Revision 8ffa0b9a
Added by Jan Pazdziora over 10 years ago
app/models/user.rb | ||
---|---|---|
end
|
||
end
|
||
|
||
def self.find_or_create_external_user(login, auth_source_name)
|
||
if (user = unscoped.find_by_login(login))
|
||
user.post_successful_login
|
||
def self.find_or_create_external_user(attrs, auth_source_name)
|
||
if (user = unscoped.find_by_login(attrs[:login]))
|
||
return true
|
||
elsif auth_source_name.nil?
|
||
return false
|
||
... | ... | |
User.as :admin do
|
||
options = { :name => auth_source_name }
|
||
auth_source = AuthSource.where(options).first || AuthSourceExternal.create!(options)
|
||
user = User.create!(:login => login, :auth_source => auth_source)
|
||
user = User.create!(attrs.merge(:auth_source => auth_source))
|
||
user.post_successful_login
|
||
end
|
||
return true
|
app/services/sso/apache.rb | ||
---|---|---|
require 'iconv' if RUBY_VERSION.start_with?('1.8.')
|
||
|
||
module SSO
|
||
class Apache < Base
|
||
delegate :session, :to => :controller
|
||
|
||
CAS_USERNAME = 'REMOTE_USER'
|
||
ENV_TO_ATTR_MAPPING = {
|
||
'REMOTE_USER_EMAIL' => :mail,
|
||
'REMOTE_USER_FIRSTNAME' => :firstname,
|
||
'REMOTE_USER_LASTNAME' => :lastname,
|
||
}
|
||
|
||
def available?
|
||
return false unless Setting['authorize_login_delegation']
|
||
return false if controller.api_request? and not Setting['authorize_login_delegation_api']
|
||
... | ... | |
# authenticate the user without using password.
|
||
def authenticated?
|
||
return false unless (self.user = request.env[CAS_USERNAME])
|
||
return false unless User.find_or_create_external_user(self.user, Setting['authorize_login_delegation_auth_source_user_autocreate'])
|
||
attrs = { :login => self.user }.merge(additional_attributes)
|
||
return false unless User.find_or_create_external_user(attrs, Setting['authorize_login_delegation_auth_source_user_autocreate'])
|
||
store
|
||
true
|
||
end
|
||
... | ... | |
|
||
private
|
||
|
||
def additional_attributes
|
||
attrs = {}
|
||
ENV_TO_ATTR_MAPPING.each do |header, attribute|
|
||
if request.env.has_key?(header)
|
||
attrs[attribute] = convert_encoding(request.env[header].dup)
|
||
end
|
||
end
|
||
attrs
|
||
end
|
||
|
||
def convert_encoding(value)
|
||
if value.respond_to?(:force_encoding)
|
||
value.force_encoding(Encoding::UTF_8)
|
||
if not value.valid_encoding?
|
||
value.encode(Encoding::UTF_8, Encoding::ISO_8859_1, { :invalid => :replace, :replace => '-' }).force_encoding(Encoding::UTF_8)
|
||
end
|
||
else
|
||
Iconv.new('UTF-8//IGNORE', 'UTF-8').iconv(value) rescue value
|
||
end
|
||
value
|
||
end
|
||
|
||
def store
|
||
session[:sso_method] = self.class.to_s
|
||
end
|
test/unit/sso/apache_test.rb | ||
---|---|---|
# encoding: UTF-8
|
||
require 'test_helper'
|
||
|
||
class ApacheTest < ActiveSupport::TestCase
|
||
... | ... | |
def test_authenticated?
|
||
Setting['authorize_login_delegation_auth_source_user_autocreate'] = 'apache'
|
||
apache = get_apache_method
|
||
apache.controller.request.env[SSO::Apache::CAS_USERNAME] = nil
|
||
|
||
apache.controller.request.env[SSO::Apache::CAS_USERNAME] = nil
|
||
assert !apache.authenticated?
|
||
|
||
apache.controller.request.env[SSO::Apache::CAS_USERNAME] = 'ares'
|
||
assert apache.authenticated?
|
||
end
|
||
|
||
def test_authenticated_passes_attributes
|
||
Setting['authorize_login_delegation_auth_source_user_autocreate'] = 'apache'
|
||
apache = get_apache_method
|
||
|
||
apache.controller.request.env[SSO::Apache::CAS_USERNAME] = 'ares'
|
||
apache.controller.request.env['REMOTE_USER_EMAIL'] = 'foobar@example.com'
|
||
apache.controller.request.env['REMOTE_USER_FIRSTNAME'] = 'Foo'
|
||
apache.controller.request.env['REMOTE_USER_LASTNAME'] = 'Bar'
|
||
User.expects(:find_or_create_external_user).
|
||
with({:login => 'ares', :mail => 'foobar@example.com', :firstname => 'Foo', :lastname => 'Bar'}, 'apache').
|
||
returns(true)
|
||
assert apache.authenticated?
|
||
end
|
||
|
||
def test_convert_encoding
|
||
apache = get_apache_method
|
||
assert apache.send(:convert_encoding, 'fó✗@e✗amp✓e.com')
|
||
end
|
||
|
||
def test_authenticate!
|
||
apache = get_apache_method
|
||
controller = apache.controller
|
test/unit/user_test.rb | ||
---|---|---|
test ".find_or_create_external_user" do
|
||
count = User.count
|
||
# existing user
|
||
assert User.find_or_create_external_user(users(:one).login, nil)
|
||
assert User.find_or_create_external_user({:login => users(:one).login}, nil)
|
||
assert_equal count, User.count
|
||
|
||
# not existing user without auth source specified
|
||
assert !User.find_or_create_external_user('not_existing_user', nil)
|
||
assert !User.find_or_create_external_user({:login => 'not_existing_user'}, nil)
|
||
assert_equal count, User.count
|
||
|
||
# not existing user with existing AuthSource
|
||
apache_source = AuthSourceExternal.find_or_create_by_name('apache_module')
|
||
source_count = AuthSource.count
|
||
assert User.find_or_create_external_user('not_existing_user', apache_source.name)
|
||
assert User.find_or_create_external_user({:login => 'not_existing_user'}, apache_source.name)
|
||
assert_equal count + 1, User.count
|
||
assert_equal source_count, AuthSource.count
|
||
user = User.find_by_login('not_existing_user')
|
||
assert_equal apache_source.name, user.auth_source.name
|
||
|
||
count = User.count
|
||
assert User.find_or_create_external_user('not_existing_user_2', 'new_external_source')
|
||
assert User.find_or_create_external_user({:login => 'not_existing_user_2'}, 'new_external_source')
|
||
assert_equal count + 1, User.count
|
||
assert_equal source_count + 1, AuthSource.count
|
||
user = User.find_by_login('not_existing_user_2')
|
||
new_source = AuthSourceExternal.find_by_name('new_external_source')
|
||
assert_equal new_source.name, user.auth_source.name
|
||
|
||
# with other attributes which gets saved as well
|
||
apache_source = AuthSourceExternal.find_or_create_by_name('apache_module')
|
||
assert User.find_or_create_external_user({:login => 'not_existing_user_3',
|
||
:mail => 'foobar@example.com',
|
||
:firstname => 'Foo',
|
||
:lastname => 'Bar'},
|
||
apache_source.name)
|
||
user = User.find_by_login('not_existing_user_3')
|
||
assert_equal 'foobar@example.com', user.mail
|
||
assert_equal 'Foo', user.firstname
|
||
assert_equal 'Bar', user.lastname
|
||
end
|
||
|
||
|
Also available in: Unified diff
fixes #3528 - Populate first name, last name, and email, if available.