LDAP: adds the ability to bind with user's account (#1913).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2012-03-17 12:09:59 +00:00
parent ef77825f10
commit fdeb398c5e
2 changed files with 58 additions and 3 deletions

View File

@ -17,6 +17,7 @@
require 'iconv' require 'iconv'
require 'net/ldap' require 'net/ldap'
require 'net/ldap/dn'
class AuthSourceLdap < AuthSource class AuthSourceLdap < AuthSource
validates_presence_of :host, :port, :attr_login validates_presence_of :host, :port, :attr_login
@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource
def authenticate(login, password) def authenticate(login, password)
return nil if login.blank? || password.blank? return nil if login.blank? || password.blank?
attrs = get_user_dn(login) attrs = get_user_dn(login, password)
if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource
end end
# Get the user's dn and any attributes for them, given their login # Get the user's dn and any attributes for them, given their login
def get_user_dn(login) def get_user_dn(login, password)
ldap_con = initialize_ldap_con(self.account, self.account_password) ldap_con = nil
if self.account && self.account.include?("login")
ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
else
ldap_con = initialize_ldap_con(self.account, self.account_password)
end
login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
attrs = {} attrs = {}

View File

@ -477,6 +477,31 @@ class UserTest < ActiveSupport::TestCase
end end
end end
context "binding with user's account" do
setup do
@auth_source = AuthSourceLdap.find(1)
@auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
@auth_source.account_password = ''
@auth_source.save!
@ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
@ldap_user.login = 'example1'
@ldap_user.save!
end
context "with a successful authentication" do
should "return the user" do
assert_equal @ldap_user, User.try_to_login('example1', '123456')
end
end
context "with an unsuccessful authentication" do
should "return the user" do
assert_nil User.try_to_login('example1', '11111')
end
end
end
context "on the fly registration" do context "on the fly registration" do
setup do setup do
@auth_source = AuthSourceLdap.find(1) @auth_source = AuthSourceLdap.find(1)
@ -502,6 +527,30 @@ class UserTest < ActiveSupport::TestCase
end end
end end
end end
context "binding with user's account" do
setup do
@auth_source = AuthSourceLdap.find(1)
@auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
@auth_source.account_password = ''
@auth_source.save!
end
context "with a successful authentication" do
should "create a new user account if it doesn't exist" do
assert_difference('User.count') do
user = User.try_to_login('example1', '123456')
assert_kind_of User, user
end
end
end
context "with an unsuccessful authentication" do
should "return the user" do
assert_nil User.try_to_login('example1', '11111')
end
end
end
end end
end end