oa-enterprise 0.2.0.beta1 → 0.2.0.beta2

data/{LICENSE.rdoc → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2010 James A. Rosen
+Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -16,4 +16,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.

data/README.rdoc

@@ -35,11 +35,19 @@ Use the LDAP strategy as a middleware in your applicaiton:
         :method => :plain,
         :base => 'dc=intridea, dc=com',
         :uid => 'sAMAccountName',
-        :name_proc => Proc.new {|name| name.gsub(/@.*$/,''}}
+        :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
+        :bind_dn => 'default_bind_dn'
+        :password => 'password'
 
-All of the listed options are required, with the exception of :name_proc.
+All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
 Allowed values of :method are: :plain, :ssl, :tls.
 
+:bind_dn and :password are used to perform the initial binding if user lookup is
+needed. If the user lookup returns result, the DN attribute from the result set is used
+to perform the final binding. This is needed only when the LDAP server requires 
+DN to be used for binding and you may only want user to using email or username
+in the login form.
+
 :uid is the LDAP attribute name for the user name in the login form. typically
 AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
 You can also use 'dn', if your user choose the put in the dn in the login form

data/lib/omniauth/strategies/ldap.rb

@@ -39,39 +39,37 @@ module OmniAuth
         if env['REQUEST_METHOD'] == 'GET'
           get_credentials
         else
-          perform
+          session['omniauth.ldap'] = {'username' => request['username'], 'password' => request['password']}
+          redirect callback_path
         end
       end
 
-	  def get_credentials
+  	  def get_credentials
         OmniAuth::Form.build(options[:title] || "LDAP Authentication") do
           text_field 'Login', 'username'
           password_field 'Password', 'password'
         end.to_response
       end
 
-      def perform
+      def callback_phase 
       	begin
-          bind_dn = "#{@adaptor.uid}=#{request.POST['username']}"
-          bind_dn << ",#{@adaptor.base}" unless @adaptor.base == ''
+        creds = session.delete 'omniauth.ldap'
+				@ldap_user_info = {}
+        (@adaptor.bind unless @adaptor.bound?) rescue puts "failed to bind with the default credentials"          
+        @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @adaptor.bound?
+				bind_dn = creds['username']
+				bind_dn = @ldap_user_info[:dn].to_a.first if @ldap_user_info[:dn]
+        @adaptor.bind(:bind_dn => bind_dn, :password => creds['password'])
+        @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(creds['username'])),:limit => 1) if @ldap_user_info.empty?
+    	  @user_info = self.class.map_user(@@config, @ldap_user_info)
 
-          @adaptor.bind(:bind_dn => bind_dn, :password => request.POST['password'])
-      	  @ldap_user_info = @adaptor.search(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @name_proc.call(request.POST['username'])),:limit => 1)
-      	  @user_info = self.class.map_user(@@config, @ldap_user_info)
-
-          @env['omniauth.auth'] = auth_hash
-	      @env['REQUEST_METHOD'] = 'GET'
-	      @env['PATH_INFO'] = "#{OmniAuth.config.path_prefix}/#{name}/callback"
+        @env['omniauth.auth'] = auth_hash
 	
 	      call_app!
       	rescue Exception => e
       	  fail!(:invalid_credentials, e)
       	end
       end      
-
-      def callback_phase
-      	fail!(:invalid_request)
-      end
       
       def auth_hash
         OmniAuth::Utils.deep_merge(super, {

data/lib/omniauth/strategies/ldap/adaptor.rb

@@ -25,7 +25,7 @@ module OmniAuth
 	      :plain => nil
 	    }     
 	      
-        attr_accessor :bind_dn, :password                                     
+    attr_accessor :bind_dn, :password                                     
 		attr_reader :connection, :uid, :base
 
 	    def initialize(configuration={})
@@ -46,9 +46,8 @@ module OmniAuth
 	
 		def connect(options={})
 	      host = options[:host] || @host
-	      method = options[:method] || @method || :plain
+	      method = ensure_method(options[:method] || @method || :plain)
 	      port = options[:port] || @port || ensure_port(method)
-	      method = ensure_method(method)
 	      @disconnected = false
 	      @bound = false
 	      @bind_tried = false
@@ -179,65 +178,65 @@ module OmniAuth
           available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
           format = "%s is not one of the available connect methods: %s"
           raise ConfigurationError, format % [method.inspect, available_methods]
-        end
-	      
-        def sasl_bind(bind_dn, options={})
-          sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
-            sasl_mechanisms.each do |mechanism|
-              begin
-                normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
-                sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
-                next unless respond_to?(sasl_bind_setup, true)
-                initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
+      end
+      
+      def sasl_bind(bind_dn, options={})
+        sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
+          sasl_mechanisms.each do |mechanism|
+            begin
+              normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
+              sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
+              next unless respond_to?(sasl_bind_setup, true)
+              initial_credential, challenge_response = send(sasl_bind_setup, bind_dn, options)
 
-                args = {
-                  :method => :sasl,
-                  :initial_credential => initial_credential,
-                  :mechanism => mechanism,
-                  :challenge_response => challenge_response,
-                }
-                
-                info = {
-                  :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
-                }
-                puts info.inspect
+              args = {
+                :method => :sasl,
+                :initial_credential => initial_credential,
+                :mechanism => mechanism,
+                :challenge_response => challenge_response,
+              }
+              
+              info = {
+                :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism,
+              }
+              puts info.inspect
 
-                execute(:bind, args)
-                return true
-                
-              rescue Exception => e
-                puts e.message
-              end
+              execute(:bind, args)
+              return true
+              
+            rescue Exception => e
+              puts e.message
             end
+          end
 
-          false
-        end
+        false
+      end
 
-        def sasl_bind_setup_digest_md5(bind_dn, options)
-          initial_credential = ""
-          challenge_response = Proc.new do |cred|
-            pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
-            sasl = SASL.new("DIGEST-MD5", pref)
-            response = sasl.receive("challenge", cred)
-            response[1]
-          end
-          [initial_credential, challenge_response]
+      def sasl_bind_setup_digest_md5(bind_dn, options)
+        initial_credential = ""
+        challenge_response = Proc.new do |cred|
+          pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
+          sasl = SASL.new("DIGEST-MD5", pref)
+          response = sasl.receive("challenge", cred)
+          response[1]
         end
+        [initial_credential, challenge_response]
+      end
 
-        def sasl_bind_setup_gss_spnego(bind_dn, options)
-          puts options.inspect
-          user,psw = [bind_dn, options[:password]||@password]
-          raise LdapError.new( "invalid binding information" ) unless (user && psw)
+      def sasl_bind_setup_gss_spnego(bind_dn, options)
+        puts options.inspect
+        user,psw = [bind_dn, options[:password]||@password]
+        raise LdapError.new( "invalid binding information" ) unless (user && psw)
 
-          nego = proc {|challenge|
-            t2_msg = Net::NTLM::Message.parse( challenge )
-            user, domain = user.split('\\').reverse
-            t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
-            t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
-            t3_msg.serialize
-          }        
-          [Net::NTLM::Message::Type1.new.serialize, nego]        
-        end
+        nego = proc {|challenge|
+          t2_msg = Net::NTLM::Message.parse( challenge )
+          user, domain = user.split('\\').reverse
+          t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
+          t3_msg = t2_msg.response( {:user => user, :password => psw}, {:ntlmv2 => true} )
+          t3_msg.serialize
+        }        
+        [Net::NTLM::Message::Type1.new.serialize, nego]        
+      end
       
 	    def simple_bind(bind_dn, options={})
 	      args = {
@@ -249,19 +248,19 @@ module OmniAuth
           true
         end
 	      
-        def construct_uri(host, port, ssl)
-          protocol = ssl ? "ldaps" : "ldap"
-          URI.parse("#{protocol}://#{host}:#{port}").to_s
+      def construct_uri(host, port, ssl)
+        protocol = ssl ? "ldaps" : "ldap"
+        URI.parse("#{protocol}://#{host}:#{port}").to_s
+      end
+
+      def target
+        return nil if @uri.nil?
+        if @with_start_tls
+          "#{@uri}(StartTLS)"
+        else
+          @uri
         end
-  
-        def target
-          return nil if @uri.nil?
-          if @with_start_tls
-            "#{@uri}(StartTLS)"
-          else
-            @uri
-          end
-        end	
+      end	
       end
     end
   end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: oa-enterprise
 version: !ruby/object:Gem::Version 
-  hash: -1848230051
   prerelease: true
   segments: 
   - 0
   - 2
   - 0
-  - beta1
-  version: 0.2.0.beta1
+  - beta2
+  version: 0.2.0.beta2
 platform: ruby
 authors: 
 - James A. Rosen
@@ -17,185 +16,174 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-29 00:00:00 -06:00
+date: 2011-01-14 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id001 !ruby/object:Gem::Requirement 
+  name: oa-core
+  requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: -1848230051
         segments: 
         - 0
         - 2
         - 0
-        - beta1
-        version: 0.2.0.beta1
-  requirement: *id001
-  name: oa-core
-  prerelease: false
+        - beta2
+        version: 0.2.0.beta2
   type: :runtime
+  prerelease: false
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id002 !ruby/object:Gem::Requirement 
+  name: nokogiri
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 1
         - 4
         - 2
         version: 1.4.2
-  requirement: *id002
-  name: nokogiri
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id003 !ruby/object:Gem::Requirement 
+  name: net-ldap
+  requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 25
         segments: 
         - 0
         - 1
         - 1
         version: 0.1.1
-  requirement: *id003
-  name: net-ldap
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id004 !ruby/object:Gem::Requirement 
+  name: rubyntlm
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 25
         segments: 
         - 0
         - 1
         - 1
         version: 0.1.1
-  requirement: *id004
-  name: rubyntlm
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id005 !ruby/object:Gem::Requirement 
+  name: pyu-ruby-sasl
+  requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 65
         segments: 
         - 0
         - 0
         - 3
         - 1
         version: 0.0.3.1
-  requirement: *id005
-  name: pyu-ruby-sasl
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id006 !ruby/object:Gem::Requirement 
+  name: rake
+  requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
-  requirement: *id006
-  name: rake
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id006
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id007 !ruby/object:Gem::Requirement 
+  name: mg
+  requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 15
         segments: 
         - 0
         - 0
         - 8
         version: 0.0.8
-  requirement: *id007
-  name: mg
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id008 !ruby/object:Gem::Requirement 
+  name: rspec
+  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 27
         segments: 
         - 1
         - 3
         - 0
         version: 1.3.0
-  requirement: *id008
-  name: rspec
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id008
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id009 !ruby/object:Gem::Requirement 
+  name: webmock
+  requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 19
         segments: 
         - 1
         - 3
         - 4
         version: 1.3.4
-  requirement: *id009
-  name: webmock
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id009
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id010 !ruby/object:Gem::Requirement 
+  name: rack-test
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         - 5
         - 4
         version: 0.5.4
-  requirement: *id010
-  name: rack-test
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id010
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id011 !ruby/object:Gem::Requirement 
+  name: json
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 1
         segments: 
         - 1
         - 4
         - 3
         version: 1.4.3
-  requirement: *id011
-  name: json
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *id011
 description: Enterprise strategies for OmniAuth.
 email: james.a.rosen@gmail.com
 executables: []
@@ -212,8 +200,7 @@ files:
 - lib/omniauth/strategies/ldap/adaptor.rb
 - lib/omniauth/strategies/ldap.rb
 - README.rdoc
-- LICENSE.rdoc
-- CHANGELOG.rdoc
+- LICENSE
 has_rdoc: true
 homepage: http://github.com/intridea/omniauth
 licenses: []
@@ -228,7 +215,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: -2545476122295701716
       segments: 
       - 0
       version: "0"
@@ -237,7 +224,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">"
     - !ruby/object:Gem::Version 
-      hash: 25
       segments: 
       - 1
       - 3