Added support for json body posts

README.md

@@ -1,6 +1,14 @@
 # OmniAuth LDAP
 
-== LDAP
+## Changes in this fork
+This fork is for compatibility with JSON-encoded POST bodies instead of form-encoded.
+
+Set header `Content-Type` to `application/json`
+
+Send your credentials similar to below to use this gem:
+`{"username":"USERNAME","password":"PASSWORD"}`
+
+## LDAP
 
 Use the LDAP strategy as a middleware in your application:
 
@@ -19,29 +27,29 @@ Use the LDAP strategy as a middleware in your application:
         :bind_dn => 'default_bind_dn'
         :password => 'password'
 
-All of the listed options are required, with the exception of :title, :name_proc, :bind_dn, and :password.
-Allowed values of :method are: :plain, :ssl, :tls.
+All of the listed options are required, with the exception of `:title`, `:name_proc`, `:bind_dn`, and `:password`.
+Allowed values of `:method` are: `:plain`, `:ssl`, `:tls`.
 
-:bind_dn and :password is the default credentials to perform user lookup.
+`:bind_dn` and `:password` is the default credentials to perform user lookup.
   most LDAP servers require that you supply a complete DN as a binding-credential, along with an authenticator
   such as a password. But for many applications, you often don’t have a full DN to identify the user. 
   You usually get a simple identifier like a username or an email address, along with a password. 
   Since many LDAP servers don't allow anonymous access, search function will require a bound connection, 
   :bind_dn and :password will be required for searching on the username or email to retrieve the DN attribute 
   for the user. If the LDAP server allows anonymous access, you don't need to provide these two parameters.
 
-:uid is the LDAP attribute name for the user name in the login form. 
-  typically AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
+`:uid` is the LDAP attribute name for the user name in the login form. 
+  typically AD would be `'sAMAccountName'` or `'UserPrincipalName'`, while OpenLDAP is `'uid'`.
 
-:filter is the LDAP filter used to search the user entry. It can be used in place of :uid for more flexibility.
-  `%{username}` will be replaced by the user name processed by :name_proc.
+`:filter` is the LDAP filter used to search the user entry. It can be used in place of `:uid` for more flexibility.
+  `%{username}` will be replaced by the user name processed by `:name_proc`.
 
-:name_proc allows you to match the user name entered with the format of the :uid attributes. 
-  For example, value of 'sAMAccountName' in AD contains only the windows user name. If your user prefers using 
+`:name_proc` allows you to match the user name entered with the format of the `:uid` attributes. 
+  For example, value of `'sAMAccountName'` in AD contains only the windows user name. If your user prefers using 
   email to login, a name_proc as above will trim the email string down to just the windows login name. 
-  In summary, use :name_proc to fill the gap between the submitted username and LDAP uid attribute value.
+  In summary, use `:name_proc` to fill the gap between the submitted username and LDAP uid attribute value.
 
-:try_sasl and :sasl_mechanisms are optional. :try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO']
+`:try_sasl` and `:sasl_mechanisms` are optional. `:try_sasl [true | false], :sasl_mechanisms ['DIGEST-MD5' | 'GSS-SPNEGO']`
   Use them to initialize a SASL connection to server. If you are not familiar with these authentication methods, 
   please just avoid them.
 
@@ -50,6 +58,8 @@ Direct users to '/auth/ldap' to have them authenticated via your company's LDAP
 
 ## License
 
+Copyright (C) 2014 David Benko
+
 Copyright (C) 2011 by Ping Yu and Intridea, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

lib/omniauth/strategies/ldap.rb

@@ -39,7 +39,7 @@ def callback_phase
 
         return fail!(:missing_credentials) if missing_credentials?
         begin
-          @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
+          @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => requestData['password'])
           return fail!(:invalid_credentials) if !@ldap_user_info
 
           @user_info = self.class.map_user(@@config, @ldap_user_info)
@@ -51,9 +51,9 @@ def callback_phase
 
       def filter adaptor
         if adaptor.filter and !adaptor.filter.empty?
-          Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(request['username'])})
+          Net::LDAP::Filter.construct(adaptor.filter % {username: @options[:name_proc].call(requestData['username'])})
         else
-          Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(request['username']))
+          Net::LDAP::Filter.eq(adaptor.uid, @options[:name_proc].call(requestData['username']))
         end
       end
 
@@ -92,8 +92,12 @@ def self.map_user(mapper, object)
       protected
 
       def missing_credentials?
-        request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty?
+        requestData['username'].blank? or requestData['password'].blank?
       end # missing_credentials?
+
+      def requestData
+        @env['action_dispatch.request.request_parameters'] || request
+      end
     end
   end
 end