Skip to content

Commit e33f774

Browse files
mtoddmtodd
committed
Merge branch 'master' into instrumentation
Conflicts: lib/github/ldap.rb
2 parents 62929e3 + b6d0509 commit e33f774

File tree

6 files changed

+81
-4
lines changed

6 files changed

+81
-4
lines changed

github-ldap.gemspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Gem::Specification.new do |spec|
44
spec.name = "github-ldap"
5-
spec.version = "1.3.2"
5+
spec.version = "1.3.3"
66
spec.authors = ["David Calavera"]
77
spec.email = ["david.calavera@gmail.com"]
88
spec.description = %q{Ldap authentication for humans}

lib/github/ldap.rb

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,12 @@ class Ldap
2626
# Returns a Net::LDAP::Entry if the operation succeeded.
2727
def_delegator :@connection, :bind
2828

29+
# Public - Opens a connection to the server and keeps it open for the
30+
# duration of the block.
31+
#
32+
# Returns the return value of the block.
33+
def_delegator :@connection, :open
34+
2935
attr_reader :uid, :search_domains, :virtual_attributes,
3036
:instrumentation_service
3137

@@ -127,7 +133,7 @@ def group(base_name)
127133
def load_group(group_entry)
128134
if @virtual_attributes.enabled?
129135
VirtualGroup.new(self, group_entry)
130-
elsif PosixGroup.valid?(group_entry)
136+
elsif posix_support_enabled? && PosixGroup.valid?(group_entry)
131137
PosixGroup.new(self, group_entry)
132138
else
133139
Group.new(self, group_entry)

lib/github/ldap/group.rb

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,12 @@ def member_names
7272
# Internal - Check if an object class includes the member names
7373
# Use `&` rathen than `include?` because both are arrays.
7474
#
75+
# NOTE: object classes are downcased by default in Net::LDAP, so this
76+
# will fail to match correctly unless we also downcase our group classes.
77+
#
7578
# Returns true if the object class includes one of the group class names.
7679
def group?(object_class)
77-
!(GROUP_CLASS_NAMES & object_class).empty?
80+
!(GROUP_CLASS_NAMES.map(&:downcase) & object_class.map(&:downcase)).empty?
7881
end
7982

8083
# Internal - Generate a hash with all the group DNs for caching purposes.

test/domain_test.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,13 @@ def test_membership_in_subgroups
158158
assert @domain.is_member?(user, %w(enterprise-ops)),
159159
"Expected `enterprise-ops` to include the member `#{user.dn}`"
160160
end
161+
162+
def test_membership_in_deeply_nested_subgroups
163+
assert user = @ldap.domain('uid=user1.1.1.1,ou=users,dc=github,dc=com').bind
164+
165+
assert @domain.is_member?(user, %w(group1)),
166+
"Expected `group1` to include the member `#{user.dn}` via deep recursion"
167+
end
161168
end
162169

163170
class GitHubLdapPosixGroupsWithRecursionFallbackTest < GitHub::Ldap::Test

test/fixtures/github-with-subgroups.ldif

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,29 @@ objectClass: groupOfNames
4343
member: uid=calavera,ou=users,dc=github,dc=com
4444
member: uid=rubiojr,ou=users,dc=github,dc=com
4545

46+
dn: cn=group1,ou=groups,dc=github,dc=com
47+
cn: group1
48+
objectClass: groupOfNames
49+
member: uid=user1,ou=users,dc=github,dc=com
50+
member: cn=group1.1,ou=groups,dc=github,dc=com
51+
52+
dn: cn=group1.1,ou=groups,dc=github,dc=com
53+
cn: group1
54+
objectClass: groupOfNames
55+
member: uid=user1.1,ou=users,dc=github,dc=com
56+
member: cn=group1.1.1,ou=groups,dc=github,dc=com
57+
58+
dn: cn=group1.1.1,ou=groups,dc=github,dc=com
59+
cn: group1
60+
objectClass: groupOfNames
61+
member: uid=user1.1.1,ou=users,dc=github,dc=com
62+
member: cn=group1.1.1.1,ou=groups,dc=github,dc=com
63+
64+
dn: cn=group1.1.1.1,ou=groups,dc=github,dc=com
65+
cn: group1
66+
objectClass: groupOfNames
67+
member: uid=user1.1.1.1,ou=users,dc=github,dc=com
68+
4669
# Users
4770

4871
dn: ou=users,dc=github,dc=com
@@ -89,3 +112,35 @@ uid: mtodd
89112
userPassword: passworD1
90113
mail: mtodd@github.com
91114
objectClass: inetOrgPerson
115+
116+
dn: uid=user1,ou=users,dc=github,dc=com
117+
uid: user1
118+
sn: user1
119+
cn: user1
120+
userPassword: passworD1
121+
mail: user1@github.com
122+
objectClass: inetOrgPerson
123+
124+
dn: uid=user1.1,ou=users,dc=github,dc=com
125+
uid: user1.1
126+
sn: user1.1
127+
cn: user1.1
128+
userPassword: passworD1
129+
mail: user1.1@github.com
130+
objectClass: inetOrgPerson
131+
132+
dn: uid=user1.1.1,ou=users,dc=github,dc=com
133+
uid: user1.1.1
134+
sn: user1.1.1
135+
cn: user1.1.1
136+
userPassword: passworD1
137+
mail: user1.1.1@github.com
138+
objectClass: inetOrgPerson
139+
140+
dn: uid=user1.1.1.1,ou=users,dc=github,dc=com
141+
uid: user1.1.1.1
142+
sn: user1.1.1.1
143+
cn: user1.1.1.1
144+
userPassword: passworD1
145+
mail: user1.1.1.1@github.com
146+
objectClass: inetOrgPerson

test/group_test.rb

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,12 @@ def setup
1414
@group = @ldap.group("cn=enterprise,ou=groups,dc=github,dc=com")
1515
end
1616

17+
def test_group?
18+
object_classes = %w(groupOfNames)
19+
assert @group.group?(object_classes)
20+
assert @group.group?(object_classes.map(&:downcase))
21+
end
22+
1723
def test_subgroups
1824
assert_equal 3, @group.subgroups.size
1925
end
@@ -24,7 +30,7 @@ def test_members_from_subgroups
2430

2531
def test_all_domain_groups
2632
groups = groups_domain.all_groups
27-
assert_equal 4, groups.size
33+
assert_equal 8, groups.size
2834
end
2935

3036
def test_filter_domain_groups

0 commit comments

Comments
 (0)