Adds an optional LDAP filter (#1060).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9044 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
ab46c52d4a
commit
60741b3e1c
|
@ -21,9 +21,10 @@ require 'net/ldap'
|
|||
class AuthSourceLdap < AuthSource
|
||||
validates_presence_of :host, :port, :attr_login
|
||||
validates_length_of :name, :host, :maximum => 60, :allow_nil => true
|
||||
validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
|
||||
validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
|
||||
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
|
||||
validates_numericality_of :port, :only_integer => true
|
||||
validate :validate_filter
|
||||
|
||||
before_validation :strip_ldap_attributes
|
||||
|
||||
|
@ -58,6 +59,20 @@ class AuthSourceLdap < AuthSource
|
|||
|
||||
private
|
||||
|
||||
def ldap_filter
|
||||
if filter.present?
|
||||
Net::LDAP::Filter.construct(filter)
|
||||
end
|
||||
rescue Net::LDAP::LdapError
|
||||
nil
|
||||
end
|
||||
|
||||
def validate_filter
|
||||
if filter.present? && ldap_filter.nil?
|
||||
errors.add(:filter, :invalid)
|
||||
end
|
||||
end
|
||||
|
||||
def strip_ldap_attributes
|
||||
[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
|
||||
write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
|
||||
|
@ -107,8 +122,13 @@ class AuthSourceLdap < AuthSource
|
|||
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
|
||||
attrs = {}
|
||||
|
||||
search_filter = object_filter & login_filter
|
||||
if f = ldap_filter
|
||||
search_filter = search_filter & f
|
||||
end
|
||||
|
||||
ldap_con.search( :base => self.base_dn,
|
||||
:filter => object_filter & login_filter,
|
||||
:filter => search_filter,
|
||||
:attributes=> search_attributes) do |entry|
|
||||
|
||||
if onthefly_register?
|
||||
|
|
|
@ -23,6 +23,9 @@
|
|||
<p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
|
||||
<%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
|
||||
|
||||
<p><label for="auth_source_custom_filter"><%=l(:field_ldap_filter)%></label>
|
||||
<%= text_field 'auth_source', 'filter', :size => 60 %></p>
|
||||
|
||||
<p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
|
||||
<%= check_box 'auth_source', 'onthefly_register' %></p>
|
||||
</div>
|
||||
|
|
|
@ -1023,3 +1023,4 @@ ar:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1021,3 +1021,4 @@ bg:
|
|||
description_date_range_interval: Изберете диапазон чрез задаване на начална и крайна дати
|
||||
description_date_from: Въведете начална дата
|
||||
description_date_to: Въведете крайна дата
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1037,3 +1037,4 @@ bs:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1025,3 +1025,4 @@ ca:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1026,3 +1026,4 @@ cs:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1040,3 +1040,4 @@ da:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1043,3 +1043,4 @@ de:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ el:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1025,3 +1025,4 @@ en-GB:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -321,6 +321,7 @@ en:
|
|||
field_cvs_module: Module
|
||||
field_repository_is_default: Main repository
|
||||
field_multiple: Multiple values
|
||||
field_ldap_filter: LDAP filter
|
||||
|
||||
setting_app_title: Application title
|
||||
setting_app_subtitle: Application subtitle
|
||||
|
|
|
@ -1060,3 +1060,4 @@ es:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1039,3 +1039,4 @@ et:
|
|||
label_export_options: "%{export_format} ekspordi valikud"
|
||||
label_completed_versions: "Lõpetatud versioonid"
|
||||
error_attachment_too_big: "Seda faili ei saa üles laadida, kuna ületab maksimumsuurust (%{max_size})"
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1026,3 +1026,4 @@ eu:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1025,3 +1025,4 @@ fa:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1044,3 +1044,4 @@ fi:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -320,6 +320,7 @@ fr:
|
|||
field_commit_logs_encoding: Encodage des messages de commit
|
||||
field_repository_is_default: Dépôt principal
|
||||
field_multiple: Valeurs multiples
|
||||
field_ldap_filter: Filtre LDAP
|
||||
|
||||
setting_app_title: Titre de l'application
|
||||
setting_app_subtitle: Sous-titre de l'application
|
||||
|
|
|
@ -1034,3 +1034,4 @@ gl:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1028,3 +1028,4 @@ he:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1029,3 +1029,4 @@ hr:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1042,3 +1042,4 @@
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1029,3 +1029,4 @@ id:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1024,3 +1024,4 @@ it:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1053,3 +1053,4 @@ ja:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1073,3 +1073,4 @@ ko:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1083,3 +1083,4 @@ lt:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1017,3 +1017,4 @@ lv:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ mk:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ mn:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1005,3 +1005,4 @@ nl:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1013,3 +1013,4 @@
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1040,3 +1040,4 @@ pl:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1046,3 +1046,4 @@ pt-BR:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1028,3 +1028,4 @@ pt:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1020,3 +1020,4 @@ ro:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1138,3 +1138,4 @@ ru:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ sk:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ sl:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1023,3 +1023,4 @@ sr-YU:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1024,3 +1024,4 @@ sr:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1064,3 +1064,4 @@ sv:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1020,3 +1020,4 @@ th:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1042,3 +1042,4 @@ tr:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1020,3 +1020,4 @@ uk:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1074,3 +1074,4 @@ vi:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1103,3 +1103,4 @@
|
|||
zero: 0 問題
|
||||
one: 1 問題
|
||||
other: "%{count} 問題清單"
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -1025,3 +1025,4 @@ zh:
|
|||
notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
|
||||
text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
|
||||
permission_manage_related_issues: Manage related issues
|
||||
field_ldap_filter: LDAP filter
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
class AddAuthSourcesFilter < ActiveRecord::Migration
|
||||
def self.up
|
||||
add_column :auth_sources, :filter, :string
|
||||
end
|
||||
|
||||
def self.down
|
||||
remove_column :auth_sources, :filter
|
||||
end
|
||||
end
|
|
@ -18,6 +18,7 @@
|
|||
require File.expand_path('../../test_helper', __FILE__)
|
||||
|
||||
class AuthSourceLdapTest < ActiveSupport::TestCase
|
||||
include Redmine::I18n
|
||||
fixtures :auth_sources
|
||||
|
||||
def setup
|
||||
|
@ -44,6 +45,18 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
|
|||
assert_equal 389, a.port
|
||||
end
|
||||
|
||||
def test_filter_should_be_validated
|
||||
set_language_if_valid 'en'
|
||||
|
||||
a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :attr_login => 'sn')
|
||||
a.filter = "(mail=*@redmine.org"
|
||||
assert !a.valid?
|
||||
assert_equal "is invalid", a.errors[:filter].to_s
|
||||
|
||||
a.filter = "(mail=*@redmine.org)"
|
||||
assert a.valid?
|
||||
end
|
||||
|
||||
if ldap_configured?
|
||||
context '#authenticate' do
|
||||
setup do
|
||||
|
@ -83,6 +96,23 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
context 'without filter' do
|
||||
should 'return any user' do
|
||||
assert @auth.authenticate('example1','123456')
|
||||
assert @auth.authenticate('edavis', '123456')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with filter' do
|
||||
setup do
|
||||
@auth.filter = "(mail=*@redmine.org)"
|
||||
end
|
||||
|
||||
should 'return user who matches the filter only' do
|
||||
assert @auth.authenticate('example1','123456')
|
||||
assert_nil @auth.authenticate('edavis', '123456')
|
||||
end
|
||||
end
|
||||
end
|
||||
else
|
||||
puts '(Test LDAP server not configured)'
|
||||
|
|
Loading…
Reference in New Issue