From fdeb398c5e06f642b52f91371c1740f0c828a259 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 17 Mar 2012 12:09:59 +0000 Subject: [PATCH] LDAP: adds the ability to bind with user's account (#1913). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/auth_source_ldap.rb | 12 ++++++--- test/unit/user_test.rb | 49 ++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 3 deletions(-) diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 5b8dc0cfe..59ad3f6b4 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -17,6 +17,7 @@ require 'iconv' require 'net/ldap' +require 'net/ldap/dn' class AuthSourceLdap < AuthSource validates_presence_of :host, :port, :attr_login @@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource def authenticate(login, password) return nil if login.blank? || password.blank? - attrs = get_user_dn(login) + attrs = get_user_dn(login, password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? @@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource end # Get the user's dn and any attributes for them, given their login - def get_user_dn(login) - ldap_con = initialize_ldap_con(self.account, self.account_password) + def get_user_dn(login, password) + ldap_con = nil + if self.account && self.account.include?("login") + ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) + else + ldap_con = initialize_ldap_con(self.account, self.account_password) + end login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) attrs = {} diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index d7cc68794..74d0f757e 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -477,6 +477,31 @@ class UserTest < ActiveSupport::TestCase end end + context "binding with user's account" do + setup do + @auth_source = AuthSourceLdap.find(1) + @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" + @auth_source.account_password = '' + @auth_source.save! + + @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1) + @ldap_user.login = 'example1' + @ldap_user.save! + end + + context "with a successful authentication" do + should "return the user" do + assert_equal @ldap_user, User.try_to_login('example1', '123456') + end + end + + context "with an unsuccessful authentication" do + should "return the user" do + assert_nil User.try_to_login('example1', '11111') + end + end + end + context "on the fly registration" do setup do @auth_source = AuthSourceLdap.find(1) @@ -502,6 +527,30 @@ class UserTest < ActiveSupport::TestCase end end end + + context "binding with user's account" do + setup do + @auth_source = AuthSourceLdap.find(1) + @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" + @auth_source.account_password = '' + @auth_source.save! + end + + context "with a successful authentication" do + should "create a new user account if it doesn't exist" do + assert_difference('User.count') do + user = User.try_to_login('example1', '123456') + assert_kind_of User, user + end + end + end + + context "with an unsuccessful authentication" do + should "return the user" do + assert_nil User.try_to_login('example1', '11111') + end + end + end end end -- 2.39.5