ldap_plugin.rb 2.97 KB
Edit Raw Blame History Permalink



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117


require File.dirname(__FILE__) + '/ldap_authentication.rb'

class LdapPlugin < Noosfero::Plugin
  include Noosfero::Plugin::HotSpot

  def self.plugin_name
    "LdapPlugin"
  end

  def self.plugin_description
    _("A plugin that add ldap support.")
  end

  module Hotspots
    # -> Custom ldap plugin hotspot to set profile data before user creation
    # receive the followings params:
    # - attrs with ldap received data
    # - login received by ldap
    # - params from current context
    # returns = updated person_data hash
    def ldap_plugin_set_profile_data(attrs, params)
      [attrs, params]
    end

    # -> Custom ldap plugin hotspot to update user object
    # receive the followings params:
    # - user: user object
    # - attrs with ldap received data
    # returns = none
    def ldap_plugin_update_user(user, attrs)
    end
  end

  def allow_user_registration
    false
  end

  def allow_password_recovery
    false
  end

  def alternative_authentication
    login = context.params[:user][:login]
    password = context.params[:user][:password]
    ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes)

    user = User.find_or_initialize_by_login(login)

    if user.new_record?
      # user is not yet registered, try to authenticate
      begin
        attrs = ldap.authenticate(login, password)
      rescue Net::LDAP::LdapError => e
        puts "LDAP is not configured correctly"
      end

      if attrs
        user.login = login
        user.email = get_email(attrs, login)
        user.name =  attrs[:fullname]
        user.password = password
        user.password_confirmation = password
        user.person_data = plugins.pipeline(:ldap_plugin_set_profile_data, attrs, context.params).last[:profile_data]
        user.activated_at = Time.now.utc
        user.activation_code = nil

        ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes)
        begin
          if user.save
            user.activate
            plugins.dispatch(:ldap_plugin_update_user, user, attrs)
          else
            user = nil
          end
        rescue
          #User not saved
        end
      else
        user = nil
      end

    else
      return nil if !user.activated?

      begin
        # user is defined as nil if ldap authentication failed
        user = nil if ldap.authenticate(login, password).nil?
      rescue Net::LDAP::LdapError => e
        user = nil
        puts "LDAP is not configured correctly"
      end
    end

    user
  end

  def get_email(attrs, login)
    return attrs[:mail] unless attrs[:mail].blank?

    if attrs[:fullname]
      return attrs[:fullname].to_slug + "@ldap.user"
    else
      return login.to_slug + "@ldap.user"
    end
  end

  def login_extra_contents
    proc do
      @person = Person.new(:environment => @environment)
      @profile_data = @person
      labelled_fields_for :profile_data, @person do |f|
        render :partial => 'profile_editor/person_form', :locals => {:f => f}
      end
    end
  end

end