##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that LDAP error is not displayed when testing connection....
Jean-Philippe Lang -
r9114:a8e392c0e573
parent child
Show More
Side by Side Unified
Context file:
r9114:a8e392c0e573 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,151 +1,151
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require 'iconv'
18 require 'iconv'
19 require 'net/ldap'
19 require 'net/ldap'
20
20
21 class AuthSourceLdap < AuthSource
21 class AuthSourceLdap < AuthSource
22 validates_presence_of :host, :port, :attr_login
22 validates_presence_of :host, :port, :attr_login
23 validates_length_of :name, :host, :maximum => 60, :allow_nil => true
23 validates_length_of :name, :host, :maximum => 60, :allow_nil => true
24 validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
24 validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
25 validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
25 validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
26 validates_numericality_of :port, :only_integer => true
26 validates_numericality_of :port, :only_integer => true
27 validate :validate_filter
27 validate :validate_filter
28
28
29 before_validation :strip_ldap_attributes
29 before_validation :strip_ldap_attributes
30
30
31 def initialize(attributes=nil, *args)
31 def initialize(attributes=nil, *args)
32 super
32 super
33 self.port = 389 if self.port == 0
33 self.port = 389 if self.port == 0
34 end
34 end
35
35
36 def authenticate(login, password)
36 def authenticate(login, password)
37 return nil if login.blank? || password.blank?
37 return nil if login.blank? || password.blank?
38 attrs = get_user_dn(login)
38 attrs = get_user_dn(login)
39
39
40 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
40 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
41 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
41 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
42 return attrs.except(:dn)
42 return attrs.except(:dn)
43 end
43 end
44 rescue Net::LDAP::LdapError => e
44 rescue Net::LDAP::LdapError => e
45 raise AuthSourceException.new(e.message)
45 raise AuthSourceException.new(e.message)
46 end
46 end
47
47
48 # test the connection to the LDAP
48 # test the connection to the LDAP
49 def test_connection
49 def test_connection
50 ldap_con = initialize_ldap_con(self.account, self.account_password)
50 ldap_con = initialize_ldap_con(self.account, self.account_password)
51 ldap_con.open { }
51 ldap_con.open { }
52 rescue Net::LDAP::LdapError => text
52 rescue Net::LDAP::LdapError => e
53 raise "LdapError: " + text
53 raise "LdapError: " + e.message
54 end
54 end
55
55
56 def auth_method_name
56 def auth_method_name
57 "LDAP"
57 "LDAP"
58 end
58 end
59
59
60 private
60 private
61
61
62 def ldap_filter
62 def ldap_filter
63 if filter.present?
63 if filter.present?
64 Net::LDAP::Filter.construct(filter)
64 Net::LDAP::Filter.construct(filter)
65 end
65 end
66 rescue Net::LDAP::LdapError
66 rescue Net::LDAP::LdapError
67 nil
67 nil
68 end
68 end
69
69
70 def validate_filter
70 def validate_filter
71 if filter.present? && ldap_filter.nil?
71 if filter.present? && ldap_filter.nil?
72 errors.add(:filter, :invalid)
72 errors.add(:filter, :invalid)
73 end
73 end
74 end
74 end
75
75
76 def strip_ldap_attributes
76 def strip_ldap_attributes
77 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
77 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
78 write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
78 write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
79 end
79 end
80 end
80 end
81
81
82 def initialize_ldap_con(ldap_user, ldap_password)
82 def initialize_ldap_con(ldap_user, ldap_password)
83 options = { :host => self.host,
83 options = { :host => self.host,
84 :port => self.port,
84 :port => self.port,
85 :encryption => (self.tls ? :simple_tls : nil)
85 :encryption => (self.tls ? :simple_tls : nil)
86 }
86 }
87 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
87 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
88 Net::LDAP.new options
88 Net::LDAP.new options
89 end
89 end
90
90
91 def get_user_attributes_from_ldap_entry(entry)
91 def get_user_attributes_from_ldap_entry(entry)
92 {
92 {
93 :dn => entry.dn,
93 :dn => entry.dn,
94 :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
94 :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
95 :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
95 :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
96 :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
96 :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
97 :auth_source_id => self.id
97 :auth_source_id => self.id
98 }
98 }
99 end
99 end
100
100
101 # Return the attributes needed for the LDAP search. It will only
101 # Return the attributes needed for the LDAP search. It will only
102 # include the user attributes if on-the-fly registration is enabled
102 # include the user attributes if on-the-fly registration is enabled
103 def search_attributes
103 def search_attributes
104 if onthefly_register?
104 if onthefly_register?
105 ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
105 ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
106 else
106 else
107 ['dn']
107 ['dn']
108 end
108 end
109 end
109 end
110
110
111 # Check if a DN (user record) authenticates with the password
111 # Check if a DN (user record) authenticates with the password
112 def authenticate_dn(dn, password)
112 def authenticate_dn(dn, password)
113 if dn.present? && password.present?
113 if dn.present? && password.present?
114 initialize_ldap_con(dn, password).bind
114 initialize_ldap_con(dn, password).bind
115 end
115 end
116 end
116 end
117
117
118 # Get the user's dn and any attributes for them, given their login
118 # Get the user's dn and any attributes for them, given their login
119 def get_user_dn(login)
119 def get_user_dn(login)
120 ldap_con = initialize_ldap_con(self.account, self.account_password)
120 ldap_con = initialize_ldap_con(self.account, self.account_password)
121 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
121 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
122 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
122 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
123 attrs = {}
123 attrs = {}
124
124
125 search_filter = object_filter & login_filter
125 search_filter = object_filter & login_filter
126 if f = ldap_filter
126 if f = ldap_filter
127 search_filter = search_filter & f
127 search_filter = search_filter & f
128 end
128 end
129
129
130 ldap_con.search( :base => self.base_dn,
130 ldap_con.search( :base => self.base_dn,
131 :filter => search_filter,
131 :filter => search_filter,
132 :attributes=> search_attributes) do |entry|
132 :attributes=> search_attributes) do |entry|
133
133
134 if onthefly_register?
134 if onthefly_register?
135 attrs = get_user_attributes_from_ldap_entry(entry)
135 attrs = get_user_attributes_from_ldap_entry(entry)
136 else
136 else
137 attrs = {:dn => entry.dn}
137 attrs = {:dn => entry.dn}
138 end
138 end
139
139
140 logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
140 logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
141 end
141 end
142
142
143 attrs
143 attrs
144 end
144 end
145
145
146 def self.get_attr(entry, attr_name)
146 def self.get_attr(entry, attr_name)
147 if !attr_name.blank?
147 if !attr_name.blank?
148 entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
148 entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
149 end
149 end
150 end
150 end
151 end
151 end
Show file before | Show file after | Hide comments
@@ -1,127 +1,127
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AuthSourcesControllerTest < ActionController::TestCase
20 class AuthSourcesControllerTest < ActionController::TestCase
21 fixtures :users, :auth_sources
21 fixtures :users, :auth_sources
22
22
23 def setup
23 def setup
24 @request.session[:user_id] = 1
24 @request.session[:user_id] = 1
25 end
25 end
26
26
27 def test_index
27 def test_index
28 get :index
28 get :index
29
29
30 assert_response :success
30 assert_response :success
31 assert_template 'index'
31 assert_template 'index'
32 assert_not_nil assigns(:auth_sources)
32 assert_not_nil assigns(:auth_sources)
33 end
33 end
34
34
35 def test_new
35 def test_new
36 get :new
36 get :new
37
37
38 assert_response :success
38 assert_response :success
39 assert_template 'new'
39 assert_template 'new'
40
40
41 source = assigns(:auth_source)
41 source = assigns(:auth_source)
42 assert_equal AuthSourceLdap, source.class
42 assert_equal AuthSourceLdap, source.class
43 assert source.new_record?
43 assert source.new_record?
44
44
45 assert_tag 'input', :attributes => {:name => 'type', :value => 'AuthSourceLdap'}
45 assert_tag 'input', :attributes => {:name => 'type', :value => 'AuthSourceLdap'}
46 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
46 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
47 end
47 end
48
48
49 def test_create
49 def test_create
50 assert_difference 'AuthSourceLdap.count' do
50 assert_difference 'AuthSourceLdap.count' do
51 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '127.0.0.1', :port => '389', :attr_login => 'cn'}
51 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '127.0.0.1', :port => '389', :attr_login => 'cn'}
52 assert_redirected_to '/auth_sources'
52 assert_redirected_to '/auth_sources'
53 end
53 end
54
54
55 source = AuthSourceLdap.first(:order => 'id DESC')
55 source = AuthSourceLdap.first(:order => 'id DESC')
56 assert_equal 'Test', source.name
56 assert_equal 'Test', source.name
57 assert_equal '127.0.0.1', source.host
57 assert_equal '127.0.0.1', source.host
58 assert_equal 389, source.port
58 assert_equal 389, source.port
59 assert_equal 'cn', source.attr_login
59 assert_equal 'cn', source.attr_login
60 end
60 end
61
61
62 def test_create_with_failure
62 def test_create_with_failure
63 assert_no_difference 'AuthSourceLdap.count' do
63 assert_no_difference 'AuthSourceLdap.count' do
64 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '', :port => '389', :attr_login => 'cn'}
64 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '', :port => '389', :attr_login => 'cn'}
65 assert_response :success
65 assert_response :success
66 assert_template 'new'
66 assert_template 'new'
67 end
67 end
68 assert_error_tag :content => /host can't be blank/i
68 assert_error_tag :content => /host can't be blank/i
69 end
69 end
70
70
71 def test_edit
71 def test_edit
72 get :edit, :id => 1
72 get :edit, :id => 1
73
73
74 assert_response :success
74 assert_response :success
75 assert_template 'edit'
75 assert_template 'edit'
76
76
77 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
77 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
78 end
78 end
79
79
80 def test_update
80 def test_update
81 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '192.168.0.10', :port => '389', :attr_login => 'uid'}
81 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '192.168.0.10', :port => '389', :attr_login => 'uid'}
82 assert_redirected_to '/auth_sources'
82 assert_redirected_to '/auth_sources'
83
83
84 source = AuthSourceLdap.find(1)
84 source = AuthSourceLdap.find(1)
85 assert_equal 'Renamed', source.name
85 assert_equal 'Renamed', source.name
86 assert_equal '192.168.0.10', source.host
86 assert_equal '192.168.0.10', source.host
87 end
87 end
88
88
89 def test_update_with_failure
89 def test_update_with_failure
90 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '', :port => '389', :attr_login => 'uid'}
90 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '', :port => '389', :attr_login => 'uid'}
91 assert_response :success
91 assert_response :success
92 assert_template 'edit'
92 assert_template 'edit'
93 assert_error_tag :content => /host can't be blank/i
93 assert_error_tag :content => /host can't be blank/i
94 end
94 end
95
95
96 def test_destroy
96 def test_destroy
97 assert_difference 'AuthSourceLdap.count', -1 do
97 assert_difference 'AuthSourceLdap.count', -1 do
98 delete :destroy, :id => 1
98 delete :destroy, :id => 1
99 end
99 end
100 end
100 end
101
101
102 def test_destroy_auth_source_in_use
102 def test_destroy_auth_source_in_use
103 User.find(2).update_attribute :auth_source_id, 1
103 User.find(2).update_attribute :auth_source_id, 1
104
104
105 assert_no_difference 'AuthSourceLdap.count' do
105 assert_no_difference 'AuthSourceLdap.count' do
106 delete :destroy, :id => 1
106 delete :destroy, :id => 1
107 end
107 end
108 end
108 end
109
109
110 def test_test_connection
110 def test_test_connection
111 AuthSourceLdap.any_instance.stubs(:test_connection).returns(true)
111 AuthSourceLdap.any_instance.stubs(:test_connection).returns(true)
112
112
113 get :test_connection, :id => 1
113 get :test_connection, :id => 1
114 assert_redirected_to '/auth_sources'
114 assert_redirected_to '/auth_sources'
115 assert_not_nil flash[:notice]
115 assert_not_nil flash[:notice]
116 assert_match /successful/i, flash[:notice]
116 assert_match /successful/i, flash[:notice]
117 end
117 end
118
118
119 def test_test_connection_with_failure
119 def test_test_connection_with_failure
120 AuthSourceLdap.any_instance.stubs(:test_connection).raises(Exception.new("Something went wrong"))
120 AuthSourceLdap.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError.new("Something went wrong"))
121
121
122 get :test_connection, :id => 1
122 get :test_connection, :id => 1
123 assert_redirected_to '/auth_sources'
123 assert_redirected_to '/auth_sources'
124 assert_not_nil flash[:error]
124 assert_not_nil flash[:error]
125 assert_include '(Something went wrong)', flash[:error]
125 assert_include 'Something went wrong', flash[:error]
126 end
126 end
127 end
127 end
General Comments 0
You need to be logged in to leave comments. Login now