prathe_devise_ldap_authenticatable 0.4.10

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Curtis Schiewek
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,187 @@
+Devise LDAP Authenticatable
+===========================
+
+**This fork honors a fix in net-ldap for the error [BerError: unsupported object type: id=139](https://github.com/ruby-ldap/ruby-net-ldap/issues/17).**
+
+Devise LDAP Authenticatable is a LDAP based authentication strategy for the [Devise](http://github.com/plataformatec/devise) authentication framework.
+
+If you are building applications for use within your organization which require authentication and you want to use LDAP, this plugin is for you.
+
+For a screencast with an example application, please visit: [http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html](http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html)
+
+**_Please Note_**
+
+If you are using rails 2.x then use 0.1.x series of gem, and see the rails2 branch README for instructions.
+
+Requirements
+------------
+
+- An LDAP server (tested on OpenLDAP)
+- Rails 3.0.0
+
+These gems are dependencies of the gem:
+
+- Devise ~> 1.4.0 
+- net-ldap ~> 0.2.2
+
+Installation
+------------
+
+**_Please Note_**
+
+This will *only* work for Rails 3 applications.
+
+In the Gemfile for your application:
+
+    gem "devise", "~> 1.4"
+    gem "devise_ldap_authenticatable"
+    
+To get the latest version, pull directly from github instead of the gem:
+
+    gem "devise_ldap_authenticatable", :git => "git://github.com/cschiewek/devise_ldap_authenticatable.git"
+
+
+Setup
+-----
+
+Run the rails generators for devise (please check the [devise](http://github.com/plataformatec/devise) documents for further instructions)
+
+    rails generate devise:install
+    rails generate devise MODEL_NAME
+
+Run the rails generator for devise_ldap_authenticatable
+
+    rails generate devise_ldap_authenticatable:install [options]
+
+This will install the sample.yml, update the devise.rb initializer, and update your user model. There are some options you can pass to it:
+
+Options:
+
+    [--user-model=USER_MODEL]  # Model to update
+                               # Default: user
+    [--update-model]           # Update model to change from database_authenticatable to ldap_authenticatable
+                               # Default: true
+    [--add-rescue]             # Update Application Controller with resuce_from for DeviseLdapAuthenticatable::LdapException
+                               # Default: true
+    [--advanced]               # Add advanced config options to the devise initializer
+
+
+Usage
+-----
+
+Devise LDAP Authenticatable works in replacement of Database Authenticatable
+
+**_Please Note_**
+
+This devise plugin has not been tested with DatabaseAuthenticatable enabled at the same time. This is meant as a drop in replacement for DatabaseAuthenticatable allowing for a semi single sign on approach.
+
+The field that is used for logins is the first key that's configured in the `config/devise.rb` file under `config.authentication_keys`, which by default is email. For help changing this, please see the [Railscast](http://railscasts.com/episodes/210-customizing-devise) that goes through how to customize Devise.
+
+
+Querying LDAP
+----------------
+
+Given that ldap\_create\_user is set to true and you are authenticating with username, you can query an LDAP server for other attributes.
+
+in your user model:
+
+	before_save :get_ldap_email
+
+  def get_ldap_email
+    self.email = Devise::LdapAdapter.get_ldap_param(self.username,"mail")
+  end
+
+
+Configuration
+-------------
+
+In initializer  `config/initializers/devise.rb` :
+
+* ldap\_logger _(default: true)_
+  * If set to true, will log LDAP queries to the Rails logger.
+
+* ldap\_create\_user _(default: false)_
+	* If set to true, all valid LDAP users will be allowed to login and an appropriate user record will be created.
+      If set to false, you will have to create the user record before they will be allowed to login.
+
+* ldap\_config _(default: #{Rails.root}/config/ldap.yml)_
+	* Where to find the LDAP config file. Commented out to use the default, change if needed.
+
+* ldap\_update\_password _(default: true)_
+  * When doing password resets, if true will update the LDAP server. Requires admin password in the ldap.yml
+
+* ldap\_check\_group_membership _(default: false)_
+  * When set to true, the user trying to login will be checked to make sure they are in all of groups specified in the ldap.yml file.
+
+* ldap\_check\_attributes _(default: false)_
+  * When set to true, the user trying to login will be checked to make sure they have all of the attributes in the ldap.yml file.
+
+* ldap\_use\_admin\_to\_bind _(default: false)_
+  * When set to true, the admin user will be used to bind to the LDAP server during authentication.
+
+
+Advanced Configuration
+----------------------
+
+These parameters will be added to `config/initializers/devise.rb` when you pass the `--advanced` switch to the generator:
+
+* ldap\_auth\_username\_builder _(default: `Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }`)_
+  * You can pass a proc to the username option to explicitly specify the format that you search for a users' DN on your LDAP server.
+
+Testing
+-------
+
+This has been tested using the following setup:
+
+* Mac OSX 10.6
+* OpenLDAP 2.4.11
+* REE 1.8.7 (2010.02)
+
+All unit and functional tests are part of a sample rails application under test/rails_app and requires a working LDAP sever.
+
+Build / Start Instructions for Test LDAP Server
+-----------------------------------------------
+
+These instructions require the current directory context to be the `test/ldap` directory relative to the project root.
+
+  1. To start the server, run `./run-server.sh`
+  2. Add the basic structure: `ldapadd -x -h localhost -p 3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
+    * this creates the users / passwords:
+      * cn=admin,dc=test,com / secret
+      * cn=example.user@test.com,ou=people,dc=test,dc=com / secret
+  3. You should now be able to run the tests in test/rails_app by running: `rake`
+  
+  _For a LDAP server running SSL_
+  
+  1. To start the server, run: `./run-server.sh --ssl`
+  2. Add the basic structure: `ldapadd -x -H ldaps://localhost:3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
+    * this creates the users / passwords:
+      * cn=admin,dc=test,com / secret
+      * cn=example.user@test.com,ou=people,dc=test,dc=com / secret
+  3. You should now be able to run the tests in test/rails_app by running: `LDAP_SSL=true rake`
+
+**_Please Note_**
+
+In your system LDAP config file (on OSX it's /etc/openldap/ldap.conf) make sure you have the following setting:
+
+    TLS_REQCERT	never
+
+This will allow requests to go to the test LDAP server without being signed by a trusted root (it uses a self-signed cert)
+
+References
+----------
+
+* [OpenLDAP](http://www.openldap.org/)
+* [Devise](http://github.com/plataformatec/devise)
+* [Warden](http://github.com/hassox/warden)
+
+
+TODO
+----
+
+View on [Pivotal Tracker](http://www.pivotaltracker.com/projects/97318).
+
+Released under the MIT license
+
+Copyright (c) 2010 Curtis Schiewek, Daniel McNevin
+

data/Rakefile

@@ -0,0 +1,52 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_imapable plugin.'
+Rake::TestTask.new(:test) do |t|
+  # t.libs << 'lib'
+  # t.libs << 'test'
+  # t.pattern = 'test/**/*_test.rb'
+  # t.verbose = true
+  puts <<-eof
+
+*** NOTICE ***
+
+All tests are done in the sample Rails app. 
+
+Please go to test/rails_app and run the tests there. 
+
+Make sure to bundle install and rake db:migrate
+
+  eof
+end
+
+desc 'Generate documentation for the devise_ldap_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseLDAPAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_ldap_authenticatable"
+    gemspec.summary = "LDAP authentication module for Devise"
+    gemspec.description = "LDAP authentication module for Devise"
+    gemspec.email = "curtis.schiewek@gmail.com"
+    gemspec.homepage = "http://github.com/cschiewek/devise_ldap_authenticatable"
+    gemspec.authors = ["Curtis Schiewek", "Daniel McNevin"]
+    gemspec.add_runtime_dependency "devise", "~> 1.4.0"
+    gemspec.add_runtime_dependency "prathe_net-ldap", "~> 0.2.2"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+0.4.10

data/devise_ldap_authenticatable.gemspec

@@ -0,0 +1,133 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{prathe_devise_ldap_authenticatable}
+  s.version = "0.4.10"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Curtis Schiewek", "Daniel McNevin", "Steven Xu"]
+  s.date = %q{2011-10-17}
+  s.description = %q{LDAP authentication module for Devise}
+  s.email = %q{curtis.schiewek@gmail.com}
+  s.extra_rdoc_files = [
+    "README.md"
+  ]
+  s.files = [
+    "MIT-LICENSE",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "devise_ldap_authenticatable.gemspec",
+    "lib/devise_ldap_authenticatable.rb",
+    "lib/devise_ldap_authenticatable/exception.rb",
+    "lib/devise_ldap_authenticatable/ldap_adapter.rb",
+    "lib/devise_ldap_authenticatable/logger.rb",
+    "lib/devise_ldap_authenticatable/model.rb",
+    "lib/devise_ldap_authenticatable/routes.rb",
+    "lib/devise_ldap_authenticatable/schema.rb",
+    "lib/devise_ldap_authenticatable/strategy.rb",
+    "lib/devise_ldap_authenticatable/version.rb",
+    "lib/generators/devise_ldap_authenticatable/install_generator.rb",
+    "lib/generators/devise_ldap_authenticatable/templates/ldap.yml",
+    "rails/init.rb",
+    "test/devise_ldap_authenticatable_test.rb",
+    "test/ldap/base.ldif",
+    "test/ldap/clear.ldif",
+    "test/ldap/local.schema",
+    "test/ldap/run-server.sh",
+    "test/ldap/server.pem",
+    "test/ldap/slapd-ssl-test.conf",
+    "test/ldap/slapd-test.conf",
+    "test/rails_app/Gemfile",
+    "test/rails_app/Gemfile.lock",
+    "test/rails_app/Rakefile",
+    "test/rails_app/app/controllers/application_controller.rb",
+    "test/rails_app/app/controllers/posts_controller.rb",
+    "test/rails_app/app/helpers/application_helper.rb",
+    "test/rails_app/app/helpers/posts_helper.rb",
+    "test/rails_app/app/models/post.rb",
+    "test/rails_app/app/models/user.rb",
+    "test/rails_app/app/views/layouts/application.html.erb",
+    "test/rails_app/app/views/posts/index.html.erb",
+    "test/rails_app/config.ru",
+    "test/rails_app/config/application.rb",
+    "test/rails_app/config/boot.rb",
+    "test/rails_app/config/cucumber.yml",
+    "test/rails_app/config/database.yml",
+    "test/rails_app/config/environment.rb",
+    "test/rails_app/config/environments/development.rb",
+    "test/rails_app/config/environments/production.rb",
+    "test/rails_app/config/environments/test.rb",
+    "test/rails_app/config/initializers/backtrace_silencers.rb",
+    "test/rails_app/config/initializers/devise.rb",
+    "test/rails_app/config/initializers/inflections.rb",
+    "test/rails_app/config/initializers/mime_types.rb",
+    "test/rails_app/config/initializers/secret_token.rb",
+    "test/rails_app/config/initializers/session_store.rb",
+    "test/rails_app/config/ldap.yml",
+    "test/rails_app/config/ldap_with_erb.yml",
+    "test/rails_app/config/ldap_with_uid.yml",
+    "test/rails_app/config/locales/devise.en.yml",
+    "test/rails_app/config/locales/en.yml",
+    "test/rails_app/config/routes.rb",
+    "test/rails_app/config/ssl_ldap.yml",
+    "test/rails_app/config/ssl_ldap_with_erb.yml",
+    "test/rails_app/config/ssl_ldap_with_uid.yml",
+    "test/rails_app/db/migrate/20100708120302_create_posts.rb",
+    "test/rails_app/db/migrate/20100708120448_devise_create_users.rb",
+    "test/rails_app/db/schema.rb",
+    "test/rails_app/db/seeds.rb",
+    "test/rails_app/features/manage_logins.feature",
+    "test/rails_app/features/step_definitions/login_steps.rb",
+    "test/rails_app/features/step_definitions/web_steps.rb",
+    "test/rails_app/features/support/env.rb",
+    "test/rails_app/features/support/paths.rb",
+    "test/rails_app/lib/tasks/.gitkeep",
+    "test/rails_app/lib/tasks/cucumber.rake",
+    "test/rails_app/public/404.html",
+    "test/rails_app/public/422.html",
+    "test/rails_app/public/500.html",
+    "test/rails_app/public/images/rails.png",
+    "test/rails_app/public/javascripts/application.js",
+    "test/rails_app/public/javascripts/controls.js",
+    "test/rails_app/public/javascripts/dragdrop.js",
+    "test/rails_app/public/javascripts/effects.js",
+    "test/rails_app/public/javascripts/prototype.js",
+    "test/rails_app/public/javascripts/rails.js",
+    "test/rails_app/public/stylesheets/.gitkeep",
+    "test/rails_app/script/cucumber",
+    "test/rails_app/script/rails",
+    "test/rails_app/test/factories/users.rb",
+    "test/rails_app/test/functional/posts_controller_test.rb",
+    "test/rails_app/test/performance/browsing_test.rb",
+    "test/rails_app/test/test_helper.rb",
+    "test/rails_app/test/unit/helpers/posts_helper_test.rb",
+    "test/rails_app/test/unit/post_test.rb",
+    "test/rails_app/test/unit/user_test.rb",
+    "test/test_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/cschiewek/devise_ldap_authenticatable}
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{LDAP authentication module for Devise}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<devise>, ["~> 1.4.0"])
+      s.add_runtime_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
+    else
+      s.add_dependency(%q<devise>, ["~> 1.4.0"])
+      s.add_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
+    end
+  else
+    s.add_dependency(%q<devise>, ["~> 1.4.0"])
+    s.add_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
+  end
+end
+

data/lib/devise_ldap_authenticatable.rb

@@ -0,0 +1,48 @@
+# encoding: utf-8
+require 'devise'
+
+require 'devise_ldap_authenticatable/exception'
+require 'devise_ldap_authenticatable/logger'
+require 'devise_ldap_authenticatable/schema'
+require 'devise_ldap_authenticatable/ldap_adapter'
+require 'devise_ldap_authenticatable/routes'
+
+# Get ldap information from config/ldap.yml now
+module Devise
+  # Allow logging
+  mattr_accessor :ldap_logger
+  @@ldap_logger = true
+  
+  # Add valid users to database
+  mattr_accessor :ldap_create_user
+  @@ldap_create_user = false
+  
+  mattr_accessor :ldap_config
+  # @@ldap_config = "#{Rails.root}/config/ldap.yml"
+  
+  mattr_accessor :ldap_update_password
+  @@ldap_update_password = true
+  
+  mattr_accessor :ldap_check_group_membership
+  @@ldap_check_group_membership = false
+  
+  mattr_accessor :ldap_check_attributes
+  @@ldap_check_role_attribute = false
+  
+  mattr_accessor :ldap_use_admin_to_bind
+  @@ldap_use_admin_to_bind = false
+  
+  mattr_accessor :ldap_auth_username_builder
+  @@ldap_auth_username_builder = Proc.new() {|attribute, login, ldap| "#{attribute}=#{login},#{ldap.base}" }
+
+  mattr_accessor :ldap_ad_group_check
+  @@ldap_ad_group_check = false
+end
+
+# Add ldap_authenticatable strategy to defaults.
+#
+Devise.add_module(:ldap_authenticatable,
+                  :route => :session, ## This will add the routes, rather than in the routes.rb
+                  :strategy   => true,
+                  :controller => :sessions,
+                  :model  => 'devise_ldap_authenticatable/model')