github · mtodd · Dec 11, 2014 · Dec 10, 2014 · Dec 10, 2014 · Dec 11, 2014
diff --git a/lib/github/ldap/membership_validators/base.rb b/lib/github/ldap/membership_validators/base.rb
@@ -13,9 +13,11 @@ class Base
         #
         # - ldap:   GitHub::Ldap object
         # - groups: Array of Net::LDAP::Entry group objects
-        def initialize(ldap, groups)
-          @ldap   = ldap
-          @groups = groups
+        # - options: Hash of options
+        def initialize(ldap, groups, options = {})
+          @ldap    = ldap
+          @groups  = groups
+          @options = options
         end
 
         # Abstract: Performs the membership validation check.

diff --git a/lib/github/ldap/membership_validators/recursive.rb b/lib/github/ldap/membership_validators/recursive.rb
@@ -21,7 +21,31 @@ class Recursive < Base
         DEFAULT_MAX_DEPTH = 9
         ATTRS             = %w(dn cn)
 
-        def perform(entry, depth = DEFAULT_MAX_DEPTH)
+        # Internal: The maximum depth to search for membership.
+        attr_reader :depth
+
+        # Public: Instantiate new search strategy.
+        #
+        # - ldap:    GitHub::Ldap object
+        # - groups:  Array of Net::LDAP::Entry group objects
+        # - options: Hash of options
+        #   depth:   Integer limit of recursion
+        #
+        # NOTE: This overrides default behavior to configure `depth`.
+        def initialize(ldap, groups, options = {})
+          super
+          @depth = options[:depth] || DEFAULT_MAX_DEPTH
+        end
+
+        def perform(entry, depth_override = nil)
+          if depth_override
+            warn "DEPRECATION WARNING: Calling Recursive#perform with a second argument is deprecated."
+            warn "Usage:"
+            warn "  strategy = GitHub::Ldap::MembershipValidators::Recursive.new \\"
+            warn "    ldap, depth: 5"
+            warn "  strategy#perform(entry)"
+          end
+
           # short circuit validation if there are no groups to check against
           return true if groups.empty?
 
@@ -36,7 +60,7 @@ def perform(entry, depth = DEFAULT_MAX_DEPTH)
             next if membership.empty?
 
             # recurse to at most `depth`
-            depth.times do |n|
+            (depth_override || depth).times do |n|
               # find groups whose members include membership groups
               membership = domain.search(filter: membership_filter(membership), attributes: ATTRS)
 

diff --git a/test/membership_validators/recursive_test.rb b/test/membership_validators/recursive_test.rb
@@ -8,9 +8,9 @@ def setup
     @validator = GitHub::Ldap::MembershipValidators::Recursive
   end
 
-  def make_validator(groups)
+  def make_validator(groups, options = {})
     groups = @domain.groups(groups)
-    @validator.new(@ldap, groups)
+    @validator.new(@ldap, groups, options)
   end
 
   def test_validates_user_in_group
@@ -34,8 +34,8 @@ def test_validates_user_in_great_grandchild_group
   end
 
   def test_does_not_validate_user_in_great_granchild_group_with_depth
-    validator = make_validator(%w(n-depth-nested-group3))
-    refute validator.perform(@entry, 2)
+    validator = make_validator(%w(n-depth-nested-group3), depth: 2)
+    refute validator.perform(@entry)
   end
 
   def test_does_not_validate_user_not_in_group