simple_ldap_authenticator 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a0cd12219f55450a7360afd838042eeeb7c96914fa01e7f573246c8de9bec8c
-  data.tar.gz: 38e42cc1bd4bc35bf8f5d7f71317d53bf0aa816041a5198aaaa8abe06bddc954
+  metadata.gz: 370835649201c04c545cb53d363385e36b1d34ae4f3a1f08dd91b7f889725866
+  data.tar.gz: 9d3118b82945916bd3043b22304777891943ad7ee450b4855b0bfe09e816af55
 SHA512:
-  metadata.gz: fc4aa226b58a7d8889e3049ba134c194466951e4691a9a3be58c083460dec02295632a49cfe8bd274612d8fe684426d1b0c02f3eec6d2a312a2e26eca4cf1d4f
-  data.tar.gz: 6d95e78ff27cce08a1f7cebd9c95499701efffcdae602243079763ed085936215255318586d4187d5e0f4e2c9e60a8dfed829436f1c6f9e8ff8d9243e150dd10
+  metadata.gz: 0fce93068f8fb5d2e38f304860c6a4e7334a7bb408d0d3a75e41f5ff218c72107062dec33de8fd3455317296b98f6580bac7cb8a1c72c9ada4e0b5cec4d96715
+  data.tar.gz: c5b333d7c4b0359867a3176c0edb49fa1911cf329ebf41676049fa9999eb51bc57e931680a86c91e40cdee60112d3d57cbe9bdfe506e898b4f4ac32160429d98

data/README

@@ -4,19 +4,17 @@ SimpleLdapAuthenticator
 Allows for simple authentication to an LDAP server with a minimum of
 configuration.  Requires either Ruby/LDAP or Net::LDAP.   
 
-Usage is fairly simple:
+Example Usage:
+
   require 'simple_ldap_authenticator'
+  require 'logger'
+
   SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com'
   SimpleLdapAuthenticator.use_ssl = true
-  SimpleLdapAuthenticator.login_format = '%s @domain.com'
-  SimpleLdapAuthenticator.logger = RAILS_DEFAULT_LOGGER
-  class LoginController < ApplicationController
-    def login
-      return redirect_to(:action=>'try_again') unless \
-        SimpleLdapAuthenticator.valid?(params[:username], \
-        params[:password])  
-      session[:username] = params[:username]
-    end
-  end
+  SimpleLdapAuthenticator.login_format = '%s@domain.com'
+  SimpleLdapAuthenticator.logger = Logger.new($stdout)
+
+  SimpleLdapAuthenticator.valid?(username, password)
+  # => true or false (or raise if there is an issue connecting to the server)
 
-github: http://github.com/jeremyevans/simple_ldap_authenticator/tree/master
+github: http://github.com/jeremyevans/simple_ldap_authenticator

data/lib/simple_ldap_authenticator.rb

@@ -14,22 +14,19 @@
 # * servers = ['dc1.domain.com', 'dc2.domain.com'] # names/addresses of LDAP servers to use
 # * use_ssl = true # for logging in via LDAPS
 # * port = 3289 # instead of 389 for LDAP or 636 for LDAPS
-# * logger = RAILS_DEFAULT_LOGGER # for logging authentication successes/failures
+# * logger = Logger.new($stdout) # for logging authentication successes/failures
 #
 # The class is used as a singleton, you are not supposed to create an
 # instance of it. For example:
 #
-#    require 'simple_ldap_authenticator'
-#    SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com'
-#    SimpleLdapAuthenticator.use_ssl = true
-#    SimpleLdapAuthenticator.login_format = '%s@domain.com'
-#    SimpleLdapAuthenticator.logger = RAILS_DEFAULT_LOGGER
-#    class LoginController < ApplicationController 
-#      def login
-#        return redirect_to(:action=>'try_again') unless SimpleLdapAuthenticator.valid?(params[:username], params[:password])
-#        session[:username] = params[:username]
-#      end
-#    end
+#  require 'simple_ldap_authenticator'
+#
+#  SimpleLdapAuthenticator.servers = %w'dc1.domain.com dc2.domain.com'
+#  SimpleLdapAuthenticator.use_ssl = true
+#  SimpleLdapAuthenticator.login_format = '%s@domain.com'
+#
+#  SimpleLdapAuthenticator.valid?(username, password)
+#  # => true or false (or raise if there is an issue connecting to the server)
 class SimpleLdapAuthenticator
   @servers = ['127.0.0.1']
   @use_ssl = false
@@ -94,34 +91,37 @@ class SimpleLdapAuthenticator
     
     # Check the validity of a login/password combination
     def valid?(login, password)
-      if password.to_s == ''
+      login = login.to_s
+      password = password.to_s
+      connection = self.connection
+      if password == '' || password.include?("\0") || login.include?("\0")
         false
       elsif ldap_library == 'net/ldap'
-        connection.authenticate(login_format % login.to_s, password.to_s)
+        connection.authenticate(login_format % login, password)
         begin
           if connection.bind
-            logger.info("Authenticated #{login.to_s} by #{server}") if logger
+            logger.info("Authenticated #{login} by #{server}") if logger
             true
           else
-            logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{connection.get_operation_result.code} #{connection.get_operation_result.message}") if logger
+            logger.info("Error attempting to authenticate #{login} by #{server}: #{connection.get_operation_result.code} #{connection.get_operation_result.message}") if logger
             switch_server unless connection.get_operation_result.code == 49
             false
           end
         rescue Net::LDAP::Error, SocketError, SystemCallError => error
-          logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{error.message}") if logger
+          logger.info("Error attempting to authenticate #{login} by #{server}: #{error.message}") if logger
           switch_server
           false
         end
       else
         connection.unbind if connection.bound?
         begin
-          connection.bind(login_format % login.to_s, password.to_s)
+          connection.bind(login_format % login, password)
           connection.unbind
-          logger.info("Authenticated #{login.to_s} by #{server}") if logger
+          logger.info("Authenticated #{login} by #{server}") if logger
           true
         rescue LDAP::ResultError => error
           connection.unbind if connection.bound?
-          logger.info("Error attempting to authenticate #{login.to_s} by #{server}: #{error.message}") if logger
+          logger.info("Error attempting to authenticate #{login} by #{server}: #{error.message}") if logger
           switch_server unless error.message == 'Invalid credentials'
           false
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_ldap_authenticator
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Jeremy Evans
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-19 00:00:00.000000000 Z
+date: 2024-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest-global_expectations
@@ -66,7 +66,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email: code@jeremyevans.net
 executables: []
 extensions: []
@@ -76,14 +76,14 @@ files:
 - LICENSE
 - README
 - lib/simple_ldap_authenticator.rb
-homepage: 
+homepage:
 licenses: []
 metadata:
   bug_tracker_uri: https://github.com/jeremyevans/simple_ldap_authenticator/issues
   changelog_uri: https://github.com/jeremyevans/simple_ldap_authenticator/blob/master/CHANGELOG
   mailing_list_uri: https://github.com/jeremyevans/simple_ldap_authenticator/discussions
   source_code_uri: https://github.com/jeremyevans/simple_ldap_authenticator
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--inline-source"
 - "--line-numbers"
@@ -102,8 +102,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key: 
+rubygems_version: 3.5.16
+signing_key:
 specification_version: 4
 summary: Easy authentication to an LDAP server(s)
 test_files: []