jro_apps/redmine Files · app/models/auth_source_ldap.rb

Refactor: Moved the check for an empty DN to authenticate_dn...

Refactor: Moved the check for an empty DN to authenticate_dn git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3449 e93f8b46-1217-0410-a6f0-8f06a7374b81

Eric Davis - - Load All Authors

File last commit:

r3335:82dd1b2bf29d


                r3335:82dd1b2bf29d

Download file

             auth_source_ldap.rb
        
                    113 lines
            
             | 4.0 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / app / models / auth_source_ldap.rb
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
      # redMine - project management software

      # Copyright (C) 2006  Jean-Philippe Lang

      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; either version 2

      # of the License, or (at your option) any later version.

      # 

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      # 

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

      require 'net/ldap'

      require 'iconv'

      class AuthSourceLdap < AuthSource 

        validates_presence_of :host, :port, :attr_login

        Jean-Philippe Lang
    
Improved on-the-fly account creation. If some attributes are missing (eg. not present in the LDAP) or are invalid, the registration form is displayed so that the user is able to fill or fix these attributes....

              r1661
            
        validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true

        validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true

        validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true

        validates_numericality_of :port, :only_integer => true

        Jean-Philippe Lang
    
Firstname, lastname and email LDAP attributes are now required if "on-the-fly register" is checked....

              r628
            
        Jean-Philippe Lang
    
Strip LDAP attribute names before saving (#1890)....

              r1892
            
        before_validation :strip_ldap_attributes

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        def after_initialize

          self.port = 389 if self.port == 0

        end

        def authenticate(login, password)

        Jean-Philippe Lang
    
Fixed: LDAP authentication without password may be possible (#714)....

              r1155
            
          return nil if login.blank? || password.blank?

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
          attrs = []

          # get user's DN

          ldap_con = initialize_ldap_con(self.account, self.account_password)

          login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 

          object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 

          dn = String.new

          ldap_con.search( :base => self.base_dn, 

                           :filter => object_filter & login_filter, 

        Jean-Philippe Lang
    
LDAP authentication: only ask for the user's DN if on-the-fly registration is disabled...

              r869
            
                           # only ask for the DN if on-the-fly registration is disabled

                           :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
            dn = entry.dn

        Eric Davis
    
Refactor: Extract method from AuthSourceLdap#authenticate...

              r3325
            
            attrs = get_user_attributes_from_ldap_entry(entry) if onthefly_register?

        Eric Davis
    
Refactor: Moved the check for an empty DN to authenticate_dn...

              r3335
            
            logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?

        Eric Davis
    
Refactor: Extract method from AuthSourceLdap#authenticate...

              r3325
            
        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
          end

        Eric Davis
    
Refactor: extract an #authenticate_dn method in AuthSourceLdap...

              r3327
            
          if authenticate_dn(dn, password)

            logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?

            return attrs

          else

            return nil

          end

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        rescue  Net::LDAP::LdapError => text

          raise "LdapError: " + text

        end

        # test the connection to the LDAP

        def test_connection

          ldap_con = initialize_ldap_con(self.account, self.account_password)

          ldap_con.open { }

        rescue  Net::LDAP::LdapError => text

          raise "LdapError: " + text

        end

        def auth_method_name

          "LDAP"

        end

        Jean-Philippe Lang
    
Strip LDAP attribute names before saving (#1890)....

              r1892
            
        private

        def strip_ldap_attributes

          [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|

            write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?

          end

        end

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        def initialize_ldap_con(ldap_user, ldap_password)

        Jean-Philippe Lang
    
Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....

              r1180
            
          options = { :host => self.host,

                      :port => self.port,

                      :encryption => (self.tls ? :simple_tls : nil)

                    }

        Jean-Philippe Lang
    
Fix LDAP authentication (#714, broken by r1194)....

              r1185
            
          options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?

        Jean-Philippe Lang
    
Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....

              r1180
            
          Net::LDAP.new options

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        end

        Eric Davis
    
Refactor: Extract method from AuthSourceLdap#authenticate...

              r3325
            
        def get_user_attributes_from_ldap_entry(entry)

          [

           :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),

           :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),

           :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),

           :auth_source_id => self.id

          ]

        end

        Eric Davis
    
Refactor: extract an #authenticate_dn method in AuthSourceLdap...

              r3327
            
        # Check if a DN (user record) authenticates with the password

        def authenticate_dn(dn, password)

        Eric Davis
    
Refactor: Moved the check for an empty DN to authenticate_dn...

              r3335
            
          return nil if dn.empty?

        Eric Davis
    
Refactor: extract an #authenticate_dn method in AuthSourceLdap...

              r3327
            
          ldap_con = initialize_ldap_con(dn, password)

          return ldap_con.bind

        end

        Jean-Philippe Lang
    
added svn:eol-style native property on /app files...

              r330
            
        def self.get_attr(entry, attr_name)

        Jean-Philippe Lang
    
Do not request blank LDAP attributes....

              r2054
            
          if !attr_name.blank?

            entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]

          end

        Jean-Philippe Lang
    
0.3 unstable...

              r10
            
        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	# redMine - project management software
		# Copyright (C) 2006 Jean-Philippe Lang
		#
		# This program is free software; you can redistribute it and/or
		# modify it under the terms of the GNU General Public License
		# as published by the Free Software Foundation; either version 2
		# of the License, or (at your option) any later version.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU General Public License
		# along with this program; if not, write to the Free Software
		# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

		require 'net/ldap'
		require 'iconv'

		class AuthSourceLdap < AuthSource
		validates_presence_of :host, :port, :attr_login
Jean-Philippe Lang Improved on-the-fly account creation. If some attributes are missing (eg. not present in the LDAP) or are invalid, the registration form is displayed so that the user is able to fill or fix these attributes....	r1661	validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
		validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
		validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
		validates_numericality_of :port, :only_integer => true
Jean-Philippe Lang Firstname, lastname and email LDAP attributes are now required if "on-the-fly register" is checked....	r628
Jean-Philippe Lang Strip LDAP attribute names before saving (#1890)....	r1892	before_validation :strip_ldap_attributes

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	def after_initialize
		self.port = 389 if self.port == 0
		end

		def authenticate(login, password)
Jean-Philippe Lang Fixed: LDAP authentication without password may be possible (#714)....	r1155	return nil if login.blank? \|\| password.blank?
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	attrs = []
		# get user's DN
		ldap_con = initialize_ldap_con(self.account, self.account_password)
		login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
		object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
		dn = String.new
		ldap_con.search( :base => self.base_dn,
		:filter => object_filter & login_filter,
Jean-Philippe Lang LDAP authentication: only ask for the user's DN if on-the-fly registration is disabled...	r869	# only ask for the DN if on-the-fly registration is disabled
		:attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do \|entry\|
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	dn = entry.dn
Eric Davis Refactor: Extract method from AuthSourceLdap#authenticate...	r3325	attrs = get_user_attributes_from_ldap_entry(entry) if onthefly_register?
Eric Davis Refactor: Moved the check for an empty DN to authenticate_dn...	r3335	logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
Eric Davis Refactor: Extract method from AuthSourceLdap#authenticate...	r3325
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	end
Eric Davis Refactor: extract an #authenticate_dn method in AuthSourceLdap...	r3327
		if authenticate_dn(dn, password)
		logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
		return attrs
		else
		return nil
		end
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	rescue Net::LDAP::LdapError => text
		raise "LdapError: " + text
		end

		# test the connection to the LDAP
		def test_connection
		ldap_con = initialize_ldap_con(self.account, self.account_password)
		ldap_con.open { }
		rescue Net::LDAP::LdapError => text
		raise "LdapError: " + text
		end

		def auth_method_name
		"LDAP"
		end

Jean-Philippe Lang Strip LDAP attribute names before saving (#1890)....	r1892	private

		def strip_ldap_attributes
		[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do \|attr\|
		write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
		end
		end

Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	def initialize_ldap_con(ldap_user, ldap_password)
Jean-Philippe Lang Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....	r1180	options = { :host => self.host,
		:port => self.port,
		:encryption => (self.tls ? :simple_tls : nil)
		}
Jean-Philippe Lang Fix LDAP authentication (#714, broken by r1194)....	r1185	options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
Jean-Philippe Lang Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764)....	r1180	Net::LDAP.new options
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330	end
Eric Davis Refactor: Extract method from AuthSourceLdap#authenticate...	r3325
		def get_user_attributes_from_ldap_entry(entry)
		[
		:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
		:lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
		:mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
		:auth_source_id => self.id
		]
		end
Eric Davis Refactor: extract an #authenticate_dn method in AuthSourceLdap...	r3327
		# Check if a DN (user record) authenticates with the password
		def authenticate_dn(dn, password)
Eric Davis Refactor: Moved the check for an empty DN to authenticate_dn...	r3335	return nil if dn.empty?

Eric Davis Refactor: extract an #authenticate_dn method in AuthSourceLdap...	r3327	ldap_con = initialize_ldap_con(dn, password)
		return ldap_con.bind
		end
Jean-Philippe Lang added svn:eol-style native property on /app files...	r330
		def self.get_attr(entry, attr_name)
Jean-Philippe Lang Do not request blank LDAP attributes....	r2054	if !attr_name.blank?
		entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
		end
Jean-Philippe Lang 0.3 unstable...	r10	end
		end