prathe_devise_ldap_authenticatable 0.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/README.md +187 -0
- data/Rakefile +52 -0
- data/VERSION +1 -0
- data/devise_ldap_authenticatable.gemspec +133 -0
- data/lib/devise_ldap_authenticatable.rb +48 -0
- data/lib/devise_ldap_authenticatable/exception.rb +6 -0
- data/lib/devise_ldap_authenticatable/ldap_adapter.rb +242 -0
- data/lib/devise_ldap_authenticatable/logger.rb +11 -0
- data/lib/devise_ldap_authenticatable/model.rb +101 -0
- data/lib/devise_ldap_authenticatable/routes.rb +8 -0
- data/lib/devise_ldap_authenticatable/schema.rb +14 -0
- data/lib/devise_ldap_authenticatable/strategy.rb +36 -0
- data/lib/devise_ldap_authenticatable/version.rb +4 -0
- data/lib/generators/devise_ldap_authenticatable/install_generator.rb +62 -0
- data/lib/generators/devise_ldap_authenticatable/templates/ldap.yml +51 -0
- data/rails/init.rb +2 -0
- data/test/devise_ldap_authenticatable_test.rb +8 -0
- data/test/ldap/base.ldif +73 -0
- data/test/ldap/clear.ldif +26 -0
- data/test/ldap/local.schema +6 -0
- data/test/ldap/run-server.sh +10 -0
- data/test/ldap/server.pem +38 -0
- data/test/ldap/slapd-ssl-test.conf +107 -0
- data/test/ldap/slapd-test.conf +107 -0
- data/test/rails_app/Gemfile +22 -0
- data/test/rails_app/Gemfile.lock +159 -0
- data/test/rails_app/Rakefile +7 -0
- data/test/rails_app/app/controllers/application_controller.rb +4 -0
- data/test/rails_app/app/controllers/posts_controller.rb +15 -0
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/helpers/posts_helper.rb +2 -0
- data/test/rails_app/app/models/post.rb +2 -0
- data/test/rails_app/app/models/user.rb +10 -0
- data/test/rails_app/app/views/layouts/application.html.erb +26 -0
- data/test/rails_app/app/views/posts/index.html.erb +2 -0
- data/test/rails_app/config.ru +4 -0
- data/test/rails_app/config/application.rb +46 -0
- data/test/rails_app/config/boot.rb +13 -0
- data/test/rails_app/config/cucumber.yml +8 -0
- data/test/rails_app/config/database.yml +25 -0
- data/test/rails_app/config/environment.rb +5 -0
- data/test/rails_app/config/environments/development.rb +22 -0
- data/test/rails_app/config/environments/production.rb +46 -0
- data/test/rails_app/config/environments/test.rb +34 -0
- data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
- data/test/rails_app/config/initializers/devise.rb +140 -0
- data/test/rails_app/config/initializers/inflections.rb +10 -0
- data/test/rails_app/config/initializers/mime_types.rb +5 -0
- data/test/rails_app/config/initializers/secret_token.rb +7 -0
- data/test/rails_app/config/initializers/session_store.rb +8 -0
- data/test/rails_app/config/ldap.yml +22 -0
- data/test/rails_app/config/ldap_with_erb.yml +23 -0
- data/test/rails_app/config/ldap_with_uid.yml +18 -0
- data/test/rails_app/config/locales/devise.en.yml +39 -0
- data/test/rails_app/config/locales/en.yml +5 -0
- data/test/rails_app/config/routes.rb +64 -0
- data/test/rails_app/config/ssl_ldap.yml +21 -0
- data/test/rails_app/config/ssl_ldap_with_erb.yml +23 -0
- data/test/rails_app/config/ssl_ldap_with_uid.yml +18 -0
- data/test/rails_app/db/migrate/20100708120302_create_posts.rb +14 -0
- data/test/rails_app/db/migrate/20100708120448_devise_create_users.rb +26 -0
- data/test/rails_app/db/schema.rb +41 -0
- data/test/rails_app/db/seeds.rb +7 -0
- data/test/rails_app/features/manage_logins.feature +35 -0
- data/test/rails_app/features/step_definitions/login_steps.rb +21 -0
- data/test/rails_app/features/step_definitions/web_steps.rb +219 -0
- data/test/rails_app/features/support/env.rb +58 -0
- data/test/rails_app/features/support/paths.rb +38 -0
- data/test/rails_app/lib/tasks/.gitkeep +0 -0
- data/test/rails_app/lib/tasks/cucumber.rake +53 -0
- data/test/rails_app/public/404.html +26 -0
- data/test/rails_app/public/422.html +26 -0
- data/test/rails_app/public/500.html +26 -0
- data/test/rails_app/public/images/rails.png +0 -0
- data/test/rails_app/public/javascripts/application.js +2 -0
- data/test/rails_app/public/javascripts/controls.js +965 -0
- data/test/rails_app/public/javascripts/dragdrop.js +974 -0
- data/test/rails_app/public/javascripts/effects.js +1123 -0
- data/test/rails_app/public/javascripts/prototype.js +4874 -0
- data/test/rails_app/public/javascripts/rails.js +118 -0
- data/test/rails_app/public/stylesheets/.gitkeep +0 -0
- data/test/rails_app/script/cucumber +10 -0
- data/test/rails_app/script/rails +6 -0
- data/test/rails_app/test/factories/users.rb +14 -0
- data/test/rails_app/test/functional/posts_controller_test.rb +58 -0
- data/test/rails_app/test/performance/browsing_test.rb +9 -0
- data/test/rails_app/test/test_helper.rb +36 -0
- data/test/rails_app/test/unit/helpers/posts_helper_test.rb +4 -0
- data/test/rails_app/test/unit/post_test.rb +4 -0
- data/test/rails_app/test/unit/user_test.rb +254 -0
- data/test/test_helper.rb +3 -0
- metadata +161 -0
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
document.observe("dom:loaded", function() {
|
|
2
|
+
function handleRemote(element) {
|
|
3
|
+
var method, url, params;
|
|
4
|
+
|
|
5
|
+
if (element.tagName.toLowerCase() === 'form') {
|
|
6
|
+
method = element.readAttribute('method') || 'post';
|
|
7
|
+
url = element.readAttribute('action');
|
|
8
|
+
params = element.serialize(true);
|
|
9
|
+
} else {
|
|
10
|
+
method = element.readAttribute('data-method') || 'get';
|
|
11
|
+
url = element.readAttribute('href');
|
|
12
|
+
params = {};
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
var event = element.fire("ajax:before");
|
|
16
|
+
if (event.stopped) return false;
|
|
17
|
+
|
|
18
|
+
new Ajax.Request(url, {
|
|
19
|
+
method: method,
|
|
20
|
+
parameters: params,
|
|
21
|
+
asynchronous: true,
|
|
22
|
+
evalScripts: true,
|
|
23
|
+
|
|
24
|
+
onLoading: function(request) { element.fire("ajax:loading", {request: request}); },
|
|
25
|
+
onLoaded: function(request) { element.fire("ajax:loaded", {request: request}); },
|
|
26
|
+
onInteractive: function(request) { element.fire("ajax:interactive", {request: request}); },
|
|
27
|
+
onComplete: function(request) { element.fire("ajax:complete", {request: request}); },
|
|
28
|
+
onSuccess: function(request) { element.fire("ajax:success", {request: request}); },
|
|
29
|
+
onFailure: function(request) { element.fire("ajax:failure", {request: request}); }
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
element.fire("ajax:after");
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function handleMethod(element) {
|
|
36
|
+
var method, url, token_name, token;
|
|
37
|
+
|
|
38
|
+
method = element.readAttribute('data-method');
|
|
39
|
+
url = element.readAttribute('href');
|
|
40
|
+
csrf_param = $$('meta[name=csrf-param]').first();
|
|
41
|
+
csrf_token = $$('meta[name=csrf-token]').first();
|
|
42
|
+
|
|
43
|
+
var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
|
|
44
|
+
element.parentNode.appendChild(form);
|
|
45
|
+
|
|
46
|
+
if (method != 'post') {
|
|
47
|
+
var field = new Element('input', { type: 'hidden', name: '_method', value: method });
|
|
48
|
+
form.appendChild(field);
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
if (csrf_param) {
|
|
52
|
+
var param = csrf_param.readAttribute('content');
|
|
53
|
+
var token = csrf_token.readAttribute('content');
|
|
54
|
+
var field = new Element('input', { type: 'hidden', name: param, value: token });
|
|
55
|
+
form.appendChild(field);
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
form.submit();
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
$(document.body).observe("click", function(event) {
|
|
62
|
+
var message = event.findElement().readAttribute('data-confirm');
|
|
63
|
+
if (message && !confirm(message)) {
|
|
64
|
+
event.stop();
|
|
65
|
+
return false;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
var element = event.findElement("a[data-remote]");
|
|
69
|
+
if (element) {
|
|
70
|
+
handleRemote(element);
|
|
71
|
+
event.stop();
|
|
72
|
+
return true;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
var element = event.findElement("a[data-method]");
|
|
76
|
+
if (element) {
|
|
77
|
+
handleMethod(element);
|
|
78
|
+
event.stop();
|
|
79
|
+
return true;
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
|
|
83
|
+
// TODO: I don't think submit bubbles in IE
|
|
84
|
+
$(document.body).observe("submit", function(event) {
|
|
85
|
+
var element = event.findElement(),
|
|
86
|
+
message = element.readAttribute('data-confirm');
|
|
87
|
+
if (message && !confirm(message)) {
|
|
88
|
+
event.stop();
|
|
89
|
+
return false;
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
var inputs = element.select("input[type=submit][data-disable-with]");
|
|
93
|
+
inputs.each(function(input) {
|
|
94
|
+
input.disabled = true;
|
|
95
|
+
input.writeAttribute('data-original-value', input.value);
|
|
96
|
+
input.value = input.readAttribute('data-disable-with');
|
|
97
|
+
});
|
|
98
|
+
|
|
99
|
+
var element = event.findElement("form[data-remote]");
|
|
100
|
+
if (element) {
|
|
101
|
+
handleRemote(element);
|
|
102
|
+
event.stop();
|
|
103
|
+
}
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
$(document.body).observe("ajax:after", function(event) {
|
|
107
|
+
var element = event.findElement();
|
|
108
|
+
|
|
109
|
+
if (element.tagName.toLowerCase() === 'form') {
|
|
110
|
+
var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
|
|
111
|
+
inputs.each(function(input) {
|
|
112
|
+
input.value = input.readAttribute('data-original-value');
|
|
113
|
+
input.writeAttribute('data-original-value', null);
|
|
114
|
+
input.disabled = false;
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
});
|
|
118
|
+
});
|
|
File without changes
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
vendored_cucumber_bin = Dir["#{File.dirname(__FILE__)}/../vendor/{gems,plugins}/cucumber*/bin/cucumber"].first
|
|
4
|
+
if vendored_cucumber_bin
|
|
5
|
+
load File.expand_path(vendored_cucumber_bin)
|
|
6
|
+
else
|
|
7
|
+
require 'rubygems' unless ENV['NO_RUBYGEMS']
|
|
8
|
+
require 'cucumber'
|
|
9
|
+
load Cucumber::BINARY
|
|
10
|
+
end
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
|
3
|
+
|
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
|
6
|
+
require 'rails/commands'
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
Factory.define :user do |f|
|
|
2
|
+
f.email "example.user@test.com"
|
|
3
|
+
f.password "secret"
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
Factory.define :admin, :class => "user" do |f|
|
|
7
|
+
f.email "example.admin@test.com"
|
|
8
|
+
f.password "admin_secret"
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
Factory.define :other, :class => "user" do |f|
|
|
12
|
+
f.email "other.user@test.com"
|
|
13
|
+
f.password "other_secret"
|
|
14
|
+
end
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class PostsControllerTest < ActionController::TestCase
|
|
4
|
+
|
|
5
|
+
include Devise::TestHelpers
|
|
6
|
+
|
|
7
|
+
context "not logged in" do
|
|
8
|
+
should "should get INDEX" do
|
|
9
|
+
get :index
|
|
10
|
+
assert_response :success
|
|
11
|
+
assert_equal(response.body, "posts#index")
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
context "go to NEW page" do
|
|
15
|
+
setup do
|
|
16
|
+
get :new
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
should "not get NEW" do
|
|
20
|
+
assert_response :redirect
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
context "logged in" do
|
|
26
|
+
setup do
|
|
27
|
+
@user = Factory(:user)
|
|
28
|
+
sign_in(@user)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context "get NEW action" do
|
|
32
|
+
setup do
|
|
33
|
+
get :new
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
should "get the NEW action" do
|
|
37
|
+
assert_response :success
|
|
38
|
+
assert_equal(response.body, "posts#new")
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context "log out user" do
|
|
43
|
+
setup do
|
|
44
|
+
sign_out(@user)
|
|
45
|
+
get :new
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
should "get redirected to the login page" do
|
|
49
|
+
assert_response :redirect
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
|
|
58
|
+
end
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
ENV["RAILS_ENV"] = "test"
|
|
2
|
+
require File.expand_path('../../config/environment', __FILE__)
|
|
3
|
+
require 'rails/test_help'
|
|
4
|
+
|
|
5
|
+
class ActiveSupport::TestCase
|
|
6
|
+
|
|
7
|
+
def ldap_connect_string
|
|
8
|
+
if ENV["LDAP_SSL"]
|
|
9
|
+
"-x -H ldaps://localhost:3389 -D 'cn=admin,dc=test,dc=com' -w secret"
|
|
10
|
+
else
|
|
11
|
+
"-x -h localhost -p 3389 -D 'cn=admin,dc=test,dc=com' -w secret"
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def reset_ldap_server!
|
|
16
|
+
if ENV["LDAP_SSL"]
|
|
17
|
+
`ldapmodify #{ldap_connect_string} -f ../ldap/clear.ldif`
|
|
18
|
+
`ldapadd #{ldap_connect_string} -f ../ldap/base.ldif`
|
|
19
|
+
else
|
|
20
|
+
`ldapmodify #{ldap_connect_string} -f ../ldap/clear.ldif`
|
|
21
|
+
`ldapadd #{ldap_connect_string} -f ../ldap/base.ldif`
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def default_devise_settings!
|
|
26
|
+
::Devise.ldap_logger = true
|
|
27
|
+
::Devise.ldap_create_user = false
|
|
28
|
+
::Devise.ldap_update_password = true
|
|
29
|
+
::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap.yml"
|
|
30
|
+
::Devise.ldap_check_group_membership = false
|
|
31
|
+
::Devise.ldap_check_attributes = false
|
|
32
|
+
::Devise.ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }
|
|
33
|
+
::Devise.authentication_keys = [:email]
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
@@ -0,0 +1,254 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class UserTest < ActiveSupport::TestCase
|
|
4
|
+
|
|
5
|
+
def should_be_validated(user, password, message = "Password is invalid")
|
|
6
|
+
assert(user.valid_ldap_authentication?(password), message)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def should_not_be_validated(user, password, message = "Password is not properly set")
|
|
10
|
+
assert(!user.valid_ldap_authentication?(password), message)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
context "With default settings" do
|
|
14
|
+
setup do
|
|
15
|
+
default_devise_settings!
|
|
16
|
+
reset_ldap_server!
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
context "look up and ldap user" do
|
|
20
|
+
should "return true for a user that does exist in LDAP" do
|
|
21
|
+
assert_equal true, ::Devise::LdapAdapter.valid_login?('example.user@test.com')
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
should "return false for a user that doesn't exist in LDAP" do
|
|
25
|
+
assert_equal false, ::Devise::LdapAdapter.valid_login?('barneystinson')
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
context "create a basic user" do
|
|
30
|
+
setup do
|
|
31
|
+
@user = Factory(:user)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
should "check for password validation" do
|
|
35
|
+
assert_equal(@user.email, "example.user@test.com")
|
|
36
|
+
should_be_validated @user, "secret"
|
|
37
|
+
should_not_be_validated @user, "wrong_secret"
|
|
38
|
+
should_not_be_validated @user, "Secret"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context "change a LDAP password" do
|
|
43
|
+
setup do
|
|
44
|
+
@user = Factory(:user)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
should "change password" do
|
|
48
|
+
should_be_validated @user, "secret"
|
|
49
|
+
@user.reset_password!("changed","changed")
|
|
50
|
+
should_be_validated @user, "changed", "password was not changed properly on the LDAP sevrer"
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
should "not allow to change password if setting is false" do
|
|
54
|
+
should_be_validated @user, "secret"
|
|
55
|
+
::Devise.ldap_update_password = false
|
|
56
|
+
@user.reset_password!("wrong_secret", "wrong_secret")
|
|
57
|
+
should_not_be_validated @user, "wrong_secret"
|
|
58
|
+
should_be_validated @user, "secret"
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
context "create new local user if user is in LDAP" do
|
|
63
|
+
|
|
64
|
+
setup do
|
|
65
|
+
assert(User.all.blank?, "There shouldn't be any users in the database")
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
should "don't create user in the database" do
|
|
69
|
+
@user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
|
|
70
|
+
assert(User.all.blank?)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
context "creating users is enabled" do
|
|
74
|
+
setup do
|
|
75
|
+
::Devise.ldap_create_user = true
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
should "create a user in the database" do
|
|
79
|
+
@user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
|
|
80
|
+
assert_equal(User.all.size, 1)
|
|
81
|
+
assert_contains(User.all.collect(&:email), "example.user@test.com", "user not in database")
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
should "not create a user in the database if the password is wrong_secret" do
|
|
85
|
+
@user = User.authenticate_with_ldap(:email => "example.user", :password => "wrong_secret")
|
|
86
|
+
assert(User.all.blank?, "There's users in the database")
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
should "create a user if the user is not in LDAP" do
|
|
90
|
+
@user = User.authenticate_with_ldap(:email => "wrong_secret.user@test.com", :password => "wrong_secret")
|
|
91
|
+
assert(User.all.blank?, "There's users in the database")
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
context "use groups for authorization" do
|
|
98
|
+
setup do
|
|
99
|
+
@admin = Factory(:admin)
|
|
100
|
+
@user = Factory(:user)
|
|
101
|
+
::Devise.authentication_keys = [:email]
|
|
102
|
+
::Devise.ldap_check_group_membership = true
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
should "admin should be allowed in" do
|
|
106
|
+
should_be_validated @admin, "admin_secret"
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
should "admin should have the proper groups set" do
|
|
110
|
+
assert_contains(@admin.ldap_groups, /cn=admins/, "groups attribute not being set properly")
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
should "user should not be allowed in" do
|
|
114
|
+
should_not_be_validated @user, "secret"
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
should "not be validated if group with different attribute is removed" do
|
|
118
|
+
`ldapmodify #{ldap_connect_string} -f ../ldap/delete_authorization_role.ldif`
|
|
119
|
+
should_not_be_validated @admin, "admin_secret"
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
context "use role attribute for authorization" do
|
|
124
|
+
setup do
|
|
125
|
+
@admin = Factory(:admin)
|
|
126
|
+
@user = Factory(:user)
|
|
127
|
+
::Devise.ldap_check_attributes = true
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
should "admin should be allowed in" do
|
|
131
|
+
should_be_validated @admin, "admin_secret"
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
should "user should not be allowed in" do
|
|
135
|
+
should_not_be_validated @user, "secret"
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
context "use admin setting to bind" do
|
|
140
|
+
setup do
|
|
141
|
+
@admin = Factory(:admin)
|
|
142
|
+
@user = Factory(:user)
|
|
143
|
+
::Devise.ldap_use_admin_to_bind = true
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
should "description" do
|
|
147
|
+
should_be_validated @admin, "admin_secret"
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
context "use uid for login" do
|
|
154
|
+
setup do
|
|
155
|
+
default_devise_settings!
|
|
156
|
+
reset_ldap_server!
|
|
157
|
+
::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_uid.yml"
|
|
158
|
+
::Devise.authentication_keys = [:uid]
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
context "description" do
|
|
162
|
+
setup do
|
|
163
|
+
@admin = Factory(:admin)
|
|
164
|
+
@user = Factory(:user, :uid => "example_user")
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
should "be able to authenticate using uid" do
|
|
168
|
+
should_be_validated @user, "secret"
|
|
169
|
+
should_not_be_validated @admin, "admin_secret"
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
context "create user" do
|
|
174
|
+
setup do
|
|
175
|
+
::Devise.ldap_create_user = true
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
should "create a user in the database" do
|
|
179
|
+
@user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
|
|
180
|
+
assert_equal(User.all.size, 1)
|
|
181
|
+
assert_contains(User.all.collect(&:uid), "example_user", "user not in database")
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
should "call ldap_before_save hooks" do
|
|
185
|
+
User.class_eval do
|
|
186
|
+
def ldap_before_save
|
|
187
|
+
@foobar = 'foobar'
|
|
188
|
+
end
|
|
189
|
+
end
|
|
190
|
+
user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
|
|
191
|
+
assert_equal 'foobar', user.instance_variable_get(:"@foobar")
|
|
192
|
+
User.class_eval do
|
|
193
|
+
undef ldap_before_save
|
|
194
|
+
end
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
should "not call ldap_before_save hook if not defined" do
|
|
198
|
+
assert_nothing_raised do
|
|
199
|
+
should_be_validated Factory(:user, :uid => "example_user"), "secret"
|
|
200
|
+
end
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
context "using ERB in the config file" do
|
|
206
|
+
setup do
|
|
207
|
+
default_devise_settings!
|
|
208
|
+
reset_ldap_server!
|
|
209
|
+
::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_erb.yml"
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
context "authenticate" do
|
|
213
|
+
setup do
|
|
214
|
+
@admin = Factory(:admin)
|
|
215
|
+
@user = Factory(:user)
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
should "be able to authenticate" do
|
|
219
|
+
should_be_validated @user, "secret"
|
|
220
|
+
should_be_validated @admin, "admin_secret"
|
|
221
|
+
end
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
context "using variants in the config file" do
|
|
226
|
+
setup do
|
|
227
|
+
default_devise_settings!
|
|
228
|
+
reset_ldap_server!
|
|
229
|
+
::Devise.ldap_config = Rails.root.join 'config', 'ldap_with_boolean_ssl.yml'
|
|
230
|
+
end
|
|
231
|
+
|
|
232
|
+
should "not fail if config file has ssl: true" do
|
|
233
|
+
assert_nothing_raised do
|
|
234
|
+
Devise::LdapAdapter::LdapConnect.new
|
|
235
|
+
end
|
|
236
|
+
end
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
context "use username builder" do
|
|
240
|
+
setup do
|
|
241
|
+
default_devise_settings!
|
|
242
|
+
reset_ldap_server!
|
|
243
|
+
::Devise.ldap_auth_username_builder = Proc.new() do |attribute, login, ldap|
|
|
244
|
+
"#{attribute}=#{login},ou=others,dc=test,dc=com"
|
|
245
|
+
end
|
|
246
|
+
@other = Factory(:other)
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
should "be able to authenticate" do
|
|
250
|
+
should_be_validated @other, "other_secret"
|
|
251
|
+
end
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
end
|