diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/models/auth_source.rb | 1 | ||||
-rw-r--r-- | app/models/auth_source_ldap.rb | 34 | ||||
-rw-r--r-- | app/views/auth_sources/_form_auth_source_ldap.html.erb | 3 |
3 files changed, 29 insertions, 9 deletions
diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb index ec7d3dad9..bfec5f20c 100644 --- a/app/models/auth_source.rb +++ b/app/models/auth_source.rb @@ -18,6 +18,7 @@ # Generic exception for when the AuthSource can not be reached # (eg. can not connect to the LDAP) class AuthSourceException < Exception; end +class AuthSourceTimeoutException < AuthSourceException; end class AuthSource < ActiveRecord::Base include Redmine::SubclassFactory diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index adfb66e8b..d49e00dc6 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -18,6 +18,7 @@ require 'iconv' require 'net/ldap' require 'net/ldap/dn' +require 'timeout' class AuthSourceLdap < AuthSource validates_presence_of :host, :port, :attr_login @@ -25,6 +26,7 @@ class AuthSourceLdap < AuthSource validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true validates_numericality_of :port, :only_integer => true + validates_numericality_of :timeout, :only_integer => true, :allow_blank => true validate :validate_filter before_validation :strip_ldap_attributes @@ -44,22 +46,26 @@ class AuthSourceLdap < AuthSource def authenticate(login, password) return nil if login.blank? || password.blank? - attrs = get_user_dn(login, password) - if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) - logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? - return attrs.except(:dn) + with_timeout do + attrs = get_user_dn(login, password) + if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) + logger.debug "Authentication successful for '#{login}'" if logger && logger.debug? + return attrs.except(:dn) + end end - rescue Net::LDAP::LdapError => e + rescue Net::LDAP::LdapError => e raise AuthSourceException.new(e.message) end # test the connection to the LDAP def test_connection - ldap_con = initialize_ldap_con(self.account, self.account_password) - ldap_con.open { } - rescue Net::LDAP::LdapError => e - raise "LdapError: " + e.message + with_timeout do + ldap_con = initialize_ldap_con(self.account, self.account_password) + ldap_con.open { } + end + rescue Net::LDAP::LdapError => e + raise AuthSourceException.new(e.message) end def auth_method_name @@ -68,6 +74,16 @@ class AuthSourceLdap < AuthSource private + def with_timeout(&block) + timeout = self.timeout + timeout = 20 unless timeout && timeout > 0 + Timeout.timeout(timeout) do + return yield + end + rescue Timeout::Error => e + raise AuthSourceTimeoutException.new(e.message) + end + def ldap_filter if filter.present? Net::LDAP::Filter.construct(filter) diff --git a/app/views/auth_sources/_form_auth_source_ldap.html.erb b/app/views/auth_sources/_form_auth_source_ldap.html.erb index 3ddf43a9a..9a6afb36b 100644 --- a/app/views/auth_sources/_form_auth_source_ldap.html.erb +++ b/app/views/auth_sources/_form_auth_source_ldap.html.erb @@ -26,6 +26,9 @@ <p><label for="auth_source_custom_filter"><%=l(:field_ldap_filter)%></label> <%= text_field 'auth_source', 'filter', :size => 60 %></p> +<p><label for="auth_source_timeout"><%=l(:field_timeout)%></label> +<%= text_field 'auth_source', 'timeout', :size => 4 %></p> + <p><label for="auth_source_onthefly_register"><%=l(:field_onthefly)%></label> <%= check_box 'auth_source', 'onthefly_register' %></p> </div> |