sheffield_ldap_lookup 0.0.7 → 0.0.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/sheffield_ldap_lookup/ldap_finder.rb +23 -5
  4. data/lib/sheffield_ldap_lookup/version.rb +1 -1
  5. data/spec/lib/ldap_finder_spec.rb +50 -17
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3090dd3270a42985506f6077318966d175fb5460a058f397b71f1f70577e283e
4
- data.tar.gz: 60717cc86c1e4302bc2d559678cac466a8fde864f716749f9729cef676a29116
3
+ metadata.gz: 2499f759ae17e3702bbcd6e07bdaeb7985488bc5074a561392f02c80386c4b03
4
+ data.tar.gz: d4035c152037b834a2dcd02ce96692b43bc69292f30bbaca059058870f5ffe7f
5
5
  SHA512:
6
- metadata.gz: 0cd3d1d61454854acee77fd4ce9e508596f2f5b915dd55cc1a8ca72812154e0e23da960c0c0abf0d4d51364146261fc46f4f17215e2e0bd62e704fb47aa4c52f
7
- data.tar.gz: 229b7266dd482ef161b6544906d1c51847ddc7b28bd027687d295e28474d7fa9a8006386c3bd83d3e032beb1445d6d6400a5fd781f2b947626955605bb973e73
6
+ metadata.gz: 41775cb57a487c0b87a563b5ba880edfa0cefd124caafdd69830d7d833faa402083351e60b90d1938090ebf367c74326471b98eddc8efa127afacad4706735e1
7
+ data.tar.gz: '085a7d951eaa6073edcbf8b7abe17642fe8f0ee946aba7ca24230e752cae79459eb485dc09f2e94d9bb240fe70b4324f148d45b20a809500f1a85dc787162b76'
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.5.1
1
+ ruby-3.1
data/lib/sheffield_ldap_lookup/ldap_finder.rb CHANGED
@@ -12,13 +12,21 @@ module SheffieldLdapLookup
12
12
 
13
13
  class << self
14
14
  attr_accessor :ldap_config
15
+ attr_accessor :error_notification_proc
15
16
  end
16
17
 
17
18
  def lookup
19
+ all_results[0]
20
+ end
21
+
22
+ def all_results
18
23
  begin
19
- @lookup ||= connection.search(filter: ldap_filter)[0]
20
- rescue
21
- {}
24
+ @all_results ||= connection.search(filter: ldap_filter)
25
+ rescue Exception => exception
26
+ if self.class.error_notification_proc.is_a?(Proc)
27
+ self.class.error_notification_proc.call(exception)
28
+ end
29
+ raise exception
22
30
  end
23
31
  end
24
32
 
@@ -28,7 +36,7 @@ module SheffieldLdapLookup
28
36
 
29
37
  def search_attribute
30
38
  return custom_search_attribute if custom_search_attribute
31
- keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'uid'
39
+ keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'sAMAccountName'
32
40
  end
33
41
 
34
42
  def ldap_config
@@ -56,9 +64,19 @@ module SheffieldLdapLookup
56
64
 
57
65
  if ldap_config["#{@config_prefix}ssl"] == true
58
66
  base_settings[:port] ||= 636
59
- base_settings[:encryption] = :simple_tls
67
+ base_settings[:encryption] = {
68
+ method: :simple_tls,
69
+ tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
70
+ # Default min version (in Ruby 2.7) is TLS 1.0, but server always responds and says provide TLS 1.2
71
+ # (and, to be honest, we shouldn't use anything less than TLS 1.2 these days)
72
+ min_version: OpenSSL::SSL::TLS1_2_VERSION
73
+ )
74
+ }
60
75
  end
61
76
 
77
+ # Avoid two LDAP queries per connection by forcing unpaged results
78
+ base_settings[:force_no_page] = true
79
+
62
80
  base_settings
63
81
  end
64
82
 
data/lib/sheffield_ldap_lookup/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SheffieldLdapLookup
2
- VERSION = "0.0.7"
2
+ VERSION = "0.0.10"
3
3
  end
data/spec/lib/ldap_finder_spec.rb CHANGED
@@ -3,12 +3,18 @@ require 'sheffield_ldap_lookup/ldap_finder.rb'
3
3
 
4
4
  describe SheffieldLdapLookup::LdapFinder do
5
5
  let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users' } }
6
+ let(:default_tls_options) { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(min_version: OpenSSL::SSL::TLS1_2_VERSION) }
6
7
 
7
8
  describe "#connection" do
8
9
  it "should create a new LDAP connection" do
9
10
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
10
11
  ldap_class = double
11
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'], port: ldap_config['port'], base: ldap_config['base'])
12
+ expect(ldap_class).to receive(:new).with({
13
+ host: ldap_config['host'],
14
+ port: ldap_config['port'],
15
+ base: ldap_config['base'],
16
+ force_no_page: true
17
+ })
12
18
  subject.connection(ldap_class)
13
19
  end
14
20
  end
@@ -24,7 +30,7 @@ describe SheffieldLdapLookup::LdapFinder do
24
30
  describe "determine to search against uid or email based on the format of the keyword" do
25
31
  it "should use 'uid' attribute for username" do
26
32
  finder = SheffieldLdapLookup::LdapFinder.new('username')
27
- expect(finder.search_attribute).to eq 'uid'
33
+ expect(finder.search_attribute).to eq 'sAMAccountName'
28
34
  end
29
35
 
30
36
  it "should use 'mail' attribute for email" do
@@ -52,7 +58,12 @@ describe SheffieldLdapLookup::LdapFinder do
52
58
  it "should create a new LDAP connection" do
53
59
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
54
60
  ldap_class = double
55
- expect(ldap_class).to receive(:new).with(host: ldap_config['prefix_host'], port: ldap_config['prefix_port'], base: ldap_config['prefix_base'])
61
+ expect(ldap_class).to receive(:new).with({
62
+ host: ldap_config['prefix_host'],
63
+ port: ldap_config['prefix_port'],
64
+ base: ldap_config['prefix_base'],
65
+ force_no_page: true
66
+ })
56
67
  subject.connection(ldap_class)
57
68
  end
58
69
  end
@@ -63,9 +74,16 @@ describe SheffieldLdapLookup::LdapFinder do
63
74
  it "should create a new secure LDAP connection" do
64
75
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
65
76
  ldap_class = double
66
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
67
- port: ldap_config['port'], base: ldap_config['base'],
68
- encryption: :simple_tls)
77
+ expect(ldap_class).to receive(:new).with({
78
+ host: ldap_config['host'],
79
+ port: ldap_config['port'],
80
+ base: ldap_config['base'],
81
+ encryption: {
82
+ method: :simple_tls,
83
+ tls_options: default_tls_options
84
+ },
85
+ force_no_page: true
86
+ })
69
87
  subject.connection(ldap_class)
70
88
  end
71
89
  end
@@ -77,9 +95,17 @@ describe SheffieldLdapLookup::LdapFinder do
77
95
  it "should create a new secure LDAP connection" do
78
96
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
79
97
  ldap_class = double
80
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
81
- port: ldap_config['port'], base: ldap_config['base'],
82
- auth: { method: :simple, username: 'ldapusername', password: 'ldappassword' } )
98
+ expect(ldap_class).to receive(:new).with({
99
+ host: ldap_config['host'],
100
+ port: ldap_config['port'],
101
+ base: ldap_config['base'],
102
+ force_no_page: true,
103
+ auth: {
104
+ method: :simple,
105
+ username: 'ldapusername',
106
+ password: 'ldappassword'
107
+ }
108
+ })
83
109
  subject.connection(ldap_class)
84
110
  end
85
111
  end
@@ -91,9 +117,21 @@ describe SheffieldLdapLookup::LdapFinder do
91
117
  it "should create a new secure LDAP connection" do
92
118
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
93
119
  ldap_class = double
94
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
95
- port: ldap_config['port'], base: ldap_config['base'], encryption: :simple_tls,
96
- auth: { method: :simple, username: 'ldapusername', password: 'ldappassword' } )
120
+ expect(ldap_class).to receive(:new).with({
121
+ host: ldap_config['host'],
122
+ port: ldap_config['port'],
123
+ base: ldap_config['base'],
124
+ force_no_page: true,
125
+ encryption: {
126
+ method: :simple_tls,
127
+ tls_options: default_tls_options
128
+ },
129
+ auth: {
130
+ method: :simple,
131
+ username: 'ldapusername',
132
+ password: 'ldappassword'
133
+ }
134
+ })
97
135
  subject.connection(ldap_class)
98
136
  end
99
137
  end
@@ -118,11 +156,6 @@ describe SheffieldLdapLookup::LdapFinder do
118
156
  allow(connection).to receive(:search).and_return([result])
119
157
  expect(subject.lookup).to eq result
120
158
  end
121
-
122
- it "should return an empty hash if cannot connect to LDAP" do
123
- allow(connection).to receive(:search).and_return(->{raise})
124
- expect(subject.lookup).to eq({})
125
- end
126
159
  end
127
160
  end
128
161
  end
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sheffield_ldap_lookup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Gregory-Monk
8
8
  - Shuo Chen
9
- autorequire:
9
+ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-01-05 00:00:00.000000000 Z
12
+ date: 2024-03-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: net-ldap
@@ -93,7 +93,7 @@ files:
93
93
  homepage: https://www.epigenesys.org.uk
94
94
  licenses: []
95
95
  metadata: {}
96
- post_install_message:
96
+ post_install_message:
97
97
  rdoc_options: []
98
98
  require_paths:
99
99
  - lib
@@ -108,8 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
108
108
  - !ruby/object:Gem::Version
109
109
  version: '0'
110
110
  requirements: []
111
- rubygems_version: 3.1.6
112
- signing_key:
111
+ rubygems_version: 3.4.18
112
+ signing_key:
113
113
  specification_version: 4
114
114
  summary: LDAP lookup
115
115
  test_files: