##// END OF EJS Templates
jro_apps » redmine
RSS
LDAP: adds the ability to bind with user's account (#1913)....
Jean-Philippe Lang -
r9121:fdeb398c5e06
parent child
Show More
Side by Side Unified
Context file:
r9121:fdeb398c5e06 Loading diff...:
Show file before | Show file after | Hide comments
@@ -17,6 +17,7
17
17
18 require 'iconv'
18 require 'iconv'
19 require 'net/ldap'
19 require 'net/ldap'
20 require 'net/ldap/dn'
20
21
21 class AuthSourceLdap < AuthSource
22 class AuthSourceLdap < AuthSource
22 validates_presence_of :host, :port, :attr_login
23 validates_presence_of :host, :port, :attr_login
@@ -35,7 +36,7 class AuthSourceLdap < AuthSource
35
36
36 def authenticate(login, password)
37 def authenticate(login, password)
37 return nil if login.blank? || password.blank?
38 return nil if login.blank? || password.blank?
38 attrs = get_user_dn(login)
39 attrs = get_user_dn(login, password)
39
40
40 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
41 if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
41 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
42 logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
@@ -116,8 +117,13 class AuthSourceLdap < AuthSource
116 end
117 end
117
118
118 # Get the user's dn and any attributes for them, given their login
119 # Get the user's dn and any attributes for them, given their login
119 def get_user_dn(login)
120 def get_user_dn(login, password)
120 ldap_con = initialize_ldap_con(self.account, self.account_password)
121 ldap_con = nil
122 if self.account && self.account.include?("login")
123 ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
124 else
125 ldap_con = initialize_ldap_con(self.account, self.account_password)
126 end
121 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
127 login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
122 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
128 object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
123 attrs = {}
129 attrs = {}
Show file before | Show file after | Hide comments
@@ -477,6 +477,31 class UserTest < ActiveSupport::TestCase
477 end
477 end
478 end
478 end
479
479
480 context "binding with user's account" do
481 setup do
482 @auth_source = AuthSourceLdap.find(1)
483 @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
484 @auth_source.account_password = ''
485 @auth_source.save!
486
487 @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
488 @ldap_user.login = 'example1'
489 @ldap_user.save!
490 end
491
492 context "with a successful authentication" do
493 should "return the user" do
494 assert_equal @ldap_user, User.try_to_login('example1', '123456')
495 end
496 end
497
498 context "with an unsuccessful authentication" do
499 should "return the user" do
500 assert_nil User.try_to_login('example1', '11111')
501 end
502 end
503 end
504
480 context "on the fly registration" do
505 context "on the fly registration" do
481 setup do
506 setup do
482 @auth_source = AuthSourceLdap.find(1)
507 @auth_source = AuthSourceLdap.find(1)
@@ -502,6 +527,30 class UserTest < ActiveSupport::TestCase
502 end
527 end
503 end
528 end
504 end
529 end
530
531 context "binding with user's account" do
532 setup do
533 @auth_source = AuthSourceLdap.find(1)
534 @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
535 @auth_source.account_password = ''
536 @auth_source.save!
537 end
538
539 context "with a successful authentication" do
540 should "create a new user account if it doesn't exist" do
541 assert_difference('User.count') do
542 user = User.try_to_login('example1', '123456')
543 assert_kind_of User, user
544 end
545 end
546 end
547
548 context "with an unsuccessful authentication" do
549 should "return the user" do
550 assert_nil User.try_to_login('example1', '11111')
551 end
552 end
553 end
505 end
554 end
506 end
555 end
507
556
General Comments 0
You need to be logged in to leave comments. Login now