ldap: accept multiple fields in login attribute

Victor Costa
1 parent 1d20b6f8
Showing 5 changed files with 35 additions and 5 deletions Show diff stats
plugins/ldap/Gemfile
plugins/ldap/dependencies.rb
plugins/ldap/lib/ldap_authentication.rb
plugins/ldap/lib/ldap_plugin.rb
plugins/ldap/test/unit/ldap_plugin_test.rb
-gem "net-ldap"
+gem "net-ldap", "~> 0.12.1"
 gem "magic", ">= 0.2.8"
@@ -1 +0,0 @@
-require 'net/ldap'
@@ -15,7 +15,6 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-require 'iconv'
 require 'net/ldap'
 require 'net/ldap/dn'
 require 'magic'
@@ -111,7 +110,14 @@ class LdapAuthentication
     else
       ldap_con = initialize_ldap_con(self.account, self.account_password)
     end
-    login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
+    login_filter = nil
+    (self.attr_login || []).split.each do |attr|
+      if(login_filter.nil?)
+        login_filter = Net::LDAP::Filter.eq( attr, login )
+      else
+        login_filter = login_filter | Net::LDAP::Filter.eq( attr, login )
+      end
+    end
     object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
     attrs = {}
@@ -55,7 +55,7 @@ class LdapPlugin &lt; Noosfero::Plugin
       end
       if attrs
-        user.login = login
+        user.login = get_login(attrs, ldap.attr_login, login)
         user.email = get_email(attrs, login)
         user.name =  attrs[:fullname]
         user.password = password
@@ -94,6 +94,11 @@ class LdapPlugin &lt; Noosfero::Plugin
     user
   end
+  def get_login(attrs, attr_login, login)
+    user_login = Array.wrap(attrs[attr_login.split.first.to_sym])
+    user_login.empty? ? login : user_login.first
+  end
+
   def get_email(attrs, login)
     return attrs[:mail] unless attrs[:mail].blank?
@@ -14,4 +14,24 @@ class LdapPluginTest &lt; ActiveSupport::TestCase
     refute plugin.allow_password_recovery
   end
+  should 'return login when exists a login attribute returned by ldap' do
+    plugin = LdapPlugin.new
+    assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2')
+  end
+
+  should 'return the attribute configured by attr_login when the attribute exists' do
+    plugin = LdapPlugin.new
+    assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2')
+  end
+
+  should 'return login when the ldap attribute does not exists' do
+    plugin = LdapPlugin.new
+    assert_equal 'test2', plugin.get_login({:uid => 'test'}, 'mail', 'test2')
+  end
+
+  should 'use the first word at attr_login as the login key' do
+    plugin = LdapPlugin.new
+    assert_equal 'test', plugin.get_login({:uid => 'test', :mail => 'test@test'}, 'uid mail', 'test2')
+  end
+
 end
1	-gem "net-ldap"	1	+gem "net-ldap", "~> 0.12.1"
2	gem "magic", ">= 0.2.8"	2	gem "magic", ">= 0.2.8"
	@@ -14,4 +14,24 @@ class LdapPluginTest < ActiveSupport::TestCase		@@ -14,4 +14,24 @@ class LdapPluginTest < ActiveSupport::TestCase
14	refute plugin.allow_password_recovery	14	refute plugin.allow_password_recovery
15	end	15	end
16		16
		17	+ should 'return login when exists a login attribute returned by ldap' do
		18	+ plugin = LdapPlugin.new
		19	+ assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2')
		20	+ end
		21	+
		22	+ should 'return the attribute configured by attr_login when the attribute exists' do
		23	+ plugin = LdapPlugin.new
		24	+ assert_equal 'test', plugin.get_login({:uid => 'test'}, 'uid', 'test2')
		25	+ end
		26	+
		27	+ should 'return login when the ldap attribute does not exists' do
		28	+ plugin = LdapPlugin.new
		29	+ assert_equal 'test2', plugin.get_login({:uid => 'test'}, 'mail', 'test2')
		30	+ end
		31	+
		32	+ should 'use the first word at attr_login as the login key' do
		33	+ plugin = LdapPlugin.new
		34	+ assert_equal 'test', plugin.get_login({:uid => 'test', :mail => 'test@test'}, 'uid mail', 'test2')
		35	+ end
		36	+
17	end	37	end