##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that LDAP error is not displayed when testing connection....
Jean-Philippe Lang -
r9114:a8e392c0e573
parent child
Show More
Side by Side Unified
Context file:
r9114:a8e392c0e573 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,151 +1,151
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require 'iconv'
19 19 require 'net/ldap'
20 20
21 21 class AuthSourceLdap < AuthSource
22 22 validates_presence_of :host, :port, :attr_login
23 23 validates_length_of :name, :host, :maximum => 60, :allow_nil => true
24 24 validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
25 25 validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
26 26 validates_numericality_of :port, :only_integer => true
27 27 validate :validate_filter
28 28
29 29 before_validation :strip_ldap_attributes
30 30
31 31 def initialize(attributes=nil, *args)
32 32 super
33 33 self.port = 389 if self.port == 0
34 34 end
35 35
36 36 def authenticate(login, password)
37 37 return nil if login.blank? || password.blank?
38 38 attrs = get_user_dn(login)
39 39
40 40 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
41 41 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
42 42 return attrs.except(:dn)
43 43 end
44 44 rescue Net::LDAP::LdapError => e
45 45 raise AuthSourceException.new(e.message)
46 46 end
47 47
48 48 # test the connection to the LDAP
49 49 def test_connection
50 50 ldap_con = initialize_ldap_con(self.account, self.account_password)
51 51 ldap_con.open { }
52 rescue Net::LDAP::LdapError => text
53 raise "LdapError: " + text
52 rescue Net::LDAP::LdapError => e
53 raise "LdapError: " + e.message
54 54 end
55 55
56 56 def auth_method_name
57 57 "LDAP"
58 58 end
59 59
60 60 private
61 61
62 62 def ldap_filter
63 63 if filter.present?
64 64 Net::LDAP::Filter.construct(filter)
65 65 end
66 66 rescue Net::LDAP::LdapError
67 67 nil
68 68 end
69 69
70 70 def validate_filter
71 71 if filter.present? && ldap_filter.nil?
72 72 errors.add(:filter, :invalid)
73 73 end
74 74 end
75 75
76 76 def strip_ldap_attributes
77 77 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
78 78 write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
79 79 end
80 80 end
81 81
82 82 def initialize_ldap_con(ldap_user, ldap_password)
83 83 options = { :host => self.host,
84 84 :port => self.port,
85 85 :encryption => (self.tls ? :simple_tls : nil)
86 86 }
87 87 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
88 88 Net::LDAP.new options
89 89 end
90 90
91 91 def get_user_attributes_from_ldap_entry(entry)
92 92 {
93 93 :dn => entry.dn,
94 94 :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
95 95 :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
96 96 :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
97 97 :auth_source_id => self.id
98 98 }
99 99 end
100 100
101 101 # Return the attributes needed for the LDAP search. It will only
102 102 # include the user attributes if on-the-fly registration is enabled
103 103 def search_attributes
104 104 if onthefly_register?
105 105 ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
106 106 else
107 107 ['dn']
108 108 end
109 109 end
110 110
111 111 # Check if a DN (user record) authenticates with the password
112 112 def authenticate_dn(dn, password)
113 113 if dn.present? && password.present?
114 114 initialize_ldap_con(dn, password).bind
115 115 end
116 116 end
117 117
118 118 # Get the user's dn and any attributes for them, given their login
119 119 def get_user_dn(login)
120 120 ldap_con = initialize_ldap_con(self.account, self.account_password)
121 121 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
122 122 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
123 123 attrs = {}
124 124
125 125 search_filter = object_filter & login_filter
126 126 if f = ldap_filter
127 127 search_filter = search_filter & f
128 128 end
129 129
130 130 ldap_con.search( :base => self.base_dn,
131 131 :filter => search_filter,
132 132 :attributes=> search_attributes) do |entry|
133 133
134 134 if onthefly_register?
135 135 attrs = get_user_attributes_from_ldap_entry(entry)
136 136 else
137 137 attrs = {:dn => entry.dn}
138 138 end
139 139
140 140 logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
141 141 end
142 142
143 143 attrs
144 144 end
145 145
146 146 def self.get_attr(entry, attr_name)
147 147 if !attr_name.blank?
148 148 entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
149 149 end
150 150 end
151 151 end
Show file before | Show file after | Hide comments
@@ -1,127 +1,127
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class AuthSourcesControllerTest < ActionController::TestCase
21 21 fixtures :users, :auth_sources
22 22
23 23 def setup
24 24 @request.session[:user_id] = 1
25 25 end
26 26
27 27 def test_index
28 28 get :index
29 29
30 30 assert_response :success
31 31 assert_template 'index'
32 32 assert_not_nil assigns(:auth_sources)
33 33 end
34 34
35 35 def test_new
36 36 get :new
37 37
38 38 assert_response :success
39 39 assert_template 'new'
40 40
41 41 source = assigns(:auth_source)
42 42 assert_equal AuthSourceLdap, source.class
43 43 assert source.new_record?
44 44
45 45 assert_tag 'input', :attributes => {:name => 'type', :value => 'AuthSourceLdap'}
46 46 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
47 47 end
48 48
49 49 def test_create
50 50 assert_difference 'AuthSourceLdap.count' do
51 51 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '127.0.0.1', :port => '389', :attr_login => 'cn'}
52 52 assert_redirected_to '/auth_sources'
53 53 end
54 54
55 55 source = AuthSourceLdap.first(:order => 'id DESC')
56 56 assert_equal 'Test', source.name
57 57 assert_equal '127.0.0.1', source.host
58 58 assert_equal 389, source.port
59 59 assert_equal 'cn', source.attr_login
60 60 end
61 61
62 62 def test_create_with_failure
63 63 assert_no_difference 'AuthSourceLdap.count' do
64 64 post :create, :type => 'AuthSourceLdap', :auth_source => {:name => 'Test', :host => '', :port => '389', :attr_login => 'cn'}
65 65 assert_response :success
66 66 assert_template 'new'
67 67 end
68 68 assert_error_tag :content => /host can't be blank/i
69 69 end
70 70
71 71 def test_edit
72 72 get :edit, :id => 1
73 73
74 74 assert_response :success
75 75 assert_template 'edit'
76 76
77 77 assert_tag 'input', :attributes => {:name => 'auth_source[host]'}
78 78 end
79 79
80 80 def test_update
81 81 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '192.168.0.10', :port => '389', :attr_login => 'uid'}
82 82 assert_redirected_to '/auth_sources'
83 83
84 84 source = AuthSourceLdap.find(1)
85 85 assert_equal 'Renamed', source.name
86 86 assert_equal '192.168.0.10', source.host
87 87 end
88 88
89 89 def test_update_with_failure
90 90 put :update, :id => 1, :auth_source => {:name => 'Renamed', :host => '', :port => '389', :attr_login => 'uid'}
91 91 assert_response :success
92 92 assert_template 'edit'
93 93 assert_error_tag :content => /host can't be blank/i
94 94 end
95 95
96 96 def test_destroy
97 97 assert_difference 'AuthSourceLdap.count', -1 do
98 98 delete :destroy, :id => 1
99 99 end
100 100 end
101 101
102 102 def test_destroy_auth_source_in_use
103 103 User.find(2).update_attribute :auth_source_id, 1
104 104
105 105 assert_no_difference 'AuthSourceLdap.count' do
106 106 delete :destroy, :id => 1
107 107 end
108 108 end
109 109
110 110 def test_test_connection
111 111 AuthSourceLdap.any_instance.stubs(:test_connection).returns(true)
112 112
113 113 get :test_connection, :id => 1
114 114 assert_redirected_to '/auth_sources'
115 115 assert_not_nil flash[:notice]
116 116 assert_match /successful/i, flash[:notice]
117 117 end
118 118
119 119 def test_test_connection_with_failure
120 AuthSourceLdap.any_instance.stubs(:test_connection).raises(Exception.new("Something went wrong"))
120 AuthSourceLdap.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError.new("Something went wrong"))
121 121
122 122 get :test_connection, :id => 1
123 123 assert_redirected_to '/auth_sources'
124 124 assert_not_nil flash[:error]
125 assert_include '(Something went wrong)', flash[:error]
125 assert_include 'Something went wrong', flash[:error]
126 126 end
127 127 end
General Comments 0
You need to be logged in to leave comments. Login now