Project

devise_ldap_norm

0.0
No commit activity in last 3 years
No release in over 3 years
devise_ldap_normalde/devise_ldap_normHomepageDocumentationSource CodeWiki
Devise extension to allow authentication via LDAP, No ORM
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
5,171
Stars
2
Forks
0
Watchers
2
 Releases
Current version
0.2.0
Total releases
1
First release
2015-03-17
Latest release
2015-03-17
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2014-10-19
Reverse Dependencies
0

 Dependencies

Development

capybara
>= 0
factory_girl
~> 4.5.0
factory_girl_rails
~> 4.5.0
launchy
>= 0
rails
>= 4.0
rake
>= 0.9
rdoc
>= 3
rspec-rails
>= 0
simplecov
>= 0

Runtime

devise
>= 0
net-ldap
>= 0
 Project Readme

Devise LDAP No ORM

Why this fork?

This is a fork of https://github.com/cschiewek/devise_ldap_authenticatable, to get away from the need to have an ActiveRecord backing.

Prerequisites

  • devise ~> 3.0.0 (which requires rails ~> 4.0)
  • net-ldap ~> 0.3.1

Usage

In the Gemfile for your application:

gem "devise_ldap_norm"

To get the latest version, pull directly from github instead of the gem:

gem "devise_ldap_norm", :git => "git://github.com/alde/devise_ldap_norm.git"

Setup

Run the rails generators for devise

(please check the devise documents for further instructions)

rails generate devise:install
rails generate devise MODEL_NAME

Run the rails generator for devise_ldap_norm 

rails generate devise_ldap_norm:install [options]

This will install the ldap.yml, update the devise.rb initializer, and update your user model. There are some options you can pass to it:

Options:

[--user-model=USER_MODEL]  # Model to update
                           # Default: user
[--update-model]           # Update model to change from database_authenticatable to ldap_authenticatable
                           # Default: true
[--add-rescue]             # Update Application Controller with rescue_from for DeviseLdapAuthenticatable::LdapException
                           # Default: true
[--advanced]               # Add advanced config options to the devise initializer

Ensure the timeout of your session

Edit your config/initializers/session_store.rb to include an expiry:

Rails.application.config.session_store :cookie_store, key: '__app_session', :expire_after => Rails.application.config.devise.timeout_in

Protect from session hijacking

Add a before_action validation to ApplicationController:

Sample:

class ApplicationController < ActionController::Base

  before_action :validate_origin

  def validate_origin
    if current_user && current_user.remote_ip != request.remote_ip
        Rails.logger.warn("Remote IP for #{current_user.email} does not match session data.")
        session.destroy
    end
  end
end

Modify your user model

Since there is no longer a need for ActiveRecord, modify the User model.

Sample model:

class User
  include ActiveModel::Validations
  extend ActiveModel::Callbacks
  extend Devise::Models

  define_model_callbacks :validation

  devise :ldap_norm, :rememberable

  def initialize (id)
    @data = HashWithIndifferentAccess.new
    @id = id
  end

  def []=(key, value)
    @data[key] = value
  end

  def [](key)
    @data[key]
  end

  def remote_ip
    @data['remote_ip']
  end

  def email
    @data['email']
  end
end

Development guide

Devise LDAP Authenticatable uses a running OpenLDAP server to do automated acceptance tests. You'll need the executables slapd, ldapadd, and ldapmodify.

On OS X, this is available out of the box.

To start hacking on devise_ldap_norm, clone the github repository, start the test LDAP server, and run the rake test task:

git clone https://github.com/alde/devise_ldap_norm.git
cd devise_ldap_norm
bundle install

# in a separate console or backgrounded
./spec/ldap/run-server

bundle exec rake spec

References

Released under the MIT license

Copyright (c) 2015 Rickard Dybeck

Based on devise_ldap_authenticatable Copyright (c) 2012 Curtis Schiewek, Daniel McNevin, Steven Xu