[wishlist] merge changes from gitlab_omniauth-ldap

.gitignore

@@ -1,3 +1,2 @@
 .project
 coverage
-/Gemfile.lock

.travis.yml

@@ -0,0 +1,7 @@
+branches:
+  only:
+    - 'master'
+rvm:
+  - 2.0.0
+  - 2.1.5
+script: "bundle exec rspec spec"

Gemfile

@@ -3,9 +3,8 @@ source 'http://rubygems.org'
 gemspec
 
 group :development, :test do
-  gem 'guard'
-  gem 'guard-rspec'
-  gem 'guard-bundler'
-  gem 'growl'
-  gem 'rb-fsevent'
+  gem 'rspec'
+  gem 'pry'
+  gem 'rake'
+  gem 'rack-test'
 end

Gemfile.lock

@@ -0,0 +1,49 @@
+PATH
+  remote: .
+  specs:
+    gitlab_omniauth-ldap (1.2.1)
+      net-ldap (~> 0.9)
+      omniauth (~> 1.0)
+      pyu-ruby-sasl (~> 0.0.3.1)
+      rubyntlm (~> 0.3)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    coderay (1.0.8)
+    diff-lcs (1.1.3)
+    hashie (3.4.0)
+    method_source (0.8.1)
+    net-ldap (0.11)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    pry (0.9.10)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.3.1)
+    pyu-ruby-sasl (0.0.3.3)
+    rack (1.4.1)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.0.3)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.12.1)
+    rubyntlm (0.5.0)
+    slop (3.3.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  gitlab_omniauth-ldap!
+  pry
+  rack-test
+  rake
+  rspec

README.md

@@ -1,6 +1,6 @@
-# OmniAuth LDAP
+# GitLab fork | OmniAuth LDAP [![build status](https://secure.travis-ci.org/gitlabhq/omniauth-ldap.png)](https://travis-ci.org/gitlabhq/omniauth-ldap)
 
-== LDAP
+### LDAP
 
 Use the LDAP strategy as a middleware in your application:
 

omniauth-ldap.gemspec → gitlab_omniauth-ldap.gemspec

@@ -6,23 +6,18 @@ Gem::Specification.new do |gem|
   gem.email         = ["[email protected]"]
   gem.description   = %q{A LDAP strategy for OmniAuth.}
   gem.summary       = %q{A LDAP strategy for OmniAuth.}
-  gem.homepage      = "https://github.com/intridea/omniauth-ldap"
+  gem.homepage      = "https://github.com/gitlabhq/omniauth-ldap"
   gem.license       = "MIT"
 
   gem.add_runtime_dependency     'omniauth', '~> 1.0'
-  gem.add_runtime_dependency     'net-ldap', '~> 0.3.1'
+  gem.add_runtime_dependency     'net-ldap', '~> 0.9'
   gem.add_runtime_dependency     'pyu-ruby-sasl', '~> 0.0.3.1'
-  gem.add_runtime_dependency     'rubyntlm', '~> 0.1.1'
-  gem.add_development_dependency 'rspec', '~> 2.7'
-  gem.add_development_dependency 'simplecov'
-  gem.add_development_dependency 'rack-test'
-  gem.add_development_dependency 'libnotify'
-  gem.add_development_dependency 'ruby-debug19'
+  gem.add_runtime_dependency     'rubyntlm', '~> 0.3'
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")
   gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  gem.name          = "omniauth-ldap"
+  gem.name          = "gitlab_omniauth-ldap"
   gem.require_paths = ["lib"]
   gem.version       = OmniAuth::LDAP::VERSION
 end

lib/omniauth-ldap/adaptor.rb

@@ -52,6 +52,7 @@ def initialize(configuration={})
           :encryption => method,
           :base => @base
         }
+
         @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)
 
 

lib/omniauth-ldap/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module LDAP
-    VERSION = "1.0.4"
+    VERSION = "1.2.1"
   end
 end

lib/omniauth/strategies/ldap.rb

@@ -40,6 +40,7 @@ def callback_phase
         return fail!(:missing_credentials) if missing_credentials?
         begin
           @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
+
           return fail!(:invalid_credentials) if !@ldap_user_info
 
           @user_info = self.class.map_user(@@config, @ldap_user_info)
@@ -51,9 +52,10 @@ def callback_phase
 
       def filter adaptor
         if adaptor.filter and !adaptor.filter.empty?
-          Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(request['username'])})
+          username = Net::LDAP::Filter.escape(@options[:name_proc].call(request['username']))
+          Net::LDAP::Filter.construct(adaptor.filter % { username: username })
         else
-          Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(request['username']))
+          Net::LDAP::Filter.equals(adaptor.uid, @options[:name_proc].call(request['username']))
         end
       end
 

spec/omniauth/strategies/ldap_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+
 describe "OmniAuth::Strategies::LDAP" do
   # :title => "My LDAP",
   # :host => '10.101.10.1',
@@ -59,6 +60,25 @@ class MyLdapProvider < OmniAuth::Strategies::LDAP; end
         @adaptor.stub(:bind_as).and_return(false)
       end
 
+      it 'should fail with missing_credentials' do
+        post('/auth/ldap/callback', {})
+        last_response.should be_redirect
+        last_response.headers['Location'].should =~ %r{missing_credentials}
+      end
+
+      it 'should redirect to error page' do
+        post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
+        last_response.should be_redirect
+        last_response.headers['Location'].should =~ %r{invalid_credentials}
+      end
+
+      it 'should redirect to error page when there is exception' do
+        @adaptor.stub(:bind_as).and_throw(Exception.new('connection_error'))
+        post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
+        last_response.should be_redirect
+        last_response.headers['Location'].should =~ %r{ldap_error}
+      end
+
       context "when username is not preset" do
         it 'should redirect to error page' do
           post('/auth/ldap/callback', {})
@@ -139,7 +159,7 @@ class MyLdapProvider < OmniAuth::Strategies::LDAP; end
       before(:each) do
         @adaptor.stub(:filter)
         @adaptor.stub(:bind_as).and_return(Net::LDAP::Entry.from_single_ldif_string(
-      %Q{dn: cn=ping, dc=intridea, dc=com
+%Q{dn: cn=ping, dc=intridea, dc=com
 mail: [email protected]
 givenname: Ping
 sn: Yu
@@ -190,5 +210,48 @@ class MyLdapProvider < OmniAuth::Strategies::LDAP; end
         auth_hash.info.description.should == 'omniauth-ldap'
       end
     end
+
+    context 'alternate fields' do
+      let(:auth_hash){ last_request.env['omniauth.auth'] }
+
+      before(:each) do
+        @adaptor.stub(:filter)
+        @adaptor.stub(:bind_as).and_return(Net::LDAP::Entry.from_single_ldif_string(
+%Q{dn: cn=ping, dc=intridea, dc=com
+userprincipalname: [email protected]
+givenname: Ping
+sn: Yu
+telephonenumber: 555-555-5555
+mobile: 444-444-4444
+uid: ping
+title: dev
+address: k street
+l: Washington
+st: DC
+co: U.S.A
+postofficebox: 20001
+wwwhomepage: www.intridea.com
+jpegphoto: http://www.intridea.com/ping.jpg
+description: omniauth-ldap
+}
+    ))
+      end
+
+      it 'should map user info to Auth Hash' do
+        post('/auth/ldap/callback', {:username => 'ping', :password => 'password'})
+        auth_hash.uid.should == 'cn=ping, dc=intridea, dc=com'
+        auth_hash.info.email.should == '[email protected]'
+        auth_hash.info.first_name.should == 'Ping'
+        auth_hash.info.last_name.should == 'Yu'
+        auth_hash.info.phone.should == '555-555-5555'
+        auth_hash.info.mobile.should == '444-444-4444'
+        auth_hash.info.nickname.should == 'ping'
+        auth_hash.info.title.should == 'dev'
+        auth_hash.info.location.should == 'k street, Washington, DC, U.S.A 20001'
+        auth_hash.info.url.should == 'www.intridea.com'
+        auth_hash.info.image.should == 'http://www.intridea.com/ping.jpg'
+        auth_hash.info.description.should == 'omniauth-ldap'
+      end
+    end
   end
 end

spec/spec_helper.rb

@@ -1,7 +1,5 @@
 $:.unshift File.expand_path('..', __FILE__)
 $:.unshift File.expand_path('../../lib', __FILE__)
-require 'simplecov'
-SimpleCov.start
 require 'rspec'
 require 'rack/test'
 require 'omniauth'