123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 |
- # frozen_string_literal: true
-
- # Redmine - project management software
- # Copyright (C) 2006-2019 Jean-Philippe Lang
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
- # Generic exception for when the AuthSource can not be reached
- # (eg. can not connect to the LDAP)
- class AuthSourceException < StandardError; end
- class AuthSourceTimeoutException < AuthSourceException; end
-
- class AuthSource < ActiveRecord::Base
- include Redmine::SafeAttributes
- include Redmine::SubclassFactory
- include Redmine::Ciphering
-
- has_many :users
-
- validates_presence_of :name
- validates_uniqueness_of :name
- validates_length_of :name, :maximum => 60
-
- safe_attributes 'name',
- 'host',
- 'port',
- 'account',
- 'account_password',
- 'base_dn',
- 'attr_login',
- 'attr_firstname',
- 'attr_lastname',
- 'attr_mail',
- 'onthefly_register',
- 'tls',
- 'verify_peer',
- 'filter',
- 'timeout'
-
- def authenticate(login, password)
- end
-
- def test_connection
- end
-
- def auth_method_name
- "Abstract"
- end
-
- def account_password
- read_ciphered_attribute(:account_password)
- end
-
- def account_password=(arg)
- write_ciphered_attribute(:account_password, arg)
- end
-
- def searchable?
- false
- end
-
- def self.search(q)
- results = []
- AuthSource.all.each do |source|
- begin
- if source.searchable?
- results += source.search(q)
- end
- rescue AuthSourceException => e
- logger.error "Error while searching users in #{source.name}: #{e.message}"
- end
- end
- results
- end
-
- def allow_password_changes?
- self.class.allow_password_changes?
- end
-
- # Does this auth source backend allow password changes?
- def self.allow_password_changes?
- false
- end
-
- # Try to authenticate a user not yet registered against available sources
- def self.authenticate(login, password)
- AuthSource.where(:onthefly_register => true).each do |source|
- begin
- logger.debug "Authenticating '#{login}' against '#{source.name}'" if logger && logger.debug?
- attrs = source.authenticate(login, password)
- rescue => e
- logger.error "Error during authentication: #{e.message}"
- attrs = nil
- end
- return attrs if attrs
- end
- return nil
- end
- end
|