jro_apps/redmine Commit - r1661:eb1d969237a9

Improved on-the-fly account creation. If some attributes are missing (eg. not present in the LDAP) or are invalid, the registration form is displayed so that the user is able to fill or fix these attributes....

Jean-Philippe Lang -

r1661:eb1d969237a9

parent child

Context file:

r1661:eb1d969237a9

Collapse all files

app/controllers/account_controller.rb +25 -7

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AccountController < ApplicationController
               layout 'base'
               helper :custom_fields
               include CustomFieldsHelper
               # prevents login action to be filtered by check_if_login_required application scope filter
               skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
               # Show user's account
               def show
                 @user = User.find_active(params[:id])
                 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
                 # show only public projects and private projects that the logged in user is also a member of
                 @memberships = @user.memberships.select do |membership|
                   membership.project.is_public? || (User.current.member_of?(membership.project))
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Login request and validation
               def login
                 if request.get?
                   # Logout user
                   self.logged_user = nil
                 else
                   # Authenticate user
                   user = User.try_to_login(params[:username], params[:password])
-                  if user
+                  if user.nil?
+                    # Invalid credentials
+                    flash.now[:error] = l(:notice_account_invalid_creditentials)
+                  elsif user.new_record?
+                    # Onthefly creation failed, display the registration form to fill/fix attributes
+                    @user = user
+                    session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
+                    render :action => 'register'
+                  else
+                    # Valid user
                     self.logged_user = user
                     # generate a key and set cookie if autologin
                     if params[:autologin] && Setting.autologin?
                       token = Token.create(:user => user, :action => 'autologin')
                       cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
                     end
                     redirect_back_or_default :controller => 'my', :action => 'page'
-                  else
-                    flash.now[:error] = l(:notice_account_invalid_creditentials)
                   end
                 end
-              rescue User::OnTheFlyCreationFailure
-                flash.now[:error] = 'Redmine could not retrieve the required information from the LDAP to create your account. Please, contact your Redmine administrator.'
               end
               # Log out current user and redirect to welcome page
               def logout
                 cookies.delete :autologin
                 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
                 self.logged_user = nil
                 redirect_to home_url
               end
               # Enable user to choose a new password
               def lost_password
                 redirect_to(home_url) && return unless Setting.lost_password?
                 if params[:token]
                   @token = Token.find_by_action_and_value("recovery", params[:token])
                   redirect_to(home_url) && return unless @token and !@token.expired?
                   @user = @token.user
                   if request.post?
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       @token.destroy
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                   render :template => "account/password_recovery"
                   return
                 else
                   if request.post?
                     user = User.find_by_mail(params[:mail])
                     # user not found in db
                     flash.now[:error] = l(:notice_account_unknown_email) and return unless user
                     # user uses an external authentification
                     flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
                     # create a new token for password recovery
                     token = Token.new(:user => user, :action => "recovery")
                     if token.save
                       Mailer.deliver_lost_password(token)
                       flash[:notice] = l(:notice_account_lost_email_sent)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                 end
               end
               # User self-registration
               def register
-                redirect_to(home_url) && return unless Setting.self_registration?
+                redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
                 if request.get?
+                  session[:auth_source_registration] = nil
                   @user = User.new(:language => Setting.default_language)
                 else
                   @user = User.new(params[:user])
                   @user.admin = false
-                  @user.login = params[:user][:login]
                   @user.status = User::STATUS_REGISTERED
+                  if session[:auth_source_registration]
+                    @user.status = User::STATUS_ACTIVE
+                    @user.login = session[:auth_source_registration][:login]
+                    @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
+                    if @user.save
+                      session[:auth_source_registration] = nil
+                      self.logged_user = @user
+                      flash[:notice] = l(:notice_account_activated)
+                      redirect_to :controller => 'my', :action => 'account'
+                    end
+                  else
+                    @user.login = params[:user][:login]
                     @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
                     case Setting.self_registration
                     when '1'
                       # Email activation
                       token = Token.new(:user => @user, :action => "register")
                       if @user.save and token.save
                         Mailer.deliver_register(token)
                         flash[:notice] = l(:notice_account_register_done)
                         redirect_to :action => 'login'
                       end
                     when '3'
                       # Automatic activation
                       @user.status = User::STATUS_ACTIVE
                       if @user.save
                         self.logged_user = @user
                         flash[:notice] = l(:notice_account_activated)
                         redirect_to :controller => 'my', :action => 'account'
                       end
                     else
                       # Manual activation by the administrator
                       if @user.save
                         # Sends an email to the administrators
                         Mailer.deliver_account_activation_request(@user)
                         flash[:notice] = l(:notice_account_pending)
                         redirect_to :action => 'login'
                       end
                     end
                   end
                 end
+              end
               # Token based account activation
               def activate
                 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
                 token = Token.find_by_action_and_value('register', params[:token])
                 redirect_to(home_url) && return unless token and !token.expired?
                 user = token.user
                 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
                 user.status = User::STATUS_ACTIVE
                 if user.save
                   token.destroy
                   flash[:notice] = l(:notice_account_activated)
                 end
                 redirect_to :action => 'login'
               end
             private
               def logged_user=(user)
                 if user && user.is_a?(User)
                   User.current = user
                   session[:user_id] = user.id
                 else
                   User.current = User.anonymous
                   session[:user_id] = nil
                 end
               end
             end

app/models/auth_source.rb +1 -4

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AuthSource < ActiveRecord::Base
               has_many :users
               validates_presence_of :name
               validates_uniqueness_of :name
-              validates_length_of :name, :host, :maximum => 60
+              validates_length_of :name, :maximum => 60
-              validates_length_of :account_password, :maximum => 60, :allow_nil => true
-              validates_length_of :account, :base_dn, :maximum => 255
-              validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30
               def authenticate(login, password)
               end
               def test_connection
               end
               def auth_method_name
                 "Abstract"
               end
               # Try to authenticate a user not yet registered against available sources
               def self.authenticate(login, password)
                 AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
                   begin
                     logger.debug "Authenticating '#{login}' against '#{source.name}'" if logger && logger.debug?
                     attrs = source.authenticate(login, password)
                   rescue
                     attrs = nil
                   end
                   return attrs if attrs
                 end
                 return nil
               end
             end

app/models/auth_source_ldap.rb +4 -1

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'net/ldap'
             require 'iconv'
             class AuthSourceLdap < AuthSource
               validates_presence_of :host, :port, :attr_login
-              validates_presence_of :attr_firstname, :attr_lastname, :attr_mail, :if => Proc.new { |a| a.onthefly_register? }
+              validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
+              validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
+              validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
+              validates_numericality_of :port, :only_integer => true
               def after_initialize
                 self.port = 389 if self.port == 0
               end
               def authenticate(login, password)
                 return nil if login.blank? || password.blank?
                 attrs = []
                 # get user's DN
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
                 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
                 dn = String.new
                 ldap_con.search( :base => self.base_dn,
                                  :filter => object_filter & login_filter,
                                  # only ask for the DN if on-the-fly registration is disabled
                                  :attributes=> (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) do |entry|
                   dn = entry.dn
                   attrs = [:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
                            :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
                            :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
                            :auth_source_id => self.id ] if onthefly_register?
                 end
                 return nil if dn.empty?
                 logger.debug "DN found for #{login}: #{dn}" if logger && logger.debug?
                 # authenticate user
                 ldap_con = initialize_ldap_con(dn, password)
                 return nil unless ldap_con.bind
                 # return user's attributes
                 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
                 attrs
               rescue  Net::LDAP::LdapError => text
                 raise "LdapError: " + text
               end
               # test the connection to the LDAP
               def test_connection
                 ldap_con = initialize_ldap_con(self.account, self.account_password)
                 ldap_con.open { }
               rescue  Net::LDAP::LdapError => text
                 raise "LdapError: " + text
               end
               def auth_method_name
                 "LDAP"
               end
             private
               def initialize_ldap_con(ldap_user, ldap_password)
                 options = { :host => self.host,
                             :port => self.port,
                             :encryption => (self.tls ? :simple_tls : nil)
                           }
                 options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
                 Net::LDAP.new options
               end
               def self.get_attr(entry, attr_name)
                 entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
               end
             end

app/models/user.rb +6 -9

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < ActiveRecord::Base
               class OnTheFlyCreationFailure < Exception; end
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               USER_FORMATS = {
                 :firstname_lastname => '#{firstname} #{lastname}',
                 :firstname => '#{firstname}',
                 :lastname_firstname => '#{lastname} #{firstname}',
                 :lastname_coma_firstname => '#{lastname}, #{firstname}',
                 :username => '#{login}'
               }
               has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name", :dependent => :delete_all
               has_many :projects, :through => :memberships
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               belongs_to :auth_source
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
               validates_length_of :mail, :maximum => 60, :allow_nil => true
               validates_length_of :password, :minimum => 4, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def self.active
                 with_scope :find => { :conditions => [ "status = ?", STATUS_ACTIVE ] } do
                   yield
                 end
               end
               def self.find_active(*args)
                 active do
                   find(*args)
                 end
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
-                    onthefly = new(*attrs)
+                    user = new(*attrs)
-                    onthefly.login = login
+                    user.login = login
-                    onthefly.language = Setting.default_language
+                    user.language = Setting.default_language
-                    if onthefly.save
+                    if user.save
-                      user = find(:first, :conditions => ["login=?", login])
+                      user.reload
                       logger.info("User '#{user.login}' created from the LDAP") if logger
-                    else
-                      logger.error("User '#{onthefly.login}' found in LDAP but could not be created (#{onthefly.errors.full_messages.join(', ')})") if logger
-                      raise OnTheFlyCreationFailure.new
                     end
                   end
                 end
-                user.update_attribute(:last_login_on, Time.now) if user
+                user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Return user's full name for display
               def name(formatter = nil)
                 f = USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
                 eval '"' + f + '"'
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 self.pref.time_zone.nil? ? nil : TimeZone[self.pref.time_zone]
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_autologin_key(key)
                 token = Token.find_by_action_and_value('autologin', key)
                 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
               end
               def <=>(user)
                 if user.nil?
                   -1
                 elsif lastname.to_s.downcase == user.lastname.to_s.downcase
                   firstname.to_s.downcase <=> user.firstname.to_s.downcase
                 else
                   lastname.to_s.downcase <=> user.lastname.to_s.downcase
                 end
               end
               def to_s
                 name
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's role for project
               def role_for_project(project)
                 # No role on archived projects
                 return nil unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     membership.role
                   else
                     @role_non_member ||= Role.non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                 end
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 role_for_project(project).member?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project, options={})
                 if project
                   # No action allowed on archived projects
                   return false unless project.active?
                   # No action allowed on disabled modules
                   return false unless project.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   role = role_for_project(project)
                   return false unless role
                   role.allowed_to?(action) && (project.is_public? || role.member?)
                 elsif options[:global]
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.role}.uniq
                   roles.detect {|r| r.allowed_to?(action)}
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
             private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
               def validate_on_create
                 # There should be only one AnonymousUser in the database
                 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name; 'Anonymous' end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
             end

app/views/account/register.rhtml +2 0

             <h2><%=l(:label_register)%></h2>
             <% form_tag({:action => 'register'}, :class => "tabular") do %>
             <%= error_messages_for 'user' %>
             <div class="box">
             <!--[form:user]-->
+            <% if @user.auth_source_id.nil? %>
             <p><label for="user_login"><%=l(:field_login)%> <span class="required">*</span></label>
             <%= text_field 'user', 'login', :size => 25 %></p>
             <p><label for="password"><%=l(:field_password)%> <span class="required">*</span></label>
             <%= password_field_tag 'password', nil, :size => 25  %><br />
             <em><%= l(:text_caracters_minimum, 4) %></em></p>
             <p><label for="password_confirmation"><%=l(:field_password_confirmation)%> <span class="required">*</span></label>
             <%= password_field_tag 'password_confirmation', nil, :size => 25  %></p>
+            <% end %>
             <p><label for="user_firstname"><%=l(:field_firstname)%> <span class="required">*</span></label>
             <%= text_field 'user', 'firstname'  %></p>
             <p><label for="user_lastname"><%=l(:field_lastname)%> <span class="required">*</span></label>
             <%= text_field 'user', 'lastname'  %></p>
             <p><label for="user_mail"><%=l(:field_mail)%> <span class="required">*</span></label>
             <%= text_field 'user', 'mail'  %></p>
             <p><label for="user_language"><%=l(:field_language)%></label>
             <%= select("user", "language", lang_options_for_select) %></p>
             <% @user.custom_field_values.each do |value| %>
             	<p><%= custom_field_tag_with_label :user, value %></p>
             <% end %>
             <!--[eoform:user]-->
             </div>
             <%= submit_tag l(:button_submit) %>
             <% end %>

app/views/auth_sources/_form.rhtml +2 -6

             <%= error_messages_for 'auth_source' %>
             <div class="box">
             <!--[form:auth_source]-->
             <p><label for="auth_source_name"><%=l(:field_name)%> <span class="required">*</span></label>
             <%= text_field 'auth_source', 'name'  %></p>
             <p><label for="auth_source_host"><%=l(:field_host)%> <span class="required">*</span></label>
             <%= text_field 'auth_source', 'host'  %></p>
             <p><label for="auth_source_port"><%=l(:field_port)%> <span class="required">*</span></label>
             <%= text_field 'auth_source', 'port', :size => 6 %> <%= check_box 'auth_source', 'tls'  %> LDAPS</p>
             <p><label for="auth_source_account"><%=l(:field_account)%></label>
             <%= text_field 'auth_source', 'account'  %></p>
             <p><label for="auth_source_account_password"><%=l(:field_password)%></label>
             <%= password_field 'auth_source', 'account_password', :name => 'ignore',
                                                        :value => ((@auth_source.new_record? || @auth_source.account_password.blank?) ? '' : ('x'*15)),
                                                        :onfocus => "this.value=''; this.name='auth_source[account_password]';",
                                                        :onchange => "this.name='auth_source[account_password]';" %></p>
             <p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
             <%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
-            </div>
-            <div class="box">
             <p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
             <%= check_box 'auth_source', 'onthefly_register' %></p>
+            </div>
-            <p>
+            <fieldset class="box"><legend><%=l(:label_attribute_plural)%></legend>
-            <fieldset><legend><%=l(:label_attribute_plural)%></legend>
             <p><label for="auth_source_attr_login"><%=l(:field_login)%> <span class="required">*</span></label>
             <%= text_field 'auth_source', 'attr_login', :size => 20  %></p>
             <p><label for="auth_source_attr_firstname"><%=l(:field_firstname)%></label>
             <%= text_field 'auth_source', 'attr_firstname', :size => 20  %></p>
             <p><label for="auth_source_attr_lastname"><%=l(:field_lastname)%></label>
             <%= text_field 'auth_source', 'attr_lastname', :size => 20  %></p>
             <p><label for="auth_source_attr_mail"><%=l(:field_mail)%></label>
             <%= text_field 'auth_source', 'attr_mail', :size => 20  %></p>
             </fieldset>
-            </p>
-            </div>
             <!--[eoform:auth_source]-->

test/integration/account_test.rb +48 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../test_helper"
+            begin
+              require 'mocha'
+            rescue
+              # Won't run some tests
+            end
             class AccountTest < ActionController::IntegrationTest
               fixtures :users
               # Replace this with your real tests.
               def test_login
                 get "my/page"
                 assert_redirected_to "account/login"
                 log_user('jsmith', 'jsmith')
                 get "my/account"
                 assert_response :success
                 assert_template "my/account"
               end
               def test_lost_password
                 Token.delete_all
                 get "account/lost_password"
                 assert_response :success
                 assert_template "account/lost_password"
                 post "account/lost_password", :mail => 'jsmith@somenet.foo'
                 assert_redirected_to "account/login"
                 token = Token.find(:first)
                 assert_equal 'recovery', token.action
                 assert_equal 'jsmith@somenet.foo', token.user.mail
                 assert !token.expired?
                 get "account/lost_password", :token => token.value
                 assert_response :success
                 assert_template "account/password_recovery"
                 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
                 assert_redirected_to "account/login"
                 assert_equal 'Password was successfully updated.', flash[:notice]
                 log_user('jsmith', 'newpass')
                 assert_equal 0, Token.count
               end
               def test_register_with_automatic_activation
                 Setting.self_registration = '3'
                 get 'account/register'
                 assert_response :success
                 assert_template 'account/register'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'my/account'
                 follow_redirect!
                 assert_response :success
                 assert_template 'my/account'
                 assert User.find_by_login('newuser').active?
               end
               def test_register_with_manual_activation
                 Setting.self_registration = '2'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'account/login'
                 assert !User.find_by_login('newuser').active?
               end
               def test_register_with_email_activation
                 Setting.self_registration = '1'
                 Token.delete_all
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'account/login'
                 assert !User.find_by_login('newuser').active?
                 token = Token.find(:first)
                 assert_equal 'register', token.action
                 assert_equal 'newuser@foo.bar', token.user.mail
                 assert !token.expired?
                 get 'account/activate', :token => token.value
                 assert_redirected_to 'account/login'
                 log_user('newuser', 'newpass')
               end
+              if Object.const_defined?(:Mocha)
+              def test_onthefly_registration
+                # disable registration
+                Setting.self_registration = '0'
+                AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
+                post 'account/login', :username => 'foo', :password => 'bar'
+                assert_redirected_to 'my/page'
+                user = User.find_by_login('foo')
+                assert user.is_a?(User)
+                assert_equal 66, user.auth_source_id
+                assert user.hashed_password.blank?
+              end
+              def test_onthefly_registration_with_invalid_attributes
+                # disable registration
+                Setting.self_registration = '0'
+                AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
+                post 'account/login', :username => 'foo', :password => 'bar'
+                assert_response :success
+                assert_template 'account/register'
+                assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
+                assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
+                assert_no_tag :input, :attributes => { :name => 'user[login]' }
+                assert_no_tag :input, :attributes => { :name => 'user[password]' }
+                post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
+                assert_redirected_to 'my/account'
+                user = User.find_by_login('foo')
+                assert user.is_a?(User)
+                assert_equal 66, user.auth_source_id
+                assert user.hashed_password.blank?
+              end
+              else
+                puts 'Mocha is missing. Skipping tests.'
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages