git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9044 e93f8b46-1217-0410-a6f0-8f06a7374b81

12 years ago · 60741b3e1c
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -21,9 +21,10 @@ require 'net/ldap'
 class AuthSourceLdap < AuthSource
  validates_presence_of :host, :port, :attr_login
  validates_length_of :name, :host, :maximum => 60, :allow_nil => true
  validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
  validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
  validates_numericality_of :port, :only_integer => true
  validate :validate_filter

  before_validation :strip_ldap_attributes

@@ -58,6 +59,20 @@ class AuthSourceLdap < AuthSource

  private

  def ldap_filter
    if filter.present?
      Net::LDAP::Filter.construct(filter)
    end
  rescue Net::LDAP::LdapError
    nil
  end

  def validate_filter
    if filter.present? && ldap_filter.nil?
      errors.add(:filter, :invalid)
    end
  end

  def strip_ldap_attributes
    [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
      write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
@@ -107,8 +122,13 @@ class AuthSourceLdap < AuthSource
    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
    attrs = {}

    search_filter = object_filter & login_filter
    if f = ldap_filter
      search_filter = search_filter & f
    end

    ldap_con.search( :base => self.base_dn,
                     :filter => object_filter & login_filter,
                     :filter => search_filter,
                     :attributes=> search_attributes) do |entry|

      if onthefly_register?
--- a/app/views/ldap_auth_sources/_form.html.erb
+++ b/app/views/ldap_auth_sources/_form.html.erb
@@ -23,6 +23,9 @@
 <p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
 <%= text_field 'auth_source', 'base_dn', :size => 60 %></p>

 <p><label for="auth_source_custom_filter"><%=l(:field_ldap_filter)%></label>
 <%= text_field 'auth_source', 'filter', :size => 60 %></p>

 <p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label>
 <%= check_box 'auth_source', 'onthefly_register' %></p>
 </div>
--- a/config/locales/ar.yml
+++ b/config/locales/ar.yml
@@ -1023,3 +1023,4 @@ ar:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/bg.yml
+++ b/config/locales/bg.yml
@@ -1021,3 +1021,4 @@ bg:
  description_date_range_interval: Изберете диапазон чрез задаване на начална и крайна дати
  description_date_from: Въведете начална дата
  description_date_to: Въведете крайна дата
  field_ldap_filter: LDAP filter
--- a/config/locales/bs.yml
+++ b/config/locales/bs.yml
@@ -1037,3 +1037,4 @@ bs:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -1025,3 +1025,4 @@ ca:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/cs.yml
+++ b/config/locales/cs.yml
@@ -1026,3 +1026,4 @@ cs:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
@@ -1040,3 +1040,4 @@ da:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -1043,3 +1043,4 @@ de:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/el.yml
+++ b/config/locales/el.yml
@@ -1023,3 +1023,4 @@ el:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/en-GB.yml
+++ b/config/locales/en-GB.yml
@@ -1025,3 +1025,4 @@ en-GB:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -321,6 +321,7 @@ en:
  field_cvs_module: Module
  field_repository_is_default: Main repository
  field_multiple: Multiple values
  field_ldap_filter: LDAP filter

  setting_app_title: Application title
  setting_app_subtitle: Application subtitle
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -1060,3 +1060,4 @@ es:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/et.yml
+++ b/config/locales/et.yml
@@ -1039,3 +1039,4 @@ et:
  label_export_options: "%{export_format} ekspordi valikud"
  label_completed_versions: "Lõpetatud versioonid"
  error_attachment_too_big: "Seda faili ei saa üles laadida, kuna ületab maksimumsuurust (%{max_size})"
  field_ldap_filter: LDAP filter
--- a/config/locales/eu.yml
+++ b/config/locales/eu.yml
@@ -1026,3 +1026,4 @@ eu:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
@@ -1025,3 +1025,4 @@ fa:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/fi.yml
+++ b/config/locales/fi.yml
@@ -1044,3 +1044,4 @@ fi:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -320,6 +320,7 @@ fr:
  field_commit_logs_encoding: Encodage des messages de commit
  field_repository_is_default: Dépôt principal
  field_multiple: Valeurs multiples
  field_ldap_filter: Filtre LDAP

  setting_app_title: Titre de l'application
  setting_app_subtitle: Sous-titre de l'application
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
@@ -1034,3 +1034,4 @@ gl:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -1028,3 +1028,4 @@ he:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/hr.yml
+++ b/config/locales/hr.yml
@@ -1029,3 +1029,4 @@ hr:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
@@ -1042,3 +1042,4 @@
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
@@ -1029,3 +1029,4 @@ id:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@@ -1024,3 +1024,4 @@ it:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -1053,3 +1053,4 @@ ja:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
@@ -1073,3 +1073,4 @@ ko:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
@@ -1083,3 +1083,4 @@ lt:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/lv.yml
+++ b/config/locales/lv.yml
@@ -1017,3 +1017,4 @@ lv:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/mk.yml
+++ b/config/locales/mk.yml
@@ -1023,3 +1023,4 @@ mk:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/mn.yml
+++ b/config/locales/mn.yml
@@ -1023,3 +1023,4 @@ mn:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -1005,3 +1005,4 @@ nl:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -1013,3 +1013,4 @@
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -1040,3 +1040,4 @@ pl:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -1046,3 +1046,4 @@ pt-BR:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/pt.yml
+++ b/config/locales/pt.yml
@@ -1028,3 +1028,4 @@ pt:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/ro.yml
+++ b/config/locales/ro.yml
@@ -1020,3 +1020,4 @@ ro:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -1138,3 +1138,4 @@ ru:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/sk.yml
+++ b/config/locales/sk.yml
@@ -1023,3 +1023,4 @@ sk:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
@@ -1023,3 +1023,4 @@ sl:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/sr-YU.yml
+++ b/config/locales/sr-YU.yml
@@ -1023,3 +1023,4 @@ sr-YU:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
@@ -1024,3 +1024,4 @@ sr:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/sv.yml
+++ b/config/locales/sv.yml
@@ -1064,3 +1064,4 @@ sv:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -1020,3 +1020,4 @@ th:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -1042,3 +1042,4 @@ tr:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -1020,3 +1020,4 @@ uk:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
@@ -1074,3 +1074,4 @@ vi:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -1103,3 +1103,4 @@
    zero:  0 問題
    one:   1 問題
    other: "%{count} 問題清單"
  field_ldap_filter: LDAP filter
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@@ -1025,3 +1025,4 @@ zh:
  notice_issue_update_conflict: The issue has been updated by an other user while you were editing it.
  text_issue_conflict_resolution_cancel: Discard all my changes and redisplay %{link}
  permission_manage_related_issues: Manage related issues
  field_ldap_filter: LDAP filter
--- a/db/migrate/20120301153455_add_auth_sources_filter.rb
+++ b/db/migrate/20120301153455_add_auth_sources_filter.rb
@@ -0,0 +1,9 @@
 class AddAuthSourcesFilter < ActiveRecord::Migration
  def self.up
    add_column :auth_sources, :filter, :string
  end

  def self.down
    remove_column :auth_sources, :filter
  end
 end
--- a/test/unit/auth_source_ldap_test.rb
+++ b/test/unit/auth_source_ldap_test.rb
@@ -18,6 +18,7 @@
 require File.expand_path('../../test_helper', __FILE__)

 class AuthSourceLdapTest < ActiveSupport::TestCase
  include Redmine::I18n
  fixtures :auth_sources

  def setup
@@ -44,6 +45,18 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
    assert_equal 389, a.port
  end

  def test_filter_should_be_validated
    set_language_if_valid 'en'

    a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :attr_login => 'sn')
    a.filter = "(mail=*@redmine.org"
    assert !a.valid?
    assert_equal "is invalid", a.errors[:filter].to_s

    a.filter = "(mail=*@redmine.org)"
    assert a.valid?
  end

  if ldap_configured?
    context '#authenticate' do
      setup do
@@ -83,6 +96,23 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
        end
      end

      context 'without filter' do
        should 'return any user' do
          assert @auth.authenticate('example1','123456')
          assert @auth.authenticate('edavis', '123456')
        end
      end

      context 'with filter' do
        setup do
          @auth.filter = "(mail=*@redmine.org)"
        end

        should 'return user who matches the filter only' do
          assert @auth.authenticate('example1','123456')
          assert_nil @auth.authenticate('edavis', '123456')
        end
      end
    end
  else
    puts '(Test LDAP server not configured)'