Merge pull request #4 from dayer4b/extra_attributes-fix

Extra attributes fix
rbCAS · May 28, 2014 · 871c1dd · 871c1dd
2 parents 64dd5d4 + 292d0a6
commit 871c1dd
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.1
diff --git a/lib/casino/ldap_authenticator.rb b/lib/casino/ldap_authenticator.rb
@@ -42,8 +42,11 @@ def authenticate
       @ldap.auth(@options[:admin_user], @options[:admin_password])
     end
     @user_plain = @ldap.bind_as(:base => @options[:base], :size => 1, :password => @password, :filter => user_filter)
-    if @user_plain.is_a?(Array)
-      @user_plain = @user_plain.first
+    if @user_plain != false
+      @user_plain = @ldap.search(:base => @options[:base], :filter => user_filter, :attributes => @options[:extra_attributes].values)
+      if @user_plain.is_a?(Array)
+        @user_plain = @user_plain.first
+      end
     end
   end
 

diff --git a/spec/casino/ldap_authenticator_spec.rb b/spec/casino/ldap_authenticator_spec.rb
@@ -8,7 +8,7 @@
     :base => 'dc=users,dc=example.com',
     :encryption => 'simple_tls',
     :username_attribute => 'uid',
-    :extra_attributes => { :email => 'mail', :fullname => :displayname }
+    :extra_attributes => { :email => 'mail', :fullname => :displayname, :memberof => 'memberof'}
   } }
   let(:subject) { described_class.new(options) }
   let(:connection) { Object.new }
@@ -24,9 +24,11 @@
     let(:username) { 'test' }
     let(:password) { 'foo' }
     let(:user_filter) { Net::LDAP::Filter.eq(options[:username_attribute], username) }
+    let(:extra_attributes) { ['mail', :displayname, 'memberof'] }
 
     before(:each) do
       connection.stub(:bind_as)
+      connection.stub(:search)
     end
 
     it 'does the connection setup' do
@@ -41,7 +43,12 @@
       subject.validate(username, password)
     end
 
-    context 'when validation succeeds' do
+    it 'calls the #search method on the LDAP connection' do
+      connection.should_receive(:search).with(:base => options[:base], :filter => user_filter, :attributes => extra_attributes)
+      subject.validate(username, password)
+    end
+
+    context 'when validation succeeds for user with missing data' do
       let(:fullname) { 'Example User' }
       let(:email) { "#{username}@example.org" }
       let(:ldap_entry) {
@@ -55,14 +62,50 @@
         connection.stub(:bind_as) do
           ldap_entry
         end
+        connection.stub(:search) do
+          ldap_entry
+        end
+      end
+
+      it 'returns the user data with blank value for missing data' do
+        subject.validate(username, password).should == {
+          username: username,
+          extra_attributes: {
+            :email => email,
+            :fullname => fullname,
+            :memberof => ''
+          }
+        }
+      end
+    end
+
+    context 'when validation succeeds for user with complete data' do
+      let(:fullname) { 'Example User' }
+      let(:email) { "#{username}@example.org" }
+      let(:membership) { "cn=group1" }
+      let(:ldap_entry) {
+        entry = Net::LDAP::Entry.new
+        {:uid => username, :displayname => fullname, :mail => email, :memberof => membership}.each do |key, value|
+          entry[key] = [value]
+        end
+        entry
+      }
+      before(:each) do
+        connection.stub(:bind_as) do
+          ldap_entry
+        end
+        connection.stub(:search) do
+          ldap_entry
+        end
       end
 
       it 'returns the user data' do
         subject.validate(username, password).should == {
           username: username,
           extra_attributes: {
             :email => email,
-            :fullname => fullname
+            :fullname => fullname,
+            :memberof => membership
           }
         }
       end