jro_apps/redmine Commit - r6392:66a1504db677

1

# ~~redM~~ine - project management software

1

# Redmine - project management software

2

3

#

3

#

4

# This program is free software; you can redistribute it and/or

4

# This program is free software; you can redistribute it and/or

5

# modify it under the terms of the GNU General Public License

5

# modify it under the terms of the GNU General Public License

6

# as published by the Free Software Foundation; either version 2

6

# as published by the Free Software Foundation; either version 2

7

# of the License, or (at your option) any later version.

7

# of the License, or (at your option) any later version.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU General Public License

14

# You should have received a copy of the GNU General Public License

15

# along with this program; if not, write to the Free Software

15

# along with this program; if not, write to the Free Software

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

18

require 'net/ldap'

18

require 'net/ldap'

19

require 'iconv'

19

require 'iconv'

20

21

class AuthSourceLdap < AuthSource

21

class AuthSourceLdap < AuthSource

22

validates_presence_of :host, :port, :attr_login

22

validates_presence_of :host, :port, :attr_login

23

validates_length_of :name, :host, :maximum => 60, :allow_nil => true

23

validates_length_of :name, :host, :maximum => 60, :allow_nil => true

24

validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true

24

validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true

25

validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true

25

validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true

26

validates_numericality_of :port, :only_integer => true

26

validates_numericality_of :port, :only_integer => true

27

28

before_validation :strip_ldap_attributes

28

before_validation :strip_ldap_attributes

29

30

def after_initialize

30

def after_initialize

31

self.port = 389 if self.port == 0

31

self.port = 389 if self.port == 0

32

end

32

end

33

34

def authenticate(login, password)

34

def authenticate(login, password)

35

return nil if login.blank? || password.blank?

35

return nil if login.blank? || password.blank?

36

attrs = get_user_dn(login)

36

attrs = get_user_dn(login)

37

38

if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)

38

if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)

39

logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?

39

logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?

40

return attrs.except(:dn)

40

return attrs.except(:dn)

50

rescue Net::LDAP::LdapError => text

50

rescue Net::LDAP::LdapError => text

51

raise "LdapError: " + text

51

raise "LdapError: " + text

52

end

52

end

53

54

def auth_method_name

54

def auth_method_name

55

"LDAP"

55

"LDAP"

56

end

56

end

57

58

private

58

private

59

60

def strip_ldap_attributes

60

def strip_ldap_attributes

61

[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|

61

[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|

62

write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?

62

write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?

63

end

63

end

64

end

64

end

65

66

def initialize_ldap_con(ldap_user, ldap_password)

66

def initialize_ldap_con(ldap_user, ldap_password)

67

options = { :host => self.host,

67

options = { :host => self.host,

68

:port => self.port,

68

:port => self.port,

102

# Get the user's dn and any attributes for them, given their login

102

# Get the user's dn and any attributes for them, given their login

103

def get_user_dn(login)

103

def get_user_dn(login)

104

ldap_con = initialize_ldap_con(self.account, self.account_password)

104

ldap_con = initialize_ldap_con(self.account, self.account_password)

105

login_filter = Net::LDAP::Filter.eq( self.attr_login, login )

105

login_filter = Net::LDAP::Filter.eq( self.attr_login, login )

106

object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )

106

object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )

107

attrs = {}

107

attrs = {}

108

109

ldap_con.search( :base => self.base_dn,

109

ldap_con.search( :base => self.base_dn,

110

:filter => object_filter & login_filter,

110

:filter => object_filter & login_filter,

111

:attributes=> search_attributes) do |entry|

111

:attributes=> search_attributes) do |entry|

112

113

if onthefly_register?

113

if onthefly_register?

121

122

attrs

122

attrs

123

end

123

end

124

125

def self.get_attr(entry, attr_name)

125

def self.get_attr(entry, attr_name)

126

if !attr_name.blank?

126

if !attr_name.blank?

127

entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]

127

entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

-            # redMine - project management software
+            # Redmine - project management software
-            # Copyright (C) 2006  Jean-Philippe Lang
+            # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
+            #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
+            #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'net/ldap'
             require 'iconv'
             class AuthSourceLdap < AuthSource
               validates_presence_of :host, :port, :attr_login
               validates_length_of :name, :host, :maximum => 60, :allow_nil => true
               validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
               validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
               validates_numericality_of :port, :only_integer => true
               before_validation :strip_ldap_attributes
               def after_initialize
                 self.port = 389 if self.port == 0
               end
               def authenticate(login, password)
                 return nil if login.blank? || password.blank?
                 attrs = get_user_dn(login)
                 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
                   logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
                   return attrs.except(:dn)
               rescue  Net::LDAP::LdapError => text
                 raise "LdapError: " + text
               end
               def auth_method_name
                 "LDAP"
               end
               private
               def strip_ldap_attributes
                 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
                   write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
                 end
               end
               def initialize_ldap_con(ldap_user, ldap_password)
                 options = { :host => self.host,
                             :port => self.port,
               # Get the user's dn and any attributes for them, given their login
               def get_user_dn(login)
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
                 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
                 attrs = {}
                 ldap_con.search( :base => self.base_dn,
                                  :filter => object_filter & login_filter,
                                  :attributes=> search_attributes) do |entry|
                   if onthefly_register?
                 attrs
               end
               def self.get_attr(entry, attr_name)
                 if !attr_name.blank?
                   entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]