| @@ -17,6 +17,7 | |||
|
|
17 | 17 | |
|
|
18 | 18 | require 'iconv' |
|
|
19 | 19 | require 'net/ldap' |
|
|
20 | require 'net/ldap/dn' | |
|
|
20 | 21 | |
|
|
21 | 22 | class AuthSourceLdap < AuthSource |
|
|
22 | 23 | validates_presence_of :host, :port, :attr_login |
| @@ -35,7 +36,7 class AuthSourceLdap < AuthSource | |||
|
|
35 | 36 | |
|
|
36 | 37 | def authenticate(login, password) |
|
|
37 | 38 | return nil if login.blank? || password.blank? |
|
|
38 | attrs = get_user_dn(login) | |
|
|
39 | attrs = get_user_dn(login, password) | |
|
|
39 | 40 | |
|
|
40 | 41 | if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) |
|
|
41 | 42 | logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? |
| @@ -116,8 +117,13 class AuthSourceLdap < AuthSource | |||
|
|
116 | 117 | end |
|
|
117 | 118 | |
|
|
118 | 119 | # Get the user's dn and any attributes for them, given their login |
|
|
119 | def get_user_dn(login) | |
|
|
120 | ldap_con = initialize_ldap_con(self.account, self.account_password) | |
|
|
120 | def get_user_dn(login, password) | |
|
|
121 | ldap_con = nil | |
|
|
122 | if self.account && self.account.include?("login") | |
|
|
123 | ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) | |
|
|
124 | else | |
|
|
125 | ldap_con = initialize_ldap_con(self.account, self.account_password) | |
|
|
126 | end | |
|
|
121 | 127 | login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) |
|
|
122 | 128 | object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) |
|
|
123 | 129 | attrs = {} |
| @@ -477,6 +477,31 class UserTest < ActiveSupport::TestCase | |||
|
|
477 | 477 | end |
|
|
478 | 478 | end |
|
|
479 | 479 | |
|
|
480 | context "binding with user's account" do | |
|
|
481 | setup do | |
|
|
482 | @auth_source = AuthSourceLdap.find(1) | |
|
|
483 | @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" | |
|
|
484 | @auth_source.account_password = '' | |
|
|
485 | @auth_source.save! | |
|
|
486 | ||
|
|
487 | @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1) | |
|
|
488 | @ldap_user.login = 'example1' | |
|
|
489 | @ldap_user.save! | |
|
|
490 | end | |
|
|
491 | ||
|
|
492 | context "with a successful authentication" do | |
|
|
493 | should "return the user" do | |
|
|
494 | assert_equal @ldap_user, User.try_to_login('example1', '123456') | |
|
|
495 | end | |
|
|
496 | end | |
|
|
497 | ||
|
|
498 | context "with an unsuccessful authentication" do | |
|
|
499 | should "return the user" do | |
|
|
500 | assert_nil User.try_to_login('example1', '11111') | |
|
|
501 | end | |
|
|
502 | end | |
|
|
503 | end | |
|
|
504 | ||
|
|
480 | 505 | context "on the fly registration" do |
|
|
481 | 506 | setup do |
|
|
482 | 507 | @auth_source = AuthSourceLdap.find(1) |
| @@ -502,6 +527,30 class UserTest < ActiveSupport::TestCase | |||
|
|
502 | 527 | end |
|
|
503 | 528 | end |
|
|
504 | 529 | end |
|
|
530 | ||
|
|
531 | context "binding with user's account" do | |
|
|
532 | setup do | |
|
|
533 | @auth_source = AuthSourceLdap.find(1) | |
|
|
534 | @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" | |
|
|
535 | @auth_source.account_password = '' | |
|
|
536 | @auth_source.save! | |
|
|
537 | end | |
|
|
538 | ||
|
|
539 | context "with a successful authentication" do | |
|
|
540 | should "create a new user account if it doesn't exist" do | |
|
|
541 | assert_difference('User.count') do | |
|
|
542 | user = User.try_to_login('example1', '123456') | |
|
|
543 | assert_kind_of User, user | |
|
|
544 | end | |
|
|
545 | end | |
|
|
546 | end | |
|
|
547 | ||
|
|
548 | context "with an unsuccessful authentication" do | |
|
|
549 | should "return the user" do | |
|
|
550 | assert_nil User.try_to_login('example1', '11111') | |
|
|
551 | end | |
|
|
552 | end | |
|
|
553 | end | |
|
|
505 | 554 | end |
|
|
506 | 555 | end |
|
|
507 | 556 | |
General Comments 0
You need to be logged in to leave comments.
Login now