Skip to content

Commit

Permalink
Added ldap authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakubn
jakubn committed Jan 3, 2011
1 parent 7a1befd commit 6f42faa
Show file tree
Hide file tree
Showing 9 changed files with 72 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ gem "merb-auth-more", merb_gems_version
gem "merb-auth-slice-password", merb_gems_version
gem "merb-param-protection", merb_gems_version
gem "merb-exceptions", merb_gems_version

gem "net-ldap"
git "git://github.com/schwabsauce/merb_dm_xss_terminate.git" do
gem "merb_dm_xss_terminate"
end
Expand Down
2 changes: 2 additions & 0 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ GEM
daemons (>= 1.0.3)
fastthread (>= 1.0.1)
gem_plugin (>= 0.2.3)
net-ldap (0.1.1)
nokogiri (1.4.1)
open4 (0.9.6)
rack (1.2.1)
Expand Down Expand Up @@ -186,6 +187,7 @@ DEPENDENCIES
merb_datamapper (= 1.1.0.pre)
merb_dm_xss_terminate!
mongrel (= 1.1.5)
net-ldap
nokogiri (= 1.4.1)
rack_revision_info
rcov
Expand Down
27 changes: 27 additions & 0 deletions app/helpers/ldap_helper.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
require 'net/ldap'
require 'yaml'

module Auth
module LDAP

def self.settings
@settings ||=
YAML.load_file(File.join(Merb.root, 'config', 'ldap.yml'))
end


def self.authenticate(login, password)
ldap = Net::LDAP.new({
:host => settings[:host],
:base => settings[:base],
:port => settings[:port],
:auth => {
:method => :simple,
:username => "#{settings[:attr]}=#{login},#{settings[:base]}",
:password => password
}})
ldap.bind
end

end
end
15 changes: 12 additions & 3 deletions app/models/user.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@ class User
include DataMapper::Resource

RECENT_ACTIVITIES_NUM = 3

LOGIN_REGEXP = /^[\w_\.-]{3,20}$/

property :id, Serial
property :name, String, :required => true
property :type, Discriminator, :index => true
property :login, String, :required => true, :index => true, :format => /^[\w_\.-]{3,20}$/
property :login, String, :required => true, :index => true, :format => LOGIN_REGEXP
property :ldap_login, String, :format => LOGIN_REGEXP, :unique => true
property :email, String, :required => true, :format => :email_address
property :active, Boolean, :required => true, :default => true
property :admin, Boolean, :required => true, :default => false
Expand Down Expand Up @@ -79,7 +81,14 @@ def last_activity_in_project(project)
end

def authenticated?(password)
crypted_password == encrypt(password) && active
(Auth::LDAP.authenticate(ldap_login, password) || crypted_password == encrypt(password) ) && active

end
class << self
def authenticate(login, password)
u = (User.all(:login => login)+User.all(:ldap_login => login)).first
u && u.authenticated?(password) ? u : nil
end
end

def is_admin?
Expand Down
3 changes: 3 additions & 0 deletions app/views/users/_user_form.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@
<p>
<%= text_field :login, :label => "Login" %>
</p>
<p>
<%= text_field :ldap_login, :label => "LDAP Login" %>
</p>
<p>
<%= text_field :email, :label => "Email" %>
</p>
Expand Down
3 changes: 3 additions & 0 deletions app/views/users/show.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@
<p>
Login: <%= @user.login %>
</p>
<p>
LDAP Login: <%= @user.ldap_login %>
</p>
<p>
Email: <%= @user.email %>
</p>
Expand Down
6 changes: 6 additions & 0 deletions config/ldap.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---

:host: ldap.llp.pl
:port: 10389
:base: ou=users,dc=llp,dc=pl
:attr: uid
2 changes: 1 addition & 1 deletion public/javascripts/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ var Users = {
_initValidation: function() {
// add login validation method
function loginFormat(value, element, params) {
return this.optional(element) || (/^[\w_\-]{3,20}$/).test(value);
return this.optional(element) || (/^[\w_\.-]{3,20}$/).test(value);
}

$.validator.addMethod('login', loginFormat,
Expand Down
17 changes: 17 additions & 0 deletions spec/models/user_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,23 @@
User.authenticate(login, password).should be_nil
end

it "should authenticate user with ldap if basic auth fails" do
Auth::LDAP.should_receive(:authenticate).and_return(true)

password = "awsumpass"
login = "SomeLogin"

employee = Employee.prepare(
:active => true,
:login => login,
:ldap_login => "ldap_login",
:password => password,
:password_confirmation => password
)
employee.save.should be_true
User.authenticate("ldap_login", "ldap_password").should_not be_nil
end

it "should send welcome email to new user" do
block_should(change(Merb::Mailer.deliveries, :size).by(1)) do
Employee.generate
Expand Down

0 comments on commit 6f42faa

Please sign in to comment.