected = false
-	        @bound = false
-	        @bind_tried = false				
+		def connect(options={})
+	      host = options[:host] || @host
+	      method = options[:method] || @method || :plain
+	      port = options[:port] || @port || ensure_port(method)
+	      method = ensure_method(method)
+	      @disconnected = false
+	      @bound = false
+	      @bind_tried = false
+
           config = {
             :host => host,
             :port => port,
           }
+
           config[:encryption] = {:method => method} if method
-          @connection, @uri, @with_start_tls = 
-          begin
+          
+          @connection, @uri, @with_start_tls = begin
             uri = construct_uri(host, port, method == :simple_tls)
             with_start_tls = method == :start_tls
             puts ({:uri => uri, :with_start_tls => with_start_tls}).inspect
@@ -59,189 +68,201 @@ module OmniAuth
           rescue Net::LDAP::LdapError
             raise ConnectionError, $!.message
           end
-	      end
+
+	    end
 	
-	      def unbind(options={})
-	          @connection.close # Net::LDAP doesn't implement unbind.
-	      end
+	    def unbind(options={})
+	      @connection.close # Net::LDAP doesn't implement unbind.
+	    end
 	
-	      def bind(options={})
-	        connect(options) unless connecting?
-	        begin
-		        @bind_tried = true
-		
-		        bind_dn = (options[:bind_dn] || @bind_dn).to_s
-		        try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
-		
-		        # Rough bind loop:
-		        # Attempt 1: SASL if available
-		        # Attempt 2: SIMPLE with credentials if password block
-		        if try_sasl and sasl_bind(bind_dn, options)
-		        	puts "bind with sasl"
-		        elsif simple_bind(bind_dn, options)
-		        	puts "bind with simple"
-		        else
-		          message = yield if block_given?
-		          message ||= ('All authentication methods for %s exhausted.') % target
-		          raise AuthenticationError, message
-		        end
+	    def bind(options={})
+	      connect(options) unless connecting?
+	      begin
+		    @bind_tried = true
+
+		    bind_dn = (options[:bind_dn] || @bind_dn).to_s
+		    try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
 		
-		        @bound = true
-	        rescue Net::LDAP::LdapError
-	          raise AuthenticationError, $!.message
-	        end
+            # Rough bind loop:
+            # Attempt 1: SASL if available
+            # Attempt 2: SIMPLE with credentials if password block
+            if try_sasl and sasl_bind(bind_dn, options)
+                puts "bind with sasl"
+            elsif simple_bind(bind_dn, options)
+                puts "bind with simple"
+            else
+              message = yield if block_given?
+              message ||= ('All authentication methods for %s exhausted.') % target
+              raise AuthenticationError, message
+            end
+    
+            @bound = true
+	      rescue Net::LDAP::LdapError
+	        raise AuthenticationError, $!.message
 	      end
+	    end
 	
-	      def disconnect!(options={})
-	        unbind(options)
-	        @connection = @uri = @with_start_tls = nil
-	        @disconnected = true
-	      end
+	    def disconnect!(options={})
+	      unbind(options)
+	      @connection = @uri = @with_start_tls = nil
+	      @disconnected = true
+	    end
 	
-	      def rebind(options={})
-	        unbind(options) if bound?
-	        connect(options)
-	      end
+	    def rebind(options={})
+	      unbind(options) if bound?
+	      connect(options)
+	    end
 	
-	      def connecting?
-	        !@connection.nil? and !@disconnected
-	      end
+	    def connecting?
+	      !@connection.nil? and !@disconnected
+	    end
 	
-	      def bound?
-	        connecting? and @bound
-	      end
+	    def bound?
+	      connecting? and @bound
+	    end
 				
-				def search(options={}, &block)
-	        base = options[:base]
-	        filter = options[:filter]
-	        limit = options[:limit]
+		def search(options={}, &block)
+	      base = options[:base]
+	      filter = options[:filter]
+	      limit = options[:limit]
 	
-	        args = {
-	        	:base => @base,
-	          :filter => filter,
-	          :size => limit
-	        }
-					puts args.inspect
+	      args = {
+	        :base => @base,
+	        :filter => filter,
+	        :size => limit
+	      }
+		  
+          puts args.inspect
+
           attributes = {}
           execute(:search, args) do |entry|
             entry.attribute_names.each do |name|
               attributes[name] = entry[name]
             end
-        	end
-        	attributes
-      end
-	      private
-	      def execute(method, *args, &block)
-	        result = @connection.send(method, *args, &block)
-	        message = nil
-	        if result.is_a?(Hash)
-	          message = result[:errorMessage]
-	          result = result[:resultCode]
-	        end
-	        unless result.zero?
-	          message = [Net::LDAP.result2string(result), message].compact.join(": ")
-	          raise LdapError, message
-	        end
-	      end	      
+          end
+          attributes
+        end
+
+	    private
+	    
+        def execute(method, *args, &block)
+	      result = @connection.send(method, *args, &block)
+	      message = nil
+
+          if result.is_a?(Hash)
+            message = result[:errorMessage]
+            result = result[:resultCode]
+          end
+
+          unless result.zero?
+            message = [Net::LDAP.result2string(result), message].compact.join(": ")
+            raise LdapError, message
+          end
+	    end	      
 	      
-	      def ensure_port(method)
-	        if method == :ssl
-	          URI::LDAPS::DEFAULT_PORT
-	        else
-	          URI::LDAP::DEFAULT_PORT
-	        end
-	      end
-	
-	      def prepare_connection(options)
+	    def ensure_port(method)
+	      if method == :ssl
+	        URI::LDAPS::DEFAULT_PORT
+	      else
+	        URI::LDAP::DEFAULT_PORT
 	      end
+	    end
 	
-	      def ensure_method(method)
-	        method ||= "plain"
-	        normalized_method = method.to_s.downcase.to_sym
-	        return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
+	    def prepare_connection(options)
+	    end
 	
-	        available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
-	        format = "%s is not one of the available connect methods: %s"
-	        raise ConfigurationError, format % [method.inspect, available_methods]
-	      end
+	    def ensure_method(method)
+          method ||= "plain"
+          normalized_method = method.to_s.downcase.to_sym
+          return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
+  
+          available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
+          format = "%s is not one of the available connect methods: %s"
+          raise ConfigurationError, format % [method.inspect, available_methods]
+        end
 	      
-	      def sasl_bind(bind_dn, options={})
-	        sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
-	          sasl_mechanisms.each do |mechanism|
-		          begin
-			          normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
-			          sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
-			          next unless respond_to?(sasl_bind_setup, true)
-			          initial_credential, challenge_response =
-			            send(sasl_bind_setup, bind_dn, options)
-			          args = {
-			            :method => :sasl,
-			            :initial_credential => initial_credential,
-			            :mechanism => mechanism,
-			            :challenge_response => challenge_response,
-			          }
-			          info = {
-			            :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
-			          }
-			          puts info.inspect
-			          execute(:bind, args)
-			          return true
-			        rescue Exception => e
-			        	puts e.message
-			        end
-	          end
-	        false
-			  end
- 
-      def sasl_bind_setup_digest_md5(bind_dn, options)
-        initial_credential = ""
-        challenge_response = Proc.new do |cred|
-          pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
-          sasl = SASL.new("DIGEST-MD5", pref)
-          response = sasl.receive("challenge", cred)
-          response[1]
+        def sasl_bind(bind_dn, options={})
+          sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
+            sasl_mechanisms.each do |mechanism|
+              begin
+                normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
+                sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
+                next unless respond_to?(sasl_bind_setup, true)
+                initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
+
+                args = {
+                  :method => :sasl,
+                  :initial_credential => initial_credential,
+                  :mechanism => mechanism,
+                  :challenge_response => challenge_response,
+                }
+                
+                info = {
+                  :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
+                }
+                puts info.inspect
+
+                execute(:bind, args)
+                return true
+                
+              rescue Exception => e
+                puts e.message
+              end
+            end
+
+          false
+        end
+
+        def sasl_bind_setup_digest_md5(bind_dn, options)
+          initial_credential = ""
+          challenge_response = Proc.new do |cred|
+            pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
+            sasl = SASL.new("DIGEST-MD5", pref)
+            response = sasl.receive("challenge", cred)
+            response[1]
+          end
+          [initial_credential, challenge_response]
+        end
+
+        def sasl_bind_setup_gss_spnego(bind_dn, options)
+          puts options.inspect
+          user,psw = [bind_dn, options[:password]||@password]
+          raise LdapError.new( "invalid binding information" ) unless (user && psw)
+
+          nego = proc {|challenge|
+            t2_msg = Net::NTLM::Message.parse( challenge )
+            user, domain = user.split('\\').reverse
+            t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
+            t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
+            t3_msg.serialize
+          }        
+          [Net::NTLM::Message::Type1.new.serialize, nego]        
         end
-        [initial_credential, challenge_response]
-      end
-      def sasl_bind_setup_gss_spnego(bind_dn, options)
-        puts options.inspect
-        user,psw = [bind_dn, options[:password]||@password]
-        raise LdapError.new( "invalid binding information" ) unless (user && psw)
-
-        nego = proc {|challenge|
-          t2_msg = Net::NTLM::Message.parse( challenge )
-          user, domain = user.split('\\').reverse
-          t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
-          t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
-          t3_msg.serialize
-        }        
-        [Net::NTLM::Message::Type1.new.serialize, nego]        
-      end
       
-	      def simple_bind(bind_dn, options={})
-	          args = {
-	            :method => :simple,
-	            :username => bind_dn,
-	            :password => options[:password]||@password,
-	          }
-	          execute(:bind, args)
-	          true
-	      end
+	    def simple_bind(bind_dn, options={})
+	      args = {
+                  :method => :simple,
+                  :username => bind_dn,
+                  :password => options[:password]||@password,
+                 }
+          execute(:bind, args)
+          true
+        end
 	      
-	      def construct_uri(host, port, ssl)
-	        protocol = ssl ? "ldaps" : "ldap"
-	        URI.parse("#{protocol}://#{host}:#{port}").to_s
-	      end
-	
-	      def target
-	        return nil if @uri.nil?
-	        if @with_start_tls
-	          "#{@uri}(StartTLS)"
-	        else
-	          @uri
-	        end
-	      end	
+        def construct_uri(host, port, ssl)
+          protocol = ssl ? "ldaps" : "ldap"
+          URI.parse("#{protocol}://#{host}:#{port}").to_s
+        end
+  
+        def target
+          return nil if @uri.nil?
+          if @with_start_tls
+            "#{@uri}(StartTLS)"
+          else
+            @uri
+          end
+        end	
       end
     end
   end
-end
+end

data/lib/omniauth/strategies/ldap.rb

@@ -2,25 +2,34 @@ require 'omniauth/enterprise'
 require 'net/ldap'
 require 'sasl/base'
 require 'sasl'
+
 module OmniAuth
   module Strategies
     class LDAP
       include OmniAuth::Strategy
       
       autoload :Adaptor, 'omniauth/strategies/ldap/adaptor'
-      @@config   =  {'name' => 'cn', 'first_name' => 'givenName', 'last_name' => 'sn', 'email' => ['mail', "email", 'userPrincipalName'],
-										'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
-										'mobile_number' => ['mobile', 'mobileTelephoneNumber'],
-										'nickname' => ['uid', 'userid', 'sAMAccountName'],
-										'title' => 'title',
-										'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
-										'uid' => 'dn',
-										'url' => ['wwwhomepage'],
-										'image' => 'jpegPhoto',
-										'description' => 'description'}
-      def initialize(app, title, options = {})
-        super(app, options.delete(:name) || :ldap)
-        @title = title
+      @@config   = {'name' => 'cn', 
+                    'first_name' => 'givenName',
+                    'last_name' => 'sn',
+                    'email' => ['mail', "email", 'userPrincipalName'],
+					'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
+					'mobile_number' => ['mobile', 'mobileTelephoneNumber'],
+					'nickname' => ['uid', 'userid', 'sAMAccountName'],
+					'title' => 'title',
+					'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
+					'uid' => 'dn',
+					'url' => ['wwwhomepage'],
+					'image' => 'jpegPhoto',
+					'description' => 'description'}
+
+      # Initialize the LDAP Middleware
+      #
+      # @param [Rack Application] app Standard Rack middleware argument.
+      # @option options [String, 'LDAP Authentication'] :title A title for the authentication form.
+      def initialize(app, options = {}, &block)
+        super(app, options[:name] || :ldap, options.dup, &block)
+        @name_proc = (@options.delete(:name_proc) || Proc.new {|name| name})
         @adaptor = OmniAuth::Strategies::LDAP::Adaptor.new(options)
       end
       
@@ -34,23 +43,29 @@ module OmniAuth
         end
       end
 
-			def get_credentials
-        OmniAuth::Form.build(@title) do
+	  def get_credentials
+        OmniAuth::Form.build(options[:title] || "LDAP Authentication") do
           text_field 'Login', 'username'
           password_field 'Password', 'password'
         end.to_response
       end
+
       def perform
       	begin
-      		@adaptor.bind(:bind_dn => request.POST['username'], :password => request.POST['password'])
-      		@ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, request.POST['username']),:limit => 1)
-      		@user_info = self.class.map_user(@@config, @ldap_user_info)
-	        @env['REQUEST_METHOD'] = 'GET'
-	        @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
+          bind_dn = "#{@adaptor.uid}=#{request.POST['username']}"
+          bind_dn << ",#{@adaptor.base}" unless @adaptor.base == ''
+
+          @adaptor.bind(:bind_dn => bind_dn, :password => request.POST['password'])
+      	  @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1)
+      	  @user_info = self.class.map_user(@@config, @ldap_user_info)
+
+          @env['omniauth.auth'] = auth_hash
+	      @env['REQUEST_METHOD'] = 'GET'
+	      @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
 	
-	        call_app!
+	      call_app!
       	rescue Exception => e
-      		fail!(:invalid_credentials, e)
+      	  fail!(:invalid_credentials, e)
       	end
       end      
 
@@ -66,28 +81,28 @@ module OmniAuth
         })
       end
       
-		  def self.map_user mapper, object
-		  	user = {}
-		    mapper.each do |key, value|
-		      case value
-		        when String
-		          user[key] = object[value.downcase.to_sym].to_s if object[value.downcase.to_sym]
-		        when Array
-		          value.each {|v| (user[key] = object[v.downcase.to_sym].to_s; break;) if object[v.downcase.to_sym]}
-		        when Hash
-		        	value.map do |key1, value1|
-			        	pattern = key1.dup
-			        	value1.each_with_index do |v,i|
-			          	part = '';
-			          	v.each {|v1| (part = object[v1.downcase.to_sym].to_s; break;) if object[v1.downcase.to_sym]}
-			        		pattern.gsub!("%#{i}",part||'') 
-			        	end	
-			        	user[key] = pattern
-		       		end
-		        end
-		      end
-		    user
-		  end       
+	  def self.map_user(mapper, object)
+		user = {}
+		mapper.each do |key, value|
+		  case value
+		  when String
+		    user[key] = object[value.downcase.to_sym].to_s if object[value.downcase.to_sym]
+		  when Array
+		    value.each {|v| (user[key] = object[v.downcase.to_sym].to_s; break;) if object[v.downcase.to_sym]}
+		  when Hash
+		    value.map do |key1, value1|
+			  pattern = key1.dup
+			  value1.each_with_index do |v,i|
+			    part = '';
+			    v.each {|v1| (part = object[v1.downcase.to_sym].to_s; break;) if object[v1.downcase.to_sym]}
+			    pattern.gsub!("%#{i}",part||'') 
+			  end	
+			  user[key] = pattern
+		    end
+		  end
+		end
+		user
+	  end       
     end
   end
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: oa-enterprise
 version: !ruby/object:Gem::Version 
-  hash: 23
-  prerelease: false
+  hash: -1848230051
+  prerelease: true
   segments: 
   - 0
-  - 1
-  - 6
-  version: 0.1.6
+  - 2
+  - 0
+  - beta1
+  version: 0.2.0.beta1
 platform: ruby
 authors: 
 - James A. Rosen
@@ -16,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-25 00:00:00 -05:00
+date: 2010-11-29 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -25,12 +26,13 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 23
+        hash: -1848230051
         segments: 
         - 0
-        - 1
-        - 6
-        version: 0.1.6
+        - 2
+        - 0
+        - beta1
+        version: 0.2.0.beta1
   requirement: *id001
   name: oa-core
   prerelease: false
@@ -233,12 +235,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: