jro_apps/redmine Files · app/models/auth_source_ldap.rb

[#20288] Update styles to match CodeRay 1.1.0 (preserving changes of r10132)....

[#20288] Update styles to match CodeRay 1.1.0 (preserving changes of r10132). This commit updates the CSS styles to match with CodeRay 1.1.0, while it preserves the custom changes applied in r10132. The CSS styles were still based on CodeRay 1.0.6 (included since Redmine 1.4.0) with the custom changes from r10132 (included since Redmine 2.1.0). Redmine 2.3.2 till 2.3.4 came with CodeRay 1.0.9, an upgrade that didn't needed changes in the CSS styles. Starting with 2.4.0 Redmine comes with CodeRay 1.1.0, a minor upgrade that came with new/changed token_kinds and lots of changes in the alpha stylesheet, that in turn is used as a base for Redmine's own CodeRay CSS styles. As such, this upgrade needed CSS stylesheet changes like done before in r7618 and r7623 (for 1.0.0 upgrade) and r9389 (for 1.0.6 upgrade). But these changes, plus an update of the Redmine core documentation that is shipped along the core (wiki_syntax_detailed_[markdown|textile].html), aren't integrated up untill today. Contributed by Mischa The Evil. git-svn-id: http://svn.redmine.org/redmine/trunk@14488 e93f8b46-1217-0410-a6f0-8f06a7374b81

Jean-Philippe Lang - - Load All Authors

File last commit:

r13490:000124f44f53


                r14106:6fbb56e55735

Download file

             auth_source_ldap.rb
        
                    196 lines
            
             | 6.3 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / app / models / auth_source_ldap.rb
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # Redmine - project management software

      # Copyright (C) 2006-2015  Jean-Philippe Lang

      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; either version 2

      # of the License, or (at your option) any later version.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

      require 'net/ldap'

      require 'net/ldap/dn'

      require 'timeout'

      class AuthSourceLdap < AuthSource

        validates_presence_of :host, :port, :attr_login

        validates_length_of :name, :host, :maximum => 60, :allow_nil => true

        validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true

        validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true

        validates_numericality_of :port, :only_integer => true

        validates_numericality_of :timeout, :only_integer => true, :allow_blank => true

        validate :validate_filter

        before_validation :strip_ldap_attributes

        def initialize(attributes=nil, *args)

          super

          self.port = 389 if self.port == 0

        end

        def authenticate(login, password)

          return nil if login.blank? || password.blank?

          with_timeout do

            attrs = get_user_dn(login, password)

            if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)

              logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?

              return attrs.except(:dn)

            end

          end

        rescue Net::LDAP::LdapError => e

          raise AuthSourceException.new(e.message)

        end

        # test the connection to the LDAP

        def test_connection

          with_timeout do

            ldap_con = initialize_ldap_con(self.account, self.account_password)

            ldap_con.open { }

          end

        rescue Net::LDAP::LdapError => e

          raise AuthSourceException.new(e.message)

        end

        def auth_method_name

          "LDAP"

        end

        # Returns true if this source can be searched for users

        def searchable?

          !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}

        end

        # Searches the source for users and returns an array of results

        def search(q)

          q = q.to_s.strip

          return [] unless searchable? && q.present?

          results = []

          search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)

          ldap_con = initialize_ldap_con(self.account, self.account_password)

          ldap_con.search(:base => self.base_dn,

                          :filter => search_filter,

                          :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],

                          :size => 10) do |entry|

            attrs = get_user_attributes_from_ldap_entry(entry)

            attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)

            results << attrs

          end

          results

        rescue Net::LDAP::LdapError => e

          raise AuthSourceException.new(e.message)

        end

        private

        def with_timeout(&block)

          timeout = self.timeout

          timeout = 20 unless timeout && timeout > 0

          Timeout.timeout(timeout) do

            return yield

          end

        rescue Timeout::Error => e

          raise AuthSourceTimeoutException.new(e.message)

        end

        def ldap_filter

          if filter.present?

            Net::LDAP::Filter.construct(filter)

          end

        rescue Net::LDAP::LdapError

          nil

        end

        def base_filter

          filter = Net::LDAP::Filter.eq("objectClass", "*")

          if f = ldap_filter

            filter = filter & f

          end

          filter

        end

        def validate_filter

          if filter.present? && ldap_filter.nil?

            errors.add(:filter, :invalid)

          end

        end

        def strip_ldap_attributes

          [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|

            write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?

          end

        end

        def initialize_ldap_con(ldap_user, ldap_password)

          options = { :host => self.host,

                      :port => self.port,

                      :encryption => (self.tls ? :simple_tls : nil)

                    }

          options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?

          Net::LDAP.new options

        end

        def get_user_attributes_from_ldap_entry(entry)

          {

           :dn => entry.dn,

           :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),

           :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),

           :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),

           :auth_source_id => self.id

          }

        end

        # Return the attributes needed for the LDAP search.  It will only

        # include the user attributes if on-the-fly registration is enabled

        def search_attributes

          if onthefly_register?

            ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]

          else

            ['dn']

          end

        end

        # Check if a DN (user record) authenticates with the password

        def authenticate_dn(dn, password)

          if dn.present? && password.present?

            initialize_ldap_con(dn, password).bind

          end

        end

        # Get the user's dn and any attributes for them, given their login

        def get_user_dn(login, password)

          ldap_con = nil

          if self.account && self.account.include?("$login")

            ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)

          else

            ldap_con = initialize_ldap_con(self.account, self.account_password)

          end

          attrs = {}

          search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)

          ldap_con.search( :base => self.base_dn,

                           :filter => search_filter,

                           :attributes=> search_attributes) do |entry|

            if onthefly_register?

              attrs = get_user_attributes_from_ldap_entry(entry)

            else

              attrs = {:dn => entry.dn}

            end

            logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?

          end

          attrs

        end

        def self.get_attr(entry, attr_name)

          if !attr_name.blank?

            entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]

          end

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# Redmine - project management software
				# Copyright (C) 2006-2015 Jean-Philippe Lang
				#
				# This program is free software; you can redistribute it and/or
				# modify it under the terms of the GNU General Public License
				# as published by the Free Software Foundation; either version 2
				# of the License, or (at your option) any later version.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU General Public License
				# along with this program; if not, write to the Free Software
				# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

				require 'net/ldap'
				require 'net/ldap/dn'
				require 'timeout'

				class AuthSourceLdap < AuthSource
				validates_presence_of :host, :port, :attr_login
				validates_length_of :name, :host, :maximum => 60, :allow_nil => true
				validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
				validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
				validates_numericality_of :port, :only_integer => true
				validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
				validate :validate_filter

				before_validation :strip_ldap_attributes

				def initialize(attributes=nil, *args)
				super
				self.port = 389 if self.port == 0
				end

				def authenticate(login, password)
				return nil if login.blank? \|\| password.blank?

				with_timeout do
				attrs = get_user_dn(login, password)
				if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
				logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
				return attrs.except(:dn)
				end
				end
				rescue Net::LDAP::LdapError => e
				raise AuthSourceException.new(e.message)
				end

				# test the connection to the LDAP
				def test_connection
				with_timeout do
				ldap_con = initialize_ldap_con(self.account, self.account_password)
				ldap_con.open { }
				end
				rescue Net::LDAP::LdapError => e
				raise AuthSourceException.new(e.message)
				end

				def auth_method_name
				"LDAP"
				end

				# Returns true if this source can be searched for users
				def searchable?
				!account.to_s.include?("$login") && %w(login firstname lastname mail).all? {\|a\| send("attr_#{a}?")}
				end

				# Searches the source for users and returns an array of results
				def search(q)
				q = q.to_s.strip
				return [] unless searchable? && q.present?

				results = []
				search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
				ldap_con = initialize_ldap_con(self.account, self.account_password)
				ldap_con.search(:base => self.base_dn,
				:filter => search_filter,
				:attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
				:size => 10) do \|entry\|
				attrs = get_user_attributes_from_ldap_entry(entry)
				attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
				results << attrs
				end
				results
				rescue Net::LDAP::LdapError => e
				raise AuthSourceException.new(e.message)
				end

				private

				def with_timeout(&block)
				timeout = self.timeout
				timeout = 20 unless timeout && timeout > 0
				Timeout.timeout(timeout) do
				return yield
				end
				rescue Timeout::Error => e
				raise AuthSourceTimeoutException.new(e.message)
				end

				def ldap_filter
				if filter.present?
				Net::LDAP::Filter.construct(filter)
				end
				rescue Net::LDAP::LdapError
				nil
				end

				def base_filter
				filter = Net::LDAP::Filter.eq("objectClass", "*")
				if f = ldap_filter
				filter = filter & f
				end
				filter
				end

				def validate_filter
				if filter.present? && ldap_filter.nil?
				errors.add(:filter, :invalid)
				end
				end

				def strip_ldap_attributes
				[:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do \|attr\|
				write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
				end
				end

				def initialize_ldap_con(ldap_user, ldap_password)
				options = { :host => self.host,
				:port => self.port,
				:encryption => (self.tls ? :simple_tls : nil)
				}
				options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
				Net::LDAP.new options
				end

				def get_user_attributes_from_ldap_entry(entry)
				{
				:dn => entry.dn,
				:firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
				:lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
				:mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
				:auth_source_id => self.id
				}
				end

				# Return the attributes needed for the LDAP search. It will only
				# include the user attributes if on-the-fly registration is enabled
				def search_attributes
				if onthefly_register?
				['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
				else
				['dn']
				end
				end

				# Check if a DN (user record) authenticates with the password
				def authenticate_dn(dn, password)
				if dn.present? && password.present?
				initialize_ldap_con(dn, password).bind
				end
				end

				# Get the user's dn and any attributes for them, given their login
				def get_user_dn(login, password)
				ldap_con = nil
				if self.account && self.account.include?("$login")
				ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
				else
				ldap_con = initialize_ldap_con(self.account, self.account_password)
				end
				attrs = {}
				search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
				ldap_con.search( :base => self.base_dn,
				:filter => search_filter,
				:attributes=> search_attributes) do \|entry\|
				if onthefly_register?
				attrs = get_user_attributes_from_ldap_entry(entry)
				else
				attrs = {:dn => entry.dn}
				end
				logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
				end
				attrs
				end

				def self.get_attr(entry, attr_name)
				if !attr_name.blank?
				entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
				end
				end
				end