lib/adauth/authenticate.rb in adauth-1.2.1 vs lib/adauth/authenticate.rb in adauth-2.0.0pre

- old
+ new

@@ -1,74 +1,53 @@ module Adauth - # Takes a username and password as an input and returns an instance of `Adauth::User` + # Authenticates the specifed user agains the domain # - # Called as - # Adauth.authenticate("Username", "Password") - # - # Will return `nil` if the username/password combo is wrong, if the username/password combo is correct it will return an instance of `Adauth::User` which can be used to populate your database. - def self.authenticate(login, pass) - if user = Adauth::User.authenticate(login, pass) - return user if allowed_group_login(user) and allowed_ou_login(user) - else - return nil + # Checks the groups & ous are in the allow/deny lists + def self.authenticate(username, password) + begin + if Adauth::AdObjects::User.authenticate(username, password) + user = Adauth::AdObjects::User.where('sAMAccountName', username).first + if allowed_group_login(user) && allowed_ou_login(user) + return user + else + return false + end + else + return false + end + rescue RuntimeError + return false end end - # Takes a username as an input and returns and instance of `Adauth::User` - # - # Called as - # Adauth.authentication("Username") - # - # Will return `nil` if the username is worng, if the admin details are not set an error will be raised. - def self.passwordless_login(login) - @conn = Adauth::AdminConnection.bind - if user = @conn.search(:filter => Net::LDAP::Filter.eq('sAMAccountName', login)).first - return Adauth::User.new(user) - else - return nil - end - end - - # Checks weather an users groups are allowed to login - # - # Called as: - # Adauth.allowed_group_login(Adauth::User) - # - # Returns true if the user can login and false if the user cant + # Makes sure the user meets the group requirements def self.allowed_group_login(user) if @config.allowed_groups != [] - allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.groups)) ? user : nil + allowed = (user && @config.allowed_groups != (@config.allowed_groups - user.cn_groups)) ? user : nil else allowed = user end - + if @config.denied_groups != [] - denied = (user && @config.denied_groups == (@config.denied_groups - user.groups)) ? user : nil + denied = (user && @config.denied_groups == (@config.denied_groups - user.cn_groups)) ? user : nil else denied = user end - allowed == denied end - # Checks weather an users ous are allowed to login - # - # Called as: - # Adauth.allowed_ou_login(Adauth::User) - # - # Returns true if the user can login and false if the user cant + # Makes sure the user meets the ou requirements def self.allowed_ou_login(user) if @config.allowed_ous != [] - allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.ous)) ? user : nil + allowed = (user && @config.allowed_ous != (@config.allowed_ous - user.dn_ous)) ? user : nil else allowed = user end - + if @config.denied_ous != [] - denied = (user && @config.denied_ous == (@config.denied_ous - user.ous)) ? user : nil + denied = (user && @config.denied_ous == (@config.denied_ous - user.dn_ous)) ? user : nil else denied = user end - allowed == denied end -end \ No newline at end of file +end