LDAP: adds the ability to bind with user's account (#1913).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81
2012-03-17 12:09:59 +00:00 · 2012-03-17 12:09:59 +00:00 · fdeb398c5e
parent ef77825f10
commit fdeb398c5e
2 changed files with 58 additions and 3 deletions
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@ -17,6 +17,7 @@

 require 'iconv'
 require 'net/ldap'
+require 'net/ldap/dn'

 class AuthSourceLdap < AuthSource
  validates_presence_of :host, :port, :attr_login
@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource

  def authenticate(login, password)
    return nil if login.blank? || password.blank?
-    attrs = get_user_dn(login)
+    attrs = get_user_dn(login, password)

    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource
  end

  # Get the user's dn and any attributes for them, given their login
-  def get_user_dn(login)
-    ldap_con = initialize_ldap_con(self.account, self.account_password)
+  def get_user_dn(login, password)
+    ldap_con = nil
+    if self.account && self.account.include?("login")
+      ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
+    else
+      ldap_con = initialize_ldap_con(self.account, self.account_password)
+    end
    login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
    attrs = {}
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@ -477,6 +477,31 @@ class UserTest < ActiveSupport::TestCase
        end
      end

+      context "binding with user's account" do
+        setup do
+          @auth_source = AuthSourceLdap.find(1)
+          @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
+          @auth_source.account_password = ''
+          @auth_source.save!
+
+          @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
+          @ldap_user.login = 'example1'
+          @ldap_user.save!
+        end
+
+        context "with a successful authentication" do
+          should "return the user" do
+            assert_equal @ldap_user, User.try_to_login('example1', '123456')
+          end
+        end
+
+        context "with an unsuccessful authentication" do
+          should "return the user" do
+            assert_nil User.try_to_login('example1', '11111')
+          end
+        end
+      end
+
      context "on the fly registration" do
        setup do
          @auth_source = AuthSourceLdap.find(1)
@ -502,6 +527,30 @@ class UserTest < ActiveSupport::TestCase
            end
          end
        end
+
+        context "binding with user's account" do
+          setup do
+            @auth_source = AuthSourceLdap.find(1)
+            @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
+            @auth_source.account_password = ''
+            @auth_source.save!
+          end
+  
+          context "with a successful authentication" do
+            should "create a new user account if it doesn't exist" do
+              assert_difference('User.count') do
+                user = User.try_to_login('example1', '123456')
+                assert_kind_of User, user
+              end
+            end
+          end
+  
+          context "with an unsuccessful authentication" do
+            should "return the user" do
+              assert_nil User.try_to_login('example1', '11111')
+            end
+          end
+        end
      end
    end