/app/models/auth_source_ldap.rb - Annotate - SoundSoftware Code Site

To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.

Mercurial

Statistics Download as Zip

root / app / models / auth_source_ldap.rb @ 1534:b31caaed9d4d

History | View | Annotate | Download (6.28 KB)

-:cbb26bc654de
+# Redmine - project management software
-:e248c7af89ec
+# Copyright (C) 2006-2014  Jean-Philippe Lang
-:513646585e45
+            Chris
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-:cbb26bc654de
+            Chris
-:513646585e45
+# This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-:cbb26bc654de
+            Chris
-:513646585e45
+# You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 require 'net/ldap'
-:433d4f72a19b
+require 'net/ldap/dn'
 require 'timeout'
-:513646585e45
+            Chris
-:cbb26bc654de
+class AuthSourceLdap < AuthSource
-:513646585e45
+  validates_presence_of :host, :port, :attr_login
-:051f544170fe
+  validates_length_of :name, :host, :maximum => 60, :allow_nil => true
-:433d4f72a19b
+  validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
-:513646585e45
+  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
   validates_numericality_of :port, :only_integer => true
-:433d4f72a19b
+  validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
   validate :validate_filter
-:cbb26bc654de
+            Chris
-:513646585e45
+  before_validation :strip_ldap_attributes
-:cbb26bc654de
+            Chris
-:433d4f72a19b
+  def initialize(attributes=nil, *args)
     super
-:513646585e45
+    self.port = 389 if self.port == 0
   end
-:cbb26bc654de
+            Chris
-:513646585e45
+  def authenticate(login, password)
     return nil if login.blank? || password.blank?
-:cbb26bc654de
+            Chris
-:433d4f72a19b
+    with_timeout do
       attrs = get_user_dn(login, password)
       if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
         logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
         return attrs.except(:dn)
       end
-:513646585e45
+    end
-:433d4f72a19b
+  rescue Net::LDAP::LdapError => e
     raise AuthSourceException.new(e.message)
-:513646585e45
+  end
   # test the connection to the LDAP
   def test_connection
-:433d4f72a19b
+    with_timeout do
       ldap_con = initialize_ldap_con(self.account, self.account_password)
       ldap_con.open { }
     end
   rescue Net::LDAP::LdapError => e
     raise AuthSourceException.new(e.message)
-:513646585e45
+  end
-:cbb26bc654de
+            Chris
-:513646585e45
+  def auth_method_name
     "LDAP"
   end
-:cbb26bc654de
+            Chris
-:261b3d9a4903
+  # Returns true if this source can be searched for users
   def searchable?
     !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
   end
   # Searches the source for users and returns an array of results
   def search(q)
     q = q.to_s.strip
     return [] unless searchable? && q.present?
     results = []
     search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
     ldap_con = initialize_ldap_con(self.account, self.account_password)
     ldap_con.search(:base => self.base_dn,
                     :filter => search_filter,
                     :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
                     :size => 10) do |entry|
       attrs = get_user_attributes_from_ldap_entry(entry)
       attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
       results << attrs
     end
     results
   rescue Net::LDAP::LdapError => e
     raise AuthSourceException.new(e.message)
   end
-:513646585e45
+  private
-:cbb26bc654de
+            Chris
-:433d4f72a19b
+  def with_timeout(&block)
     timeout = self.timeout
     timeout = 20 unless timeout && timeout > 0
     Timeout.timeout(timeout) do
       return yield
     end
   rescue Timeout::Error => e
     raise AuthSourceTimeoutException.new(e.message)
   end
   def ldap_filter
     if filter.present?
       Net::LDAP::Filter.construct(filter)
     end
   rescue Net::LDAP::LdapError
     nil
   end
-:261b3d9a4903
+  def base_filter
     filter = Net::LDAP::Filter.eq("objectClass", "*")
     if f = ldap_filter
       filter = filter & f
     end
     filter
   end
-:433d4f72a19b
+  def validate_filter
     if filter.present? && ldap_filter.nil?
       errors.add(:filter, :invalid)
     end
   end
-:513646585e45
+  def strip_ldap_attributes
     [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
       write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
     end
   end
-:cbb26bc654de
+            Chris
-:513646585e45
+  def initialize_ldap_con(ldap_user, ldap_password)
     options = { :host => self.host,
                 :port => self.port,
                 :encryption => (self.tls ? :simple_tls : nil)
+              }
     options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
     Net::LDAP.new options
   end
   def get_user_attributes_from_ldap_entry(entry)
+    {
      :dn => entry.dn,
      :firstname => AuthSourceLdap.get_attr(entry, self.attr_firstname),
      :lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
      :mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
      :auth_source_id => self.id
+    }
   end
   # Return the attributes needed for the LDAP search.  It will only
   # include the user attributes if on-the-fly registration is enabled
   def search_attributes
     if onthefly_register?
       ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail]
     else
       ['dn']
     end
   end
   # Check if a DN (user record) authenticates with the password
   def authenticate_dn(dn, password)
     if dn.present? && password.present?
       initialize_ldap_con(dn, password).bind
     end
   end
   # Get the user's dn and any attributes for them, given their login
-:433d4f72a19b
+  def get_user_dn(login, password)
     ldap_con = nil
     if self.account && self.account.include?("$login")
       ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
     else
       ldap_con = initialize_ldap_con(self.account, self.account_password)
     end
-:513646585e45
+    attrs = {}
-:261b3d9a4903
+    search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
-:433d4f72a19b
+            Chris
-:cbb26bc654de
+    ldap_con.search( :base => self.base_dn,
-:433d4f72a19b
+                     :filter => search_filter,
-:513646585e45
+                     :attributes=> search_attributes) do |entry|
       if onthefly_register?
         attrs = get_user_attributes_from_ldap_entry(entry)
       else
         attrs = {:dn => entry.dn}
       end
       logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
     end
     attrs
   end
-:cbb26bc654de
+            Chris
-:513646585e45
+  def self.get_attr(entry, attr_name)
     if !attr_name.blank?
       entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
     end
   end
 end

SoundSoftware Project »

SoundSoftware Code Site

root / app / models / auth_source_ldap.rb @ 1534:b31caaed9d4d