jro_apps/redmine Commit - r14402:7019f3416a5d

upgrade net-ldap gem to 0.12.0 (#17618)...

Toshi MARUYAMA -

r14402:7019f3416a5d

parent child

Context file:

r14402:7019f3416a5d

Collapse all files

Gemfile +1 -1

             source 'https://rubygems.org'
             if Gem::Version.new(Bundler::VERSION) < Gem::Version.new('1.5.0')
               abort "Redmine requires Bundler 1.5.0 or higher (you're using #{Bundler::VERSION}).\nPlease update with 'gem update bundler'."
             end
             gem "rails", "4.2.4"
             gem "jquery-rails", "~> 3.1.4"
             gem "coderay", "~> 1.1.0"
             gem "builder", ">= 3.0.4"
             gem "request_store", "1.0.5"
             gem "mime-types"
             gem "protected_attributes"
             gem "actionpack-action_caching"
             gem "actionpack-xml_parser"
             gem "roadie-rails"
             # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
             gem 'tzinfo-data', platforms: [:mingw, :x64_mingw, :mswin, :jruby]
             gem "rbpdf", "~> 1.18.6"
             # Optional gem for LDAP authentication
             group :ldap do
-              gem "net-ldap", "~> 0.10.1"
+              gem "net-ldap", "~> 0.12.0"
             end
             # Optional gem for OpenID authentication
             group :openid do
               gem "ruby-openid", "~> 2.3.0", :require => "openid"
               gem "rack-openid"
             end
             platforms :mri, :mingw, :x64_mingw do
               # Optional gem for exporting the gantt to a PNG file, not supported with jruby
               group :rmagick do
                 gem "rmagick", ">= 2.14.0"
               end
               # Optional Markdown support, not for JRuby
               group :markdown do
                 gem "redcarpet", "~> 3.3.2"
               end
             end
             platforms :jruby do
               # jruby-openssl is bundled with JRuby 1.7.0
               gem "jruby-openssl" if Object.const_defined?(:JRUBY_VERSION) && JRUBY_VERSION < '1.7.0'
               gem "activerecord-jdbc-adapter", "~> 1.3.2"
             end
             # Include database gems for the adapters found in the database
             # configuration file
             require 'erb'
             require 'yaml'
             database_file = File.join(File.dirname(__FILE__), "config/database.yml")
             if File.exist?(database_file)
               database_config = YAML::load(ERB.new(IO.read(database_file)).result)
               adapters = database_config.values.map {|c| c['adapter']}.compact.uniq
               if adapters.any?
                 adapters.each do |adapter|
                   case adapter
                   when 'mysql2'
                     gem "mysql2", "~> 0.3.11", :platforms => [:mri, :mingw, :x64_mingw]
                     gem "activerecord-jdbcmysql-adapter", :platforms => :jruby
                   when 'mysql'
                     gem "activerecord-jdbcmysql-adapter", :platforms => :jruby
                   when /postgresql/
                     gem "pg", "~> 0.18.1", :platforms => [:mri, :mingw, :x64_mingw]
                     gem "activerecord-jdbcpostgresql-adapter", :platforms => :jruby
                   when /sqlite3/
                     gem "sqlite3", :platforms => [:mri, :mingw, :x64_mingw]
                     gem "jdbc-sqlite3", ">= 3.8.10.1", :platforms => :jruby
                     gem "activerecord-jdbcsqlite3-adapter", :platforms => :jruby
                   when /sqlserver/
                     gem "tiny_tds", "~> 0.6.2", :platforms => [:mri, :mingw, :x64_mingw]
                     gem "activerecord-sqlserver-adapter", :platforms => [:mri, :mingw, :x64_mingw]
                   else
                     warn("Unknown database adapter `#{adapter}` found in config/database.yml, use Gemfile.local to load your own database gems")
                   end
                 end
               else
                 warn("No adapter found in config/database.yml, please configure it first")
               end
             else
               warn("Please configure your config/database.yml first")
             end
             group :development do
               gem "rdoc", ">= 2.4.2"
               gem "yard"
             end
             group :test do
               gem "minitest"
               gem "rails-dom-testing"
               gem "mocha"
               gem "simplecov", "~> 0.9.1", :require => false
               # For running UI tests
               gem "capybara"
               gem "selenium-webdriver"
             end
             local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
             if File.exists?(local_gemfile)
               eval_gemfile local_gemfile
             end
             # Load plugins' Gemfiles
             Dir.glob File.expand_path("../plugins/*/{Gemfile,PluginGemfile}", __FILE__) do |file|
               eval_gemfile file
             end

app/models/auth_source_ldap.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2015  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'net/ldap'
             require 'net/ldap/dn'
             require 'timeout'
             class AuthSourceLdap < AuthSource
               validates_presence_of :host, :port, :attr_login
               validates_length_of :name, :host, :maximum => 60, :allow_nil => true
               validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_blank => true
               validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
               validates_numericality_of :port, :only_integer => true
               validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
               validate :validate_filter
               before_validation :strip_ldap_attributes
               def initialize(attributes=nil, *args)
                 super
                 self.port = 389 if self.port == 0
               end
               def authenticate(login, password)
                 return nil if login.blank? || password.blank?
                 with_timeout do
                   attrs = get_user_dn(login, password)
                   if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
                     logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
                     return attrs.except(:dn)
                   end
                 end
               rescue Net::LDAP::LdapError => e
                 raise AuthSourceException.new(e.message)
               end
               # test the connection to the LDAP
               def test_connection
                 with_timeout do
                   ldap_con = initialize_ldap_con(self.account, self.account_password)
                   ldap_con.open { }
                 end
               rescue Net::LDAP::LdapError => e
                 raise AuthSourceException.new(e.message)
               end
               def auth_method_name
                 "LDAP"
               end
               # Returns true if this source can be searched for users
               def searchable?
                 !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
               end
               # Searches the source for users and returns an array of results
               def search(q)
                 q = q.to_s.strip
                 return [] unless searchable? && q.present?
                 results = []
                 search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 ldap_con.search(:base => self.base_dn,
                                 :filter => search_filter,
                                 :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
                                 :size => 10) do |entry|
                   attrs = get_user_attributes_from_ldap_entry(entry)
                   attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
                   results << attrs
                 end
                 results
               rescue Net::LDAP::LdapError => e
                 raise AuthSourceException.new(e.message)
               end
               private
               def with_timeout(&block)
                 timeout = self.timeout
                 timeout = 20 unless timeout && timeout > 0
                 Timeout.timeout(timeout) do
                   return yield
                 end
               rescue Timeout::Error => e
                 raise AuthSourceTimeoutException.new(e.message)
               end
               def ldap_filter
                 if filter.present?
                   Net::LDAP::Filter.construct(filter)
                 end
-              rescue Net::LDAP::LdapError
+              rescue Net::LDAP::LdapError, Net::LDAP::FilterSyntaxInvalidError
                 nil
               end
               def base_filter
                 filter = Net::LDAP::Filter.eq("objectClass", "*")
                 if f = ldap_filter
                   filter = filter & f
                 end
                 filter
               end
               def validate_filter
                 if filter.present? && ldap_filter.nil?
                   errors.add(:filter, :invalid)
                 end
               end
               def strip_ldap_attributes
                 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
                   write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
                 end
               end
               def initialize_ldap_con(ldap_user, ldap_password)
                 options = { :host => self.host,
                             :port => self.port,
                             :encryption => (self.tls ? :simple_tls : nil)
                           }
                 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
                 Net::LDAP.new options
               end
               def get_user_attributes_from_ldap_entry(entry)
                 {
                  :dn => entry.dn,
                  :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
                  :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
                  :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
                  :auth_source_id => self.id
                 }
               end
               # Return the attributes needed for the LDAP search.  It will only
               # include the user attributes if on-the-fly registration is enabled
               def search_attributes
                 if onthefly_register?
                   ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
                 else
                   ['dn']
                 end
               end
               # Check if a DN (user record) authenticates with the password
               def authenticate_dn(dn, password)
                 if dn.present? && password.present?
                   initialize_ldap_con(dn, password).bind
                 end
               end
               # Get the user's dn and any attributes for them, given their login
               def get_user_dn(login, password)
                 ldap_con = nil
                 if self.account && self.account.include?("$login")
                   ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
                 else
                   ldap_con = initialize_ldap_con(self.account, self.account_password)
                 end
                 attrs = {}
                 search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
                 ldap_con.search( :base => self.base_dn,
                                  :filter => search_filter,
                                  :attributes=> search_attributes) do |entry|
                   if onthefly_register?
                     attrs = get_user_attributes_from_ldap_entry(entry)
                   else
                     attrs = {:dn => entry.dn}
                   end
                   logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
                 end
                 attrs
               end
               def self.get_attr(entry, attr_name)
                 if !attr_name.blank?
                   entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
                 end
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages