diff options
author | James Moger <james.moger@gitblit.com> | 2013-12-11 08:08:37 -0500 |
---|---|---|
committer | James Moger <james.moger@gitblit.com> | 2013-12-11 08:08:37 -0500 |
commit | 1293c279d1ab41ba7f4721009f87e89d4d48bf3d (patch) | |
tree | 9f3f3ef8c1bb3d8b3256e760e4aa93e0c0f2d5bb /src/main/java/com/gitblit/auth/LdapAuthProvider.java | |
parent | d97ee9eb096c6d9f71b03e0dd326644ef9801389 (diff) | |
download | gitblit-1293c279d1ab41ba7f4721009f87e89d4d48bf3d.tar.gz gitblit-1293c279d1ab41ba7f4721009f87e89d4d48bf3d.zip |
Fix external authentication failure
Change-Id: I0f415941a4bfd5e63d85c60613cea0c7d10cbb49
Diffstat (limited to 'src/main/java/com/gitblit/auth/LdapAuthProvider.java')
-rw-r--r-- | src/main/java/com/gitblit/auth/LdapAuthProvider.java | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 67d98c7f..6a2dd437 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -289,16 +289,19 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { UserModel user = null; synchronized (this) { user = userManager.getUserModel(simpleUsername); - if (user == null) // create user object for new authenticated user + if (user == null) { + // create user object for new authenticated user user = new UserModel(simpleUsername); + } // create a user cookie if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { user.cookie = StringUtils.getSHA1(user.username + new String(password)); } - if (!supportsTeamMembershipChanges()) + if (!supportsTeamMembershipChanges()) { getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user); + } // Get User Attributes setUserAttributes(user, loggingInUser); @@ -307,8 +310,9 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { updateUser(user); if (!supportsTeamMembershipChanges()) { - for (TeamModel userTeam : user.teams) + for (TeamModel userTeam : user.teams) { updateTeam(userTeam); + } } } @@ -337,12 +341,13 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { if (!ArrayUtils.isEmpty(admins)) { user.canAdmin = false; for (String admin : admins) { - if (admin.startsWith("@")) { // Team - if (user.getTeam(admin.substring(1)) != null) - user.canAdmin = true; - } else - if (user.getName().equalsIgnoreCase(admin)) - user.canAdmin = true; + if (admin.startsWith("@") && user.isTeamMember(admin.substring(1))) { + // admin team + user.canAdmin = true; + } else if (user.getName().equalsIgnoreCase(admin)) { + // admin user + user.canAdmin = true; + } } } } @@ -361,9 +366,9 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { if (!StringUtils.isEmpty(displayName)) { // Replace embedded ${} with attributes if (displayName.contains("${")) { - for (Attribute userAttribute : userEntry.getAttributes()) + for (Attribute userAttribute : userEntry.getAttributes()) { displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue()); - + } user.displayName = displayName; } else { Attribute attribute = userEntry.getAttribute(displayName); @@ -377,9 +382,9 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { String email = settings.getString(Keys.realm.ldap.email, ""); if (!StringUtils.isEmpty(email)) { if (email.contains("${")) { - for (Attribute userAttribute : userEntry.getAttributes()) + for (Attribute userAttribute : userEntry.getAttributes()) { email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue()); - + } user.emailAddress = email; } else { Attribute attribute = userEntry.getAttribute(email); @@ -393,7 +398,9 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) { String loggingInUserDN = loggingInUser.getDN(); - user.teams.clear(); // Clear the users team memberships - we're going to get them from LDAP + // Clear the users team memberships - we're going to get them from LDAP + user.teams.clear(); + String groupBase = settings.getString(Keys.realm.ldap.groupBase, ""); String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))"); |