sheffield_ldap_lookup 0.0.7 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3090dd3270a42985506f6077318966d175fb5460a058f397b71f1f70577e283e
4
- data.tar.gz: 60717cc86c1e4302bc2d559678cac466a8fde864f716749f9729cef676a29116
3
+ metadata.gz: 2a0dc52a5bd9f5aa8ec1401e62ca05c0d5f7062c0f382afb77d1f4d8595df0b5
4
+ data.tar.gz: f945bc9ded89ea4b1d9a047ae6b1c5a7b71786b2a7d98acdd426f5172c7720c4
5
5
  SHA512:
6
- metadata.gz: 0cd3d1d61454854acee77fd4ce9e508596f2f5b915dd55cc1a8ca72812154e0e23da960c0c0abf0d4d51364146261fc46f4f17215e2e0bd62e704fb47aa4c52f
7
- data.tar.gz: 229b7266dd482ef161b6544906d1c51847ddc7b28bd027687d295e28474d7fa9a8006386c3bd83d3e032beb1445d6d6400a5fd781f2b947626955605bb973e73
6
+ metadata.gz: 42ed11ed5b09a6a6b3b159fc4fee3757235802bfad7ce87420b3507751ba4f7561502195c03e51a44e373ee7069595f768d2b0234177a98f4ef99c7bac564ed6
7
+ data.tar.gz: 46017a6b493efd2d91b87f8669e9118ececac71a9190dea0782ca3958b480b8001849e632143fcc0b7d8a3b6c0183d83d07713480cb2011d59ee33a0b0ddff2e
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.5.1
1
+ ruby-3.1
@@ -12,13 +12,17 @@ module SheffieldLdapLookup
12
12
 
13
13
  class << self
14
14
  attr_accessor :ldap_config
15
+ attr_accessor :error_notification_proc
15
16
  end
16
17
 
17
18
  def lookup
18
19
  begin
19
20
  @lookup ||= connection.search(filter: ldap_filter)[0]
20
- rescue
21
- {}
21
+ rescue Exception => exception
22
+ if self.class.error_notification_proc.is_a?(Proc)
23
+ self.class.error_notification_proc.call(exception)
24
+ end
25
+ raise exception
22
26
  end
23
27
  end
24
28
 
@@ -28,7 +32,7 @@ module SheffieldLdapLookup
28
32
 
29
33
  def search_attribute
30
34
  return custom_search_attribute if custom_search_attribute
31
- keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'uid'
35
+ keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'sAMAccountName'
32
36
  end
33
37
 
34
38
  def ldap_config
@@ -56,9 +60,19 @@ module SheffieldLdapLookup
56
60
 
57
61
  if ldap_config["#{@config_prefix}ssl"] == true
58
62
  base_settings[:port] ||= 636
59
- base_settings[:encryption] = :simple_tls
63
+ base_settings[:encryption] = {
64
+ method: :simple_tls,
65
+ tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
66
+ # Default min version (in Ruby 2.7) is TLS 1.0, but server always responds and says provide TLS 1.2
67
+ # (and, to be honest, we shouldn't use anything less than TLS 1.2 these days)
68
+ min_version: OpenSSL::SSL::TLS1_2_VERSION
69
+ )
70
+ }
60
71
  end
61
72
 
73
+ # Avoid two LDAP queries per connection by forcing unpaged results
74
+ base_settings[:force_no_page] = true
75
+
62
76
  base_settings
63
77
  end
64
78
 
@@ -1,3 +1,3 @@
1
1
  module SheffieldLdapLookup
2
- VERSION = "0.0.7"
2
+ VERSION = "0.0.9"
3
3
  end
@@ -3,12 +3,18 @@ require 'sheffield_ldap_lookup/ldap_finder.rb'
3
3
 
4
4
  describe SheffieldLdapLookup::LdapFinder do
5
5
  let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users' } }
6
+ let(:default_tls_options) { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(min_version: OpenSSL::SSL::TLS1_2_VERSION) }
6
7
 
7
8
  describe "#connection" do
8
9
  it "should create a new LDAP connection" do
9
10
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
10
11
  ldap_class = double
11
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'], port: ldap_config['port'], base: ldap_config['base'])
12
+ expect(ldap_class).to receive(:new).with({
13
+ host: ldap_config['host'],
14
+ port: ldap_config['port'],
15
+ base: ldap_config['base'],
16
+ force_no_page: true
17
+ })
12
18
  subject.connection(ldap_class)
13
19
  end
14
20
  end
@@ -24,7 +30,7 @@ describe SheffieldLdapLookup::LdapFinder do
24
30
  describe "determine to search against uid or email based on the format of the keyword" do
25
31
  it "should use 'uid' attribute for username" do
26
32
  finder = SheffieldLdapLookup::LdapFinder.new('username')
27
- expect(finder.search_attribute).to eq 'uid'
33
+ expect(finder.search_attribute).to eq 'sAMAccountName'
28
34
  end
29
35
 
30
36
  it "should use 'mail' attribute for email" do
@@ -52,7 +58,12 @@ describe SheffieldLdapLookup::LdapFinder do
52
58
  it "should create a new LDAP connection" do
53
59
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
54
60
  ldap_class = double
55
- expect(ldap_class).to receive(:new).with(host: ldap_config['prefix_host'], port: ldap_config['prefix_port'], base: ldap_config['prefix_base'])
61
+ expect(ldap_class).to receive(:new).with({
62
+ host: ldap_config['prefix_host'],
63
+ port: ldap_config['prefix_port'],
64
+ base: ldap_config['prefix_base'],
65
+ force_no_page: true
66
+ })
56
67
  subject.connection(ldap_class)
57
68
  end
58
69
  end
@@ -63,9 +74,16 @@ describe SheffieldLdapLookup::LdapFinder do
63
74
  it "should create a new secure LDAP connection" do
64
75
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
65
76
  ldap_class = double
66
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
67
- port: ldap_config['port'], base: ldap_config['base'],
68
- encryption: :simple_tls)
77
+ expect(ldap_class).to receive(:new).with({
78
+ host: ldap_config['host'],
79
+ port: ldap_config['port'],
80
+ base: ldap_config['base'],
81
+ encryption: {
82
+ method: :simple_tls,
83
+ tls_options: default_tls_options
84
+ },
85
+ force_no_page: true
86
+ })
69
87
  subject.connection(ldap_class)
70
88
  end
71
89
  end
@@ -77,9 +95,17 @@ describe SheffieldLdapLookup::LdapFinder do
77
95
  it "should create a new secure LDAP connection" do
78
96
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
79
97
  ldap_class = double
80
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
81
- port: ldap_config['port'], base: ldap_config['base'],
82
- auth: { method: :simple, username: 'ldapusername', password: 'ldappassword' } )
98
+ expect(ldap_class).to receive(:new).with({
99
+ host: ldap_config['host'],
100
+ port: ldap_config['port'],
101
+ base: ldap_config['base'],
102
+ force_no_page: true,
103
+ auth: {
104
+ method: :simple,
105
+ username: 'ldapusername',
106
+ password: 'ldappassword'
107
+ }
108
+ })
83
109
  subject.connection(ldap_class)
84
110
  end
85
111
  end
@@ -91,9 +117,21 @@ describe SheffieldLdapLookup::LdapFinder do
91
117
  it "should create a new secure LDAP connection" do
92
118
  allow(subject).to receive(:ldap_config).and_return(ldap_config)
93
119
  ldap_class = double
94
- expect(ldap_class).to receive(:new).with(host: ldap_config['host'],
95
- port: ldap_config['port'], base: ldap_config['base'], encryption: :simple_tls,
96
- auth: { method: :simple, username: 'ldapusername', password: 'ldappassword' } )
120
+ expect(ldap_class).to receive(:new).with({
121
+ host: ldap_config['host'],
122
+ port: ldap_config['port'],
123
+ base: ldap_config['base'],
124
+ force_no_page: true,
125
+ encryption: {
126
+ method: :simple_tls,
127
+ tls_options: default_tls_options
128
+ },
129
+ auth: {
130
+ method: :simple,
131
+ username: 'ldapusername',
132
+ password: 'ldappassword'
133
+ }
134
+ })
97
135
  subject.connection(ldap_class)
98
136
  end
99
137
  end
@@ -118,11 +156,6 @@ describe SheffieldLdapLookup::LdapFinder do
118
156
  allow(connection).to receive(:search).and_return([result])
119
157
  expect(subject.lookup).to eq result
120
158
  end
121
-
122
- it "should return an empty hash if cannot connect to LDAP" do
123
- allow(connection).to receive(:search).and_return(->{raise})
124
- expect(subject.lookup).to eq({})
125
- end
126
159
  end
127
160
  end
128
161
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sheffield_ldap_lookup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Gregory-Monk
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-01-05 00:00:00.000000000 Z
12
+ date: 2023-09-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: net-ldap
@@ -108,7 +108,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
108
108
  - !ruby/object:Gem::Version
109
109
  version: '0'
110
110
  requirements: []
111
- rubygems_version: 3.1.6
111
+ rubygems_version: 3.3.7
112
112
  signing_key:
113
113
  specification_version: 4
114
114
  summary: LDAP lookup