rom-ldap 0.2.2

data/lib/rom/ldap/commands.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'rom/commands'
+require 'rom/ldap/commands/create'
+require 'rom/ldap/commands/update'
+require 'rom/ldap/commands/delete'

data/lib/rom/ldap/commands/create.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    module Commands
+      class Create < ROM::Commands::Create
+
+        adapter :ldap
+
+        use :schema
+
+        after :finalize
+
+        # Pass tuple(s) to relation for insertion.
+        #
+        # @param tuples [Hash, Array<Hash>]
+        #
+        # @return [Array<Entry>]
+        #
+        # @api public
+        def execute(tuples)
+          Array([tuples]).flatten(1).map do |tuple|
+            relation.insert(tuple)
+          end
+        end
+
+        private
+
+        # Output through relation output_schema
+        #
+        # @param entries [Array<Entry, FalseClass>]
+        #
+        # @api private
+        def finalize(entries, *)
+          entries.map { |t| relation.output_schema[t] }
+        end
+
+      end
+    end
+  end
+end

data/lib/rom/ldap/commands/delete.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    module Commands
+      class Delete < ROM::Commands::Delete
+
+        adapter :ldap
+
+        def execute
+          relation.delete
+        end
+
+      end
+    end
+  end
+end

data/lib/rom/ldap/commands/update.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    module Commands
+      class Update < ROM::Commands::Update
+
+        adapter :ldap
+
+        use :schema
+
+        after :finalize
+
+        def execute(tuple)
+          update(input[tuple].to_h)
+        end
+
+        private
+
+        #
+        # @param entries [Array<Directory::Entry>]
+        #
+        # @api private
+        def finalize(entries, *)
+          entries.map { |t| relation.output_schema[t] }
+        end
+
+        def update(*args)
+          relation.update(*args)
+        end
+
+      end
+    end
+  end
+end

data/lib/rom/ldap/constants.rb

@@ -0,0 +1,193 @@
+# frozen_string_literal: true
+
+# rubocop:disable Layout/HashAlignment
+
+require 'rom/ldap/oid'
+require 'rom/ldap/scope'
+require 'rom/ldap/alias'
+require 'rom/ldap/matchers'
+require 'rom/ldap/type_map'
+require 'rom/ldap/responses'
+
+require 'uri'
+
+module ROM
+  module LDAP
+    # Matches an ldap(s) url
+    #
+    # @return [Regexp]
+    LDAPURI_REGEX = Regexp.union(
+      ::URI::DEFAULT_PARSER.make_regexp('ldap'),
+      ::URI::DEFAULT_PARSER.make_regexp('ldaps')
+    ).freeze
+
+    # Any word character or hyphen, equals
+    #
+    # @return [Regexp]
+    DN_REGEX = /(([-\w]+=[-\w]+)*,?)/.freeze
+
+    # Something in parentheses
+    #
+    # @return [Regexp]
+    FILTER_REGEX = /^\s*\(.*\)\s*$/.freeze
+
+    # @return [String]
+    NEW_LINE = "\n"
+
+    # @return [String]
+    WILDCARD = '*'
+
+    # @return [String]
+    PERCENT_SPACE = '%20'
+
+    # @return [String]
+    SPACE = ' '
+
+    # @return [Array<String>]
+    OP_ATTRS = %w[+].freeze
+
+    # @return [Array<String>]
+    ALL_ATTRS = [WILDCARD, *OP_ATTRS].freeze
+
+    # @return [String]
+    DEFAULT_PK = 'entrydn'
+
+    # @return [Array<String>]
+    #
+    # @example [Schema]
+    #   use :timestamps,
+    #     attributes: %i(create_timestamp modify_timestamp),
+    #     type: ROM::LDAP::Types::Time
+    #
+    #
+    # @see Relation#operational
+    #
+    TIMESTAMPS = %w[createTimestamp modifyTimestamp].freeze
+
+    # @return [String]
+    #
+    DEFAULT_FILTER = '(objectClass=*)'
+
+    # Time conversion
+    #
+    # @return [Integer]
+    #
+    # @see Functions.to_time
+    TEN_MILLION = 10_000_000
+
+    # @return [Integer]
+    #
+    # @see Functions.to_time
+    SINCE_1601 = 11_644_473_600
+
+    # Internal abstraction of LDAP string search filter constructors.
+    #
+    # @see https://www.rfc-editor.org/rfc/rfc4515.txt String Search Filter Definition
+    #
+    # @return [Hash]
+    #
+    CONSTRUCTORS = {
+      con_and: '&',   # AND / AMPERSAND   / %x26
+      con_or:  '|',   # OR  / VERTBAR     / %x7C
+      con_not: '!'    # NOT / EXCLAMATION / %x21
+    }.freeze
+
+    CONSTRUCTOR_REGEX = Regexp.union(/\s*\|\s*/, /\s*\&\s*/).freeze
+
+    # Internal abstraction of LDAP string search filter operators.
+    #
+    # @return [Hash]
+    #
+    # @see https://www.rfc-editor.org/rfc/rfc4515.txt String Search Filter Definition
+    #
+    #   equal          = EQUALS
+    #   approx         = TILDE EQUALS
+    #   greaterorequal = RANGLE EQUALS
+    #   lessorequal    = LANGLE EQUALS
+    #   extensible     = ( attr [dnattrs]
+    #                        [matchingrule] COLON EQUALS assertionvalue )
+    #                    / ( [dnattrs]
+    #                         matchingrule COLON EQUALS assertionvalue )
+    #
+    OPERATORS = {
+      op_bineq: '=', # Binary comparison
+      op_eql: '=',    # Equal to
+      op_prx: '~=',   # Approximately equal to
+      op_gte: '>=',   # Lexicographically greater than or equal to
+      op_lte: '<=',   # Lexicographically less than or equal to
+      op_ext: ':='    # Bitwise comparison of numeric values
+    }.freeze
+
+    OPERATOR_REGEX = Regexp.union(*OPERATORS.values).freeze
+
+    # @return [Array]
+    #
+    ABSTRACTS = [*OPERATORS.keys, *CONSTRUCTORS.keys].freeze
+
+    # Symbolic abstraction of LDIF booleans and wildcard matcher
+    #
+    # @return [Hash]
+    #
+    VALUES_MAP = {
+      :wildcard => WILDCARD, #  ANY / ASTERISK / %x2A
+      true      => 'TRUE',
+      false     => 'FALSE'
+    }.freeze
+
+    #
+    # DSL dataset methods
+    #
+    # @see RFC4515 value encoding rule.
+    #
+    # @return [Hash]
+    #
+    ESCAPES = {
+      "\0" => '00',   #   NUL      / %x00
+      '*'  => '2A',   #   ASTERISK / %x2A
+      '('  => '28',   #   LPARENS  / %x28
+      ')'  => '29',   #   RPARENS  / %x29
+      '\\' => '5C'    #   ESC      / %x5C
+    }.freeze
+
+    #
+    # Expression Encoder
+    # (1)type (2)dn (4)rule
+    #
+    # <attribute name>:<matching rule OID>:=<value>
+    # (&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))
+    #
+    # @return [Regexp]
+    #
+    EXTENSIBLE_REGEX = /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/.freeze
+
+    # ESC and HEX values
+    #
+    # The value encoding rule ensures that the entire filter string is a valid
+    # UTF-8 string and provides that the octets that represent theses ESCAPES
+    # are represented as a backslash followed by the two hexadecimal digits
+    # representing the value of the encoded octet.
+    #
+    UNESCAPE_REGEX = /\\([a-f\d]{2})/i.freeze
+
+    # @return [Regexp]
+    #
+    ESCAPE_REGEX = Regexp.new('[' + ESCAPES.keys.map { |e| Regexp.escape(e) }.join + ']').freeze
+
+    # @return [Regexp]
+    #
+    VAL_REGEX = %r"(?:[-\[\]{}\w*.+/:@=,#\$%&!'^~\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\x5C(?:[\x20-\x23]|[\x2B\x2C]|[\x3B-\x3E]|\x5C)|\\[a-fA-F\d]{2})+"u.freeze
+
+    # Local file path
+    #
+    # @return [Regexp]
+    #
+    BIN_FILE_REGEX = %r{^file://(.*)}.freeze
+
+    # $1 = attribute
+    # $3 = value
+    #
+    LDIF_LINE_REGEX = /^([^:]+):([\:]?)[\s]*<?(.*)$/.freeze
+  end
+end
+
+# rubocop:enable Layout/HashAlignment

data/lib/rom/ldap/dataset.rb

@@ -0,0 +1,286 @@
+# frozen_string_literal: true
+
+require 'rom/initializer'
+require 'rom/ldap/functions'
+
+require 'rom/ldap/dataset/conversion'
+require 'rom/ldap/dataset/persistence'
+require 'rom/ldap/dataset/dsl'
+
+module ROM
+  module LDAP
+    #
+    # @api private
+    class Dataset
+
+      extend Initializer
+      include Enumerable
+
+      # Directory instance
+      #
+      # @!attribute [r] directory
+      #   @return [Directory]
+      option :directory
+
+      # LDAP filter defined in relation schema.
+      #
+      # @!attribute [r] name
+      #   @return [String] Valid LDAP filter filter string.
+      option :name, type: Types::Filter, reader: :private
+
+      # Valid Distinguished Name. A relation class value or the gateway default.
+      #
+      # @!attribute [r] base
+      #   @return [String] Set when initializing a relation
+      option :base, type: Types::DN, reader: :private, default: proc { directory.base }
+
+      #
+      # @!attribute [r] criteria
+      #   @return [Array] Query AST
+      option :criteria, type: Types::Strict::Array, reader: :private, default: proc { EMPTY_ARRAY }
+
+      #
+      # @!attribute [r] direction
+      #   @return [Symbol]
+      option :direction, type: Types::Direction, reader: :private, default: proc { :asc }
+
+      #
+      # @!attribute [r] offset
+      #   @return [Integer] Pagination per_page(20).
+      option :offset, type: Types::Strict::Integer, reader: :private, optional: true
+
+      # @option :limit [Integer] Pagination page(1).
+      #
+      option :limit, type: Types::Strict::Integer, reader: :private, optional: true
+
+      # @option :random [TrueClass] Switch for randomisation
+      #
+      option :random, type: Types::Strict::Bool, reader: :private, default: proc { false }
+
+      # Attributes to return. Needs to be set to the projected schema.
+      #
+      option :attrs, type: Types::Strict::Array, reader: :private, optional: true
+
+      # @option :aliases [Array]
+      #
+      option :aliases, type: Types::Strict::Array, reader: :private, default: proc { EMPTY_ARRAY }
+
+      # @option :sort_attrs [String,Symbol] Attribute name(s) to sort by.
+      #
+      option :sort_attrs, type: Types::Strict::Array, reader: :private, optional: true
+
+      include DSL
+      include Persistence
+      include Conversion
+
+      # Collection of Dataset::DSL module methods.
+      #   Used by Relation to forward methods to Dataset.
+      #
+      # @return [Array<Symbol>]
+      #
+      # @example
+      #   # => %i{equal has lt begins excludes present}
+      #
+      def self.dsl
+        DSL.public_instance_methods(false)
+      end
+
+      # Dataset#where
+      alias_method :where, :equal
+
+      # Initialise a new class overriding options.
+      #
+      # @return [ROM::LDAP::Dataset]
+      #
+      # @param overrides [Hash] Alternative options
+      #
+      # @api public
+      def with(overrides)
+        self.class.new(options.merge(overrides))
+      end
+
+      # @return [Hash] internal options
+      #
+      # @api public
+      def opts
+        options.merge(ast: to_ast, filter: to_filter).freeze
+      end
+
+      # Iterate over the entries return from the server.
+      #
+      # @return [Array <Directory::Entry>]
+      # @return [Enumerator <Directory::Entry>]
+      #
+      # @api public
+      def each(*args, &block)
+        results = paginated? ? entries[page_range] : entries
+        results = results.sort_by { rand } if random
+        results = results.reverse_each if reversed?
+        results = results.map { |e| apply_aliases(e) } if aliases.any?
+
+        block_given? ? results.each(*args, &block) : results.to_enum
+      end
+
+      # Iterate over each entry or one attribute of each entry.
+      #
+      # @return [Mixed]
+      #
+      # @api public
+      def map(attr = nil, &block)
+        each.map { |entry| attr ? entry[attr] : entry }.map(&block)
+      end
+
+      # Inspect dataset revealing current ast and base.
+      #
+      # @return [String]
+      #
+      # @api public
+      def inspect
+        %(#<#{self.class}: base="#{base}" #{to_ast} />)
+      end
+
+      # This method is present in Sequel and ensures rom-sql/rom-ldap plugin interoperability.
+      #
+      # @return [Dataset]
+      #
+      # @api public
+      def unfiltered
+        with(criteria: EMPTY_ARRAY)
+      end
+
+      # Wildcard search on multiple attributes.
+      #
+      # @example
+      #   dataset.grep([:givenname, :sn], 'foo').opts[:criteria] =>
+      #     [:con_or, [[:op_eql, :givenname, "*foo*"], [:op_eql, :sn, "*foo*"]]]
+      #
+      #
+      # @see Relation::Reading#grep
+      #
+      # @param attrs [Array<Symbol>] schema attribute names
+      #
+      # @param value [String] search parameter
+      #
+      # @return [Relation]
+      #
+      # @api public
+      def grep(attrs, value)
+        new_criteria = attrs.map do |attr|
+          match_dsl([[attr, value]], left: WILDCARD, right: WILDCARD)
+        end
+        join(new_criteria, :con_or)
+      end
+
+      # @see Relation#where
+      #
+      # Combine AST criteria - use AND by default
+      #
+      # @param new_criteria [Array]
+      # @param constructor  [Symbol]
+      #
+      # @return [Relation]
+      #
+      # @api public
+      def join(new_criteria, constructor = :con_and)
+        new_chain = join_dsl(constructor, new_criteria)
+
+        # check because RestrictionDSL sometimes offers empty criteria
+        if new_chain.empty?
+          self
+        else
+          chain(*new_chain)
+        end
+      end
+
+      # Validate the password against the filtered user.
+      #
+      # @param password [String]
+      #
+      # @return [Boolean]
+      #
+      # @api public
+      def bind(password)
+        directory.bind_as(filter: to_ast, password: password)
+      end
+
+      # Handle different string output formats
+      #   i.e. DSML, LDIF, JSON, YAML, MessagePack.
+      #
+      # @return [Hash, Array<Hash>]
+      #
+      def export
+        results = map(&:canonical)
+        results.one? ? results.first : results
+      end
+
+      # Unrestricted count of every entry under the search base
+      #   with the domain entry discounted.
+      #
+      # @return [Integer]
+      #
+      # @api public
+      def total
+        directory.base_total - 1
+      end
+
+      private
+
+      # Communicate with LDAP servers.
+      #   @see Connection::SearchRequest for #query keywords defintion.
+      #
+      # @return [Array<Hash>] Populate with a directory search.
+      #
+      # @api private
+      def entries
+        results =
+          directory.query(
+            filter: to_ast,
+            base: base,
+            attributes: renamed_select,
+            sorted: renamed_sort,
+            max: limit,
+            reverse: reversed?
+          )
+
+        options[:criteria] = []
+        results
+      end
+
+      # @api private
+      def renamed_select
+        directory.canonical_attributes(attrs) if attrs
+      end
+
+      # @api private
+      def renamed_sort
+        directory.canonical_attributes(sort_attrs) if sort_attrs
+      end
+
+      # @return [Range]
+      #
+      # @api private
+      def page_range
+        offset..(offset + limit - 1)
+      end
+
+      # @api private
+      def paginated?
+        limit && offset
+      end
+
+      # @api private
+      def reversed?
+        direction.eql?(:desc)
+      end
+
+      def apply_aliases(entry)
+        Functions[:rename_keys][alias_map, entry].invert
+      end
+
+      def alias_map
+        { dn: :dn }.merge(attrs.zip(aliases).to_h)
+      end
+
+    end
+  end
+end