##// END OF EJS Templates
Remove hard coded LDAP log message....
Eric Davis -
r3629:a1f73c8b2031
parent child
Show More
@@ -1,360 +1,360
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2009 Jean-Philippe Lang
2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require "digest/sha1"
18 require "digest/sha1"
19
19
20 class User < Principal
20 class User < Principal
21
21
22 # Account statuses
22 # Account statuses
23 STATUS_ANONYMOUS = 0
23 STATUS_ANONYMOUS = 0
24 STATUS_ACTIVE = 1
24 STATUS_ACTIVE = 1
25 STATUS_REGISTERED = 2
25 STATUS_REGISTERED = 2
26 STATUS_LOCKED = 3
26 STATUS_LOCKED = 3
27
27
28 USER_FORMATS = {
28 USER_FORMATS = {
29 :firstname_lastname => '#{firstname} #{lastname}',
29 :firstname_lastname => '#{firstname} #{lastname}',
30 :firstname => '#{firstname}',
30 :firstname => '#{firstname}',
31 :lastname_firstname => '#{lastname} #{firstname}',
31 :lastname_firstname => '#{lastname} #{firstname}',
32 :lastname_coma_firstname => '#{lastname}, #{firstname}',
32 :lastname_coma_firstname => '#{lastname}, #{firstname}',
33 :username => '#{login}'
33 :username => '#{login}'
34 }
34 }
35
35
36 has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
36 has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
37 :after_remove => Proc.new {|user, group| group.user_removed(user)}
37 :after_remove => Proc.new {|user, group| group.user_removed(user)}
38 has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
38 has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
39 has_many :changesets, :dependent => :nullify
39 has_many :changesets, :dependent => :nullify
40 has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
40 has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
41 has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
41 has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
42 has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
42 has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
43 belongs_to :auth_source
43 belongs_to :auth_source
44
44
45 # Active non-anonymous users scope
45 # Active non-anonymous users scope
46 named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
46 named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
47
47
48 acts_as_customizable
48 acts_as_customizable
49
49
50 attr_accessor :password, :password_confirmation
50 attr_accessor :password, :password_confirmation
51 attr_accessor :last_before_login_on
51 attr_accessor :last_before_login_on
52 # Prevents unauthorized assignments
52 # Prevents unauthorized assignments
53 attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
53 attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
54
54
55 validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
55 validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
56 validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
56 validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
57 validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
57 validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
58 # Login must contain lettres, numbers, underscores only
58 # Login must contain lettres, numbers, underscores only
59 validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
59 validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
60 validates_length_of :login, :maximum => 30
60 validates_length_of :login, :maximum => 30
61 validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
61 validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
62 validates_length_of :firstname, :lastname, :maximum => 30
62 validates_length_of :firstname, :lastname, :maximum => 30
63 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
63 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
64 validates_length_of :mail, :maximum => 60, :allow_nil => true
64 validates_length_of :mail, :maximum => 60, :allow_nil => true
65 validates_confirmation_of :password, :allow_nil => true
65 validates_confirmation_of :password, :allow_nil => true
66
66
67 def before_create
67 def before_create
68 self.mail_notification = false
68 self.mail_notification = false
69 true
69 true
70 end
70 end
71
71
72 def before_save
72 def before_save
73 # update hashed_password if password was set
73 # update hashed_password if password was set
74 self.hashed_password = User.hash_password(self.password) if self.password
74 self.hashed_password = User.hash_password(self.password) if self.password
75 end
75 end
76
76
77 def reload(*args)
77 def reload(*args)
78 @name = nil
78 @name = nil
79 super
79 super
80 end
80 end
81
81
82 def identity_url=(url)
82 def identity_url=(url)
83 if url.blank?
83 if url.blank?
84 write_attribute(:identity_url, '')
84 write_attribute(:identity_url, '')
85 else
85 else
86 begin
86 begin
87 write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
87 write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
88 rescue OpenIdAuthentication::InvalidOpenId
88 rescue OpenIdAuthentication::InvalidOpenId
89 # Invlaid url, don't save
89 # Invlaid url, don't save
90 end
90 end
91 end
91 end
92 self.read_attribute(:identity_url)
92 self.read_attribute(:identity_url)
93 end
93 end
94
94
95 # Returns the user that matches provided login and password, or nil
95 # Returns the user that matches provided login and password, or nil
96 def self.try_to_login(login, password)
96 def self.try_to_login(login, password)
97 # Make sure no one can sign in with an empty password
97 # Make sure no one can sign in with an empty password
98 return nil if password.to_s.empty?
98 return nil if password.to_s.empty?
99 user = find(:first, :conditions => ["login=?", login])
99 user = find(:first, :conditions => ["login=?", login])
100 if user
100 if user
101 # user is already in local database
101 # user is already in local database
102 return nil if !user.active?
102 return nil if !user.active?
103 if user.auth_source
103 if user.auth_source
104 # user has an external authentication method
104 # user has an external authentication method
105 return nil unless user.auth_source.authenticate(login, password)
105 return nil unless user.auth_source.authenticate(login, password)
106 else
106 else
107 # authentication with local password
107 # authentication with local password
108 return nil unless User.hash_password(password) == user.hashed_password
108 return nil unless User.hash_password(password) == user.hashed_password
109 end
109 end
110 else
110 else
111 # user is not yet registered, try to authenticate with available sources
111 # user is not yet registered, try to authenticate with available sources
112 attrs = AuthSource.authenticate(login, password)
112 attrs = AuthSource.authenticate(login, password)
113 if attrs
113 if attrs
114 user = new(attrs)
114 user = new(attrs)
115 user.login = login
115 user.login = login
116 user.language = Setting.default_language
116 user.language = Setting.default_language
117 if user.save
117 if user.save
118 user.reload
118 user.reload
119 logger.info("User '#{user.login}' created from the LDAP") if logger
119 logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger
120 end
120 end
121 end
121 end
122 end
122 end
123 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
123 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
124 user
124 user
125 rescue => text
125 rescue => text
126 raise text
126 raise text
127 end
127 end
128
128
129 # Returns the user who matches the given autologin +key+ or nil
129 # Returns the user who matches the given autologin +key+ or nil
130 def self.try_to_autologin(key)
130 def self.try_to_autologin(key)
131 tokens = Token.find_all_by_action_and_value('autologin', key)
131 tokens = Token.find_all_by_action_and_value('autologin', key)
132 # Make sure there's only 1 token that matches the key
132 # Make sure there's only 1 token that matches the key
133 if tokens.size == 1
133 if tokens.size == 1
134 token = tokens.first
134 token = tokens.first
135 if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
135 if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
136 token.user.update_attribute(:last_login_on, Time.now)
136 token.user.update_attribute(:last_login_on, Time.now)
137 token.user
137 token.user
138 end
138 end
139 end
139 end
140 end
140 end
141
141
142 # Return user's full name for display
142 # Return user's full name for display
143 def name(formatter = nil)
143 def name(formatter = nil)
144 if formatter
144 if formatter
145 eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
145 eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
146 else
146 else
147 @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
147 @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
148 end
148 end
149 end
149 end
150
150
151 def active?
151 def active?
152 self.status == STATUS_ACTIVE
152 self.status == STATUS_ACTIVE
153 end
153 end
154
154
155 def registered?
155 def registered?
156 self.status == STATUS_REGISTERED
156 self.status == STATUS_REGISTERED
157 end
157 end
158
158
159 def locked?
159 def locked?
160 self.status == STATUS_LOCKED
160 self.status == STATUS_LOCKED
161 end
161 end
162
162
163 def check_password?(clear_password)
163 def check_password?(clear_password)
164 User.hash_password(clear_password) == self.hashed_password
164 User.hash_password(clear_password) == self.hashed_password
165 end
165 end
166
166
167 # Generate and set a random password. Useful for automated user creation
167 # Generate and set a random password. Useful for automated user creation
168 # Based on Token#generate_token_value
168 # Based on Token#generate_token_value
169 #
169 #
170 def random_password
170 def random_password
171 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
171 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
172 password = ''
172 password = ''
173 40.times { |i| password << chars[rand(chars.size-1)] }
173 40.times { |i| password << chars[rand(chars.size-1)] }
174 self.password = password
174 self.password = password
175 self.password_confirmation = password
175 self.password_confirmation = password
176 self
176 self
177 end
177 end
178
178
179 def pref
179 def pref
180 self.preference ||= UserPreference.new(:user => self)
180 self.preference ||= UserPreference.new(:user => self)
181 end
181 end
182
182
183 def time_zone
183 def time_zone
184 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
184 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
185 end
185 end
186
186
187 def wants_comments_in_reverse_order?
187 def wants_comments_in_reverse_order?
188 self.pref[:comments_sorting] == 'desc'
188 self.pref[:comments_sorting] == 'desc'
189 end
189 end
190
190
191 # Return user's RSS key (a 40 chars long string), used to access feeds
191 # Return user's RSS key (a 40 chars long string), used to access feeds
192 def rss_key
192 def rss_key
193 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
193 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
194 token.value
194 token.value
195 end
195 end
196
196
197 # Return user's API key (a 40 chars long string), used to access the API
197 # Return user's API key (a 40 chars long string), used to access the API
198 def api_key
198 def api_key
199 token = self.api_token || self.create_api_token(:action => 'api')
199 token = self.api_token || self.create_api_token(:action => 'api')
200 token.value
200 token.value
201 end
201 end
202
202
203 # Return an array of project ids for which the user has explicitly turned mail notifications on
203 # Return an array of project ids for which the user has explicitly turned mail notifications on
204 def notified_projects_ids
204 def notified_projects_ids
205 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
205 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
206 end
206 end
207
207
208 def notified_project_ids=(ids)
208 def notified_project_ids=(ids)
209 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
209 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
210 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
210 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
211 @notified_projects_ids = nil
211 @notified_projects_ids = nil
212 notified_projects_ids
212 notified_projects_ids
213 end
213 end
214
214
215 def self.find_by_rss_key(key)
215 def self.find_by_rss_key(key)
216 token = Token.find_by_value(key)
216 token = Token.find_by_value(key)
217 token && token.user.active? ? token.user : nil
217 token && token.user.active? ? token.user : nil
218 end
218 end
219
219
220 def self.find_by_api_key(key)
220 def self.find_by_api_key(key)
221 token = Token.find_by_action_and_value('api', key)
221 token = Token.find_by_action_and_value('api', key)
222 token && token.user.active? ? token.user : nil
222 token && token.user.active? ? token.user : nil
223 end
223 end
224
224
225 # Makes find_by_mail case-insensitive
225 # Makes find_by_mail case-insensitive
226 def self.find_by_mail(mail)
226 def self.find_by_mail(mail)
227 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
227 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
228 end
228 end
229
229
230 def to_s
230 def to_s
231 name
231 name
232 end
232 end
233
233
234 # Returns the current day according to user's time zone
234 # Returns the current day according to user's time zone
235 def today
235 def today
236 if time_zone.nil?
236 if time_zone.nil?
237 Date.today
237 Date.today
238 else
238 else
239 Time.now.in_time_zone(time_zone).to_date
239 Time.now.in_time_zone(time_zone).to_date
240 end
240 end
241 end
241 end
242
242
243 def logged?
243 def logged?
244 true
244 true
245 end
245 end
246
246
247 def anonymous?
247 def anonymous?
248 !logged?
248 !logged?
249 end
249 end
250
250
251 # Return user's roles for project
251 # Return user's roles for project
252 def roles_for_project(project)
252 def roles_for_project(project)
253 roles = []
253 roles = []
254 # No role on archived projects
254 # No role on archived projects
255 return roles unless project && project.active?
255 return roles unless project && project.active?
256 if logged?
256 if logged?
257 # Find project membership
257 # Find project membership
258 membership = memberships.detect {|m| m.project_id == project.id}
258 membership = memberships.detect {|m| m.project_id == project.id}
259 if membership
259 if membership
260 roles = membership.roles
260 roles = membership.roles
261 else
261 else
262 @role_non_member ||= Role.non_member
262 @role_non_member ||= Role.non_member
263 roles << @role_non_member
263 roles << @role_non_member
264 end
264 end
265 else
265 else
266 @role_anonymous ||= Role.anonymous
266 @role_anonymous ||= Role.anonymous
267 roles << @role_anonymous
267 roles << @role_anonymous
268 end
268 end
269 roles
269 roles
270 end
270 end
271
271
272 # Return true if the user is a member of project
272 # Return true if the user is a member of project
273 def member_of?(project)
273 def member_of?(project)
274 !roles_for_project(project).detect {|role| role.member?}.nil?
274 !roles_for_project(project).detect {|role| role.member?}.nil?
275 end
275 end
276
276
277 # Return true if the user is allowed to do the specified action on project
277 # Return true if the user is allowed to do the specified action on project
278 # action can be:
278 # action can be:
279 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
279 # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
280 # * a permission Symbol (eg. :edit_project)
280 # * a permission Symbol (eg. :edit_project)
281 def allowed_to?(action, project, options={})
281 def allowed_to?(action, project, options={})
282 if project
282 if project
283 # No action allowed on archived projects
283 # No action allowed on archived projects
284 return false unless project.active?
284 return false unless project.active?
285 # No action allowed on disabled modules
285 # No action allowed on disabled modules
286 return false unless project.allows_to?(action)
286 return false unless project.allows_to?(action)
287 # Admin users are authorized for anything else
287 # Admin users are authorized for anything else
288 return true if admin?
288 return true if admin?
289
289
290 roles = roles_for_project(project)
290 roles = roles_for_project(project)
291 return false unless roles
291 return false unless roles
292 roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
292 roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
293
293
294 elsif options[:global]
294 elsif options[:global]
295 # Admin users are always authorized
295 # Admin users are always authorized
296 return true if admin?
296 return true if admin?
297
297
298 # authorize if user has at least one role that has this permission
298 # authorize if user has at least one role that has this permission
299 roles = memberships.collect {|m| m.roles}.flatten.uniq
299 roles = memberships.collect {|m| m.roles}.flatten.uniq
300 roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
300 roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
301 else
301 else
302 false
302 false
303 end
303 end
304 end
304 end
305
305
306 def self.current=(user)
306 def self.current=(user)
307 @current_user = user
307 @current_user = user
308 end
308 end
309
309
310 def self.current
310 def self.current
311 @current_user ||= User.anonymous
311 @current_user ||= User.anonymous
312 end
312 end
313
313
314 # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only
314 # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only
315 # one anonymous user per database.
315 # one anonymous user per database.
316 def self.anonymous
316 def self.anonymous
317 anonymous_user = AnonymousUser.find(:first)
317 anonymous_user = AnonymousUser.find(:first)
318 if anonymous_user.nil?
318 if anonymous_user.nil?
319 anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
319 anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
320 raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
320 raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
321 end
321 end
322 anonymous_user
322 anonymous_user
323 end
323 end
324
324
325 protected
325 protected
326
326
327 def validate
327 def validate
328 # Password length validation based on setting
328 # Password length validation based on setting
329 if !password.nil? && password.size < Setting.password_min_length.to_i
329 if !password.nil? && password.size < Setting.password_min_length.to_i
330 errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
330 errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
331 end
331 end
332 end
332 end
333
333
334 private
334 private
335
335
336 # Return password digest
336 # Return password digest
337 def self.hash_password(clear_password)
337 def self.hash_password(clear_password)
338 Digest::SHA1.hexdigest(clear_password || "")
338 Digest::SHA1.hexdigest(clear_password || "")
339 end
339 end
340 end
340 end
341
341
342 class AnonymousUser < User
342 class AnonymousUser < User
343
343
344 def validate_on_create
344 def validate_on_create
345 # There should be only one AnonymousUser in the database
345 # There should be only one AnonymousUser in the database
346 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
346 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
347 end
347 end
348
348
349 def available_custom_fields
349 def available_custom_fields
350 []
350 []
351 end
351 end
352
352
353 # Overrides a few properties
353 # Overrides a few properties
354 def logged?; false end
354 def logged?; false end
355 def admin; false end
355 def admin; false end
356 def name(*args); I18n.t(:label_user_anonymous) end
356 def name(*args); I18n.t(:label_user_anonymous) end
357 def mail; nil end
357 def mail; nil end
358 def time_zone; nil end
358 def time_zone; nil end
359 def rss_key; nil end
359 def rss_key; nil end
360 end
360 end
General Comments 0
You need to be logged in to leave comments. Login now