Commit b256dff9b9bf92c1286fd8d041d09e1f085fdcb3
1 parent
1d20b6f8
Exists in
master
and in
19 other branches
ldap: accept multiple fields in login attribute
Showing
5 changed files
with
35 additions
and
5 deletions
Show diff stats
plugins/ldap/Gemfile
plugins/ldap/dependencies.rb
| ... | ... | @@ -1 +0,0 @@ |
| 1 | -require 'net/ldap' |
plugins/ldap/lib/ldap_authentication.rb
| ... | ... | @@ -15,7 +15,6 @@ |
| 15 | 15 | # along with this program; if not, write to the Free Software |
| 16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 | |
| 18 | -require 'iconv' | |
| 19 | 18 | require 'net/ldap' |
| 20 | 19 | require 'net/ldap/dn' |
| 21 | 20 | require 'magic' |
| ... | ... | @@ -111,7 +110,14 @@ class LdapAuthentication |
| 111 | 110 | else |
| 112 | 111 | ldap_con = initialize_ldap_con(self.account, self.account_password) |
| 113 | 112 | end |
| 114 | - login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) | |
| 113 | + login_filter = nil | |
| 114 | + (self.attr_login || []).split.each do |attr| | |
| 115 | + if(login_filter.nil?) | |
| 116 | + login_filter = Net::LDAP::Filter.eq( attr, login ) | |
| 117 | + else | |
| 118 | + login_filter = login_filter | Net::LDAP::Filter.eq( attr, login ) | |
| 119 | + end | |
| 120 | + end | |
| 115 | 121 | object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) |
| 116 | 122 | |
| 117 | 123 | attrs = {} | ... | ... |
plugins/ldap/lib/ldap_plugin.rb
| ... | ... | @@ -55,7 +55,7 @@ class LdapPlugin < Noosfero::Plugin |
| 55 | 55 | end |
| 56 | 56 | |
| 57 | 57 | if attrs |
| 58 | - user.login = login | |
| 58 | + user.login = get_login(attrs, ldap.attr_login, login) | |
| 59 | 59 | user.email = get_email(attrs, login) |
| 60 | 60 | user.name = attrs[:fullname] |
| 61 | 61 | user.password = password |
| ... | ... | @@ -94,6 +94,11 @@ class LdapPlugin < Noosfero::Plugin |
| 94 | 94 | user |
| 95 | 95 | end |
| 96 | 96 | |
| 97 | + def get_login(attrs, attr_login, login) | |
| 98 | + user_login = Array.wrap(attrs[attr_login.split.first.to_sym]) | |
| 99 | + user_login.empty? ? login : user_login.first | |
| 100 | + end | |
| 101 | + | |
| 97 | 102 | def get_email(attrs, login) |
| 98 | 103 | return attrs[:mail] unless attrs[:mail].blank? |
| 99 | 104 | ... | ... |
plugins/ldap/test/unit/ldap_plugin_test.rb
| ... | ... | @@ -14,4 +14,24 @@ class LdapPluginTest < ActiveSupport::TestCase |
| 14 | 14 | refute plugin.allow_password_recovery |
| 15 | 15 | end |
| 16 | 16 | |
| 17 | + should 'return login when exists a login attribute returned by ldap' do | |
| 18 | + plugin = LdapPlugin.new | |
| 19 | + assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2') | |
| 20 | + end | |
| 21 | + | |
| 22 | + should 'return the attribute configured by attr_login when the attribute exists' do | |
| 23 | + plugin = LdapPlugin.new | |
| 24 | + assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2') | |
| 25 | + end | |
| 26 | + | |
| 27 | + should 'return login when the ldap attribute does not exists' do | |
| 28 | + plugin = LdapPlugin.new | |
| 29 | + assert_equal 'test2', plugin.get_login({:uid => 'test'}, 'mail', 'test2') | |
| 30 | + end | |
| 31 | + | |
| 32 | + should 'use the first word at attr_login as the login key' do | |
| 33 | + plugin = LdapPlugin.new | |
| 34 | + assert_equal 'test', plugin.get_login({:uid => 'test', :mail => 'test@test'}, 'uid mail', 'test2') | |
| 35 | + end | |
| 36 | + | |
| 17 | 37 | end | ... | ... |