Extract membership method to be able to retried groups that a user belong to.
This commit is contained in:
Родитель
255d7b697d
Коммит
6e22b851f3
|
@ -43,6 +43,22 @@ module GitHub
|
|||
filter: filter)
|
||||
end
|
||||
|
||||
# List the groups that a user is member of.
|
||||
#
|
||||
# user_dn: is the dn for the user ldap entry.
|
||||
# group_names: is an array of group CNs.
|
||||
#
|
||||
# Return an Array with the groups that the given user is member of that belong to the given group list.
|
||||
def membership(user_dn, group_names)
|
||||
or_filters = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
|
||||
member_filter = Net::LDAP::Filter.eq("member", user_dn) & or_filters
|
||||
|
||||
@ldap.search(base: @user_domain,
|
||||
attributes: %w{ou cn dn sAMAccountName member},
|
||||
filter: member_filter)
|
||||
end
|
||||
|
||||
|
||||
# Check if the user is include in any of the configured groups.
|
||||
#
|
||||
# user_dn: is the dn for the user ldap entry.
|
||||
|
@ -54,14 +70,9 @@ module GitHub
|
|||
return true if group_names.nil?
|
||||
return true if group_names.empty?
|
||||
|
||||
or_filters = group_names.map {|g| Net::LDAP::Filter.eq("cn", g)}.reduce(:|)
|
||||
member_filter = Net::LDAP::Filter.eq("member", user_dn) & or_filters
|
||||
user_membership = membership(user_dn, group_names)
|
||||
|
||||
result = @ldap.search(base: @user_domain,
|
||||
attributes: %w{ou cn dn sAMAccountName member},
|
||||
filter: member_filter)
|
||||
|
||||
!result.empty?
|
||||
!user_membership.empty?
|
||||
end
|
||||
|
||||
# Check if the user credentials are valid.
|
||||
|
|
|
@ -89,4 +89,16 @@ class GitHubLdapTest < Minitest::Test
|
|||
assert_equal :start_tls, @ldap.check_encryption(:tls)
|
||||
assert_equal :start_tls, @ldap.check_encryption(:start_tls)
|
||||
end
|
||||
|
||||
def test_membership_empty_for_non_members
|
||||
assert @ldap.membership('uid=calavera,dc=github,dc=com', %w(People)).empty?,
|
||||
"Expected `calavera` not to be a member of `People`."
|
||||
end
|
||||
|
||||
def test_membership_groups_for_members
|
||||
groups = @ldap.membership('uid=calavera,dc=github,dc=com', %w(Enterprise People))
|
||||
|
||||
assert_equal 1, groups.size
|
||||
assert_equal 'cn=Enterprise,ou=Group,dc=github,dc=com', groups.first.dn
|
||||
end
|
||||
end
|
||||
|
|
Загрузка…
Ссылка в новой задаче