diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..be27c15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,5 @@ +language: ruby +rvm: + - 1.9.3 + - 2.0.0 + - 2.1.1 diff --git a/lib/casino/ldap_authenticator.rb b/lib/casino/ldap_authenticator.rb index 90f8113..9e2cf03 100644 --- a/lib/casino/ldap_authenticator.rb +++ b/lib/casino/ldap_authenticator.rb @@ -42,8 +42,11 @@ def authenticate @ldap.auth(@options[:admin_user], @options[:admin_password]) end @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter) - if @user_plain.is_a?(Array) - @user_plain = @user_plain.first + if @user_plain != false + @user_plain = @ldap.search(:base => @options[:base], :filter => user_filter, :attributes => @options[:extra_attributes].values) + if @user_plain.is_a?(Array) + @user_plain = @user_plain.first + end end end @@ -72,7 +75,7 @@ def extra_attributes @options[:extra_attributes].each do |index_result, index_ldap| value = @user_plain[index_ldap] if value - result[index_result] = "#{value.first}" + result[index_result] = "#{value.join(', ')}" end end result diff --git a/spec/casino/ldap_authenticator_spec.rb b/spec/casino/ldap_authenticator_spec.rb index e6aaaed..748d5d8 100644 --- a/spec/casino/ldap_authenticator_spec.rb +++ b/spec/casino/ldap_authenticator_spec.rb @@ -8,7 +8,7 @@ :base => 'dc=users,dc=example.com', :encryption => 'simple_tls', :username_attribute => 'uid', - :extra_attributes => { :email => 'mail', :fullname => :displayname } + :extra_attributes => { :email => 'mail', :fullname => :displayname, :memberof => 'memberof'} } } let(:subject) { described_class.new(options) } let(:connection) { Object.new } @@ -24,9 +24,11 @@ let(:username) { 'test' } let(:password) { 'foo' } let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) } + let(:extra_attributes) { ['mail', :displayname, 'memberof'] } before(:each) do connection.stub(:bind_as) + connection.stub(:search) end it 'does the connection setup' do @@ -41,7 +43,12 @@ subject.validate(username, password) end - context 'when validation succeeds' do + it 'calls the #search method on the LDAP connection' do + connection.should_receive(:search).with(:base => options[:base], :filter => user_filter, :attributes => extra_attributes) + subject.validate(username, password) + end + + context 'when validation succeeds for user with missing data' do let(:fullname) { 'Example User' } let(:email) { "#{username}@example.org" } let(:ldap_entry) { @@ -55,6 +62,41 @@ connection.stub(:bind_as) do ldap_entry end + connection.stub(:search) do + ldap_entry + end + end + + it 'returns the user data with blank value for missing data' do + subject.validate(username, password).should == { + username: username, + extra_attributes: { + :email => email, + :fullname => fullname, + :memberof => '' + } + } + end + end + + context 'when validation succeeds for user with complete data' do + let(:fullname) { 'Example User' } + let(:email) { "#{username}@example.org" } + let(:membership) { ["cn=group1","cn=group2"] } + let(:ldap_entry) { + entry = Net::LDAP::Entry.new + {:uid => username, :displayname => fullname, :mail => email, :memberof => membership}.each do |key, value| + entry[key] = [value] + end + entry + } + before(:each) do + connection.stub(:bind_as) do + ldap_entry + end + connection.stub(:search) do + ldap_entry + end end it 'returns the user data' do @@ -62,7 +104,8 @@ username: username, extra_attributes: { :email => email, - :fullname => fullname + :fullname => fullname, + :memberof => membership.join(", ") } } end