diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-03-17 12:09:59 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-03-17 12:09:59 +0000 |
| commit | fdeb398c5e06f642b52f91371c1740f0c828a259 (patch) | |
| tree | 83430fb22f233ec3a1ff8ae0073b48ff39bed76e | |
| parent | ef77825f10e794fdeb8863b142ff12715f551f29 (diff) | |
| download | redmine-fdeb398c5e06f642b52f91371c1740f0c828a259.tar.gz redmine-fdeb398c5e06f642b52f91371c1740f0c828a259.zip | |
LDAP: adds the ability to bind with user's account (#1913).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9241 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/auth_source_ldap.rb | 12 | ||||
| -rw-r--r-- | test/unit/user_test.rb | 49 |
2 files changed, 58 insertions, 3 deletions
diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index 5b8dc0cfe..59ad3f6b4 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -17,6 +17,7 @@ require 'iconv' require 'net/ldap' +require 'net/ldap/dn' class AuthSourceLdap < AuthSource validates_presence_of :host, :port, :attr_login @@ -35,7 +36,7 @@ class AuthSourceLdap < AuthSource def authenticate(login, password) return nil if login.blank? || password.blank? - attrs = get_user_dn(login) + attrs = get_user_dn(login, password) if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? @@ -116,8 +117,13 @@ class AuthSourceLdap < AuthSource end # Get the user's dn and any attributes for them, given their login - def get_user_dn(login) - ldap_con = initialize_ldap_con(self.account, self.account_password) + def get_user_dn(login, password) + ldap_con = nil + if self.account && self.account.include?("login") + ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) + else + ldap_con = initialize_ldap_con(self.account, self.account_password) + end login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) attrs = {} diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index d7cc68794..74d0f757e 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -477,6 +477,31 @@ class UserTest < ActiveSupport::TestCase end end + context "binding with user's account" do + setup do + @auth_source = AuthSourceLdap.find(1) + @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" + @auth_source.account_password = '' + @auth_source.save! + + @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1) + @ldap_user.login = 'example1' + @ldap_user.save! + end + + context "with a successful authentication" do + should "return the user" do + assert_equal @ldap_user, User.try_to_login('example1', '123456') + end + end + + context "with an unsuccessful authentication" do + should "return the user" do + assert_nil User.try_to_login('example1', '11111') + end + end + end + context "on the fly registration" do setup do @auth_source = AuthSourceLdap.find(1) @@ -502,6 +527,30 @@ class UserTest < ActiveSupport::TestCase end end end + + context "binding with user's account" do + setup do + @auth_source = AuthSourceLdap.find(1) + @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" + @auth_source.account_password = '' + @auth_source.save! + end + + context "with a successful authentication" do + should "create a new user account if it doesn't exist" do + assert_difference('User.count') do + user = User.try_to_login('example1', '123456') + assert_kind_of User, user + end + end + end + + context "with an unsuccessful authentication" do + should "return the user" do + assert_nil User.try_to_login('example1', '11111') + end + end + end end end |