diff --git a/plugins/ldap/README b/plugins/ldap/README new file mode 100644 index 0000000..14d1c3e --- /dev/null +++ b/plugins/ldap/README @@ -0,0 +1,71 @@ +README - LDAP (LDAP Plugin) +================================ + +LDAP is a plugin to allow ldap authentication to noosfero + + +INSTALL +======= + +Dependences +----------- + +See the Noosfero install file. After install Noosfero, install Mezuro dependences: + +$ gem install net-ldap -v 0.3.1 + +Enable Plugin +------------- + +Also, you need to enable LDAP Plugin at you Noosfero: + +cd +./script/noosfero-plugins enable ldap + +Active Plugin +------------- + +As a Noosfero administrator user, go to administrator panel: + +- Click on "Enable/disable plugins" option +- Click on "LDAP Plugin" check-box + + +DEVELOPMENT +=========== + +Get the LDAP (Noosfero with LDAP Plugin) development repository: + +$ git clone https://gitorious.org/+noosfero/noosfero/ldap + +Running Mezuro tests +-------------------- + +Configure the ldap server creating the file 'plugins/ldap/fixtures/ldap.yml'. +A sample file is offered in 'plugins/ldap/fixtures/ldap.yml.dist' + +$ rake test:noosfero_plugins:ldap + + +Get Involved +============ + +If you found any bug and/or want to collaborate, please send an e-mail to leandronunes@gmail.com + +LICENSE +======= + +Copyright (c) The Author developers. + +See Noosfero license. + + +AUTHORS +======= + + Leandro Nunes dos Santos (leandronunes at gmail.com) + +ACKNOWLEDGMENTS +=============== + +The author have been supported by Serpro diff --git a/plugins/ldap/controllers/ldap_plugin_admin_controller.rb b/plugins/ldap/controllers/ldap_plugin_admin_controller.rb new file mode 100644 index 0000000..4092132 --- /dev/null +++ b/plugins/ldap/controllers/ldap_plugin_admin_controller.rb @@ -0,0 +1,18 @@ +class LdapPluginAdminController < AdminController + + append_view_path File.join(File.dirname(__FILE__) + '/../views') + + def index + end + + def update + if @environment.update_attributes(params[:environment]) + session[:notice] = _('Ldap configuration updated successfully.') + else + session[:notice] = _('Ldap configuration could not be saved.') + end + render :action => 'index' + end + +end + diff --git a/plugins/ldap/fixtures/ldap.yml.dist b/plugins/ldap/fixtures/ldap.yml.dist new file mode 100644 index 0000000..720e80c --- /dev/null +++ b/plugins/ldap/fixtures/ldap.yml.dist @@ -0,0 +1,15 @@ +server: + host: "127.0.0.1" + port: 389 + account: "uid=ldap_user,,ou=person,dc=noosfero,dc=org" + account_password: "ldap_pass" + base_dn: "dc=noosfero,dc=org" + attr_login: "uid" + attr_fullname: "cn" + attr_mail: "mail" + onthefly_register: true + filter: "" + tls: false +user: + login: 'valid_ldap_login' + password: 'valid_ldap_password' diff --git a/plugins/ldap/lib/ext/environment.rb b/plugins/ldap/lib/ext/environment.rb new file mode 100644 index 0000000..7ebf778 --- /dev/null +++ b/plugins/ldap/lib/ext/environment.rb @@ -0,0 +1,114 @@ +require_dependency 'environment' + +class Environment + + settings_items :ldap_plugin, :type => :hash, :default => {} + + validates_presence_of :ldap_plugin_host, :if => lambda {|env| !env.ldap_plugin.blank? } + + def ldap_plugin_attributes + self.ldap_plugin || {} + end + + def ldap_plugin_host= host + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['host'] = host + end + + def ldap_plugin_host + self.ldap_plugin['host'] + end + + def ldap_plugin_port= port + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['port'] = port + end + + def ldap_plugin_port + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['port'] ||= 389 + self.ldap_plugin['port'] + end + + def ldap_plugin_account + self.ldap_plugin['account'] + end + + def ldap_plugin_account= account + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['account'] = account + end + + def ldap_plugin_account_password + self.ldap_plugin['account_password'] + end + + def ldap_plugin_account_password= password + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['account_password'] = password + end + + def ldap_plugin_base_dn + self.ldap_plugin['base_dn'] + end + + def ldap_plugin_base_dn= base_dn + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['base_dn'] = base_dn + end + + def ldap_plugin_attr_login + self.ldap_plugin['attr_login'] + end + + def ldap_plugin_attr_login= login + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['attr_login'] = login + end + + def ldap_plugin_attr_fullname + self.ldap_plugin['attr_fullname'] + end + + def ldap_plugin_attr_fullname= fullname + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['attr_fullname'] = fullname + end + + def ldap_plugin_attr_mail + self.ldap_plugin['attr_mail'] + end + + def ldap_plugin_attr_mail= mail + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['attr_mail'] = mail + end + + def ldap_plugin_onthefly_register + self.ldap_plugin['onthefly_register'].to_s == 'true' + end + + def ldap_plugin_onthefly_register= value + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['onthefly_register'] = (value.to_s == '1') ? true : false + end + + def ldap_plugin_filter + self.ldap_plugin['filter'] + end + + def ldap_plugin_filter= filter + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['filter'] = filter + end + + def ldap_plugin_tls + self.ldap_plugin['tls'] ||= false + end + + def ldap_plugin_tls= value + self.ldap_plugin = {} if self.ldap_plugin.blank? + self.ldap_plugin['tls'] = (value.to_s == '1') ? true : false + end + +end diff --git a/plugins/ldap/lib/ldap_authentication.rb b/plugins/ldap/lib/ldap_authentication.rb new file mode 100644 index 0000000..83b94c4 --- /dev/null +++ b/plugins/ldap/lib/ldap_authentication.rb @@ -0,0 +1,137 @@ +# Redmine - project management software +# Copyright (C) 2006-2011 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +require 'rubygems' +require 'iconv' +require 'net/ldap' +require 'net/ldap/dn' + +class LdapAuthentication + + attr_accessor :host, :port, :account, :account_password, :base_dn, :attr_login, :attr_fullname, :attr_mail, :onthefly_register, :filter, :tls + + def initialize(attrs = {}) + self.host = attrs['host'] + self.port = attrs['port'].blank? ? 389 : attrs['port'] + self.account = attrs['account'] + self.account_password = attrs['account_password'] + self.base_dn = attrs['base_dn'] + self.attr_login = attrs['attr_login'] + self.attr_fullname = attrs['attr_fullname'] + self.attr_mail = attrs['attr_mail'] + self.onthefly_register = attrs['onthefly_register'] + self.filter = attrs['filter'] + self.tls = attrs['tls'] + end + + def onthefly_register? + self.onthefly_register == true + end + + def authenticate(login, password) + return nil if login.blank? || password.blank? + attrs = get_user_dn(login, password) + + if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password) + return attrs.except(:dn) + end + end + + private + + def ldap_filter + if filter.present? + Net::LDAP::Filter.construct(filter) + end + rescue Net::LDAP::LdapError + nil + end + + def validate_filter + if filter.present? && ldap_filter.nil? + errors.add(:filter, :invalid) + end + end + + def initialize_ldap_con(ldap_user, ldap_password) + options = { :host => self.host, + :port => self.port, + :encryption => (self.tls ? :simple_tls : nil) + } + options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank? + Net::LDAP.new options + end + + def get_user_attributes_from_ldap_entry(entry) + { + :dn => entry.dn, + :fullname => LdapAuthentication.get_attr(entry, self.attr_fullname), + :mail => LdapAuthentication.get_attr(entry, self.attr_mail), + } + end + + # Return the attributes needed for the LDAP search. It will only + # include the user attributes if on-the-fly registration is enabled + def search_attributes + if onthefly_register? + ['dn', self.attr_fullname, self.attr_mail] + else + ['dn'] + end + end + + # Check if a DN (user record) authenticates with the password + def authenticate_dn(dn, password) + if dn.present? && password.present? + initialize_ldap_con(dn, password).bind + end + end + + # Get the user's dn and any attributes for them, given their login + def get_user_dn(login, password) + ldap_con = nil + if self.account && self.account.include?("$login") + ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password) + else + ldap_con = initialize_ldap_con(self.account, self.account_password) + end + login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) + object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) + attrs = {} + + search_filter = object_filter & login_filter + if f = ldap_filter + search_filter = search_filter & f + end + + ldap_con.search( :base => self.base_dn, :filter => search_filter, :attributes=> search_attributes) do |entry| + if onthefly_register? + attrs = get_user_attributes_from_ldap_entry(entry) + else + attrs = {:dn => entry.dn} + end + end + + attrs + end + + def self.get_attr(entry, attr_name) + if !attr_name.blank? + entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name] + end + end +end diff --git a/plugins/ldap/lib/ldap_plugin.rb b/plugins/ldap/lib/ldap_plugin.rb new file mode 100644 index 0000000..23e2f8a --- /dev/null +++ b/plugins/ldap/lib/ldap_plugin.rb @@ -0,0 +1,80 @@ +require_dependency File.dirname(__FILE__) + '/ext/environment' +require File.dirname(__FILE__) + '/ldap_authentication.rb' + + +class LdapPlugin < Noosfero::Plugin + + def self.plugin_name + "LdapPlugin" + end + + def self.plugin_description + _("A plugin that add ldap support.") + end + + def allow_user_registration + false + end + + def allow_password_recovery + false + end + + def alternative_authentication + login = context.params[:user][:login] + password = context.params[:user][:password] + ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes) + + user = User.find_or_initialize_by_login(login) + + if user.new_record? + # user is not yet registered, try to authenticate + begin + attrs = ldap.authenticate(login, password) + rescue Net::LDAP::LdapError => e + puts "LDAP is not configured correctly" + end + + if attrs + user.login = login + user.email = attrs[:mail] + user.name = attrs[:fullname] + user.password = password + user.password_confirmation = password + user.person_data = context.params[:profile_data] + user.activated_at = Time.now.utc + user.activation_code = nil + + ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes) + begin + user = nil unless user.save + rescue + #User not saved + end + end + else + + return nil if !user.activated? + + begin + # user si defined as nil if ldap authentication failed + user = nil if ldap.authenticate(login, password).nil? + rescue Net::LDAP::LdapError => e + puts "LDAP is not configured correctly" + end + end + + user + end + + def login_extra_contents + lambda do + @person = Person.new(:environment => @environment) + @profile_data = @person + labelled_fields_for :profile_data, @person do |f| + render :partial => 'profile_editor/person_form', :locals => {:f => f} + end + end + end + +end diff --git a/plugins/ldap/test/functional/account_controller_plugin_test.rb b/plugins/ldap/test/functional/account_controller_plugin_test.rb new file mode 100644 index 0000000..000178e --- /dev/null +++ b/plugins/ldap/test/functional/account_controller_plugin_test.rb @@ -0,0 +1,81 @@ +require File.dirname(__FILE__) + '/../test_helper' + +# Re-raise errors caught by the controller. +class AccountController; def rescue_action(e) raise e end; end + +class AccountControllerPluginTest < ActionController::TestCase + + def setup + @controller = AccountController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + + @environment = Environment.default + @environment.enabled_plugins = ['LdapPlugin'] + @ldap_config = load_ldap_config + @environment.ldap_plugin= @ldap_config['server'] unless @ldap_config.nil? + @environment.save! + end + + should 'not authenticate user if its not a local user or a ldap user' do + post :login, :user => {:login => 'someuser', :password => 'somepass'} + assert_nil session[:user] + end + + should 'authenticate user if its a local user but is not a ldap user' do + user = create_user('testuser', :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test') + user.activate + post :login, :user => {:login => 'testuser', :password => 'test'} + assert session[:user] + end + + should 'display required fields on user login' do + @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} + @environment.save + get :login + assert_tag(:input, :attributes => {:id => 'profile_data_contact_phone'}) + end + + if ldap_configured? + + should 'authenticate an existing noosfero user with ldap and loggin' do + user = create_user(@ldap_config['user']['login'], :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test') + user.activate + count = User.count + post :login, :user => @ldap_config['user'] + assert session[:user] + assert_equal count, User.count + end + + should 'login and create a new noosfero user if ldap authentication works properly' do + count = User.count + post :login, :user => @ldap_config['user'] + assert session[:user] + assert_equal count + 1, User.count + end + + should 'login on ldap if required fields are defined' do + count = User.count + @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} + @environment.save + post :login, :user => @ldap_config['user'], :profile_data => {:contact_phone => '11111111'} + assert session[:user] + end + + should 'not login on ldap if required fields are not defined' do + @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} + @environment.save + post :login, :user => @ldap_config['user'] + assert_nil session[:user] + end + + should 'authenticate user if its not a local user but is a ldap user' do + post :login, :user => @ldap_config['user'] + assert session[:user] + end + + else + puts LDAP_SERVER_ERROR_MESSAGE + end + +end diff --git a/plugins/ldap/test/functional/ldap_plugin_admin_controller_test.rb b/plugins/ldap/test/functional/ldap_plugin_admin_controller_test.rb new file mode 100644 index 0000000..2c7a8be --- /dev/null +++ b/plugins/ldap/test/functional/ldap_plugin_admin_controller_test.rb @@ -0,0 +1,204 @@ +require File.dirname(__FILE__) + '/../../../../test/test_helper' +require File.dirname(__FILE__) + '/../../controllers/ldap_plugin_admin_controller' + +# Re-raise errors caught by the controller. +class LdapPluginAdminController; def rescue_action(e) raise e end; end + +class LdapPluginAdminControllerTest < ActionController::TestCase + + def setup + @controller = LdapPluginAdminController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + + @environment = Environment.default + user_login = create_admin_user(@environment) + login_as(user_login) + @admin = User[user_login].person + @environment.enabled_plugins = ['LdapPlugin'] + @environment.ldap_plugin_host="http://somehost" + @environment.save! + end + + attr_accessor :admin + + should 'access index action' do + get :index + assert_template 'index' + assert_response :success + end + + should 'update ldap successfully display a message successfully' do + @environment.ldap_plugin_host = nil + @environment.save + assert_nil @environment.ldap_plugin_host + post :update, :environment => { :ldap_plugin_host => 'http://something' } + assert_equal 'Ldap configuration updated successfully.', @response.session[:notice] + end + + should 'wrong ldap update display a message unsuccessfully' do + @environment.ldap_plugin_host = nil + @environment.save + assert_nil @environment.ldap_plugin_host + post :update, :environment => { :ldap_plugin_host => '' } + assert_equal 'Ldap configuration could not be saved.', @response.session[:notice] + end + + should 'update ldap successfully render index template' do + post :update, :environment => { :ldap_plugin_host => 'http://something' } + + assert_template 'index' + end + + should 'update ldap unsuccessfully render index template' do + post :update, :environment => { :ldap_plugin_port => '3434' } + + assert_template 'index' + end + + should 'update ldap host' do + @environment.ldap_plugin_host = nil + @environment.save + assert_nil @environment.ldap_plugin_host + post :update, :environment => { :ldap_plugin_host => 'http://something' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_host + end + + should 'update ldap port' do + post :update, :environment => { :ldap_plugin_port => '245' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_port + end + + should 'update ldap account' do + assert_nil @environment.ldap_plugin_account + post :update, :environment => { :ldap_plugin_account => 'uid=sector,ou=Service,ou=corp,dc=company,dc=com,dc=br' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_account + end + + should 'update ldap acccount_password' do + assert_nil @environment.ldap_plugin_account_password + post :update, :environment => { :ldap_plugin_account_password => 'password' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_account_password + end + + should 'update ldap base_dn' do + assert_nil @environment.ldap_plugin_base_dn + post :update, :environment => { :ldap_plugin_base_dn => 'dc=company,dc=com,dc=br' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_base_dn + end + + should 'update ldap attr_login' do + assert_nil @environment.ldap_plugin_attr_login + post :update, :environment => { :ldap_plugin_attr_login => 'uid' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_attr_login + end + + should 'update ldap attr_mail' do + assert_nil @environment.ldap_plugin_attr_mail + post :update, :environment => { :ldap_plugin_attr_mail => 'test@noosfero.com' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_attr_mail + end + + should 'update ldap onthefly_register' do + post :update, :environment => { :ldap_plugin_onthefly_register => '1' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_onthefly_register + end + + should 'update ldap filter' do + assert_nil @environment.ldap_plugin_filter + post :update, :environment => { :ldap_plugin_filter => 'test' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_filter + end + + should 'update ldap tls' do + post :update, :environment => { :ldap_plugin_tls => '1' } + + @environment.reload + assert_not_nil @environment.ldap_plugin_tls + end + + should 'have a field to manage the host' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_host'} + end + + should 'have a field to manage the port' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_port'} + end + + should 'have a field to manage the account' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_account'} + end + + should 'have a field to manage the account_password' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_account_password'} + end + + should 'have a field to manage the base_dn' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_base_dn'} + end + + should 'have a field to manage the attr_login' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_attr_login'} + end + + should 'have a field to manage the attr_fullname' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_attr_fullname'} + end + + should 'have a field to manage the attr_mail' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_attr_mail'} + end + + should 'have a field to manage the onthefly_register' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_onthefly_register'} + end + + should 'have a field to manage the filter' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_filter'} + end + + should 'have a field to manage the tls' do + get :index + + assert_tag :tag => 'input', :attributes => {:id => 'environment_ldap_plugin_tls'} + end + +end diff --git a/plugins/ldap/test/test_helper.rb b/plugins/ldap/test/test_helper.rb new file mode 100644 index 0000000..e82ee99 --- /dev/null +++ b/plugins/ldap/test/test_helper.rb @@ -0,0 +1,23 @@ +require File.dirname(__FILE__) + '/../../../test/test_helper' + +def load_ldap_config + begin + YAML.load_file(File.dirname(__FILE__) + '/../fixtures/ldap.yml') + rescue Errno::ENOENT => e + # There is no config file + return nil + end +end + +def ldap_configured? + ldap_config = load_ldap_config + begin + test_ldap = Net::LDAP.new(:host => ldap_config['server']['host'], :port => ldap_config['server']['port']) + return test_ldap.bind + rescue Exception => e + #LDAP is not listening + return nil + end +end + +LDAP_SERVER_ERROR_MESSAGE = "\n\nWARNING: LDAP test server is not configured properly. Please see the file fixtures/ldap.yml on ldap plugin\n\n" diff --git a/plugins/ldap/test/unit/ext/environment_test.rb b/plugins/ldap/test/unit/ext/environment_test.rb new file mode 100644 index 0000000..79bd713 --- /dev/null +++ b/plugins/ldap/test/unit/ext/environment_test.rb @@ -0,0 +1,186 @@ +require File.dirname(__FILE__) + '/../../../../../test/test_helper' + +class EnvironmentTest < ActiveSupport::TestCase + + def setup + @enviroment = Environment.default + end + + should 'have ldap_plugin variable defined' do + assert_equal Hash, @enviroment.ldap_plugin.class + end + + should 'return an empty hash by default on ldap_plugin_attributes method' do + assert_equal Hash.new, @enviroment.ldap_plugin_attributes + end + + should 'ldap_plugin_host= define the ldap host' do + host = "http://something" + @enviroment.ldap_plugin_host= host + assert_equal host, @enviroment.ldap_plugin['host'] + end + + should 'ldap_plugin_host return the defined ldap host' do + host = "http://something" + @enviroment.ldap_plugin_host= host + assert_equal host, @enviroment.ldap_plugin_host + end + + should 'ldap_plugin_port= define the ldap port' do + value = 255 + @enviroment.ldap_plugin_port= value + assert_equal value, @enviroment.ldap_plugin['port'] + end + + should 'ldap_plugin_port return the defined ldap port' do + value = 255 + @enviroment.ldap_plugin_port= value + assert_equal value, @enviroment.ldap_plugin_port + end + + should 'default ldap_plugin_port be 389' do + assert_equal 389, @enviroment.ldap_plugin_port + end + + should 'ldap_plugin_account= define the ldap acccount' do + value = 'uid=sector,ou=Service,ou=corp,dc=company,dc=com,dc=br' + @enviroment.ldap_plugin_account= value + assert_equal value, @enviroment.ldap_plugin['account'] + end + + should 'ldap_plugin_account return the defined ldap account' do + value = 'uid=sector,ou=Service,ou=corp,dc=company,dc=com,dc=br' + @enviroment.ldap_plugin_account= value + assert_equal value, @enviroment.ldap_plugin_account + end + + should 'ldap_plugin_account_password= define the ldap acccount_password' do + value = 'password' + @enviroment.ldap_plugin_account_password= value + assert_equal value, @enviroment.ldap_plugin['account_password'] + end + + should 'ldap_plugin_account_password return the defined ldap account password' do + value = 'password' + @enviroment.ldap_plugin_account_password= value + assert_equal value, @enviroment.ldap_plugin_account_password + end + + should 'ldap_plugin_base_dn= define the ldap base_dn' do + value = 'dc=company,dc=com,dc=br' + @enviroment.ldap_plugin_base_dn= value + assert_equal value, @enviroment.ldap_plugin['base_dn'] + end + + should 'ldap_plugin_base_dn return the defined ldap base_dn' do + value = 'dc=company,dc=com,dc=br' + @enviroment.ldap_plugin_base_dn= value + assert_equal value, @enviroment.ldap_plugin_base_dn + end + + should 'ldap_plugin_attr_login= define the ldap attr_login' do + value = 'uid' + @enviroment.ldap_plugin_attr_login= value + assert_equal value, @enviroment.ldap_plugin['attr_login'] + end + + should 'ldap_plugin_attr_login return the defined ldap attr_login' do + value = 'uid' + @enviroment.ldap_plugin_attr_login= value + assert_equal value, @enviroment.ldap_plugin_attr_login + end + + should 'ldap_plugin_attr_fullname= define the ldap attr_fullname' do + value = 'Noosfero System' + @enviroment.ldap_plugin_attr_fullname= value + assert_equal value, @enviroment.ldap_plugin['attr_fullname'] + end + + should 'ldap_plugin_attr_fullname return the defined ldap attr_fullname' do + value = 'uid' + @enviroment.ldap_plugin_attr_fullname= value + assert_equal value, @enviroment.ldap_plugin_attr_fullname + end + + + should 'ldap_plugin_attr_mail= define the ldap attr_mail' do + value = 'test@noosfero.com' + @enviroment.ldap_plugin_attr_mail= value + assert_equal value, @enviroment.ldap_plugin['attr_mail'] + end + + should 'ldap_plugin_attr_mail return the defined ldap attr_mail' do + value = 'test@noosfero.com' + @enviroment.ldap_plugin_attr_mail= value + assert_equal value, @enviroment.ldap_plugin_attr_mail + end + + should 'ldap_plugin_onthefly_register= define the ldap onthefly_register' do + value = '1' + @enviroment.ldap_plugin_onthefly_register= value + assert @enviroment.ldap_plugin['onthefly_register'] + end + + should 'ldap_plugin_onthefly_register return true if ldap onthefly_register variable is defined as true' do + value = '1' + @enviroment.ldap_plugin_onthefly_register= value + assert @enviroment.ldap_plugin_onthefly_register + end + + should 'ldap_plugin_onthefly_register return false if ldap onthefly_register variable is defined as false' do + value = '0' + @enviroment.ldap_plugin_onthefly_register= value + assert !@enviroment.ldap_plugin_onthefly_register + end + + should 'ldap_plugin_filter= define the ldap filter' do + value = 'test' + @enviroment.ldap_plugin_filter= value + assert_equal value, @enviroment.ldap_plugin['filter'] + end + + should 'ldap_plugin_filter return the defined ldap filter' do + value = 'test' + @enviroment.ldap_plugin_filter= value + assert_equal value, @enviroment.ldap_plugin_filter + end + + should 'ldap_plugin_tls= define the ldap tls' do + value = '1' + @enviroment.ldap_plugin_tls= value + assert @enviroment.ldap_plugin['tls'] + end + + should 'tls return true if ldap tls variable is defined as true' do + value = '1' + @enviroment.ldap_plugin_tls= value + assert @enviroment.ldap_plugin_tls + end + + should 'tls return false if ldap tls variable is defined as false' do + value = '0' + @enviroment.ldap_plugin_tls= value + assert !@enviroment.ldap_plugin_tls + end + + should 'validates presence of host' do + @enviroment.ldap_plugin= {:port => 3000} + @enviroment.valid? + + assert @enviroment.errors.invalid?(:ldap_plugin_host) + + @enviroment.ldap_plugin_host= "http://somehost.com" + @enviroment.valid? + assert !@enviroment.errors.invalid?(:ldap_plugin_host) + end + + should 'validates presence of host only if some ldap configuration is defined' do + @enviroment.valid? + assert !@enviroment.errors.invalid?(:ldap_plugin_host) + + @enviroment.ldap_plugin= {:port => 3000} + @enviroment.valid? + assert @enviroment.errors.invalid?(:ldap_plugin_host) + end + +end diff --git a/plugins/ldap/test/unit/ldap_authentication_test.rb b/plugins/ldap/test/unit/ldap_authentication_test.rb new file mode 100644 index 0000000..41d575f --- /dev/null +++ b/plugins/ldap/test/unit/ldap_authentication_test.rb @@ -0,0 +1,180 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class LdapAuthenticationTest < ActiveSupport::TestCase + + def setup + @ldap_config = load_ldap_config + end + + should "host be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.host + end + + should "create with host passed as parameter" do + value = 'http://myhost.com' + ldap = LdapAuthentication.new('host' => value) + assert_equal value, ldap.host + end + + should "port be 389 as default" do + ldap = LdapAuthentication.new + assert_equal 389, ldap.port + end + + should "create with port passed as parameter" do + value = 555 + ldap = LdapAuthentication.new('port' => value) + assert_equal value, ldap.port + end + + should "account be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.account + end + + should "create with account passed as parameter" do + value = 'uid=sector,ou=Service,ou=corp,dc=company,dc=com,dc=br' + ldap = LdapAuthentication.new('account' => value) + assert_equal value, ldap.account + end + + should "account_password be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.account_password + end + + should "create with account_password passed as parameter" do + value = 'password' + ldap = LdapAuthentication.new('account_password' => value) + assert_equal value, ldap.account_password + end + + should "base_dn be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.base_dn + end + + should "create with base_dn passed as parameter" do + value = 'dc=company,dc=com,dc=br' + ldap = LdapAuthentication.new('base_dn' => value) + assert_equal value, ldap.base_dn + end + + should "attr_login be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.attr_login + end + + should "create with attr_login passed as parameter" do + value = 'uid' + ldap = LdapAuthentication.new('attr_login' => value) + assert_equal value, ldap.attr_login + end + + should "attr_fullname be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.attr_fullname + end + + should "create with attr_fullname passed as parameter" do + value = 'Noosfero System' + ldap = LdapAuthentication.new('attr_fullname' => value) + assert_equal value, ldap.attr_fullname + end + + should "attr_mail be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.attr_mail + end + + should "create with attr_mail passed as parameter" do + value = 'test@noosfero.com' + ldap = LdapAuthentication.new('attr_mail' => value) + assert_equal value, ldap.attr_mail + end + + should "onthefly_register be false as default" do + ldap = LdapAuthentication.new + assert !ldap.onthefly_register + end + + should "create with onthefly_register passed as parameter" do + value = true + ldap = LdapAuthentication.new('onthefly_register' => value) + assert_equal value, ldap.onthefly_register + end + + should "filter be nil as default" do + ldap = LdapAuthentication.new + assert_nil ldap.filter + end + + should "create with filter passed as parameter" do + value = 'test' + ldap = LdapAuthentication.new('filter' => value) + assert_equal value, ldap.filter + end + + should "tls be false as default" do + ldap = LdapAuthentication.new + assert !ldap.tls + end + + should "create with tls passed as parameter" do + value = true + ldap = LdapAuthentication.new('tls' => value) + assert_equal value, ldap.tls + end + + should "onthefly_register? return true if onthefly_register is true" do + ldap = LdapAuthentication.new('onthefly_register' => true) + assert ldap.onthefly_register? + end + + should "onthefly_register? return false if onthefly_register is false" do + ldap = LdapAuthentication.new('onthefly_register' => false) + assert !ldap.onthefly_register? + end + + if ldap_configured? + should 'return the user attributes' do + auth = LdapAuthentication.new(@ldap_config['server']) + attributes = auth.authenticate(@ldap_config['user']['login'],@ldap_config['user']['password']) + assert attributes.is_a?(Hash), "An hash was not returned" + assert_not_nil attributes[:fullname] + assert_not_nil attributes[:mail] + end + + should 'return nil with a invalid ldap user' do + auth = LdapAuthentication.new(@ldap_config['server']) + assert_equal nil, auth.authenticate('nouser','123456') + end + + should 'return nil without a login' do + auth = LdapAuthentication.new(@ldap_config['server']) + assert_equal nil, auth.authenticate('', @ldap_config['user']['password']) + end + + should 'return nil without a password' do + auth = LdapAuthentication.new(@ldap_config['server']) + assert_equal nil, auth.authenticate(@ldap_config['user']['login'],'') + end + + should 'return any user without filter' do + auth = LdapAuthentication.new(@ldap_config['server']) + assert auth.authenticate(@ldap_config['user']['login'], @ldap_config['user']['password']) + end + + should 'not return a valid ldap user if a filter is defined' do + auth = LdapAuthentication.new(@ldap_config['server']) + auth.filter = '(mail=*@test.org)' + assert_nil auth.authenticate(@ldap_config['user']['login'], @ldap_config['user']['password']) + end + + else + puts LDAP_SERVER_ERROR_MESSAGE + end + + +end diff --git a/plugins/ldap/test/unit/ldap_plugin_test.rb b/plugins/ldap/test/unit/ldap_plugin_test.rb new file mode 100644 index 0000000..e4d0ff7 --- /dev/null +++ b/plugins/ldap/test/unit/ldap_plugin_test.rb @@ -0,0 +1,15 @@ +require File.dirname(__FILE__) + '/../../../../test/test_helper' + +class LdapPluginTest < ActiveSupport::TestCase + + should "not allow user registration" do + plugin = LdapPlugin.new + assert !plugin.allow_user_registration + end + + should "not allow password recovery" do + plugin = LdapPlugin.new + assert !plugin.allow_password_recovery + end + +end diff --git a/plugins/ldap/views/ldap_plugin_admin/index.html.erb b/plugins/ldap/views/ldap_plugin_admin/index.html.erb new file mode 100644 index 0000000..5256e21 --- /dev/null +++ b/plugins/ldap/views/ldap_plugin_admin/index.html.erb @@ -0,0 +1,69 @@ +

<%= _("Ldap Management") %>

+ +<% labelled_form_for(:environment, @environment, :url => {:action => 'update'}) do |f| %> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
<%= _('Configuration') %><%= _('Value') %>
<%= _('Host') %><%= text_field :environment, :ldap_plugin_host %>
<%= _('Port') %><%= text_field :environment, :ldap_plugin_port %>
<%= _('Account') %><%= text_field :environment, :ldap_plugin_account %>
<%= _('Account Password') %><%= password_field :environment, :ldap_plugin_account_password %>
<%= _('Base DN') %><%= text_field :environment, :ldap_plugin_base_dn %>
<%= _('LDAP Filter') %><%= text_field :environment, :ldap_plugin_filter %>
<%= _('On the fly creation') %><%= check_box :environment, :ldap_plugin_onthefly_register, {}, '1', '0' %>
<%= _('LDAPS') %><%= check_box :environment, :ldap_plugin_tls, {}, '1', '0' %>
+ + + + + + + + + + + + + + + + + +
<%= _('Attributes') %>
<%= _('Login') %><%= text_field :environment, :ldap_plugin_attr_login %>
<%= _('Fullname') %><%= text_field :environment, :ldap_plugin_attr_fullname %>
<%= _('Mail') %><%= text_field :environment, :ldap_plugin_attr_mail %>
+ +
+ <% button_bar do %> + <%= submit_button('save', _('Save changes')) %> + <%= button :back, _('Back to plugins administration panel'), :controller => 'plugins' %> + <% end %> +
+ +<% end %> -- libgit2 0.21.2