From a2c5dbc2132830062c2a075b3e468aec4a7ed43d Mon Sep 17 00:00:00 2001 From: David Benko Date: Tue, 11 Mar 2014 09:58:32 -0400 Subject: [PATCH 1/5] Changed request to @env['action_dispatch.request.request_parameters'] --- lib/omniauth/strategies/ldap.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb index 9a4d880..aad14ef 100644 --- a/lib/omniauth/strategies/ldap.rb +++ b/lib/omniauth/strategies/ldap.rb @@ -39,7 +39,7 @@ def callback_phase return fail!(:missing_credentials) if missing_credentials? begin - @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password']) + @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => requestData['password']) return fail!(:invalid_credentials) if !@ldap_user_info @user_info = self.class.map_user(@@config, @ldap_user_info) @@ -51,9 +51,9 @@ def callback_phase def filter adaptor if adaptor.filter and !adaptor.filter.empty? - Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(request['username'])}) + Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(requestData['username'])}) else - Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(request['username'])) + Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(requestData['username'])) end end @@ -92,8 +92,12 @@ def self.map_user(mapper, object) protected def missing_credentials? - request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty? + requestData['username'].nil? or requestData['username'].empty? or requestData['password'].nil? or requestData['password'].empty? end # missing_credentials? + + def requestData + @env['action_dispatch.request.request_parameters'] + end end end end From 7cdcc201a941e3e68a0b6920474e9ca3f11eb890 Mon Sep 17 00:00:00 2001 From: David Benko Date: Tue, 11 Mar 2014 11:02:50 -0400 Subject: [PATCH 2/5] Update README.md --- README.md | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 7b3019f..90d5a11 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,13 @@ # OmniAuth LDAP +== Changes in this fork +This fork is for compatibility with JSON-encoded POST bodies instead of form-encoded. + +Set header `Content-Type` to `application/json` + +Send your credentials similar to below to use this gem: +`{"username":"USERNAME","password":"PASSWORD"}` + == LDAP Use the LDAP strategy as a middleware in your application: @@ -19,10 +27,10 @@ Use the LDAP strategy as a middleware in your application: :bind_dn => 'default_bind_dn' :password => 'password' -All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, and :password. -Allowed values of :method are: :plain, :ssl, :tls. +All of the listed options are required, with the exception of `:title`, `:name_proc`, `:bind_dn`, and `:password`. +Allowed values of `:method` are: `:plain`, `:ssl`, `:tls`. -:bind_dn and :password is the default credentials to perform user lookup. +`:bind_dn` and `:password` is the default credentials to perform user lookup. most LDAP servers require that you supply a complete DN as a binding-credential, along with an authenticator such as a password. But for many applications, you often don’t have a full DN to identify the user. You usually get a simple identifier like a username or an email address, along with a password. @@ -30,18 +38,18 @@ Allowed values of :method are: :plain, :ssl, :tls. :bind_dn and :password will be required for searching on the username or email to retrieve the DN attribute for the user. If the LDAP server allows anonymous access, you don't need to provide these two parameters. -:uid is the LDAP attribute name for the user name in the login form. - typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'. +`:uid` is the LDAP attribute name for the user name in the login form. + typically AD would be `'sAMAccountName'` or `'UserPrincipalName'`, while OpenLDAP is `'uid'`. -:filter is the LDAP filter used to search the user entry. It can be used in place of :uid for more flexibility. - `%{username}` will be replaced by the user name processed by :name_proc. +`:filter` is the LDAP filter used to search the user entry. It can be used in place of `:uid` for more flexibility. + `%{username}` will be replaced by the user name processed by `:name_proc`. -:name_proc allows you to match the user name entered with the format of the :uid attributes. - For example, value of 'sAMAccountName' in AD contains only the windows user name. If your user prefers using +`:name_proc` allows you to match the user name entered with the format of the `:uid` attributes. + For example, value of `'sAMAccountName'` in AD contains only the windows user name. If your user prefers using email to login, a name_proc as above will trim the email string down to just the windows login name. - In summary, use :name_proc to fill the gap between the submitted username and LDAP uid attribute value. + In summary, use `:name_proc` to fill the gap between the submitted username and LDAP uid attribute value. -:try_sasl and :sasl_mechanisms are optional. :try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO'] +`:try_sasl` and `:sasl_mechanisms` are optional. `:try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO']` Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods, please just avoid them. @@ -50,6 +58,8 @@ Direct users to '/auth/ldap' to have them authenticated via your company's LDAP ## License +Copyright (C) 2014 David Benko + Copyright (C) 2011 by Ping Yu and Intridea, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy From f8577109007273a4a9ce8b6285ea69318f6285d3 Mon Sep 17 00:00:00 2001 From: David Benko Date: Tue, 11 Mar 2014 11:03:39 -0400 Subject: [PATCH 3/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 90d5a11..c21706e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OmniAuth LDAP -== Changes in this fork +## Changes in this fork This fork is for compatibility with JSON-encoded POST bodies instead of form-encoded. Set header `Content-Type` to `application/json` @@ -8,7 +8,7 @@ Set header `Content-Type` to `application/json` Send your credentials similar to below to use this gem: `{"username":"USERNAME","password":"PASSWORD"}` -== LDAP +## LDAP Use the LDAP strategy as a middleware in your application: From eb89fc56e334ad181883a80cd408e55b298d21d4 Mon Sep 17 00:00:00 2001 From: David Benko Date: Tue, 11 Mar 2014 12:49:38 -0400 Subject: [PATCH 4/5] Retain Support for Form Data --- lib/omniauth/strategies/ldap.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb index aad14ef..e514161 100644 --- a/lib/omniauth/strategies/ldap.rb +++ b/lib/omniauth/strategies/ldap.rb @@ -96,7 +96,7 @@ def missing_credentials? end # missing_credentials? def requestData - @env['action_dispatch.request.request_parameters'] + @env['action_dispatch.request.request_parameters'] || request end end end From e7906787f808bca05507ea68746402f7d7ce63a5 Mon Sep 17 00:00:00 2001 From: David Benko Date: Tue, 11 Mar 2014 13:19:18 -0400 Subject: [PATCH 5/5] Replace empty? && nil? with blank? --- lib/omniauth/strategies/ldap.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb index e514161..24d65af 100644 --- a/lib/omniauth/strategies/ldap.rb +++ b/lib/omniauth/strategies/ldap.rb @@ -92,7 +92,7 @@ def self.map_user(mapper, object) protected def missing_credentials? - requestData['username'].nil? or requestData['username'].empty? or requestData['password'].nil? or requestData['password'].empty? + requestData['username'].blank? or requestData['password'].blank? end # missing_credentials? def requestData