omniauth-ldap 1.0.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/.rspec +1 -0
- data/Gemfile +11 -0
- data/Gemfile.lock +79 -0
- data/Guardfile +11 -0
- data/README.md +68 -0
- data/Rakefile +9 -0
- data/lib/omniauth/strategies/ldap.rb +90 -0
- data/lib/omniauth-ldap/adaptor.rb +158 -0
- data/lib/omniauth-ldap/version.rb +5 -0
- data/lib/omniauth-ldap.rb +4 -0
- data/omniauth-ldap.gemspec +27 -0
- data/spec/omniauth/strategies/ldap_spec.rb +104 -0
- data/spec/spec_helper.rb +14 -0
- metadata +160 -0
data/.gitignore
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--colour
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,79 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
omniauth-ldap (1.0.0.beta1)
|
5
|
+
net-ldap (~> 0.2.2)
|
6
|
+
omniauth (~> 1.0.0.beta1)
|
7
|
+
pyu-ruby-sasl (~> 0.0.3.1)
|
8
|
+
rubyntlm (~> 0.1.1)
|
9
|
+
|
10
|
+
GEM
|
11
|
+
remote: http://rubygems.org/
|
12
|
+
specs:
|
13
|
+
archive-tar-minitar (0.5.2)
|
14
|
+
columnize (0.3.4)
|
15
|
+
diff-lcs (1.1.3)
|
16
|
+
ffi (1.0.9)
|
17
|
+
growl (1.0.3)
|
18
|
+
guard (0.8.8)
|
19
|
+
thor (~> 0.14.6)
|
20
|
+
guard-bundler (0.1.3)
|
21
|
+
bundler (>= 1.0.0)
|
22
|
+
guard (>= 0.2.2)
|
23
|
+
guard-rspec (0.5.0)
|
24
|
+
guard (>= 0.8.4)
|
25
|
+
hashie (1.2.0)
|
26
|
+
libnotify (0.5.7)
|
27
|
+
ffi (= 1.0.9)
|
28
|
+
linecache19 (0.5.12)
|
29
|
+
ruby_core_source (>= 0.1.4)
|
30
|
+
multi_json (1.0.3)
|
31
|
+
net-ldap (0.2.2)
|
32
|
+
omniauth (1.0.0.beta1)
|
33
|
+
hashie
|
34
|
+
rack
|
35
|
+
pyu-ruby-sasl (0.0.3.3)
|
36
|
+
rack (1.3.5)
|
37
|
+
rack-test (0.6.1)
|
38
|
+
rack (>= 1.0)
|
39
|
+
rb-fsevent (0.4.3.1)
|
40
|
+
rspec (2.7.0)
|
41
|
+
rspec-core (~> 2.7.0)
|
42
|
+
rspec-expectations (~> 2.7.0)
|
43
|
+
rspec-mocks (~> 2.7.0)
|
44
|
+
rspec-core (2.7.1)
|
45
|
+
rspec-expectations (2.7.0)
|
46
|
+
diff-lcs (~> 1.1.2)
|
47
|
+
rspec-mocks (2.7.0)
|
48
|
+
ruby-debug-base19 (0.11.25)
|
49
|
+
columnize (>= 0.3.1)
|
50
|
+
linecache19 (>= 0.5.11)
|
51
|
+
ruby_core_source (>= 0.1.4)
|
52
|
+
ruby-debug19 (0.11.6)
|
53
|
+
columnize (>= 0.3.1)
|
54
|
+
linecache19 (>= 0.5.11)
|
55
|
+
ruby-debug-base19 (>= 0.11.19)
|
56
|
+
ruby_core_source (0.1.5)
|
57
|
+
archive-tar-minitar (>= 0.5.2)
|
58
|
+
rubyntlm (0.1.1)
|
59
|
+
simplecov (0.5.4)
|
60
|
+
multi_json (~> 1.0.3)
|
61
|
+
simplecov-html (~> 0.5.3)
|
62
|
+
simplecov-html (0.5.3)
|
63
|
+
thor (0.14.6)
|
64
|
+
|
65
|
+
PLATFORMS
|
66
|
+
ruby
|
67
|
+
|
68
|
+
DEPENDENCIES
|
69
|
+
growl
|
70
|
+
guard
|
71
|
+
guard-bundler
|
72
|
+
guard-rspec
|
73
|
+
libnotify
|
74
|
+
omniauth-ldap!
|
75
|
+
rack-test
|
76
|
+
rb-fsevent
|
77
|
+
rspec (~> 2.6)
|
78
|
+
ruby-debug19
|
79
|
+
simplecov
|
data/Guardfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
# OmniAuth LDAP
|
2
|
+
|
3
|
+
**Note:** This gem is designed to work with the in-beta OmniAuth 1.0
|
4
|
+
library. It will not be officially released on RubyGems.org until
|
5
|
+
OmniAuth 1.0 is released.
|
6
|
+
|
7
|
+
== LDAP
|
8
|
+
|
9
|
+
Use the LDAP strategy as a middleware in your application:
|
10
|
+
|
11
|
+
use OmniAuth::Strategies::LDAP,
|
12
|
+
:title => "My LDAP",
|
13
|
+
:host => '10.101.10.1',
|
14
|
+
:port => 389,
|
15
|
+
:method => :plain,
|
16
|
+
:base => 'dc=intridea, dc=com',
|
17
|
+
:uid => 'sAMAccountName',
|
18
|
+
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
|
19
|
+
:bind_dn => 'default_bind_dn'
|
20
|
+
:password => 'password'
|
21
|
+
|
22
|
+
All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password.
|
23
|
+
Allowed values of :method are: :plain, :ssl, :tls.
|
24
|
+
|
25
|
+
:bind_dn and :password is the default credentials to perform user lookup.
|
26
|
+
most LDAP servers require that you supply a complete DN as a binding-credential, along with an authenticator
|
27
|
+
such as a password. But for many applications, you often don’t have a full DN to identify the user.
|
28
|
+
You usually get a simple identifier like a username or an email address, along with a password.
|
29
|
+
Since many LDAP servers don't allow anonymous access, search function will require a bound connection,
|
30
|
+
:bind_dn and :password will be required for searching on the username or email to retrieve the DN attribute
|
31
|
+
for the user. If the LDAP server allows anonymous access, you don't need to provide these two parameters.
|
32
|
+
|
33
|
+
:uid is the LDAP attribute name for the user name in the login form.
|
34
|
+
typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
|
35
|
+
|
36
|
+
:name_proc allows you to match the user name entered with the format of the :uid attributes.
|
37
|
+
For example, value of 'sAMAccountName' in AD contains only the windows user name. If your user prefers using
|
38
|
+
email to login, a name_proc as above will trim the email string down to just the windows login name.
|
39
|
+
In summary, use :name_proc to fill the gap between the submitted username and LDAP uid attribute value.
|
40
|
+
|
41
|
+
:try_sasl and :sasl_mechanisms are optional. :try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO']
|
42
|
+
Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods,
|
43
|
+
please just avoid them.
|
44
|
+
|
45
|
+
Direct users to '/auth/ldap' to have them authenticated via your company's LDAP server.
|
46
|
+
|
47
|
+
|
48
|
+
## License
|
49
|
+
|
50
|
+
Copyright (C) 2011 by Ping Yu and Intridea, Inc.
|
51
|
+
|
52
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
53
|
+
of this software and associated documentation files (the "Software"), to deal
|
54
|
+
in the Software without restriction, including without limitation the rights
|
55
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
56
|
+
copies of the Software, and to permit persons to whom the Software is
|
57
|
+
furnished to do so, subject to the following conditions:
|
58
|
+
|
59
|
+
The above copyright notice and this permission notice shall be included in
|
60
|
+
all copies or substantial portions of the Software.
|
61
|
+
|
62
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
63
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
64
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
65
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
66
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
67
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
68
|
+
THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
require 'omniauth'
|
2
|
+
require 'ruby-debug'
|
3
|
+
|
4
|
+
module OmniAuth
|
5
|
+
module Strategies
|
6
|
+
class LDAP
|
7
|
+
class MissingCredentialsError < StandardError; end
|
8
|
+
include OmniAuth::Strategy
|
9
|
+
@@config = {
|
10
|
+
'name' => 'cn',
|
11
|
+
'first_name' => 'givenName',
|
12
|
+
'last_name' => 'sn',
|
13
|
+
'email' => ['mail', "email", 'userPrincipalName'],
|
14
|
+
'phone' => ['telephoneNumber', 'homePhone', 'facsimileTelephoneNumber'],
|
15
|
+
'mobile' => ['mobile', 'mobileTelephoneNumber'],
|
16
|
+
'nickname' => ['uid', 'userid', 'sAMAccountName'],
|
17
|
+
'title' => 'title',
|
18
|
+
'location' => {"%0, %1, %2, %3 %4" => [['address', 'postalAddress', 'homePostalAddress', 'street', 'streetAddress'], ['l'], ['st'],['co'],['postOfficeBox']]},
|
19
|
+
'uid' => 'dn',
|
20
|
+
'url' => ['wwwhomepage'],
|
21
|
+
'image' => 'jpegPhoto',
|
22
|
+
'description' => 'description'
|
23
|
+
}
|
24
|
+
option :title, "LDAP Authentication" #default title for authentication form
|
25
|
+
option :port, 389
|
26
|
+
option :method, :plain
|
27
|
+
option :uid, 'sAMAccountName'
|
28
|
+
option :name_proc, lambda {|n| n}
|
29
|
+
def initialize(app, *args, &block)
|
30
|
+
super
|
31
|
+
@adaptor = OmniAuth::LDAP::Adaptor.new @options
|
32
|
+
end
|
33
|
+
def request_phase
|
34
|
+
f = OmniAuth::Form.new(:title => (options[:title] || "LDAP Authentication"), :url => callback_path)
|
35
|
+
f.text_field 'Login', 'username'
|
36
|
+
f.password_field 'Password', 'password'
|
37
|
+
f.button "Sign In"
|
38
|
+
f.to_response
|
39
|
+
end
|
40
|
+
|
41
|
+
def callback_phase
|
42
|
+
raise MissingCredentialsError.new("Missing login credentials") if request['username'].nil? || request['password'].nil?
|
43
|
+
begin
|
44
|
+
creds = {'username' => request['username'], 'password' => request['password']}
|
45
|
+
@ldap_user_info = @adaptor.bind_as(:filter => Net::LDAP::Filter.eq(@adaptor.uid, @options.name_proc.call(creds['username'])),:size => 1)
|
46
|
+
return fail!(:invalid_credentials) if !@ldap_user_info
|
47
|
+
|
48
|
+
@user_info = self.class.map_user(@@config, @ldap_user_info)
|
49
|
+
super
|
50
|
+
rescue Exception => e
|
51
|
+
return fail!(:ldap_error, e)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
uid {
|
56
|
+
@user_info["uid"]
|
57
|
+
}
|
58
|
+
info {
|
59
|
+
@user_info
|
60
|
+
}
|
61
|
+
extra {
|
62
|
+
@ldap_user_info
|
63
|
+
}
|
64
|
+
|
65
|
+
def self.map_user(mapper, object)
|
66
|
+
user = {}
|
67
|
+
mapper.each do |key, value|
|
68
|
+
case value
|
69
|
+
when String
|
70
|
+
user[key] = object[value.downcase.to_sym].to_s if object[value.downcase.to_sym]
|
71
|
+
when Array
|
72
|
+
value.each {|v| (user[key] = object[v.downcase.to_sym].to_s; break;) if object[v.downcase.to_sym]}
|
73
|
+
when Hash
|
74
|
+
value.map do |key1, value1|
|
75
|
+
pattern = key1.dup
|
76
|
+
value1.each_with_index do |v,i|
|
77
|
+
part = ''; v.collect(&:downcase).collect(&:to_sym).each {|v1| (part = object[v1].to_s; break;) if object[v1]}
|
78
|
+
pattern.gsub!("%#{i}",part||'')
|
79
|
+
end
|
80
|
+
user[key] = pattern
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
user
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
OmniAuth.config.add_camelization 'ldap', 'LDAP'
|
@@ -0,0 +1,158 @@
|
|
1
|
+
#this code borrowed pieces from activeldap and net-ldap
|
2
|
+
|
3
|
+
require 'rack'
|
4
|
+
require 'net/ldap'
|
5
|
+
require 'net/ntlm'
|
6
|
+
require 'uri'
|
7
|
+
|
8
|
+
module OmniAuth
|
9
|
+
module LDAP
|
10
|
+
class Adaptor
|
11
|
+
class LdapError < StandardError; end
|
12
|
+
class ConfigurationError < StandardError; end
|
13
|
+
class AuthenticationError < StandardError; end
|
14
|
+
class ConnectionError < StandardError; end
|
15
|
+
|
16
|
+
VALID_ADAPTER_CONFIGURATION_KEYS = [:host, :port, :method, :bind_dn, :password, :try_sasl, :sasl_mechanisms, :uid, :base, :allow_anonymous]
|
17
|
+
|
18
|
+
MUST_HAVE_KEYS = [:host, :port, :method, :uid, :base]
|
19
|
+
|
20
|
+
METHOD = {
|
21
|
+
:ssl => :simple_tls,
|
22
|
+
:tls => :start_tls,
|
23
|
+
:plain => nil,
|
24
|
+
}
|
25
|
+
|
26
|
+
attr_accessor :bind_dn, :password
|
27
|
+
attr_reader :connection, :uid, :base
|
28
|
+
|
29
|
+
def initialize(configuration={})
|
30
|
+
@disconnected = false
|
31
|
+
@bound = false
|
32
|
+
@configuration = configuration.dup
|
33
|
+
@configuration[:allow_anonymous] ||= false
|
34
|
+
@logger = @configuration.delete(:logger)
|
35
|
+
message = []
|
36
|
+
MUST_HAVE_KEYS.each do |name|
|
37
|
+
message << name if configuration[name].nil?
|
38
|
+
end
|
39
|
+
raise ArgumentError.new(message.join(",") +" MUST be provided") unless message.empty?
|
40
|
+
VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
|
41
|
+
instance_variable_set("@#{name}", configuration[name])
|
42
|
+
end
|
43
|
+
|
44
|
+
method = ensure_method(@method)
|
45
|
+
config = {
|
46
|
+
:host => @host,
|
47
|
+
:port => @port,
|
48
|
+
:encryption => method
|
49
|
+
}
|
50
|
+
@uri = construct_uri(@host, @port, @method != :plain)
|
51
|
+
|
52
|
+
@bind_method = @try_sasl ? "sasl" : @allow_anonymous ? 'anonymous' : 'simple'
|
53
|
+
@bind_method = 'anonymous' unless @bind_dn && @password
|
54
|
+
|
55
|
+
@auth = sasl_auths.first if @bind_method == 'sasl'
|
56
|
+
@bind_method = 'simple' unless @auth
|
57
|
+
@auth ||= { :method => @bind_method,
|
58
|
+
:username => @bind_dn,
|
59
|
+
:password => @passowrd
|
60
|
+
}
|
61
|
+
config[:auth] = @auth
|
62
|
+
@connection = Net::LDAP.new(config)
|
63
|
+
end
|
64
|
+
|
65
|
+
#:base => "dc=yourcompany, dc=com",
|
66
|
+
# :filter => "(mail=#{user})",
|
67
|
+
# :password => psw
|
68
|
+
def bind_as(args = {})
|
69
|
+
result = false
|
70
|
+
@connection.open { |me|
|
71
|
+
rs = search args
|
72
|
+
if rs and rs.first and dn = rs.first.dn
|
73
|
+
password = args[:password]
|
74
|
+
method = args[:method]
|
75
|
+
password = password.call if password.respond_to?(:call)
|
76
|
+
if method == 'sasl'
|
77
|
+
result = rs if bind(sasl_auths(args))
|
78
|
+
else
|
79
|
+
result = rs if bind(:method => :simple, :username => dn,
|
80
|
+
:password => password)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
}
|
84
|
+
result
|
85
|
+
end
|
86
|
+
|
87
|
+
private
|
88
|
+
|
89
|
+
def ensure_port(method)
|
90
|
+
if method == :ssl
|
91
|
+
URI::LDAPS::DEFAULT_PORT
|
92
|
+
else
|
93
|
+
URI::LDAP::DEFAULT_PORT
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
def ensure_method(method)
|
98
|
+
method ||= "plain"
|
99
|
+
normalized_method = method.to_s.downcase.to_sym
|
100
|
+
return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
|
101
|
+
|
102
|
+
available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
|
103
|
+
format = "%s is not one of the available connect methods: %s"
|
104
|
+
raise ConfigurationError, format % [method.inspect, available_methods]
|
105
|
+
end
|
106
|
+
|
107
|
+
def sasl_auths(options={})
|
108
|
+
auths = []
|
109
|
+
sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
|
110
|
+
sasl_mechanisms.each do |mechanism|
|
111
|
+
normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
|
112
|
+
sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
|
113
|
+
next unless respond_to?(sasl_bind_setup, true)
|
114
|
+
initial_credential, challenge_response = send(sasl_bind_setup, options)
|
115
|
+
|
116
|
+
auths << {
|
117
|
+
:method => :sasl,
|
118
|
+
:initial_credential => initial_credential,
|
119
|
+
:mechanism => mechanism,
|
120
|
+
:challenge_response => challenge_response,
|
121
|
+
}
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
def sasl_bind_setup_digest_md5(options)
|
126
|
+
bind_dn = options[:username]
|
127
|
+
initial_credential = ""
|
128
|
+
challenge_response = Proc.new do |cred|
|
129
|
+
pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
|
130
|
+
sasl = SASL.new("DIGEST-MD5", pref)
|
131
|
+
response = sasl.receive("challenge", cred)
|
132
|
+
response[1]
|
133
|
+
end
|
134
|
+
[initial_credential, challenge_response]
|
135
|
+
end
|
136
|
+
|
137
|
+
def sasl_bind_setup_gss_spnego(options)
|
138
|
+
bind_dn = options[:username]
|
139
|
+
psw = [bind_dn, options[:password]||@password]
|
140
|
+
raise LdapError.new( "invalid binding information" ) unless (bind_dn && psw)
|
141
|
+
|
142
|
+
nego = proc {|challenge|
|
143
|
+
t2_msg = Net::NTLM::Message.parse( challenge )
|
144
|
+
bind_dn, domain = bind_dn.split('\\').reverse
|
145
|
+
t2_msg.target_name = Net::NTLM::encode_utf16le(domain) if domain
|
146
|
+
t3_msg = t2_msg.response( {:user => bind_dn, :password => psw}, {:ntlmv2 => true} )
|
147
|
+
t3_msg.serialize
|
148
|
+
}
|
149
|
+
[Net::NTLM::Message::Type1.new.serialize, nego]
|
150
|
+
end
|
151
|
+
|
152
|
+
def construct_uri(host, port, ssl)
|
153
|
+
protocol = ssl ? "ldaps" : "ldap"
|
154
|
+
URI.parse("#{protocol}://#{host}:#{port}").to_s
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
require File.expand_path('../lib/omniauth-ldap/version', __FILE__)
|
3
|
+
|
4
|
+
Gem::Specification.new do |gem|
|
5
|
+
gem.authors = ["Ping Yu"]
|
6
|
+
gem.email = ["ping@intridea.com"]
|
7
|
+
gem.description = %q{A LDAP strategy for OmniAuth.}
|
8
|
+
gem.summary = %q{A LDAP strategy for OmniAuth.}
|
9
|
+
gem.homepage = "https://github.com/intridea/omniauth-ldap"
|
10
|
+
|
11
|
+
gem.add_runtime_dependency 'omniauth', '1.0.0.beta1'
|
12
|
+
gem.add_runtime_dependency 'net-ldap', '~>0.2.2'
|
13
|
+
gem.add_runtime_dependency 'pyu-ruby-sasl', '~> 0.0.3.1'
|
14
|
+
gem.add_runtime_dependency 'rubyntlm', '~> 0.1.1'
|
15
|
+
gem.add_development_dependency 'rspec', '~> 2.6'
|
16
|
+
gem.add_development_dependency 'simplecov'
|
17
|
+
gem.add_development_dependency 'rack-test'
|
18
|
+
gem.add_development_dependency 'libnotify'
|
19
|
+
gem.add_development_dependency 'ruby-debug19'
|
20
|
+
|
21
|
+
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
22
|
+
gem.files = `git ls-files`.split("\n")
|
23
|
+
gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
24
|
+
gem.name = "omniauth-ldap"
|
25
|
+
gem.require_paths = ["lib"]
|
26
|
+
gem.version = OmniAuth::LDAP::VERSION
|
27
|
+
end
|
@@ -0,0 +1,104 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe "OmniAuth::Strategies::LDAP" do
|
3
|
+
# :title => "My LDAP",
|
4
|
+
# :host => '10.101.10.1',
|
5
|
+
# :port => 389,
|
6
|
+
# :method => :plain,
|
7
|
+
# :base => 'dc=intridea, dc=com',
|
8
|
+
# :uid => 'sAMAccountName',
|
9
|
+
# :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
|
10
|
+
# :bind_dn => 'default_bind_dn'
|
11
|
+
# :password => 'password'
|
12
|
+
class MyLdapProvider < OmniAuth::Strategies::LDAP; end
|
13
|
+
def app
|
14
|
+
Rack::Builder.new {
|
15
|
+
use OmniAuth::Test::PhonySession
|
16
|
+
use MyLdapProvider, :name => 'ldap', :title => 'MyLdap Form', :host => '192.168.1.145', :base => 'dc=score, dc=local', :name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
|
17
|
+
run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
|
18
|
+
}.to_app
|
19
|
+
end
|
20
|
+
|
21
|
+
def session
|
22
|
+
last_request.env['rack.session']
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'should add a camelization for itself' do
|
26
|
+
OmniAuth::Utils.camelize('ldap').should == 'LDAP'
|
27
|
+
end
|
28
|
+
|
29
|
+
describe '/auth/ldap' do
|
30
|
+
before(:each){ get '/auth/ldap' }
|
31
|
+
|
32
|
+
it 'should display a form' do
|
33
|
+
last_response.status.should == 200
|
34
|
+
last_response.body.should be_include("<form")
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should have the callback as the action for the form' do
|
38
|
+
last_response.body.should be_include("action='/auth/ldap/callback'")
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'should have a text field for each of the fields' do
|
42
|
+
last_response.body.scan('<input').size.should == 2
|
43
|
+
end
|
44
|
+
it 'should have a label of the form title' do
|
45
|
+
last_response.body.scan('MyLdap Form').size.should > 1
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
describe 'post /auth/ldap/callback' do
|
51
|
+
before(:each) do
|
52
|
+
@adaptor = mock(OmniAuth::LDAP::Adaptor, {:uid => 'ping'})
|
53
|
+
OmniAuth::LDAP::Adaptor.stub(:new).and_return(@adaptor)
|
54
|
+
end
|
55
|
+
context 'failure' do
|
56
|
+
before(:each) do
|
57
|
+
@adaptor.stub(:bind_as).and_return(false)
|
58
|
+
end
|
59
|
+
it 'should raise MissingCredentialsError' do
|
60
|
+
lambda{post('/auth/ldap/callback', {})}.should raise_error OmniAuth::Strategies::LDAP::MissingCredentialsError
|
61
|
+
end
|
62
|
+
it 'should redirect to error page' do
|
63
|
+
post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
|
64
|
+
last_response.should be_redirect
|
65
|
+
last_response.headers['Location'].should =~ %r{invalid_credentials}
|
66
|
+
end
|
67
|
+
it 'should redirect to error page when there is exception' do
|
68
|
+
@adaptor.stub(:bind_as).and_throw(Exception.new('connection_error'))
|
69
|
+
post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
|
70
|
+
last_response.should be_redirect
|
71
|
+
last_response.headers['Location'].should =~ %r{ldap_error}
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'success' do
|
76
|
+
let(:auth_hash){ last_request.env['omniauth.auth'] }
|
77
|
+
before(:each) do
|
78
|
+
@adaptor.stub(:bind_as).and_return({:dn => 'cn=ping, dc=intridea, dc=com', :mail => 'ping@intridea.com', :givenname => 'Ping', :sn => 'Yu',
|
79
|
+
:telephonenumber => '555-555-5555', :mobile => '444-444-4444', :uid => 'ping', :title => 'dev', :address => 'k street',
|
80
|
+
:l => 'Washington', :st => 'DC', :co => "U.S.A", :postofficebox => '20001', :wwwhomepage => 'www.intridea.com',
|
81
|
+
:jpegphoto => 'http://www.intridea.com/ping.jpg', :description => 'omniauth-ldap'})
|
82
|
+
post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
|
83
|
+
end
|
84
|
+
|
85
|
+
it 'should raise MissingCredentialsError' do
|
86
|
+
should_not raise_error OmniAuth::Strategies::LDAP::MissingCredentialsError
|
87
|
+
end
|
88
|
+
it 'should map user info' do
|
89
|
+
auth_hash.uid.should == 'cn=ping, dc=intridea, dc=com'
|
90
|
+
auth_hash.info.email.should == 'ping@intridea.com'
|
91
|
+
auth_hash.info.first_name.should == 'Ping'
|
92
|
+
auth_hash.info.last_name.should == 'Yu'
|
93
|
+
auth_hash.info.phone.should == '555-555-5555'
|
94
|
+
auth_hash.info.mobile.should == '444-444-4444'
|
95
|
+
auth_hash.info.nickname.should == 'ping'
|
96
|
+
auth_hash.info.title.should == 'dev'
|
97
|
+
auth_hash.info.location.should == 'k street, Washington, DC, U.S.A 20001'
|
98
|
+
auth_hash.info.url.should == 'www.intridea.com'
|
99
|
+
auth_hash.info.image.should == 'http://www.intridea.com/ping.jpg'
|
100
|
+
auth_hash.info.description.should == 'omniauth-ldap'
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
$:.unshift File.expand_path('..', __FILE__)
|
2
|
+
$:.unshift File.expand_path('../../lib', __FILE__)
|
3
|
+
require 'simplecov'
|
4
|
+
SimpleCov.start
|
5
|
+
require 'rspec'
|
6
|
+
require 'rack/test'
|
7
|
+
require 'omniauth'
|
8
|
+
require 'omniauth-ldap'
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
config.include Rack::Test::Methods
|
12
|
+
config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
|
13
|
+
end
|
14
|
+
|
metadata
ADDED
@@ -0,0 +1,160 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: omniauth-ldap
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0.beta1
|
5
|
+
prerelease: 6
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Ping Yu
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2011-10-26 00:00:00.000000000Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: omniauth
|
16
|
+
requirement: &70115828190020 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - =
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 1.0.0.beta1
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70115828190020
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: net-ldap
|
27
|
+
requirement: &70115828189260 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ~>
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 0.2.2
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70115828189260
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: pyu-ruby-sasl
|
38
|
+
requirement: &70115828188580 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 0.0.3.1
|
44
|
+
type: :runtime
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70115828188580
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rubyntlm
|
49
|
+
requirement: &70115828187920 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.1.1
|
55
|
+
type: :runtime
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70115828187920
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: rspec
|
60
|
+
requirement: &70115828187460 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ~>
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '2.6'
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70115828187460
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: simplecov
|
71
|
+
requirement: &70115828187080 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ! '>='
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70115828187080
|
80
|
+
- !ruby/object:Gem::Dependency
|
81
|
+
name: rack-test
|
82
|
+
requirement: &70115828186600 !ruby/object:Gem::Requirement
|
83
|
+
none: false
|
84
|
+
requirements:
|
85
|
+
- - ! '>='
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '0'
|
88
|
+
type: :development
|
89
|
+
prerelease: false
|
90
|
+
version_requirements: *70115828186600
|
91
|
+
- !ruby/object:Gem::Dependency
|
92
|
+
name: libnotify
|
93
|
+
requirement: &70115828186180 !ruby/object:Gem::Requirement
|
94
|
+
none: false
|
95
|
+
requirements:
|
96
|
+
- - ! '>='
|
97
|
+
- !ruby/object:Gem::Version
|
98
|
+
version: '0'
|
99
|
+
type: :development
|
100
|
+
prerelease: false
|
101
|
+
version_requirements: *70115828186180
|
102
|
+
- !ruby/object:Gem::Dependency
|
103
|
+
name: ruby-debug19
|
104
|
+
requirement: &70115828185740 !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: *70115828185740
|
113
|
+
description: A LDAP strategy for OmniAuth.
|
114
|
+
email:
|
115
|
+
- ping@intridea.com
|
116
|
+
executables: []
|
117
|
+
extensions: []
|
118
|
+
extra_rdoc_files: []
|
119
|
+
files:
|
120
|
+
- .gitignore
|
121
|
+
- .rspec
|
122
|
+
- Gemfile
|
123
|
+
- Gemfile.lock
|
124
|
+
- Guardfile
|
125
|
+
- README.md
|
126
|
+
- Rakefile
|
127
|
+
- lib/omniauth-ldap.rb
|
128
|
+
- lib/omniauth-ldap/adaptor.rb
|
129
|
+
- lib/omniauth-ldap/version.rb
|
130
|
+
- lib/omniauth/strategies/ldap.rb
|
131
|
+
- omniauth-ldap.gemspec
|
132
|
+
- spec/omniauth/strategies/ldap_spec.rb
|
133
|
+
- spec/spec_helper.rb
|
134
|
+
homepage: https://github.com/intridea/omniauth-ldap
|
135
|
+
licenses: []
|
136
|
+
post_install_message:
|
137
|
+
rdoc_options: []
|
138
|
+
require_paths:
|
139
|
+
- lib
|
140
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
141
|
+
none: false
|
142
|
+
requirements:
|
143
|
+
- - ! '>='
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
147
|
+
none: false
|
148
|
+
requirements:
|
149
|
+
- - ! '>'
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
version: 1.3.1
|
152
|
+
requirements: []
|
153
|
+
rubyforge_project:
|
154
|
+
rubygems_version: 1.8.10
|
155
|
+
signing_key:
|
156
|
+
specification_version: 3
|
157
|
+
summary: A LDAP strategy for OmniAuth.
|
158
|
+
test_files:
|
159
|
+
- spec/omniauth/strategies/ldap_spec.rb
|
160
|
+
- spec/spec_helper.rb
|