Module: ActiveDirectory::Rails::User::InstanceMethods

Defined in:

lib/active_directory/rails/user.rb

Instance Method Summary

• #active? ⇒ Boolean

  Is this Person active? Active people have valid usernames.

• #active_directory_equivalent=(ad_user) ⇒ Object
• #authenticates?(password) ⇒ Boolean

  Whether or not this Person can be authenticated with the given password, against Active Directory.

• #in_active_directory? ⇒ Boolean

  Whether or not this Person has a corresponding Active Directory account that we can synchronize with, through the PeopleSynchronizer.

Instance Method Details

#active? ⇒ Boolean

Is this Person active? Active people have valid usernames. Inactive people have empty usernames.

Returns:

• (Boolean)

# File 'lib/active_directory/rails/user.rb', line 13

def active?
	username != ""
end

#active_directory_equivalent=(ad_user) ⇒ Object

# File 'lib/active_directory/rails/user.rb', line 64

def active_directory_equivalent=(ad_user)
	return unless ad_user
	update_attributes(
		:first_name  => ad_user.givenName,
		:middle_name => ad_user.initials,
		:last_name   => ad_user.sn,
		:username    => ad_user.sAMAccountName,
		:email       => ad_user.mail,
		:guid        => ad_user.objectGUID
	)
end

#authenticates?(password) ⇒ Boolean

Whether or not this Person can be authenticated with the given password, against Active Directory.

For Active Directory authentication, we attempt to bind to the configured AD server as the user, and supply the password for authentication.

There are two special cases for authentication, related to the environment the app is currently running in:

Development

In development, the blank password (”) will always cause this method to return true, thereby allowing developers to test functionality for a variety of roles.

Training

In training, a special training password (‘trainme’) will always cause this method to return true, thereby allowing trainers to use other people accounts to illustrate certain restricted processes.

Returns:

• (Boolean)

# File 'lib/active_directory/rails/user.rb', line 46

def authenticates?(password)
	# Never allow inactive users.
	return false unless active?

	# Allow blank password for any account in development.
	return true if password == "" and ENV['RAILS_ENV'] == 'development'
	return true if password == "trainme" and ENV['RAILS_ENV'] == 'training'

	# Don't go against AD unless we really mean it.
	return false unless ENV['RAILS_ENV'] == 'production'

	# If they are not in AD, fail.
	return false unless in_active_directory?

	ad_user = ActiveDirectory::User.find_by_sAMAccountName(self.username)
	ad_user and ad_user.authenticate(password)
end

#in_active_directory? ⇒ Boolean

Whether or not this Person has a corresponding Active Directory account that we can synchronize with, through the PeopleSynchronizer.

Returns:

• (Boolean)

# File 'lib/active_directory/rails/user.rb', line 20

def in_active_directory?
	!guid.blank?
end