omniauth-ldap 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/README.md +7 -0
  2. data/lib/omniauth-ldap/adaptor.rb +11 -6
  3. data/lib/omniauth-ldap/version.rb +1 -1
  4. data/lib/omniauth/strategies/ldap.rb +9 -1
  5. data/omniauth-ldap.gemspec +3 -3
  6. data/spec/omniauth-ldap/adaptor_spec.rb +5 -0
  7. data/spec/omniauth/strategies/ldap_spec.rb +25 -1
  8. metadata +31 -11
  9. checksums.yaml +0 -15
data/README.md CHANGED
@@ -11,6 +11,10 @@ Use the LDAP strategy as a middleware in your application:
11
11
  :method => :plain,
12
12
  :base => 'dc=intridea, dc=com',
13
13
  :uid => 'sAMAccountName',
14
+ :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')},
15
+ :bind_dn => 'default_bind_dn',
16
+ # Or, alternatively:
17
+ #:filter => '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))'
14
18
  :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
15
19
  :bind_dn => 'default_bind_dn'
16
20
  :password => 'password'
@@ -29,6 +33,9 @@ Allowed values of :method are: :plain, :ssl, :tls.
29
33
  :uid is the LDAP attribute name for the user name in the login form.
30
34
  typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
31
35
 
36
+ :filter is the LDAP filter used to search the user entry. It can be used in place of :uid for more flexibility.
37
+ `%{username}` will be replaced by the user name processed by :name_proc.
38
+
32
39
  :name_proc allows you to match the user name entered with the format of the :uid attributes.
33
40
  For example, value of 'sAMAccountName' in AD contains only the windows user name. If your user prefers using
34
41
  email to login, a name_proc as above will trim the email string down to just the windows login name.
data/lib/omniauth-ldap/adaptor.rb CHANGED
@@ -13,9 +13,10 @@ module OmniAuth
13
13
  class AuthenticationError < StandardError; end
14
14
  class ConnectionError < StandardError; end
15
15
 
16
- VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]
16
+ VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous, :filter]
17
17
 
18
- MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
18
+ # A list of needed keys. Possible alternatives are specified using sub-lists.
19
+ MUST_HAVE_KEYS = [:host, :port, :method, [:uid, :filter], :base]
19
20
 
20
21
  METHOD = {
21
22
  :ssl => :simple_tls,
@@ -24,11 +25,15 @@ module OmniAuth
24
25
  }
25
26
 
26
27
  attr_accessor :bind_dn, :password
27
- attr_reader :connection, :uid, :base, :auth
28
+ attr_reader :connection, :uid, :base, :auth, :filter
28
29
  def self.validate(configuration={})
29
30
  message = []
30
- MUST_HAVE_KEYS.each do |name|
31
- message << name if configuration[name].nil?
31
+ MUST_HAVE_KEYS.each do |names|
32
+ names = [names].flatten
33
+ missing_keys = names.select{|name| configuration[name].nil?}
34
+ if missing_keys == names
35
+ message << names.join(' or ')
36
+ end
32
37
  end
33
38
  raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
34
39
  end
@@ -44,7 +49,6 @@ module OmniAuth
44
49
  config = {
45
50
  :host => @host,
46
51
  :port => @port,
47
- :encryption => method,
48
52
  :base => @base
49
53
  }
50
54
  @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)
@@ -57,6 +61,7 @@ module OmniAuth
57
61
  }
58
62
  config[:auth] = @auth
59
63
  @connection = Net::LDAP.new(config)
64
+ @connection.encryption(method)
60
65
  end
61
66
 
62
67
  #:base => "dc=yourcompany, dc=com",
data/lib/omniauth-ldap/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module LDAP
3
- VERSION = "1.0.4"
3
+ VERSION = "1.0.5"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/ldap.rb CHANGED
@@ -39,7 +39,7 @@ module OmniAuth
39
39
 
40
40
  return fail!(:missing_credentials) if missing_credentials?
41
41
  begin
42
- @ldap_user_info = @adaptor.bind_as(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @options[:name_proc].call(request['username'])),:size => 1, :password => request['password'])
42
+ @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
43
43
  return fail!(:invalid_credentials) if !@ldap_user_info
44
44
 
45
45
  @user_info = self.class.map_user(@@config, @ldap_user_info)
@@ -49,6 +49,14 @@ module OmniAuth
49
49
  end
50
50
  end
51
51
 
52
+ def filter adaptor
53
+ if adaptor.filter and !adaptor.filter.empty?
54
+ Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(request['username'])})
55
+ else
56
+ Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(request['username']))
57
+ end
58
+ end
59
+
52
60
  uid {
53
61
  @user_info["uid"]
54
62
  }
data/omniauth-ldap.gemspec CHANGED
@@ -10,9 +10,9 @@ Gem::Specification.new do |gem|
10
10
  gem.license = "MIT"
11
11
 
12
12
  gem.add_runtime_dependency 'omniauth', '~> 1.0'
13
- gem.add_runtime_dependency 'net-ldap', '~> 0.3.1'
14
- gem.add_runtime_dependency 'pyu-ruby-sasl', '~> 0.0.3.1'
15
- gem.add_runtime_dependency 'rubyntlm', '~> 0.1.1'
13
+ gem.add_runtime_dependency 'net-ldap', '~> 0.12'
14
+ gem.add_runtime_dependency 'pyu-ruby-sasl', '~> 0.0.3.2'#0.0.3.1 has been yanked
15
+ gem.add_runtime_dependency 'rubyntlm', '~> 0.3.4'
16
16
  gem.add_development_dependency 'rspec', '~> 2.7'
17
17
  gem.add_development_dependency 'simplecov'
18
18
  gem.add_development_dependency 'rack-test'
data/spec/omniauth-ldap/adaptor_spec.rb CHANGED
@@ -52,6 +52,11 @@ describe "OmniAuth::LDAP::Adaptor" do
52
52
  adaptor.connection.instance_variable_get('@auth')[:initial_credential].should =~ /^NTLMSSP/
53
53
  adaptor.connection.instance_variable_get('@auth')[:challenge_response].should_not be_nil
54
54
  end
55
+
56
+ it 'should set the encryption method correctly' do
57
+ adaptor = OmniAuth::LDAP::Adaptor.new({host: "192.168.1.145", method: 'tls', base: 'dc=intridea, dc=com', port: 389, uid: 'sAMAccountName'})
58
+ adaptor.connection.instance_variable_get('@encryption').should include method: :start_tls
59
+ end
55
60
  end
56
61
 
57
62
  describe 'bind_as' do
data/spec/omniauth/strategies/ldap_spec.rb CHANGED
@@ -50,6 +50,7 @@ describe "OmniAuth::Strategies::LDAP" do
50
50
  describe 'post /auth/ldap/callback' do
51
51
  before(:each) do
52
52
  @adaptor = double(OmniAuth::LDAP::Adaptor, {:uid => 'ping'})
53
+ @adaptor.stub(:filter)
53
54
  OmniAuth::LDAP::Adaptor.stub(:new).and_return(@adaptor)
54
55
  end
55
56
 
@@ -104,6 +105,17 @@ describe "OmniAuth::Strategies::LDAP" do
104
105
  last_response.should be_redirect
105
106
  last_response.headers['Location'].should =~ %r{invalid_credentials}
106
107
  end
108
+ context 'and filter is set' do
109
+ it 'should bind with filter' do
110
+ @adaptor.stub(:filter).and_return('uid=%{username}')
111
+ Net::LDAP::Filter.should_receive(:construct).with('uid=ping')
112
+ post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
113
+
114
+ last_response.should be_redirect
115
+ last_response.headers['Location'].should =~ %r{invalid_credentials}
116
+ end
117
+ end
118
+
107
119
  end
108
120
 
109
121
  context "and communication with LDAP server caused an exception" do
@@ -125,6 +137,7 @@ describe "OmniAuth::Strategies::LDAP" do
125
137
  let(:auth_hash){ last_request.env['omniauth.auth'] }
126
138
 
127
139
  before(:each) do
140
+ @adaptor.stub(:filter)
128
141
  @adaptor.stub(:bind_as).and_return(Net::LDAP::Entry.from_single_ldif_string(
129
142
  %Q{dn: cn=ping, dc=intridea, dc=com
130
143
  mail: ping@intridea.com
@@ -144,14 +157,25 @@ jpegphoto: http://www.intridea.com/ping.jpg
144
157
  description: omniauth-ldap
145
158
  }
146
159
  ))
147
- post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
148
160
  end
149
161
 
150
162
  it 'should not redirect to error page' do
163
+ post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
151
164
  last_response.should_not be_redirect
152
165
  end
153
166
 
167
+ context 'and filter is set' do
168
+ it 'should bind with filter' do
169
+ @adaptor.stub(:filter).and_return('uid=%{username}')
170
+ Net::LDAP::Filter.should_receive(:construct).with('uid=ping')
171
+ post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
172
+
173
+ last_response.should_not be_redirect
174
+ end
175
+ end
176
+
154
177
  it 'should map user info to Auth Hash' do
178
+ post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
155
179
  auth_hash.uid.should == 'cn=ping, dc=intridea, dc=com'
156
180
  auth_hash.info.email.should == 'ping@intridea.com'
157
181
  auth_hash.info.first_name.should == 'Ping'
metadata CHANGED
@@ -1,18 +1,20 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-ldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Ping Yu
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-12-11 00:00:00.000000000 Z
12
+ date: 2016-02-17 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: omniauth
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
19
  - - ~>
18
20
  - !ruby/object:Gem::Version
@@ -20,6 +22,7 @@ dependencies:
20
22
  type: :runtime
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
27
  - - ~>
25
28
  - !ruby/object:Gem::Version
@@ -27,48 +30,55 @@ dependencies:
27
30
  - !ruby/object:Gem::Dependency
28
31
  name: net-ldap
29
32
  requirement: !ruby/object:Gem::Requirement
33
+ none: false
30
34
  requirements:
31
35
  - - ~>
32
36
  - !ruby/object:Gem::Version
33
- version: 0.3.1
37
+ version: '0.12'
34
38
  type: :runtime
35
39
  prerelease: false
36
40
  version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
37
42
  requirements:
38
43
  - - ~>
39
44
  - !ruby/object:Gem::Version
40
- version: 0.3.1
45
+ version: '0.12'
41
46
  - !ruby/object:Gem::Dependency
42
47
  name: pyu-ruby-sasl
43
48
  requirement: !ruby/object:Gem::Requirement
49
+ none: false
44
50
  requirements:
45
51
  - - ~>
46
52
  - !ruby/object:Gem::Version
47
- version: 0.0.3.1
53
+ version: 0.0.3.2
48
54
  type: :runtime
49
55
  prerelease: false
50
56
  version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
51
58
  requirements:
52
59
  - - ~>
53
60
  - !ruby/object:Gem::Version
54
- version: 0.0.3.1
61
+ version: 0.0.3.2
55
62
  - !ruby/object:Gem::Dependency
56
63
  name: rubyntlm
57
64
  requirement: !ruby/object:Gem::Requirement
65
+ none: false
58
66
  requirements:
59
67
  - - ~>
60
68
  - !ruby/object:Gem::Version
61
- version: 0.1.1
69
+ version: 0.3.4
62
70
  type: :runtime
63
71
  prerelease: false
64
72
  version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
65
74
  requirements:
66
75
  - - ~>
67
76
  - !ruby/object:Gem::Version
68
- version: 0.1.1
77
+ version: 0.3.4
69
78
  - !ruby/object:Gem::Dependency
70
79
  name: rspec
71
80
  requirement: !ruby/object:Gem::Requirement
81
+ none: false
72
82
  requirements:
73
83
  - - ~>
74
84
  - !ruby/object:Gem::Version
@@ -76,6 +86,7 @@ dependencies:
76
86
  type: :development
77
87
  prerelease: false
78
88
  version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
79
90
  requirements:
80
91
  - - ~>
81
92
  - !ruby/object:Gem::Version
@@ -83,6 +94,7 @@ dependencies:
83
94
  - !ruby/object:Gem::Dependency
84
95
  name: simplecov
85
96
  requirement: !ruby/object:Gem::Requirement
97
+ none: false
86
98
  requirements:
87
99
  - - ! '>='
88
100
  - !ruby/object:Gem::Version
@@ -90,6 +102,7 @@ dependencies:
90
102
  type: :development
91
103
  prerelease: false
92
104
  version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
93
106
  requirements:
94
107
  - - ! '>='
95
108
  - !ruby/object:Gem::Version
@@ -97,6 +110,7 @@ dependencies:
97
110
  - !ruby/object:Gem::Dependency
98
111
  name: rack-test
99
112
  requirement: !ruby/object:Gem::Requirement
113
+ none: false
100
114
  requirements:
101
115
  - - ! '>='
102
116
  - !ruby/object:Gem::Version
@@ -104,6 +118,7 @@ dependencies:
104
118
  type: :development
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
121
+ none: false
107
122
  requirements:
108
123
  - - ! '>='
109
124
  - !ruby/object:Gem::Version
@@ -111,6 +126,7 @@ dependencies:
111
126
  - !ruby/object:Gem::Dependency
112
127
  name: libnotify
113
128
  requirement: !ruby/object:Gem::Requirement
129
+ none: false
114
130
  requirements:
115
131
  - - ! '>='
116
132
  - !ruby/object:Gem::Version
@@ -118,6 +134,7 @@ dependencies:
118
134
  type: :development
119
135
  prerelease: false
120
136
  version_requirements: !ruby/object:Gem::Requirement
137
+ none: false
121
138
  requirements:
122
139
  - - ! '>='
123
140
  - !ruby/object:Gem::Version
@@ -125,6 +142,7 @@ dependencies:
125
142
  - !ruby/object:Gem::Dependency
126
143
  name: ruby-debug19
127
144
  requirement: !ruby/object:Gem::Requirement
145
+ none: false
128
146
  requirements:
129
147
  - - ! '>='
130
148
  - !ruby/object:Gem::Version
@@ -132,6 +150,7 @@ dependencies:
132
150
  type: :development
133
151
  prerelease: false
134
152
  version_requirements: !ruby/object:Gem::Requirement
153
+ none: false
135
154
  requirements:
136
155
  - - ! '>='
137
156
  - !ruby/object:Gem::Version
@@ -160,26 +179,27 @@ files:
160
179
  homepage: https://github.com/intridea/omniauth-ldap
161
180
  licenses:
162
181
  - MIT
163
- metadata: {}
164
182
  post_install_message:
165
183
  rdoc_options: []
166
184
  require_paths:
167
185
  - lib
168
186
  required_ruby_version: !ruby/object:Gem::Requirement
187
+ none: false
169
188
  requirements:
170
189
  - - ! '>='
171
190
  - !ruby/object:Gem::Version
172
191
  version: '0'
173
192
  required_rubygems_version: !ruby/object:Gem::Requirement
193
+ none: false
174
194
  requirements:
175
195
  - - ! '>='
176
196
  - !ruby/object:Gem::Version
177
197
  version: '0'
178
198
  requirements: []
179
199
  rubyforge_project:
180
- rubygems_version: 2.1.10
200
+ rubygems_version: 1.8.23
181
201
  signing_key:
182
- specification_version: 4
202
+ specification_version: 3
183
203
  summary: A LDAP strategy for OmniAuth.
184
204
  test_files:
185
205
  - spec/omniauth-ldap/adaptor_spec.rb
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- MDk4ZjI4OGU0MjkyOTVkYWM1NTM1ZTZhMDI1ZWE5Y2U1MTYyNTgwZg==
5
- data.tar.gz: !binary |-
6
- YTJhNTU0ODAyZDQyOTUyM2MxNmE0ODRhM2Y2ZGNmM2I0MmFlN2E4ZQ==
7
- SHA512:
8
- metadata.gz: !binary |-
9
- ZTIxMGExMTMwYzg0MjMyYTcwMjU4YmMwMjdjMGFiODU4YjZjZjRhZWIzOWRh
10
- Zjk3NTI1N2JmZjY3NWE5YTM4ZjlmMGQwZmRiYjI3ZTQwN2UzZGNjNTMyNmRi
11
- Y2IwOGY0NzVkNTE3OTkxMWYxMDNiY2YxZjQ1YjVlOGI4YjFiZTE=
12
- data.tar.gz: !binary |-
13
- M2E2MTA0NGI5ODk3YTA0MzY4MDZmM2FlZjk5YjVhNDQzNGRhNTc0NmM3Y2Qz
14
- M2I1YzA0MTFlYmVlYzU4OWI2ZGJlYTBjMTIzMmQxNDYyOTYyNDk3NWNkMDJj
15
- MGNiNmJjMTVkNmEzYmY1MzgyMmU3YjEyNWI0OWE5NGIxYzIyMjA=