LDAP: adds the ability to bind with user's account (#1913).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
ef77825f10
commit
fdeb398c5e
|
@ -17,6 +17,7 @@
|
||||||
|
|
||||||
require 'iconv'
|
require 'iconv'
|
||||||
require 'net/ldap'
|
require 'net/ldap'
|
||||||
|
require 'net/ldap/dn'
|
||||||
|
|
||||||
class AuthSourceLdap < AuthSource
|
class AuthSourceLdap < AuthSource
|
||||||
validates_presence_of :host, :port, :attr_login
|
validates_presence_of :host, :port, :attr_login
|
||||||
|
@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource
|
||||||
|
|
||||||
def authenticate(login, password)
|
def authenticate(login, password)
|
||||||
return nil if login.blank? || password.blank?
|
return nil if login.blank? || password.blank?
|
||||||
attrs = get_user_dn(login)
|
attrs = get_user_dn(login, password)
|
||||||
|
|
||||||
if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
|
if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
|
||||||
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
|
||||||
|
@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource
|
||||||
end
|
end
|
||||||
|
|
||||||
# Get the user's dn and any attributes for them, given their login
|
# Get the user's dn and any attributes for them, given their login
|
||||||
def get_user_dn(login)
|
def get_user_dn(login, password)
|
||||||
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
ldap_con = nil
|
||||||
|
if self.account && self.account.include?("login")
|
||||||
|
ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
|
||||||
|
else
|
||||||
|
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
||||||
|
end
|
||||||
login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
|
login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
|
||||||
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
|
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
|
||||||
attrs = {}
|
attrs = {}
|
||||||
|
|
|
@ -477,6 +477,31 @@ class UserTest < ActiveSupport::TestCase
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "binding with user's account" do
|
||||||
|
setup do
|
||||||
|
@auth_source = AuthSourceLdap.find(1)
|
||||||
|
@auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
|
||||||
|
@auth_source.account_password = ''
|
||||||
|
@auth_source.save!
|
||||||
|
|
||||||
|
@ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
|
||||||
|
@ldap_user.login = 'example1'
|
||||||
|
@ldap_user.save!
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with a successful authentication" do
|
||||||
|
should "return the user" do
|
||||||
|
assert_equal @ldap_user, User.try_to_login('example1', '123456')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with an unsuccessful authentication" do
|
||||||
|
should "return the user" do
|
||||||
|
assert_nil User.try_to_login('example1', '11111')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context "on the fly registration" do
|
context "on the fly registration" do
|
||||||
setup do
|
setup do
|
||||||
@auth_source = AuthSourceLdap.find(1)
|
@auth_source = AuthSourceLdap.find(1)
|
||||||
|
@ -502,6 +527,30 @@ class UserTest < ActiveSupport::TestCase
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "binding with user's account" do
|
||||||
|
setup do
|
||||||
|
@auth_source = AuthSourceLdap.find(1)
|
||||||
|
@auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
|
||||||
|
@auth_source.account_password = ''
|
||||||
|
@auth_source.save!
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with a successful authentication" do
|
||||||
|
should "create a new user account if it doesn't exist" do
|
||||||
|
assert_difference('User.count') do
|
||||||
|
user = User.try_to_login('example1', '123456')
|
||||||
|
assert_kind_of User, user
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with an unsuccessful authentication" do
|
||||||
|
should "return the user" do
|
||||||
|
assert_nil User.try_to_login('example1', '11111')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue