Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
This is a fork of https://github.com/cschiewek/devise_ldap_authenticatable, to get away from the need to have an ActiveRecord backing.
In the Gemfile for your application:
gem "devise_ldap_norm"
To get the latest version, pull directly from github instead of the gem:
gem "devise_ldap_norm", :git => "git://github.com/alde/devise_ldap_norm.git"
(please check the devise documents for further instructions)
rails generate devise:install
rails generate devise MODEL_NAME
devise_ldap_norm
rails generate devise_ldap_norm:install [options]
This will install the ldap.yml, update the devise.rb initializer, and update your user model. There are some options you can pass to it:
Options:
[--user-model=USER_MODEL] # Model to update
# Default: user
[--update-model] # Update model to change from database_authenticatable to ldap_authenticatable
# Default: true
[--add-rescue] # Update Application Controller with rescue_from for DeviseLdapAuthenticatable::LdapException
# Default: true
[--advanced] # Add advanced config options to the devise initializer
Edit your config/initializers/session_store.rb to include an expiry:
Rails.application.config.session_store :cookie_store, key: '__app_session', :expire_after => Rails.application.config.devise.timeout_in
Add a before_action validation to ApplicationController:
Sample:
class ApplicationController < ActionController::Base
before_action :validate_origin
def validate_origin
if current_user && current_user.remote_ip != request.remote_ip
Rails.logger.warn("Remote IP for #{current_user.email} does not match session data.")
session.destroy
end
end
end
Since there is no longer a need for ActiveRecord, modify the User model.
Sample model:
class User
include ActiveModel::Validations
extend ActiveModel::Callbacks
extend Devise::Models
define_model_callbacks :validation
devise :ldap_norm, :rememberable
def initialize (id)
@data = HashWithIndifferentAccess.new
@id = id
end
def []=(key, value)
@data[key] = value
end
def [](key)
@data[key]
end
def remote_ip
@data['remote_ip']
end
def email
@data['email']
end
end
Devise LDAP Authenticatable uses a running OpenLDAP server to do automated acceptance tests. You'll need the executables slapd
, ldapadd
, and ldapmodify
.
On OS X, this is available out of the box.
To start hacking on devise_ldap_norm
, clone the github repository, start the test LDAP server, and run the rake test task:
git clone https://github.com/alde/devise_ldap_norm.git
cd devise_ldap_norm
bundle install
# in a separate console or backgrounded
./spec/ldap/run-server
bundle exec rake spec
Released under the MIT license
Copyright (c) 2015 Rickard Dybeck
Based on devise_ldap_authenticatable Copyright (c) 2012 Curtis Schiewek, Daniel McNevin, Steven Xu
FAQs
Unknown package
We found that devise_ldap_norm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.