prathe_devise_ldap_authenticatable 0.4.10 → 0.6.0

data/.gitignore

@@ -0,0 +1,8 @@
+.bundle
+log
+*.sqlite3
+test/ldap/openldap-data/*
+!test/ldap/openldap-data/run
+test/ldap/openldap-data/run/slapd.*
+test/rails_app/tmp
+pkg/*

data/Gemfile

@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+gemspec
+
+gem 'devise', '~> 2.0.0'
+gem 'net-ldap', '~> 0.2.2'
+
+platforms :mri_18 do
+  group :test do
+    gem 'ruby-debug', '>= 0.10.3'
+  end
+end

data/Gemfile.lock

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    devise_ldap_authenticatable (0.5.1)
+      devise (~> 1.5.0)
+      net-ldap (~> 0.2.2)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    bcrypt-ruby (3.0.1)
+    columnize (0.3.6)
+    devise (1.5.3)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.0.3)
+      warden (~> 1.1)
+    linecache (0.46)
+      rbx-require-relative (> 0.0.4)
+    net-ldap (0.2.2)
+    orm_adapter (0.0.6)
+    rack (1.4.0)
+    rbx-require-relative (0.0.5)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    warden (1.1.0)
+      rack (>= 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  devise (~> 1.5.0)
+  devise_ldap_authenticatable!
+  net-ldap (~> 0.2.2)
+  ruby-debug (>= 0.10.3)

data/Rakefile

@@ -5,25 +5,6 @@ require 'rake/rdoctask'
 desc 'Default: run unit tests.'
 task :default => :test
 
-desc 'Test the devise_imapable plugin.'
-Rake::TestTask.new(:test) do |t|
-  # t.libs << 'lib'
-  # t.libs << 'test'
-  # t.pattern = 'test/**/*_test.rb'
-  # t.verbose = true
-  puts <<-eof
-
-*** NOTICE ***
-
-All tests are done in the sample Rails app. 
-
-Please go to test/rails_app and run the tests there. 
-
-Make sure to bundle install and rake db:migrate
-
-  eof
-end
-
 desc 'Generate documentation for the devise_ldap_authenticatable plugin.'
 Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
@@ -32,21 +13,3 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('README')
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
-
-
-begin
-  require 'jeweler'
-  Jeweler::Tasks.new do |gemspec|
-    gemspec.name = "devise_ldap_authenticatable"
-    gemspec.summary = "LDAP authentication module for Devise"
-    gemspec.description = "LDAP authentication module for Devise"
-    gemspec.email = "curtis.schiewek@gmail.com"
-    gemspec.homepage = "http://github.com/cschiewek/devise_ldap_authenticatable"
-    gemspec.authors = ["Curtis Schiewek", "Daniel McNevin"]
-    gemspec.add_runtime_dependency "devise", "~> 1.4.0"
-    gemspec.add_runtime_dependency "prathe_net-ldap", "~> 0.2.2"
-  end
-  Jeweler::GemcutterTasks.new
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
-end

data/devise_ldap_authenticatable.gemspec

@@ -1,133 +1,22 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "devise_ldap_authenticatable/version"
 
 Gem::Specification.new do |s|
-  s.name = %q{prathe_devise_ldap_authenticatable}
-  s.version = "0.4.10"
+  s.name     = 'prathe_devise_ldap_authenticatable'
+  s.version  = DeviseLdapAuthenticatable::VERSION.dup
+  s.platform = Gem::Platform::RUBY
+  s.summary  = 'Devise extension to allow authentication via LDAP'
+  s.email = 'curtis.schiewek@gmail.com'
+  s.homepage = 'https://github.com/cschiewek/devise_ldap_authenticatable'
+  s.description = s.summary
+  s.authors = ['Curtis Schiewek', 'Daniel McNevin', 'Steven Xu']
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Curtis Schiewek", "Daniel McNevin", "Steven Xu"]
-  s.date = %q{2011-10-17}
-  s.description = %q{LDAP authentication module for Devise}
-  s.email = %q{curtis.schiewek@gmail.com}
-  s.extra_rdoc_files = [
-    "README.md"
-  ]
-  s.files = [
-    "MIT-LICENSE",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "devise_ldap_authenticatable.gemspec",
-    "lib/devise_ldap_authenticatable.rb",
-    "lib/devise_ldap_authenticatable/exception.rb",
-    "lib/devise_ldap_authenticatable/ldap_adapter.rb",
-    "lib/devise_ldap_authenticatable/logger.rb",
-    "lib/devise_ldap_authenticatable/model.rb",
-    "lib/devise_ldap_authenticatable/routes.rb",
-    "lib/devise_ldap_authenticatable/schema.rb",
-    "lib/devise_ldap_authenticatable/strategy.rb",
-    "lib/devise_ldap_authenticatable/version.rb",
-    "lib/generators/devise_ldap_authenticatable/install_generator.rb",
-    "lib/generators/devise_ldap_authenticatable/templates/ldap.yml",
-    "rails/init.rb",
-    "test/devise_ldap_authenticatable_test.rb",
-    "test/ldap/base.ldif",
-    "test/ldap/clear.ldif",
-    "test/ldap/local.schema",
-    "test/ldap/run-server.sh",
-    "test/ldap/server.pem",
-    "test/ldap/slapd-ssl-test.conf",
-    "test/ldap/slapd-test.conf",
-    "test/rails_app/Gemfile",
-    "test/rails_app/Gemfile.lock",
-    "test/rails_app/Rakefile",
-    "test/rails_app/app/controllers/application_controller.rb",
-    "test/rails_app/app/controllers/posts_controller.rb",
-    "test/rails_app/app/helpers/application_helper.rb",
-    "test/rails_app/app/helpers/posts_helper.rb",
-    "test/rails_app/app/models/post.rb",
-    "test/rails_app/app/models/user.rb",
-    "test/rails_app/app/views/layouts/application.html.erb",
-    "test/rails_app/app/views/posts/index.html.erb",
-    "test/rails_app/config.ru",
-    "test/rails_app/config/application.rb",
-    "test/rails_app/config/boot.rb",
-    "test/rails_app/config/cucumber.yml",
-    "test/rails_app/config/database.yml",
-    "test/rails_app/config/environment.rb",
-    "test/rails_app/config/environments/development.rb",
-    "test/rails_app/config/environments/production.rb",
-    "test/rails_app/config/environments/test.rb",
-    "test/rails_app/config/initializers/backtrace_silencers.rb",
-    "test/rails_app/config/initializers/devise.rb",
-    "test/rails_app/config/initializers/inflections.rb",
-    "test/rails_app/config/initializers/mime_types.rb",
-    "test/rails_app/config/initializers/secret_token.rb",
-    "test/rails_app/config/initializers/session_store.rb",
-    "test/rails_app/config/ldap.yml",
-    "test/rails_app/config/ldap_with_erb.yml",
-    "test/rails_app/config/ldap_with_uid.yml",
-    "test/rails_app/config/locales/devise.en.yml",
-    "test/rails_app/config/locales/en.yml",
-    "test/rails_app/config/routes.rb",
-    "test/rails_app/config/ssl_ldap.yml",
-    "test/rails_app/config/ssl_ldap_with_erb.yml",
-    "test/rails_app/config/ssl_ldap_with_uid.yml",
-    "test/rails_app/db/migrate/20100708120302_create_posts.rb",
-    "test/rails_app/db/migrate/20100708120448_devise_create_users.rb",
-    "test/rails_app/db/schema.rb",
-    "test/rails_app/db/seeds.rb",
-    "test/rails_app/features/manage_logins.feature",
-    "test/rails_app/features/step_definitions/login_steps.rb",
-    "test/rails_app/features/step_definitions/web_steps.rb",
-    "test/rails_app/features/support/env.rb",
-    "test/rails_app/features/support/paths.rb",
-    "test/rails_app/lib/tasks/.gitkeep",
-    "test/rails_app/lib/tasks/cucumber.rake",
-    "test/rails_app/public/404.html",
-    "test/rails_app/public/422.html",
-    "test/rails_app/public/500.html",
-    "test/rails_app/public/images/rails.png",
-    "test/rails_app/public/javascripts/application.js",
-    "test/rails_app/public/javascripts/controls.js",
-    "test/rails_app/public/javascripts/dragdrop.js",
-    "test/rails_app/public/javascripts/effects.js",
-    "test/rails_app/public/javascripts/prototype.js",
-    "test/rails_app/public/javascripts/rails.js",
-    "test/rails_app/public/stylesheets/.gitkeep",
-    "test/rails_app/script/cucumber",
-    "test/rails_app/script/rails",
-    "test/rails_app/test/factories/users.rb",
-    "test/rails_app/test/functional/posts_controller_test.rb",
-    "test/rails_app/test/performance/browsing_test.rb",
-    "test/rails_app/test/test_helper.rb",
-    "test/rails_app/test/unit/helpers/posts_helper_test.rb",
-    "test/rails_app/test/unit/post_test.rb",
-    "test/rails_app/test/unit/user_test.rb",
-    "test/test_helper.rb"
-  ]
-  s.homepage = %q{http://github.com/cschiewek/devise_ldap_authenticatable}
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{LDAP authentication module for Devise}
 
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<devise>, ["~> 1.4.0"])
-      s.add_runtime_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
-    else
-      s.add_dependency(%q<devise>, ["~> 1.4.0"])
-      s.add_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
-    end
-  else
-    s.add_dependency(%q<devise>, ["~> 1.4.0"])
-    s.add_dependency(%q<prathe_net-ldap>, ["~> 0.2.2"])
-  end
+  s.add_dependency('devise', '>= 2.0.0')
+  s.add_dependency('net-ldap', '>= 0.2.2')
 end
-

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -3,60 +3,69 @@ require "net/ldap"
 module Devise
 
   module LdapAdapter
-    
+
     def self.valid_credentials?(login, password_plaintext)
-      options = {:login => login, 
-                 :password => password_plaintext, 
+      options = {:login => login,
+                 :password => password_plaintext,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
-                 
+
       resource = LdapConnect.new(options)
       resource.authorized?
     end
 
-    def self.valid_login?(login)
-      options = {:login => login, 
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
-      resource = LdapConnect.new(options)
-      resource.valid_login?
-    end
-    
     def self.update_password(login, new_password)
       options = {:login => login,
                  :new_password => new_password,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
-                 
+
       resource = LdapConnect.new(options)
-      resource.change_password! if new_password.present? 
+      resource.change_password! if new_password.present?
     end
-    
-    def self.get_groups(login)
-      options = {:login => login, 
+
+    def self.update_own_password(login, new_password, current_password)
+      set_ldap_param(login, :userpassword, new_password, current_password)
+    end
+
+    def self.ldap_connect(login)
+      options = {:login => login,
                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
                  :admin => ::Devise.ldap_use_admin_to_bind}
 
-      ldap = LdapConnect.new(options)
-      ldap.user_groups
+      resource = LdapConnect.new(options)
     end
-    
+
+    def self.valid_login?(login)
+      self.ldap_connect(login).valid_login?
+    end
+
+    def self.get_groups(login)
+      self.ldap_connect(login).user_groups
+    end
+
     def self.get_dn(login)
-      options = {:login => login, 
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
+      self.ldap_connect(login).dn
+    end
+
+    def self.set_ldap_param(login, param, new_value, password = nil)
+      options = { :login => login,
+                  :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
+                  :password => password }
+
       resource = LdapConnect.new(options)
-      resource.dn
+      resource.set_param(param, new_value)
     end
 
     def self.get_ldap_param(login,param)
-      options = {:login => login, 
-                 :ldap_auth_username_builder => ::Devise.ldap_auth_username_builder,
-                 :admin => ::Devise.ldap_use_admin_to_bind}
-      resource = LdapConnect.new(options)
+      resource = self.ldap_connect(login)
       resource.ldap_param_value(param)
     end
 
+    def self.get_ldap_entry(login)
+      self.ldap_connect(login).search_for_login
+    end
+
     class LdapConnect
 
       attr_reader :ldap, :login
@@ -73,18 +82,22 @@ module Devise
         @ldap.base = ldap_config["base"]
         @attribute = ldap_config["attribute"]
         @ldap_auth_username_builder = params[:ldap_auth_username_builder]
-        
+
         @group_base = ldap_config["group_base"]
-        @required_groups = ldap_config["required_groups"]        
+        @required_groups = ldap_config["required_groups"]
         @required_attributes = ldap_config["require_attribute"]
-        
-        @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] 
-                
+
+        @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
+
         @login = params[:login]
         @password = params[:password]
         @new_password = params[:new_password]
       end
 
+      def set_param(param, new_value)
+        update_ldap( { param.to_sym => new_value } )
+      end
+
       def dn
         DeviseLdapAuthenticatable::Logger.send("LDAP dn lookup: #{@attribute}=#{@login}")
         ldap_entry = search_for_login
@@ -95,15 +108,27 @@ module Devise
         end
       end
 
-			def ldap_param_value(param)
-				filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
+      def ldap_param_value(param)
+        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
         ldap_entry = nil
         @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
 
-				DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{ldap_entry.send(param)}")
-				ldap_entry.send(param)
-			end
-			
+        if ldap_entry
+          if ldap_entry[param]
+            DeviseLdapAuthenticatable::Logger.send("Requested param #{param} has value #{ldap_entry.send(param)}")
+            value = ldap_entry.send(param)
+            value = value.first if value.is_a?(Array) and value.count == 1
+            value
+          else
+            DeviseLdapAuthenticatable::Logger.send("Requested param #{param} does not exist")
+            value = nil
+          end
+        else
+          DeviseLdapAuthenticatable::Logger.send("Requested ldap entry does not exist")
+          value = nil
+        end
+      end
+
       def authenticate!
         @ldap.auth(dn, @password)
         @ldap.bind
@@ -112,24 +137,24 @@ module Devise
       def authenticated?
         authenticate!
       end
-      
+
       def authorized?
         DeviseLdapAuthenticatable::Logger.send("Authorizing user #{dn}")
         authenticated? && in_required_groups? && has_required_attribute?
       end
-      
+
       def change_password!
         update_ldap(:userpassword => Net::LDAP::Password.generate(:sha, @new_password))
       end
 
-      def in_required_groups?     
+      def in_required_groups?
         return true unless ::Devise.ldap_check_group_membership
-        
+
         ## FIXME set errors here, the ldap.yml isn't set properly.
-        return false if @required_groups.nil?   
-           
+        return false if @required_groups.nil?
+
         admin_ldap = LdapConnect.admin
-                
+
         for group in @required_groups
           if group.is_a?(Array)
             group_attribute, group_name = group
@@ -147,9 +172,9 @@ module Devise
           else
             # AD optimization - extension will recursively check sub-groups with one query
             # "(memberof:1.2.840.113556.1.4.1941:=group_name)"
-            search_result = admin_ldap.search(:base => dn, 
+            search_result = admin_ldap.search(:base => dn,
                               :filter => Net::LDAP::Filter.ex("memberof:1.2.840.113556.1.4.1941", group_name),
-                              :scope => Net::LDAP::SearchScope_BaseObject) 
+                              :scope => Net::LDAP::SearchScope_BaseObject)
             # Will return  the user entry if belongs to group otherwise nothing
             unless search_result.length == 1 && search_result[0].dn.eql?(dn)
               DeviseLdapAuthenticatable::Logger.send("User #{dn} is not in group: #{group_name }")
@@ -157,27 +182,27 @@ module Devise
             end
           end
         end
- 
+
         return true
       end
-      
+
       def has_required_attribute?
         return true unless ::Devise.ldap_check_attributes
-        
+
         admin_ldap = LdapConnect.admin
-        
+
         user = find_ldap_user(admin_ldap)
-                
+
         @required_attributes.each do |key,val|
           unless user[key].include? val
             DeviseLdapAuthenticatable::Logger.send("User #{dn} did not match attribute #{key}:#{val}")
-            return false 
+            return false
           end
         end
-        
+
         return true
       end
-      
+
       def user_groups
         admin_ldap = LdapConnect.admin
 
@@ -189,36 +214,36 @@ module Devise
       def valid_login?
         !search_for_login.nil?
       end
-      
+
+      # Searches the LDAP for the login
+      #
+      # @return [Object] the LDAP entry found; nil if not found
+      def search_for_login
+        DeviseLdapAuthenticatable::Logger.send("LDAP search for login: #{@attribute}=#{@login}")
+        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
+        ldap_entry = nil
+        @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
+        ldap_entry
+      end
+
       private
-      
+
       def self.admin
         ldap = LdapConnect.new(:admin => true).ldap
-        
+
         unless ldap.bind
           DeviseLdapAuthenticatable::Logger.send("Cannot bind to admin LDAP user")
           raise DeviseLdapAuthenticatable::LdapException, "Cannot connect to admin LDAP user"
         end
-        
+
         return ldap
       end
-      
+
       def find_ldap_user(ldap)
         DeviseLdapAuthenticatable::Logger.send("Finding user: #{dn}")
         ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject).try(:first)
       end
 
-      # Searches the LDAP for the login
-      #
-      # @return [Object] the LDAP entry found; nil if not found
-      def search_for_login
-        DeviseLdapAuthenticatable::Logger.send("LDAP search for login: #{@attribute}=#{@login}")
-        filter = Net::LDAP::Filter.eq(@attribute.to_s, @login.to_s)
-        ldap_entry = nil
-        @ldap.search(:filter => filter) {|entry| ldap_entry = entry}
-        ldap_entry
-      end
-      
       def update_ldap(ops)
         operations = []
         if ops.is_a? Hash
@@ -229,10 +254,15 @@ module Devise
           operations = ops
         end
 
-        admin_ldap = LdapConnect.admin
-        
+        if ::Devise.ldap_use_admin_to_bind
+          privileged_ldap = LdapConnect.admin
+        else
+          authenticate!
+          privileged_ldap = self.ldap
+        end
+
         DeviseLdapAuthenticatable::Logger.send("Modifying user #{dn}")
-        admin_ldap.modify(:dn => dn, :operations => operations)
+        privileged_ldap.modify(:dn => dn, :operations => operations)
       end
 
     end

data/lib/devise_ldap_authenticatable/model.rb

@@ -21,6 +21,12 @@ module Devise
         @login_with ||= Devise.mappings[self.class.to_s.underscore.to_sym].to.authentication_keys.first
         self[@login_with]
       end
+
+      def change_password!(current_password)
+        raise "Need to set new password first" if @password.blank?
+
+        Devise::LdapAdapter.update_own_password(login_with, @password, current_password)
+      end
       
       def reset_password!(new_password, new_password_confirmation)
         if new_password == new_password_confirmation && ::Devise.ldap_update_password
@@ -42,11 +48,11 @@ module Devise
           return false
         end
       end
-      
+
       def ldap_groups
         Devise::LdapAdapter.get_groups(login_with)
       end
-      
+
       def ldap_dn
         Devise::LdapAdapter.get_dn(login_with)
       end
@@ -67,34 +73,36 @@ module Devise
       module ClassMethods
         # Authenticate a user based on configured attribute keys. Returns the
         # authenticated user if it's valid or nil.
-        def authenticate_with_ldap(attributes={}) 
+        def authenticate_with_ldap(attributes={})
           auth_key = self.authentication_keys.first
-          return nil unless attributes[auth_key].present? 
+          return nil unless attributes[auth_key].present?
+
+          auth_key_value = (self.case_insensitive_keys || []).include?(auth_key) ? attributes[auth_key].downcase : attributes[auth_key]
 
           # resource = find_for_ldap_authentication(conditions)
-          resource = where(auth_key => attributes[auth_key]).first
-                    
+          resource = where(auth_key => auth_key_value).first
+
           if (resource.blank? and ::Devise.ldap_create_user)
             resource = new
-            resource[auth_key] = attributes[auth_key]
+            resource[auth_key] = auth_key_value
             resource.password = attributes[:password]
           end
-                    
+
           if resource.try(:valid_ldap_authentication?, attributes[:password])
             if resource.new_record?
               resource.ldap_before_save if resource.respond_to?(:ldap_before_save)
-              resource.save 
+              resource.save
             end
             return resource
           else
             return nil
           end
         end
-        
+
         def update_with_password(resource)
           puts "UPDATE_WITH_PASSWORD: #{resource.inspect}"
         end
-        
+
       end
     end
   end

data/lib/devise_ldap_authenticatable/strategy.rb

@@ -5,30 +5,17 @@ module Devise
     # Strategy for signing in a user based on his login and password using LDAP.
     # Redirects to sign_in page if it's not authenticated
     class LdapAuthenticatable < Authenticatable
-      def valid?
-        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
-      end
-
       # Authenticate a user based on login and password params, returning to warden
       # success and the authenticated user if everything is okay. Otherwise redirect
       # to sign in page.
       def authenticate!
-        if resource = mapping.to.authenticate_with_ldap(params[scope])
+        resource = valid_password? && mapping.to.authenticate_with_ldap(params[scope])
+        if validate(resource)
           success!(resource)
         else
           fail(:invalid)
         end
-     end
-
-      protected
-
-        def valid_controller?
-          params[:controller] == mapping.controllers[:sessions]
-        end
-
-        def valid_params?
-          params[scope] && params[scope][:password].present?
-        end
+      end
     end
   end
 end

data/lib/devise_ldap_authenticatable/version.rb

@@ -1,4 +1,3 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.4.6"
-end
-
+  VERSION = "0.6.0".freeze
+end

data/test/rails_app/Gemfile

@@ -3,7 +3,7 @@ source 'http://rubygems.org'
 gem 'rails', '3.0.0'
 gem 'sqlite3-ruby', :require => 'sqlite3'
 
-gem "devise", "~> 1.4.0"
+gem "devise", "~> 1.5.0"
 gem "devise_ldap_authenticatable", :path => "../../"
 
 group :test do

data/test/rails_app/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: ../../
   specs:
-    devise_ldap_authenticatable (0.4.9)
-      devise (~> 1.4.0)
+    devise_ldap_authenticatable (0.5.1)
+      devise (~> 1.5.0)
       net-ldap (~> 0.2.2)
 
 GEM
@@ -64,10 +64,10 @@ GEM
       cucumber (>= 0.8.0)
     culerity (0.2.12)
     database_cleaner (0.5.2)
-    devise (1.4.7)
+    devise (1.5.3)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
-      warden (~> 1.0.3)
+      warden (~> 1.1)
     diff-lcs (1.1.2)
     erubis (2.6.6)
       abstract (>= 1.0.0)
@@ -94,7 +94,7 @@ GEM
       rake
     net-ldap (0.2.2)
     nokogiri (1.4.3.1)
-    orm_adapter (0.0.5)
+    orm_adapter (0.0.6)
     polyglot (0.3.1)
     rack (1.2.1)
     rack-mount (0.6.12)
@@ -134,7 +134,7 @@ GEM
       polyglot (>= 0.3.1)
     trollop (1.16.2)
     tzinfo (0.3.23)
-    warden (1.0.5)
+    warden (1.1.0)
       rack (>= 1.0)
 
 PLATFORMS
@@ -147,7 +147,7 @@ DEPENDENCIES
   capybara
   cucumber-rails
   database_cleaner
-  devise (~> 1.4.0)
+  devise (~> 1.5.0)
   devise_ldap_authenticatable!
   factory_girl_rails
   launchy

data/test/rails_app/config/ldap_with_boolean_ssl.yml

@@ -0,0 +1,22 @@
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: ou=groups,dc=test,dc=com
+  required_groups:
+    - cn=admins,ou=groups,dc=test,dc=com
+    - ["authorizationRole", "cn=users,ou=groups,dc=test,dc=com"]
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+    
+test: &TEST
+  host: localhost
+  port: 3389
+  attribute: cn
+  base: ou=people,dc=test,dc=com
+  admin_user: cn=admin,dc=test,dc=com
+  admin_password: secret
+  ssl: true
+  <<: *AUTHORIZATIONS
+  
+development:
+  <<: *TEST

data/test/rails_app/test/unit/user_test.rb

@@ -5,7 +5,7 @@ class UserTest < ActiveSupport::TestCase
   def should_be_validated(user, password, message = "Password is invalid")
     assert(user.valid_ldap_authentication?(password), message)
   end
-  
+
   def should_not_be_validated(user, password, message = "Password is not properly set")
      assert(!user.valid_ldap_authentication?(password), message)
   end
@@ -25,12 +25,12 @@ class UserTest < ActiveSupport::TestCase
         assert_equal false, ::Devise::LdapAdapter.valid_login?('barneystinson')
       end
     end
-  
+
     context "create a basic user" do
       setup do
         @user = Factory(:user)
       end
-  
+
       should "check for password validation" do
         assert_equal(@user.email, "example.user@test.com")
         should_be_validated @user, "secret"
@@ -38,18 +38,18 @@ class UserTest < ActiveSupport::TestCase
         should_not_be_validated @user, "Secret"
       end
     end
-  
+
     context "change a LDAP password" do
       setup do
         @user = Factory(:user)
       end
-  
+
       should "change password" do
         should_be_validated @user, "secret"
         @user.reset_password!("changed","changed")
         should_be_validated @user, "changed", "password was not changed properly on the LDAP sevrer"
       end
-    
+
       should "not allow to change password if setting is false" do
         should_be_validated @user, "secret"
         ::Devise.ldap_update_password = false
@@ -58,42 +58,67 @@ class UserTest < ActiveSupport::TestCase
         should_be_validated @user, "secret"
       end
     end
-  
+
     context "create new local user if user is in LDAP" do
-    
+
       setup do
         assert(User.all.blank?, "There shouldn't be any users in the database")
       end
-    
+
       should "don't create user in the database" do
         @user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
         assert(User.all.blank?)
       end
-    
+
       context "creating users is enabled" do
         setup do
           ::Devise.ldap_create_user = true
         end
-      
+
         should "create a user in the database" do
           @user = User.authenticate_with_ldap(:email => "example.user@test.com", :password => "secret")
           assert_equal(User.all.size, 1)
           assert_contains(User.all.collect(&:email), "example.user@test.com", "user not in database")
         end
-  
+
         should "not create a user in the database if the password is wrong_secret" do
           @user = User.authenticate_with_ldap(:email => "example.user", :password => "wrong_secret")
           assert(User.all.blank?, "There's users in the database")
         end
-      
+
         should "create a user if the user is not in LDAP" do
           @user = User.authenticate_with_ldap(:email => "wrong_secret.user@test.com", :password => "wrong_secret")
           assert(User.all.blank?, "There's users in the database")
         end
+
+        should "create a user in the database if case insensitivity does not matter" do
+          ::Devise.case_insensitive_keys = false
+          @user = Factory(:user)
+
+          assert_difference "User.count", +1 do
+            User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
+          end
+        end
+
+        should "not create a user in the database if case insensitivity matters" do
+          ::Devise.case_insensitive_keys = [:email]
+          @user = Factory(:user)
+
+          assert_no_difference "User.count" do
+            User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
+          end
+        end
+
+        should "create a user with downcased email in the database if case insensitivity matters" do
+          ::Devise.case_insensitive_keys = [:email]
+
+          @user = User.authenticate_with_ldap(:email => "EXAMPLE.user@test.com", :password => "secret")
+          assert_contains(User.all.collect(&:email), "example.user@test.com", "user not in database")
+        end
       end
-    
+
     end
-  
+
     context "use groups for authorization" do
       setup do
         @admin = Factory(:admin)
@@ -101,55 +126,55 @@ class UserTest < ActiveSupport::TestCase
         ::Devise.authentication_keys = [:email]
         ::Devise.ldap_check_group_membership = true
       end
-  
+
       should "admin should be allowed in" do
         should_be_validated @admin, "admin_secret"
       end
-    
+
       should "admin should have the proper groups set" do
         assert_contains(@admin.ldap_groups, /cn=admins/, "groups attribute not being set properly")
       end
-    
+
       should "user should not be allowed in" do
         should_not_be_validated @user, "secret"
       end
-      
+
       should "not be validated if group with different attribute is removed" do
         `ldapmodify #{ldap_connect_string} -f ../ldap/delete_authorization_role.ldif`
         should_not_be_validated @admin, "admin_secret"
       end
     end
-  
+
     context "use role attribute for authorization" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user)
         ::Devise.ldap_check_attributes = true
       end
-  
+
       should "admin should be allowed in" do
         should_be_validated @admin, "admin_secret"
       end
-    
+
       should "user should not be allowed in" do
         should_not_be_validated @user, "secret"
       end
     end
-    
+
     context "use admin setting to bind" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user)
         ::Devise.ldap_use_admin_to_bind = true
       end
-  
+
       should "description" do
         should_be_validated @admin, "admin_secret"
       end
     end
-  
+
   end
-  
+
   context "use uid for login" do
     setup do
       default_devise_settings!
@@ -157,24 +182,24 @@ class UserTest < ActiveSupport::TestCase
       ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_uid.yml"
       ::Devise.authentication_keys = [:uid]
     end
-  
+
     context "description" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user, :uid => "example_user")
       end
-  
+
       should "be able to authenticate using uid" do
         should_be_validated @user, "secret"
         should_not_be_validated @admin, "admin_secret"
       end
     end
-    
+
     context "create user" do
       setup do
         ::Devise.ldap_create_user = true
       end
-  
+
       should "create a user in the database" do
         @user = User.authenticate_with_ldap(:uid => "example_user", :password => "secret")
         assert_equal(User.all.size, 1)
@@ -199,22 +224,22 @@ class UserTest < ActiveSupport::TestCase
           should_be_validated Factory(:user, :uid => "example_user"), "secret"
         end
       end
-    end    
+    end
   end
-  
+
   context "using ERB in the config file" do
     setup do
       default_devise_settings!
       reset_ldap_server!
       ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_erb.yml"
     end
-  
+
     context "authenticate" do
       setup do
         @admin = Factory(:admin)
         @user = Factory(:user)
       end
-  
+
       should "be able to authenticate" do
         should_be_validated @user, "secret"
         should_be_validated @admin, "admin_secret"
@@ -235,7 +260,7 @@ class UserTest < ActiveSupport::TestCase
       end
     end
   end
-  
+
   context "use username builder" do
     setup do
       default_devise_settings!
@@ -250,5 +275,5 @@ class UserTest < ActiveSupport::TestCase
       should_be_validated @other, "other_secret"
     end
   end
-  
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: prathe_devise_ldap_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.4.10
+  version: 0.6.0
   prerelease: 
 platform: ruby
 authors:
@@ -11,41 +11,42 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-10-17 00:00:00.000000000Z
+date: 2012-06-13 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &70183830643780 !ruby/object:Gem::Requirement
+  requirement: &70343752987900 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70183830643780
+  version_requirements: *70343752987900
 - !ruby/object:Gem::Dependency
-  name: prathe_net-ldap
-  requirement: &70183830643300 !ruby/object:Gem::Requirement
+  name: net-ldap
+  requirement: &70343752987400 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.2.2
   type: :runtime
   prerelease: false
-  version_requirements: *70183830643300
-description: LDAP authentication module for Devise
+  version_requirements: *70343752987400
+description: Devise extension to allow authentication via LDAP
 email: curtis.schiewek@gmail.com
 executables: []
 extensions: []
-extra_rdoc_files:
-- README.md
+extra_rdoc_files: []
 files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
 - MIT-LICENSE
 - README.md
 - Rakefile
-- VERSION
 - devise_ldap_authenticatable.gemspec
 - lib/devise_ldap_authenticatable.rb
 - lib/devise_ldap_authenticatable/exception.rb
@@ -63,6 +64,7 @@ files:
 - test/ldap/base.ldif
 - test/ldap/clear.ldif
 - test/ldap/local.schema
+- test/ldap/openldap-data/run/.gitkeep
 - test/ldap/run-server.sh
 - test/ldap/server.pem
 - test/ldap/slapd-ssl-test.conf
@@ -94,6 +96,7 @@ files:
 - test/rails_app/config/initializers/secret_token.rb
 - test/rails_app/config/initializers/session_store.rb
 - test/rails_app/config/ldap.yml
+- test/rails_app/config/ldap_with_boolean_ssl.yml
 - test/rails_app/config/ldap_with_erb.yml
 - test/rails_app/config/ldap_with_uid.yml
 - test/rails_app/config/locales/devise.en.yml
@@ -134,7 +137,7 @@ files:
 - test/rails_app/test/unit/post_test.rb
 - test/rails_app/test/unit/user_test.rb
 - test/test_helper.rb
-homepage: http://github.com/cschiewek/devise_ldap_authenticatable
+homepage: https://github.com/cschiewek/devise_ldap_authenticatable
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -157,5 +160,82 @@ rubyforge_project:
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: LDAP authentication module for Devise
-test_files: []
+summary: Devise extension to allow authentication via LDAP
+test_files:
+- test/devise_ldap_authenticatable_test.rb
+- test/ldap/base.ldif
+- test/ldap/clear.ldif
+- test/ldap/local.schema
+- test/ldap/openldap-data/run/.gitkeep
+- test/ldap/run-server.sh
+- test/ldap/server.pem
+- test/ldap/slapd-ssl-test.conf
+- test/ldap/slapd-test.conf
+- test/rails_app/Gemfile
+- test/rails_app/Gemfile.lock
+- test/rails_app/Rakefile
+- test/rails_app/app/controllers/application_controller.rb
+- test/rails_app/app/controllers/posts_controller.rb
+- test/rails_app/app/helpers/application_helper.rb
+- test/rails_app/app/helpers/posts_helper.rb
+- test/rails_app/app/models/post.rb
+- test/rails_app/app/models/user.rb
+- test/rails_app/app/views/layouts/application.html.erb
+- test/rails_app/app/views/posts/index.html.erb
+- test/rails_app/config.ru
+- test/rails_app/config/application.rb
+- test/rails_app/config/boot.rb
+- test/rails_app/config/cucumber.yml
+- test/rails_app/config/database.yml
+- test/rails_app/config/environment.rb
+- test/rails_app/config/environments/development.rb
+- test/rails_app/config/environments/production.rb
+- test/rails_app/config/environments/test.rb
+- test/rails_app/config/initializers/backtrace_silencers.rb
+- test/rails_app/config/initializers/devise.rb
+- test/rails_app/config/initializers/inflections.rb
+- test/rails_app/config/initializers/mime_types.rb
+- test/rails_app/config/initializers/secret_token.rb
+- test/rails_app/config/initializers/session_store.rb
+- test/rails_app/config/ldap.yml
+- test/rails_app/config/ldap_with_boolean_ssl.yml
+- test/rails_app/config/ldap_with_erb.yml
+- test/rails_app/config/ldap_with_uid.yml
+- test/rails_app/config/locales/devise.en.yml
+- test/rails_app/config/locales/en.yml
+- test/rails_app/config/routes.rb
+- test/rails_app/config/ssl_ldap.yml
+- test/rails_app/config/ssl_ldap_with_erb.yml
+- test/rails_app/config/ssl_ldap_with_uid.yml
+- test/rails_app/db/migrate/20100708120302_create_posts.rb
+- test/rails_app/db/migrate/20100708120448_devise_create_users.rb
+- test/rails_app/db/schema.rb
+- test/rails_app/db/seeds.rb
+- test/rails_app/features/manage_logins.feature
+- test/rails_app/features/step_definitions/login_steps.rb
+- test/rails_app/features/step_definitions/web_steps.rb
+- test/rails_app/features/support/env.rb
+- test/rails_app/features/support/paths.rb
+- test/rails_app/lib/tasks/.gitkeep
+- test/rails_app/lib/tasks/cucumber.rake
+- test/rails_app/public/404.html
+- test/rails_app/public/422.html
+- test/rails_app/public/500.html
+- test/rails_app/public/images/rails.png
+- test/rails_app/public/javascripts/application.js
+- test/rails_app/public/javascripts/controls.js
+- test/rails_app/public/javascripts/dragdrop.js
+- test/rails_app/public/javascripts/effects.js
+- test/rails_app/public/javascripts/prototype.js
+- test/rails_app/public/javascripts/rails.js
+- test/rails_app/public/stylesheets/.gitkeep
+- test/rails_app/script/cucumber
+- test/rails_app/script/rails
+- test/rails_app/test/factories/users.rb
+- test/rails_app/test/functional/posts_controller_test.rb
+- test/rails_app/test/performance/browsing_test.rb
+- test/rails_app/test/test_helper.rb
+- test/rails_app/test/unit/helpers/posts_helper_test.rb
+- test/rails_app/test/unit/post_test.rb
+- test/rails_app/test/unit/user_test.rb
+- test/test_helper.rb

data/VERSION

@@ -1 +0,0 @@
-0.4.10