jro_apps/redmine Commit - r3378:d6f9e576e88d

Makes AuthSource.authenticate return a hash instead of an array....

Jean-Philippe Lang -

r3378:d6f9e576e88d

parent child

Context file:

r3378:d6f9e576e88d

Collapse all files

app/models/auth_source_ldap.rb +7 -7

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'net/ldap'
             require 'iconv'
             class AuthSourceLdap < AuthSource
               validates_presence_of :host, :port, :attr_login
               validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
               validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
               validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
               validates_numericality_of :port, :only_integer => true
               before_validation :strip_ldap_attributes
               def after_initialize
                 self.port = 389 if self.port == 0
               end
               def authenticate(login, password)
                 return nil if login.blank? || password.blank?
                 attrs = get_user_dn(login)
-                if attrs.first && attrs.first[:dn] && authenticate_dn(attrs.first[:dn], password)
+                if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
                   logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
-                  return [] << attrs.first.except(:dn)
+                  return attrs.except(:dn)
                 end
               rescue  Net::LDAP::LdapError => text
                 raise "LdapError: " + text
               end
               # test the connection to the LDAP
               def test_connection
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 ldap_con.open { }
               rescue  Net::LDAP::LdapError => text
                 raise "LdapError: " + text
               end
               def auth_method_name
                 "LDAP"
               end
               private
               def strip_ldap_attributes
                 [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
                   write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
                 end
               end
               def initialize_ldap_con(ldap_user, ldap_password)
                 options = { :host => self.host,
                             :port => self.port,
                             :encryption => (self.tls ? :simple_tls : nil)
                           }
                 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
                 Net::LDAP.new options
               end
               def get_user_attributes_from_ldap_entry(entry)
+                {
                  :dn => entry.dn,
                  :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
                  :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
                  :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
                  :auth_source_id => self.id
+                }
               end
               # Return the attributes needed for the LDAP search.  It will only
               # include the user attributes if on-the-fly registration is enabled
               def search_attributes
                 if onthefly_register?
                   ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
                 else
                   ['dn']
                 end
               end
               # Check if a DN (user record) authenticates with the password
               def authenticate_dn(dn, password)
                 if dn.present? && password.present?
                   initialize_ldap_con(dn, password).bind
                 end
               end
               # Get the user's dn and any attributes for them, given their login
               def get_user_dn(login)
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
                 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
-                attrs = []
+                attrs = {}
                 ldap_con.search( :base => self.base_dn,
                                  :filter => object_filter & login_filter,
                                  :attributes=> search_attributes) do |entry|
                   if onthefly_register?
                     attrs = get_user_attributes_from_ldap_entry(entry)
                   else
-                    attrs = [:dn => entry.dn]
+                    attrs = {:dn => entry.dn}
                   end
-                  logger.debug "DN found for #{login}: #{attrs.first[:dn]}" if logger && logger.debug?
+                  logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
                 end
                 attrs
               end
               def self.get_attr(entry, attr_name)
                 if !attr_name.blank?
                   entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
                 end
               end
             end

app/models/user.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               USER_FORMATS = {
                 :firstname_lastname => '#{firstname} #{lastname}',
                 :firstname => '#{firstname}',
                 :lastname_firstname => '#{lastname} #{firstname}',
                 :lastname_coma_firstname => '#{lastname}, #{firstname}',
                 :username => '#{login}'
               }
               has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                                :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
               # Active non-anonymous users scope
               named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
               validates_length_of :mail, :maximum => 60, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def reload(*args)
                 @name = nil
                 super
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invlaid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
-                    user = new(*attrs)
+                    user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from the LDAP") if logger
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 tokens = Token.find_all_by_action_and_value('autologin', key)
                 # Make sure there's only 1 token that matches the key
                 if tokens.size == 1
                   token = tokens.first
                   if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
                     token.user.update_attribute(:last_login_on, Time.now)
                     token.user
                   end
                 end
               end
               # Return user's full name for display
               def name(formatter = nil)
                 if formatter
                   eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
                 else
                   @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
               # Generate and set a random password.  Useful for automated user creation
               # Based on Token#generate_token_value
               #
               def random_password
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 password = ''
 .times { |i| password << chars[rand(chars.size-1)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 token = self.api_token || self.create_api_token(:action => 'api')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_api_key(key)
                 token = Token.find_by_action_and_value('api', key)
                 token && token.user.active? ? token.user : nil
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
               end
               def to_s
                 name
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     roles = membership.roles
                   else
                     @role_non_member ||= Role.non_member
                     roles << @role_non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                   roles << @role_anonymous
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 !roles_for_project(project).detect {|role| role.member?}.nil?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project, options={})
                 if project
                   # No action allowed on archived projects
                   return false unless project.active?
                   # No action allowed on disabled modules
                   return false unless project.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(project)
                   return false unless roles
                   roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               protected
               def validate
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
               def validate_on_create
                 # There should be only one AnonymousUser in the database
                 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
             end

test/integration/account_test.rb +2 -2

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../test_helper"
             begin
               require 'mocha'
             rescue
               # Won't run some tests
             end
             class AccountTest < ActionController::IntegrationTest
               fixtures :users, :roles
               # Replace this with your real tests.
               def test_login
                 get "my/page"
                 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
                 log_user('jsmith', 'jsmith')
                 get "my/account"
                 assert_response :success
                 assert_template "my/account"
               end
               def test_autologin
                 user = User.find(1)
                 Setting.autologin = "7"
                 Token.delete_all
                 # User logs in with 'autologin' checked
                 post '/login', :username => user.login, :password => 'admin', :autologin => 1
                 assert_redirected_to 'my/page'
                 token = Token.find :first
                 assert_not_nil token
                 assert_equal user, token.user
                 assert_equal 'autologin', token.action
                 assert_equal user.id, session[:user_id]
                 assert_equal token.value, cookies['autologin']
                 # Session is cleared
                 reset!
                 User.current = nil
                 # Clears user's last login timestamp
                 user.update_attribute :last_login_on, nil
                 assert_nil user.reload.last_login_on
                 # User comes back with his autologin cookie
                 cookies[:autologin] = token.value
                 get '/my/page'
                 assert_response :success
                 assert_template 'my/page'
                 assert_equal user.id, session[:user_id]
                 assert_not_nil user.reload.last_login_on
                 assert user.last_login_on.utc > 10.second.ago.utc
               end
               def test_lost_password
                 Token.delete_all
                 get "account/lost_password"
                 assert_response :success
                 assert_template "account/lost_password"
                 post "account/lost_password", :mail => 'jSmith@somenet.foo'
                 assert_redirected_to "/login"
                 token = Token.find(:first)
                 assert_equal 'recovery', token.action
                 assert_equal 'jsmith@somenet.foo', token.user.mail
                 assert !token.expired?
                 get "account/lost_password", :token => token.value
                 assert_response :success
                 assert_template "account/password_recovery"
                 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
                 assert_redirected_to "/login"
                 assert_equal 'Password was successfully updated.', flash[:notice]
                 log_user('jsmith', 'newpass')
                 assert_equal 0, Token.count
               end
               def test_register_with_automatic_activation
                 Setting.self_registration = '3'
                 get 'account/register'
                 assert_response :success
                 assert_template 'account/register'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'my/account'
                 follow_redirect!
                 assert_response :success
                 assert_template 'my/account'
                 user = User.find_by_login('newuser')
                 assert_not_nil user
                 assert user.active?
                 assert_not_nil user.last_login_on
               end
               def test_register_with_manual_activation
                 Setting.self_registration = '2'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
               end
               def test_register_with_email_activation
                 Setting.self_registration = '1'
                 Token.delete_all
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
                 token = Token.find(:first)
                 assert_equal 'register', token.action
                 assert_equal 'newuser@foo.bar', token.user.mail
                 assert !token.expired?
                 get 'account/activate', :token => token.value
                 assert_redirected_to '/login'
                 log_user('newuser', 'newpass')
               end
               if Object.const_defined?(:Mocha)
               def test_onthefly_registration
                 # disable registration
                 Setting.self_registration = '0'
-                AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
+                AuthSource.expects(:authenticate).returns({:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66})
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_redirected_to 'my/page'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_onthefly_registration_with_invalid_attributes
                 # disable registration
                 Setting.self_registration = '0'
-                AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
+                AuthSource.expects(:authenticate).returns({:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_response :success
                 assert_template 'account/register'
                 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
                 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
                 assert_no_tag :input, :attributes => { :name => 'user[login]' }
                 assert_no_tag :input, :attributes => { :name => 'user[password]' }
                 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
                 assert_redirected_to '/my/account'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_login_and_logout_should_clear_session
                 get '/login'
                 sid = session[:session_id]
                 post '/login', :username => 'admin', :password => 'admin'
                 assert_redirected_to 'my/page'
                 assert_not_equal sid, session[:session_id], "login should reset session"
                 assert_equal 1, session[:user_id]
                 sid = session[:session_id]
                 get '/'
                 assert_equal sid, session[:session_id]
                 get '/logout'
                 assert_not_equal sid, session[:session_id], "logout should reset session"
                 assert_nil session[:user_id]
               end
               else
                 puts 'Mocha is missing. Skipping tests.'
               end
             end

test/unit/auth_source_ldap_test.rb +2 -4

             # Redmine - project management software
             # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class AuthSourceLdapTest < ActiveSupport::TestCase
               fixtures :auth_sources
               def setup
               end
               def test_create
                 a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName')
                 assert a.save
               end
               def test_should_strip_ldap_attributes
                 a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName',
                                        :attr_firstname => 'givenName ')
                 assert a.save
                 assert_equal 'givenName', a.reload.attr_firstname
               end
               if ldap_configured?
                 context '#authenticate' do
                   setup do
                     @auth = AuthSourceLdap.find(1)
                   end
                   context 'with a valid LDAP user' do
                     should 'return the user attributes' do
-                      response =  @auth.authenticate('example1','123456')
+                      attributes =  @auth.authenticate('example1','123456')
-                      assert response.is_a?(Array), "An array was not returned"
+                      assert attributes.is_a?(Hash), "An hash was not returned"
-                      assert response.first.present?, "No user data returned"
-                      attributes = response.first
                       assert_equal 'Example', attributes[:firstname]
                       assert_equal 'One', attributes[:lastname]
                       assert_equal 'example1@redmine.org', attributes[:mail]
                       assert_equal @auth.id, attributes[:auth_source_id]
                       attributes.keys.each do |attribute|
                         assert User.new.respond_to?("#{attribute}="), "Unexpected :#{attribute} attribute returned"
                       end
                     end
                   end
                   context 'with an invalid LDAP user' do
                     should 'return nil' do
                       assert_equal nil, @auth.authenticate('nouser','123456')
                     end
                   end
                   context 'without a login' do
                     should 'return nil' do
                       assert_equal nil, @auth.authenticate('','123456')
                     end
                   end
                   context 'without a password' do
                     should 'return nil' do
                       assert_equal nil, @auth.authenticate('edavis','')
                     end
                   end
                 end
               else
                 puts '(Test LDAP server not configured)'
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages