From 7513d8d5af65b323f318c8439ac629a43b27e416 Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Wed, 21 May 2014 16:24:30 -0500 Subject: [PATCH 1/6] added call to ldap.search to pull more information from ldap server --- lib/casino/ldap_authenticator.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/casino/ldap_authenticator.rb b/lib/casino/ldap_authenticator.rb index 90f8113..375f04f 100644 --- a/lib/casino/ldap_authenticator.rb +++ b/lib/casino/ldap_authenticator.rb @@ -42,8 +42,11 @@ def authenticate @ldap.auth(@options[:admin_user], @options[:admin_password]) end @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter) - if @user_plain.is_a?(Array) - @user_plain = @user_plain.first + if @user_plain != false + @user_plain = @ldap.search(:base => @options[:base], :filter => user_filter, :attributes => @options[:extra_attributes].values) + if @user_plain.is_a?(Array) + @user_plain = @user_plain.first + end end end From c0b098e3fe8757a2e453607b342e7cbf0b71fded Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Wed, 21 May 2014 16:24:53 -0500 Subject: [PATCH 2/6] updated tests with stub for search, extra data, and tests --- spec/casino/ldap_authenticator_spec.rb | 50 ++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/spec/casino/ldap_authenticator_spec.rb b/spec/casino/ldap_authenticator_spec.rb index e6aaaed..793e92f 100644 --- a/spec/casino/ldap_authenticator_spec.rb +++ b/spec/casino/ldap_authenticator_spec.rb @@ -8,7 +8,7 @@ :base => 'dc=users,dc=example.com', :encryption => 'simple_tls', :username_attribute => 'uid', - :extra_attributes => { :email => 'mail', :fullname => :displayname } + :extra_attributes => { :email => 'mail', :fullname => :displayname, :memberof => 'memberof'} } } let(:subject) { described_class.new(options) } let(:connection) { Object.new } @@ -24,9 +24,11 @@ let(:username) { 'test' } let(:password) { 'foo' } let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) } + let(:extra_attributes) { ['mail', :displayname, 'memberof'] } before(:each) do connection.stub(:bind_as) + connection.stub(:search) end it 'does the connection setup' do @@ -41,9 +43,15 @@ subject.validate(username, password) end - context 'when validation succeeds' do + it 'calls the #search method on the LDAP connection' do + connection.should_receive(:search).with(:base => options[:base], :filter => user_filter, :attributes => extra_attributes) + subject.validate(username, password) + end + + context 'when validation succeeds for user with missing data' do let(:fullname) { 'Example User' } let(:email) { "#{username}@example.org" } + let(:group) { "group1" } let(:ldap_entry) { entry = Net::LDAP::Entry.new {:uid => username, :displayname => fullname, :mail => email}.each do |key, value| @@ -55,6 +63,41 @@ connection.stub(:bind_as) do ldap_entry end + connection.stub(:search) do + ldap_entry + end + end + + it 'returns the user data with blank value for missing data' do + subject.validate(username, password).should == { + username: username, + extra_attributes: { + :email => email, + :fullname => fullname, + :memberof => '' + } + } + end + end + + context 'when validation succeeds for user with complete data' do + let(:fullname) { 'Example User' } + let(:email) { "#{username}@example.org" } + let(:group) { "group1" } + let(:ldap_entry) { + entry = Net::LDAP::Entry.new + {:uid => username, :displayname => fullname, :mail => email, :memberof => group}.each do |key, value| + entry[key] = [value] + end + entry + } + before(:each) do + connection.stub(:bind_as) do + ldap_entry + end + connection.stub(:search) do + ldap_entry + end end it 'returns the user data' do @@ -62,7 +105,8 @@ username: username, extra_attributes: { :email => email, - :fullname => fullname + :fullname => fullname, + :memberof => group } } end From 0ba3fb1701d41abd53d65ba15c755905071e6cf3 Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Wed, 21 May 2014 16:33:26 -0500 Subject: [PATCH 3/6] updated variable name and membership string to be clearer --- spec/casino/ldap_authenticator_spec.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/spec/casino/ldap_authenticator_spec.rb b/spec/casino/ldap_authenticator_spec.rb index 793e92f..f143616 100644 --- a/spec/casino/ldap_authenticator_spec.rb +++ b/spec/casino/ldap_authenticator_spec.rb @@ -51,7 +51,6 @@ context 'when validation succeeds for user with missing data' do let(:fullname) { 'Example User' } let(:email) { "#{username}@example.org" } - let(:group) { "group1" } let(:ldap_entry) { entry = Net::LDAP::Entry.new {:uid => username, :displayname => fullname, :mail => email}.each do |key, value| @@ -83,10 +82,10 @@ context 'when validation succeeds for user with complete data' do let(:fullname) { 'Example User' } let(:email) { "#{username}@example.org" } - let(:group) { "group1" } + let(:membership) { "cn=group1" } let(:ldap_entry) { entry = Net::LDAP::Entry.new - {:uid => username, :displayname => fullname, :mail => email, :memberof => group}.each do |key, value| + {:uid => username, :displayname => fullname, :mail => email, :memberof => membership}.each do |key, value| entry[key] = [value] end entry @@ -106,7 +105,7 @@ extra_attributes: { :email => email, :fullname => fullname, - :memberof => group + :memberof => membership } } end From 292d0a6676619c7947b0259eabc8823daa4ab0e4 Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Thu, 22 May 2014 09:13:16 -0500 Subject: [PATCH 4/6] added travis config for building --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..be27c15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,5 @@ +language: ruby +rvm: + - 1.9.3 + - 2.0.0 + - 2.1.1 From 3e64e925802f80c2b383f5dafd87224b89389896 Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Wed, 28 May 2014 12:45:06 -0500 Subject: [PATCH 5/6] make sure to return all values for a multiple-valuded attribute --- lib/casino/ldap_authenticator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/casino/ldap_authenticator.rb b/lib/casino/ldap_authenticator.rb index 375f04f..9e2cf03 100644 --- a/lib/casino/ldap_authenticator.rb +++ b/lib/casino/ldap_authenticator.rb @@ -75,7 +75,7 @@ def extra_attributes @options[:extra_attributes].each do |index_result, index_ldap| value = @user_plain[index_ldap] if value - result[index_result] = "#{value.first}" + result[index_result] = "#{value.join(', ')}" end end result From a54220e1487271f253132ccf240657795060fddc Mon Sep 17 00:00:00 2001 From: Sunil K Chopra Date: Wed, 28 May 2014 12:45:28 -0500 Subject: [PATCH 6/6] adjusted test to use example membership with multiple values for memberof attribute --- spec/casino/ldap_authenticator_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/casino/ldap_authenticator_spec.rb b/spec/casino/ldap_authenticator_spec.rb index f143616..748d5d8 100644 --- a/spec/casino/ldap_authenticator_spec.rb +++ b/spec/casino/ldap_authenticator_spec.rb @@ -82,7 +82,7 @@ context 'when validation succeeds for user with complete data' do let(:fullname) { 'Example User' } let(:email) { "#{username}@example.org" } - let(:membership) { "cn=group1" } + let(:membership) { ["cn=group1","cn=group2"] } let(:ldap_entry) { entry = Net::LDAP::Entry.new {:uid => username, :displayname => fullname, :mail => email, :memberof => membership}.each do |key, value| @@ -105,7 +105,7 @@ extra_attributes: { :email => email, :fullname => fullname, - :memberof => membership + :memberof => membership.join(", ") } } end