sheffield_ldap_lookup 0.0.5 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 53101ae7dab529fac6ee8e5604ccf548fce20a75
-  data.tar.gz: 593b21537e0c2024e2c000a5384b34ba225b2403
+SHA256:
+  metadata.gz: 2a0dc52a5bd9f5aa8ec1401e62ca05c0d5f7062c0f382afb77d1f4d8595df0b5
+  data.tar.gz: f945bc9ded89ea4b1d9a047ae6b1c5a7b71786b2a7d98acdd426f5172c7720c4
 SHA512:
-  metadata.gz: 3807d07547fc71d68186c9c8569a86a58fc3eaafd1247642d23c37042b425439967104fb72c33e10866d2ef8be851382e420757d0f4b8dc23c33e814ac50ac7b
-  data.tar.gz: c3a998108c0c650e1af430541bc147a81d6dec782381336f2d4e3d042c45d3725db48f490a8086c2afa4d0b494be0862efca8751f54142c9a921e1e39f7b8be5
+  metadata.gz: 42ed11ed5b09a6a6b3b159fc4fee3757235802bfad7ce87420b3507751ba4f7561502195c03e51a44e373ee7069595f768d2b0234177a98f4ef99c7bac564ed6
+  data.tar.gz: 46017a6b493efd2d91b87f8669e9118ececac71a9190dea0782ca3958b480b8001849e632143fcc0b7d8a3b6c0183d83d07713480cb2011d59ee33a0b0ddff2e

data/.ruby-version

@@ -0,0 +1 @@
+ruby-3.1

data/lib/sheffield_ldap_lookup/ldap_finder.rb

@@ -12,13 +12,17 @@ module SheffieldLdapLookup
 
     class << self
       attr_accessor :ldap_config
+      attr_accessor :error_notification_proc
     end
 
     def lookup
       begin
         @lookup ||= connection.search(filter: ldap_filter)[0]
-      rescue
-        {}
+      rescue Exception => exception
+        if self.class.error_notification_proc.is_a?(Proc)
+          self.class.error_notification_proc.call(exception)
+        end
+        raise exception
       end
     end
 
@@ -28,7 +32,7 @@ module SheffieldLdapLookup
 
     def search_attribute
       return custom_search_attribute if custom_search_attribute
-      keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'uid'
+      keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'sAMAccountName'
     end
 
     def ldap_config
@@ -41,7 +45,9 @@ module SheffieldLdapLookup
 
     def connection_settings
       base_settings = {
-        host: ldap_config["#{@config_prefix}host"], port: ldap_config["#{@config_prefix}port"], base: ldap_config["#{@config_prefix}base"]
+        host: ldap_config["#{@config_prefix}host"],
+        port: ldap_config["#{@config_prefix}port"],
+        base: ldap_config["#{@config_prefix}base"]
       }
 
       if ldap_config.key?("#{@config_prefix}username") && ldap_config.key?("#{@config_prefix}password")
@@ -51,8 +57,24 @@ module SheffieldLdapLookup
           password: ldap_config["#{@config_prefix}password"]
         }
       end
+
+      if ldap_config["#{@config_prefix}ssl"] == true
+        base_settings[:port] ||= 636
+        base_settings[:encryption] = {
+          method: :simple_tls,
+          tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
+            # Default min version (in Ruby 2.7) is TLS 1.0, but server always responds and says provide TLS 1.2
+            # (and, to be honest, we shouldn't use anything less than TLS 1.2 these days)
+            min_version: OpenSSL::SSL::TLS1_2_VERSION
+          )
+        }
+      end
+
+      # Avoid two LDAP queries per connection by forcing unpaged results
+      base_settings[:force_no_page] = true
+
       base_settings
     end
 
   end
-end
+end

data/lib/sheffield_ldap_lookup/version.rb

@@ -1,3 +1,3 @@
 module SheffieldLdapLookup
-  VERSION = "0.0.5"
+  VERSION = "0.0.9"
 end

data/sheffield_ldap_lookup.gemspec

@@ -6,20 +6,20 @@ require 'sheffield_ldap_lookup/version'
 Gem::Specification.new do |gem|
   gem.name          = "sheffield_ldap_lookup"
   gem.version       = SheffieldLdapLookup::VERSION
-  gem.authors       = ["Shuo Chen"]
-  gem.email         = ["s.chen@epigenesys.co.uk"]
+  gem.authors       = ["James Gregory-Monk", "Shuo Chen"]
+  gem.email         = ["james.gregory@epigenesys.org.uk", "shuo.chen@epigenesys.org.uk"]
   gem.description   = "A gem to fetch information from University of Sheffield LDAP server based on username or email address."
   gem.summary       = "LDAP lookup"
-  gem.homepage      = "http://www.epigenesys.org.uk"
+  gem.homepage      = "https://www.epigenesys.org.uk"
 
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
-  
+
   gem.add_dependency('net-ldap')
-  
+
   gem.add_development_dependency('rake')
   gem.add_development_dependency('rails', '>= 3.2')
   gem.add_development_dependency('rspec')
-end
+end

data/spec/lib/ldap_finder_spec.rb

@@ -2,68 +2,160 @@ require 'spec_helper'
 require 'sheffield_ldap_lookup/ldap_finder.rb'
 
 describe SheffieldLdapLookup::LdapFinder do
-  LDAP_CONFIG = { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users' }
+  let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users' } }
+  let(:default_tls_options) { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(min_version: OpenSSL::SSL::TLS1_2_VERSION) }
+
   describe "#connection" do
     it "should create a new LDAP connection" do
-      subject.stub(ldap_config: LDAP_CONFIG)
+      allow(subject).to receive(:ldap_config).and_return(ldap_config)
       ldap_class = double
-      ldap_class.should_receive(:new).with(host: LDAP_CONFIG['host'], port: LDAP_CONFIG['port'], base: LDAP_CONFIG['base'])
+      expect(ldap_class).to receive(:new).with({
+        host: ldap_config['host'],
+        port: ldap_config['port'],
+        base: ldap_config['base'],
+        force_no_page: true
+      })
       subject.connection(ldap_class)
     end
   end
-  
+
   describe "#ldap_config" do
     it "should load the LDAP configuration" do
-      SheffieldLdapLookup::LdapFinder.ldap_config = LDAP_CONFIG
-      subject.ldap_config.should == LDAP_CONFIG
+      SheffieldLdapLookup::LdapFinder.ldap_config = ldap_config
+      expect(subject.ldap_config).to eq ldap_config
     end
   end
-  
+
   describe "#search_attribute" do
     describe "determine to search against uid or email based on the format of the keyword" do
       it "should use 'uid' attribute for username" do
         finder = SheffieldLdapLookup::LdapFinder.new('username')
-        finder.search_attribute.should == 'uid'
+        expect(finder.search_attribute).to eq 'sAMAccountName'
       end
-      
+
       it "should use 'mail' attribute for email" do
         finder = SheffieldLdapLookup::LdapFinder.new('test@test.com')
-        finder.search_attribute.should == 'mail'
+        expect(finder.search_attribute).to eq 'mail'
       end
     end
   end
-  
+
   describe "#ldap_filter" do
     it "should create a LDAP filter for the attribute and keyword" do
       finder = SheffieldLdapLookup::LdapFinder.new('username')
-      finder.stub(search_attribute: 'uid')
+      allow(finder).to receive(:search_attribute).and_return('uid')
       filter_class = double
-      filter_class.should_receive(:eq).with('uid', 'username')
+      expect(filter_class).to receive(:eq).with('uid', 'username')
       finder.ldap_filter filter_class
     end
   end
-  
+
+  context "load config prefix" do
+    let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users',
+      'prefix_host' => 'prefix_localhost', 'prefix_port' => '400', 'prefix_base' => 'ou=BigUsers' } }
+    subject { SheffieldLdapLookup::LdapFinder.new('123', 'prefix_') }
+
+    it "should create a new LDAP connection" do
+      allow(subject).to receive(:ldap_config).and_return(ldap_config)
+      ldap_class = double
+      expect(ldap_class).to receive(:new).with({
+        host: ldap_config['prefix_host'],
+        port: ldap_config['prefix_port'],
+        base: ldap_config['prefix_base'],
+        force_no_page: true
+      })
+      subject.connection(ldap_class)
+    end
+  end
+
+  context 'with an ssl config' do
+    let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users', 'ssl' => true } }
+
+    it "should create a new secure LDAP connection" do
+      allow(subject).to receive(:ldap_config).and_return(ldap_config)
+      ldap_class = double
+      expect(ldap_class).to receive(:new).with({
+        host: ldap_config['host'],
+        port: ldap_config['port'],
+        base: ldap_config['base'],
+        encryption: {
+          method: :simple_tls,
+          tls_options: default_tls_options
+        },
+        force_no_page: true
+      })
+      subject.connection(ldap_class)
+    end
+  end
+
+  context 'with a username and password config' do
+    let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users',
+      'username' => 'ldapusername', 'password' => 'ldappassword' } }
+
+    it "should create a new secure LDAP connection" do
+      allow(subject).to receive(:ldap_config).and_return(ldap_config)
+      ldap_class = double
+      expect(ldap_class).to receive(:new).with({
+        host: ldap_config['host'],
+        port: ldap_config['port'],
+        base: ldap_config['base'],
+        force_no_page: true,
+        auth: {
+          method: :simple,
+          username: 'ldapusername',
+          password: 'ldappassword'
+        }
+      })
+      subject.connection(ldap_class)
+    end
+  end
+
+  context 'with a username, password and ssl config' do
+    let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users',
+      'username' => 'ldapusername', 'password' => 'ldappassword', 'ssl' => true } }
+
+    it "should create a new secure LDAP connection" do
+      allow(subject).to receive(:ldap_config).and_return(ldap_config)
+      ldap_class = double
+      expect(ldap_class).to receive(:new).with({
+        host: ldap_config['host'],
+        port: ldap_config['port'],
+        base: ldap_config['base'],
+        force_no_page: true,
+        encryption: {
+          method: :simple_tls,
+          tls_options: default_tls_options
+        },
+        auth: {
+          method: :simple,
+          username: 'ldapusername',
+          password: 'ldappassword'
+        }
+      })
+      subject.connection(ldap_class)
+    end
+  end
+
   describe "#lookup" do
     describe "use the LDAP filter to search for the entity and return the first result" do
       let(:ldap_filter) { double }
       let(:connection)  { double }
-      before { subject.stub(ldap_filter: ldap_filter, connection: connection) }
-      
+
+      before do
+        allow(subject).to receive(:ldap_filter).and_return(ldap_filter)
+        allow(subject).to receive(:connection).and_return(connection)
+      end
+
       it "should search the LDAP connection using the filter" do
-        connection.should_receive(:search).with(filter: ldap_filter).and_return([])
+        expect(connection).to receive(:search).with(filter: ldap_filter).and_return([])
         subject.lookup
       end
-      
+
       it "should return the first result" do
         result = double
-        connection.stub(search: [result])
-        subject.lookup.should == result
-      end
-      
-      it "should return an empty hash if cannot connect to LDAP" do
-        connection.stub(search: ->{raise})
-        subject.lookup.should == {}
+        allow(connection).to receive(:search).and_return([result])
+        expect(subject.lookup).to eq result
       end
     end
   end
-end
+end

metadata

@@ -1,81 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: sheffield_ldap_lookup
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.9
 platform: ruby
 authors:
+- James Gregory-Monk
 - Shuo Chen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-09 00:00:00.000000000 Z
+date: 2023-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A gem to fetch information from University of Sheffield LDAP server based
   on username or email address.
 email:
-- s.chen@epigenesys.co.uk
+- james.gregory@epigenesys.org.uk
+- shuo.chen@epigenesys.org.uk
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rvmrc
+- ".gitignore"
+- ".ruby-version"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -88,7 +90,7 @@ files:
 - sheffield_ldap_lookup.gemspec
 - spec/lib/ldap_finder_spec.rb
 - spec/spec_helper.rb
-homepage: http://www.epigenesys.org.uk
+homepage: https://www.epigenesys.org.uk
 licenses: []
 metadata: {}
 post_install_message: 
@@ -97,17 +99,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: LDAP lookup

data/.rvmrc

@@ -1 +0,0 @@
-rvm use --create @sheffield_ldap_lookup