##// END OF EJS Templates
jro_apps » redmine
RSS
Prevent LDAP authentication with empty password related problems....
Jean-Philippe Lang -
r1217:3a75b6771fa1
parent child
Show More
Side by Side Unified
Context file:
r1217:3a75b6771fa1 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,275 +1,277
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require "digest/sha1"
18 require "digest/sha1"
19
19
20 class User < ActiveRecord::Base
20 class User < ActiveRecord::Base
21 # Account statuses
21 # Account statuses
22 STATUS_ANONYMOUS = 0
22 STATUS_ANONYMOUS = 0
23 STATUS_ACTIVE = 1
23 STATUS_ACTIVE = 1
24 STATUS_REGISTERED = 2
24 STATUS_REGISTERED = 2
25 STATUS_LOCKED = 3
25 STATUS_LOCKED = 3
26
26
27 USER_FORMATS = {
27 USER_FORMATS = {
28 :firstname_lastname => '#{firstname} #{lastname}',
28 :firstname_lastname => '#{firstname} #{lastname}',
29 :firstname => '#{firstname}',
29 :firstname => '#{firstname}',
30 :lastname_firstname => '#{lastname} #{firstname}',
30 :lastname_firstname => '#{lastname} #{firstname}',
31 :lastname_coma_firstname => '#{lastname}, #{firstname}',
31 :lastname_coma_firstname => '#{lastname}, #{firstname}',
32 :username => '#{login}'
32 :username => '#{login}'
33 }
33 }
34
34
35 has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name", :dependent => :delete_all
35 has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name", :dependent => :delete_all
36 has_many :projects, :through => :memberships
36 has_many :projects, :through => :memberships
37 has_many :custom_values, :dependent => :delete_all, :as => :customized
37 has_many :custom_values, :dependent => :delete_all, :as => :customized
38 has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
38 has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
39 has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
39 has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
40 has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
40 has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
41 belongs_to :auth_source
41 belongs_to :auth_source
42
42
43 attr_accessor :password, :password_confirmation
43 attr_accessor :password, :password_confirmation
44 attr_accessor :last_before_login_on
44 attr_accessor :last_before_login_on
45 # Prevents unauthorized assignments
45 # Prevents unauthorized assignments
46 attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
46 attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
47
47
48 validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
48 validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
49 validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
49 validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
50 validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }
50 validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }
51 # Login must contain lettres, numbers, underscores only
51 # Login must contain lettres, numbers, underscores only
52 validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
52 validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
53 validates_length_of :login, :maximum => 30
53 validates_length_of :login, :maximum => 30
54 validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
54 validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-]*$/i
55 validates_length_of :firstname, :lastname, :maximum => 30
55 validates_length_of :firstname, :lastname, :maximum => 30
56 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
56 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
57 validates_length_of :mail, :maximum => 60, :allow_nil => true
57 validates_length_of :mail, :maximum => 60, :allow_nil => true
58 validates_length_of :password, :minimum => 4, :allow_nil => true
58 validates_length_of :password, :minimum => 4, :allow_nil => true
59 validates_confirmation_of :password, :allow_nil => true
59 validates_confirmation_of :password, :allow_nil => true
60 validates_associated :custom_values, :on => :update
60 validates_associated :custom_values, :on => :update
61
61
62 def before_create
62 def before_create
63 self.mail_notification = false
63 self.mail_notification = false
64 true
64 true
65 end
65 end
66
66
67 def before_save
67 def before_save
68 # update hashed_password if password was set
68 # update hashed_password if password was set
69 self.hashed_password = User.hash_password(self.password) if self.password
69 self.hashed_password = User.hash_password(self.password) if self.password
70 end
70 end
71
71
72 def self.active
72 def self.active
73 with_scope :find => { :conditions => [ "status = ?", STATUS_ACTIVE ] } do
73 with_scope :find => { :conditions => [ "status = ?", STATUS_ACTIVE ] } do
74 yield
74 yield
75 end
75 end
76 end
76 end
77
77
78 def self.find_active(*args)
78 def self.find_active(*args)
79 active do
79 active do
80 find(*args)
80 find(*args)
81 end
81 end
82 end
82 end
83
83
84 # Returns the user that matches provided login and password, or nil
84 # Returns the user that matches provided login and password, or nil
85 def self.try_to_login(login, password)
85 def self.try_to_login(login, password)
86 # Make sure no one can sign in with an empty password
87 return nil if password.to_s.empty?
86 user = find(:first, :conditions => ["login=?", login])
88 user = find(:first, :conditions => ["login=?", login])
87 if user
89 if user
88 # user is already in local database
90 # user is already in local database
89 return nil if !user.active?
91 return nil if !user.active?
90 if user.auth_source
92 if user.auth_source
91 # user has an external authentication method
93 # user has an external authentication method
92 return nil unless user.auth_source.authenticate(login, password)
94 return nil unless user.auth_source.authenticate(login, password)
93 else
95 else
94 # authentication with local password
96 # authentication with local password
95 return nil unless User.hash_password(password) == user.hashed_password
97 return nil unless User.hash_password(password) == user.hashed_password
96 end
98 end
97 else
99 else
98 # user is not yet registered, try to authenticate with available sources
100 # user is not yet registered, try to authenticate with available sources
99 attrs = AuthSource.authenticate(login, password)
101 attrs = AuthSource.authenticate(login, password)
100 if attrs
102 if attrs
101 onthefly = new(*attrs)
103 onthefly = new(*attrs)
102 onthefly.login = login
104 onthefly.login = login
103 onthefly.language = Setting.default_language
105 onthefly.language = Setting.default_language
104 if onthefly.save
106 if onthefly.save
105 user = find(:first, :conditions => ["login=?", login])
107 user = find(:first, :conditions => ["login=?", login])
106 logger.info("User '#{user.login}' created on the fly.") if logger
108 logger.info("User '#{user.login}' created on the fly.") if logger
107 end
109 end
108 end
110 end
109 end
111 end
110 user.update_attribute(:last_login_on, Time.now) if user
112 user.update_attribute(:last_login_on, Time.now) if user
111 user
113 user
112
114
113 rescue => text
115 rescue => text
114 raise text
116 raise text
115 end
117 end
116
118
117 # Return user's full name for display
119 # Return user's full name for display
118 def name(formatter = nil)
120 def name(formatter = nil)
119 f = USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
121 f = USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
120 eval '"' + f + '"'
122 eval '"' + f + '"'
121 end
123 end
122
124
123 def active?
125 def active?
124 self.status == STATUS_ACTIVE
126 self.status == STATUS_ACTIVE
125 end
127 end
126
128
127 def registered?
129 def registered?
128 self.status == STATUS_REGISTERED
130 self.status == STATUS_REGISTERED
129 end
131 end
130
132
131 def locked?
133 def locked?
132 self.status == STATUS_LOCKED
134 self.status == STATUS_LOCKED
133 end
135 end
134
136
135 def check_password?(clear_password)
137 def check_password?(clear_password)
136 User.hash_password(clear_password) == self.hashed_password
138 User.hash_password(clear_password) == self.hashed_password
137 end
139 end
138
140
139 def pref
141 def pref
140 self.preference ||= UserPreference.new(:user => self)
142 self.preference ||= UserPreference.new(:user => self)
141 end
143 end
142
144
143 def time_zone
145 def time_zone
144 self.pref.time_zone.nil? ? nil : TimeZone[self.pref.time_zone]
146 self.pref.time_zone.nil? ? nil : TimeZone[self.pref.time_zone]
145 end
147 end
146
148
147 def wants_comments_in_reverse_order?
149 def wants_comments_in_reverse_order?
148 self.pref[:comments_sorting] == 'desc'
150 self.pref[:comments_sorting] == 'desc'
149 end
151 end
150
152
151 # Return user's RSS key (a 40 chars long string), used to access feeds
153 # Return user's RSS key (a 40 chars long string), used to access feeds
152 def rss_key
154 def rss_key
153 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
155 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
154 token.value
156 token.value
155 end
157 end
156
158
157 # Return an array of project ids for which the user has explicitly turned mail notifications on
159 # Return an array of project ids for which the user has explicitly turned mail notifications on
158 def notified_projects_ids
160 def notified_projects_ids
159 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
161 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
160 end
162 end
161
163
162 def notified_project_ids=(ids)
164 def notified_project_ids=(ids)
163 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
165 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
164 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
166 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
165 @notified_projects_ids = nil
167 @notified_projects_ids = nil
166 notified_projects_ids
168 notified_projects_ids
167 end
169 end
168
170
169 def self.find_by_rss_key(key)
171 def self.find_by_rss_key(key)
170 token = Token.find_by_value(key)
172 token = Token.find_by_value(key)
171 token && token.user.active? ? token.user : nil
173 token && token.user.active? ? token.user : nil
172 end
174 end
173
175
174 def self.find_by_autologin_key(key)
176 def self.find_by_autologin_key(key)
175 token = Token.find_by_action_and_value('autologin', key)
177 token = Token.find_by_action_and_value('autologin', key)
176 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
178 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
177 end
179 end
178
180
179 def <=>(user)
181 def <=>(user)
180 if user.nil?
182 if user.nil?
181 -1
183 -1
182 elsif lastname.to_s.downcase == user.lastname.to_s.downcase
184 elsif lastname.to_s.downcase == user.lastname.to_s.downcase
183 firstname.to_s.downcase <=> user.firstname.to_s.downcase
185 firstname.to_s.downcase <=> user.firstname.to_s.downcase
184 else
186 else
185 lastname.to_s.downcase <=> user.lastname.to_s.downcase
187 lastname.to_s.downcase <=> user.lastname.to_s.downcase
186 end
188 end
187 end
189 end
188
190
189 def to_s
191 def to_s
190 name
192 name
191 end
193 end
192
194
193 def logged?
195 def logged?
194 true
196 true
195 end
197 end
196
198
197 # Return user's role for project
199 # Return user's role for project
198 def role_for_project(project)
200 def role_for_project(project)
199 # No role on archived projects
201 # No role on archived projects
200 return nil unless project && project.active?
202 return nil unless project && project.active?
201 if logged?
203 if logged?
202 # Find project membership
204 # Find project membership
203 membership = memberships.detect {|m| m.project_id == project.id}
205 membership = memberships.detect {|m| m.project_id == project.id}
204 if membership
206 if membership
205 membership.role
207 membership.role
206 else
208 else
207 @role_non_member ||= Role.non_member
209 @role_non_member ||= Role.non_member
208 end
210 end
209 else
211 else
210 @role_anonymous ||= Role.anonymous
212 @role_anonymous ||= Role.anonymous
211 end
213 end
212 end
214 end
213
215
214 # Return true if the user is a member of project
216 # Return true if the user is a member of project
215 def member_of?(project)
217 def member_of?(project)
216 role_for_project(project).member?
218 role_for_project(project).member?
217 end
219 end
218
220
219 # Return true if the user is allowed to do the specified action on project
221 # Return true if the user is allowed to do the specified action on project
220 # action can be:
222 # action can be:
221 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
223 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
222 # * a permission Symbol (eg. :edit_project)
224 # * a permission Symbol (eg. :edit_project)
223 def allowed_to?(action, project)
225 def allowed_to?(action, project)
224 # No action allowed on archived projects
226 # No action allowed on archived projects
225 return false unless project.active?
227 return false unless project.active?
226 # No action allowed on disabled modules
228 # No action allowed on disabled modules
227 return false unless project.allows_to?(action)
229 return false unless project.allows_to?(action)
228 # Admin users are authorized for anything else
230 # Admin users are authorized for anything else
229 return true if admin?
231 return true if admin?
230
232
231 role = role_for_project(project)
233 role = role_for_project(project)
232 return false unless role
234 return false unless role
233 role.allowed_to?(action) && (project.is_public? || role.member?)
235 role.allowed_to?(action) && (project.is_public? || role.member?)
234 end
236 end
235
237
236 def self.current=(user)
238 def self.current=(user)
237 @current_user = user
239 @current_user = user
238 end
240 end
239
241
240 def self.current
242 def self.current
241 @current_user ||= User.anonymous
243 @current_user ||= User.anonymous
242 end
244 end
243
245
244 def self.anonymous
246 def self.anonymous
245 return @anonymous_user if @anonymous_user
247 return @anonymous_user if @anonymous_user
246 anonymous_user = AnonymousUser.find(:first)
248 anonymous_user = AnonymousUser.find(:first)
247 if anonymous_user.nil?
249 if anonymous_user.nil?
248 anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
250 anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
249 raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
251 raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
250 end
252 end
251 @anonymous_user = anonymous_user
253 @anonymous_user = anonymous_user
252 end
254 end
253
255
254 private
256 private
255 # Return password digest
257 # Return password digest
256 def self.hash_password(clear_password)
258 def self.hash_password(clear_password)
257 Digest::SHA1.hexdigest(clear_password || "")
259 Digest::SHA1.hexdigest(clear_password || "")
258 end
260 end
259 end
261 end
260
262
261 class AnonymousUser < User
263 class AnonymousUser < User
262
264
263 def validate_on_create
265 def validate_on_create
264 # There should be only one AnonymousUser in the database
266 # There should be only one AnonymousUser in the database
265 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
267 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
266 end
268 end
267
269
268 # Overrides a few properties
270 # Overrides a few properties
269 def logged?; false end
271 def logged?; false end
270 def admin; false end
272 def admin; false end
271 def name; 'Anonymous' end
273 def name; 'Anonymous' end
272 def mail; nil end
274 def mail; nil end
273 def time_zone; nil end
275 def time_zone; nil end
274 def rss_key; nil end
276 def rss_key; nil end
275 end
277 end
General Comments 0
You need to be logged in to leave comments. Login now