lib/adauth/authenticate.rb in adauth-1.2.1 vs lib/adauth/authenticate.rb in adauth-2.0.0pre
- old
+ new
@@ -1,74 +1,53 @@
module Adauth
- # Takes a username and password as an input and returns an instance of `Adauth::User`
+ # Authenticates the specifed user agains the domain
#
- # Called as
- # Adauth.authenticate("Username", "Password")
- #
- # Will return `nil` if the username/password combo is wrong, if the username/password combo is correct it will return an instance of `Adauth::User` which can be used to populate your database.
- def self.authenticate(login, pass)
- if user = Adauth::User.authenticate(login, pass)
- return user if allowed_group_login(user) and allowed_ou_login(user)
- else
- return nil
+ # Checks the groups & ous are in the allow/deny lists
+ def self.authenticate(username, password)
+ begin
+ if Adauth::AdObjects::User.authenticate(username, password)
+ user = Adauth::AdObjects::User.where('sAMAccountName', username).first
+ if allowed_group_login(user) && allowed_ou_login(user)
+ return user
+ else
+ return false
+ end
+ else
+ return false
+ end
+ rescue RuntimeError
+ return false
end
end
- # Takes a username as an input and returns and instance of `Adauth::User`
- #
- # Called as
- # Adauth.authentication("Username")
- #
- # Will return `nil` if the username is worng, if the admin details are not set an error will be raised.
- def self.passwordless_login(login)
- @conn = Adauth::AdminConnection.bind
- if user = @conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first
- return Adauth::User.new(user)
- else
- return nil
- end
- end
-
- # Checks weather an users groups are allowed to login
- #
- # Called as:
- # Adauth.allowed_group_login(Adauth::User)
- #
- # Returns true if the user can login and false if the user cant
+ # Makes sure the user meets the group requirements
def self.allowed_group_login(user)
if @config.allowed_groups != []
- allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil
+ allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.cn_groups)) ? user : nil
else
allowed = user
end
-
+
if @config.denied_groups != []
- denied = (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil
+ denied = (user && @config.denied_groups == (@config.denied_groups - user.cn_groups)) ? user : nil
else
denied = user
end
-
allowed == denied
end
- # Checks weather an users ous are allowed to login
- #
- # Called as:
- # Adauth.allowed_ou_login(Adauth::User)
- #
- # Returns true if the user can login and false if the user cant
+ # Makes sure the user meets the ou requirements
def self.allowed_ou_login(user)
if @config.allowed_ous != []
- allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil
+ allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.dn_ous)) ? user : nil
else
allowed = user
end
-
+
if @config.denied_ous != []
- denied = (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil
+ denied = (user && @config.denied_ous == (@config.denied_ous - user.dn_ous)) ? user : nil
else
denied = user
end
-
allowed == denied
end
-end
\ No newline at end of file
+end