Commit a5850d4b authored by jplang's avatar jplang

Fixed that LDAP does not check the user and password when are defined in the...

Fixed that LDAP does not check the user and password when are defined in the method of authentication (#21674).

Patch by Helder Manuel Torres Vieira.

git-svn-id: https://svn.redmine.org/redmine/trunk@15086 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent ccdb939a
......@@ -56,11 +56,16 @@ class AuthSourceLdap < AuthSource
raise AuthSourceException.new(e.message)
end
# test the connection to the LDAP
# Test the connection to the LDAP
def test_connection
with_timeout do
ldap_con = initialize_ldap_con(self.account, self.account_password)
ldap_con.open { }
if self.account.present? && self.account_password.present?
ldap_auth = authenticate_dn(self.account, self.account_password)
raise AuthSourceException.new(l(:error_ldap_bind_credentials)) if !ldap_auth
end
end
rescue *NETWORK_EXCEPTIONS => e
raise AuthSourceException.new(e.message)
......
......@@ -1182,3 +1182,4 @@ ar:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1277,3 +1277,4 @@ az:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1173,3 +1173,4 @@ bg:
description_date_from: Въведете начална дата
description_date_to: Въведете крайна дата
text_repository_identifier_info: 'Позволени са малки букви (a-z), цифри, тирета и _.<br />Промяна след създаването му не е възможна.'
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1195,3 +1195,4 @@ bs:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -195,6 +195,7 @@ ca:
error_unable_delete_issue_status: "No s'ha pogut suprimir l'estat de l'assumpte"
error_unable_to_connect: "No s'ha pogut connectar (%{value})"
warning_attachments_not_saved: "No s'han pogut desar %{count} fitxers."
error_ldap_bind_credentials: "Compte/Contrasenya LDAP incorrecte"
mail_subject_lost_password: "Contrasenya de %{value}"
mail_body_lost_password: "Per a canviar la contrasenya, feu clic en l'enllaç següent:"
......
......@@ -1183,3 +1183,4 @@ cs:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1199,3 +1199,4 @@ da:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1191,3 +1191,4 @@ de:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Standardwerte für neue Benutzer
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1182,3 +1182,4 @@ el:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1184,3 +1184,4 @@ en-GB:
setting_attachment_extensions_allowed: Allowed extensions
setting_attachment_extensions_denied: Disallowed extensions
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -212,6 +212,7 @@ en:
error_invalid_csv_file_or_settings: "The file is not a CSV file or does not match the settings below"
error_can_not_read_import_file: "An error occurred while reading the file to import"
error_attachment_extension_not_allowed: "Attachment extension %{extension} is not allowed"
error_ldap_bind_credentials: "Invalid LDAP Account/Password"
mail_subject_lost_password: "Your %{value} password"
mail_body_lost_password: 'To change your password, click on the following link:'
......
......@@ -255,6 +255,7 @@ es-PA:
error_scm_annotate_big_text_file: "La entrada no puede anotarse, al superar el tamaño máximo para archivos de texto."
error_scm_command_failed: "Se produjo un error al acceder al repositorio: %{value}"
error_scm_not_found: "La entrada y/o la revisión no existe en el repositorio."
error_ldap_bind_credentials: "Cuenta/Contraseña LDAP incorrecta"
field_account: Cuenta
field_activity: Actividad
field_admin: Administrador
......@@ -932,7 +933,7 @@ es-PA:
label_subtask_plural: Subtareas
label_project_copy_notifications: Enviar notificaciones por correo electrónico durante la copia del proyecto
error_can_not_delete_custom_field: Fue imposible eliminar el campo personalizado
error_unable_to_connect: Fue imposible conectar con (%{value})
error_unable_to_connect: Fue imposible conectarse (%{value})
error_can_not_remove_role: Este rol está en uso y no puede ser eliminado.
error_can_not_delete_tracker: Este tipo contiene incidencias y no puede ser eliminado.
field_principal: Principal
......
......@@ -253,6 +253,7 @@ es:
error_scm_annotate_big_text_file: "La entrada no puede anotarse, al superar el tamaño máximo para ficheros de texto."
error_scm_command_failed: "Se produjo un error al acceder al repositorio: %{value}"
error_scm_not_found: "La entrada y/o la revisión no existe en el repositorio."
error_ldap_bind_credentials: Cuenta/Contraseña LDAP incorrecta
field_account: Cuenta
field_activity: Actividad
field_admin: Administrador
......@@ -930,7 +931,7 @@ es:
label_subtask_plural: Subtareas
label_project_copy_notifications: Enviar notificaciones por correo electrónico durante la copia del proyecto
error_can_not_delete_custom_field: Fue imposible eliminar el campo personalizado
error_unable_to_connect: Fue imposible conectar con (%{value})
error_unable_to_connect: Fue imposible conectarse (%{value})
error_can_not_remove_role: Este rol está en uso y no puede ser eliminado.
error_can_not_delete_tracker: Este tipo contiene peticiones y no puede ser eliminado.
field_principal: Principal
......
......@@ -1186,3 +1186,4 @@ et:
label_any_open_issues: "Kõik avatud teemad"
label_no_open_issues: "Mitte ühtki avatud teemat"
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1183,3 +1183,4 @@ eu:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1183,3 +1183,4 @@ fa:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1203,3 +1203,4 @@ fi:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -232,6 +232,7 @@ fr:
error_invalid_csv_file_or_settings: "Le fichier n'est pas un fichier CSV ou n'est pas conforme aux paramètres sélectionnés"
error_can_not_read_import_file: "Une erreur est survenue lors de la lecture du fichier à importer"
error_attachment_extension_not_allowed: "L'extension %{extension} n'est pas autorisée"
error_ldap_bind_credentials: "Identifiant ou mot de passe LDAP incorrect"
mail_subject_lost_password: "Votre mot de passe %{value}"
mail_body_lost_password: 'Pour changer votre mot de passe, cliquez sur le lien suivant :'
......
......@@ -1190,3 +1190,4 @@ gl:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1187,3 +1187,4 @@ he:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1181,3 +1181,4 @@ hr:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1201,3 +1201,4 @@
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1186,3 +1186,4 @@ id:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1177,3 +1177,4 @@ it:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1195,3 +1195,4 @@ ja:
label_any_open_issues: 未完了のチケット
label_no_open_issues: なし または完了したチケット
label_default_values_for_new_users: 新しいユーザーのデフォルト設定
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1226,3 +1226,4 @@ ko:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1241,3 +1241,4 @@ lt:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1176,3 +1176,4 @@ lv:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1182,3 +1182,4 @@ mk:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1183,3 +1183,4 @@ mn:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1161,3 +1161,4 @@ nl:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1172,3 +1172,4 @@
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1197,3 +1197,4 @@ pl:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -196,6 +196,7 @@ pt-BR:
error_issue_not_found_in_project: 'A tarefa não foi encontrada ou não pertence a este projeto'
error_no_tracker_in_project: 'Não um tipo de tarefa associado a este projeto. Favor verificar as configurações do projeto.'
error_no_default_issue_status: 'A situação padrão para tarefa não está definida. Favor verificar sua configuração (Vá em "Administração -> Situação da tarefa").'
error_ldap_bind_credentials: "Conta/Palavra-chave do LDAP não é válida"
mail_subject_lost_password: "Sua senha do %{value}."
mail_body_lost_password: 'Para mudar sua senha, clique no link abaixo:'
......
......@@ -184,6 +184,7 @@ pt:
error_scm_command_failed: "Ocorreu um erro ao tentar aceder ao repositório: %{value}"
error_scm_annotate: "A entrada não existe ou não pode ser anotada."
error_issue_not_found_in_project: 'A tarefa não foi encontrada ou não pertence a este projeto.'
error_ldap_bind_credentials: "Conta/Palavra-chave do LDAP não é válida"
mail_subject_lost_password: "Palavra-chave de %{value}"
mail_body_lost_password: 'Para mudar a sua palavra-chave, clique na ligação abaixo:'
......
......@@ -1177,3 +1177,4 @@ ro:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1283,3 +1283,4 @@ ru:
label_any_open_issues: любые открытые задачи
label_no_open_issues: нет открытых задач
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1172,3 +1172,4 @@ sk:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1182,3 +1182,4 @@ sl:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1178,3 +1178,4 @@ sq:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1184,3 +1184,4 @@ sr-YU:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1183,3 +1183,4 @@ sr:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1215,3 +1215,4 @@ sv:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1179,3 +1179,4 @@ th:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1189,3 +1189,4 @@ tr:
label_any_open_issues: herhangi bir açık iş
label_no_open_issues: hiçbir açık iş
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1177,3 +1177,4 @@ uk:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1235,3 +1235,4 @@ vi:
label_any_open_issues: any open issues
label_no_open_issues: no open issues
label_default_values_for_new_users: Default values for new users
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1256,3 +1256,4 @@
description_date_from: 輸入起始日期
description_date_to: 輸入結束日期
text_repository_identifier_info: '僅允許使用小寫英文字母 (a-z), 阿拉伯數字, 虛線與底線。<br />一旦儲存之後, 代碼便無法再次被更改。'
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -1177,3 +1177,4 @@ zh:
label_any_open_issues: 任意进行中的问题
label_no_open_issues: 任意已关闭的问题
label_default_values_for_new_users: 新用户默认值
error_ldap_bind_credentials: Invalid LDAP Account/Password
......@@ -24,6 +24,26 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
def setup
end
def test_initialize
auth_source = AuthSourceLdap.new
assert_nil auth_source.id
assert_equal "AuthSourceLdap", auth_source.type
assert_equal "", auth_source.name
assert_nil auth_source.host
assert_nil auth_source.port
assert_nil auth_source.account
assert_equal "", auth_source.account_password
assert_nil auth_source.base_dn
assert_nil auth_source.attr_login
assert_nil auth_source.attr_firstname
assert_nil auth_source.attr_lastname
assert_nil auth_source.attr_mail
assert_equal false, auth_source.onthefly_register
assert_equal false, auth_source.tls
assert_nil auth_source.filter
assert_nil auth_source.timeout
end
def test_create
a = AuthSourceLdap.new(:name => 'My LDAP', :host => 'ldap.example.net', :port => 389, :base_dn => 'dc=example,dc=net', :attr_login => 'sAMAccountName')
assert a.save
......@@ -135,6 +155,103 @@ class AuthSourceLdapTest < ActiveSupport::TestCase
results = AuthSource.search("exa")
assert_equal [], results
end
def test_ldap_with_correct_host
auth_source = AuthSourceLdap.find(1)
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_nothing_raised Net::LDAP::Error do
auth_source.test_connection
end
end
def test_ldap_with_incorrect_host
auth_source = AuthSourceLdap.find(1)
auth_source.host = "badhost"
auth_source.save!
assert_equal "badhost", auth_source.host
assert_equal 389, auth_source.port
assert_raise Net::LDAP::Error do
auth_source.test_connection
end
end
def test_ldap_with_correct_port
auth_source = AuthSourceLdap.find(1)
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_nothing_raised Net::LDAP::Error do
auth_source.test_connection
end
end
def test_ldap_with_incorrect_port
auth_source = AuthSourceLdap.find(1)
auth_source.port = 1234
auth_source.save!
assert_equal "127.0.0.1", auth_source.host
assert_equal 1234, auth_source.port
assert_raise Net::LDAP::Error do
auth_source.test_connection
end
end
def test_ldap_bind_with_account_and_password
auth_source = AuthSourceLdap.find(1)
auth_source.account = "cn=Manager,dc=redmine,dc=org"
auth_source.account_password = "secret"
auth_source.save!
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_equal "cn=Manager,dc=redmine,dc=org", auth_source.account
assert_equal "secret", auth_source.account_password
assert_nil auth_source.test_connection
end
def test_ldap_bind_without_account_and_password
auth_source = AuthSourceLdap.find(1)
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_nil auth_source.account
assert_equal "", auth_source.account_password
assert_nil auth_source.test_connection
end
def test_ldap_bind_with_incorrect_account
auth_source = AuthSourceLdap.find(1)
auth_source.account = "cn=baduser,dc=redmine,dc=org"
auth_source.account_password = "secret"
auth_source.save!
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_equal "cn=baduser,dc=redmine,dc=org", auth_source.account
assert_equal "secret", auth_source.account_password
assert_raise AuthSourceException do
auth_source.test_connection
end
end
def test_ldap_bind_with_incorrect_password
auth_source = AuthSourceLdap.find(1)
auth_source.account = "cn=Manager,dc=redmine,dc=org"
auth_source.account_password = "badpassword"
auth_source.save!
assert_equal "127.0.0.1", auth_source.host
assert_equal 389, auth_source.port
assert_equal "cn=Manager,dc=redmine,dc=org", auth_source.account
assert_equal "badpassword", auth_source.account_password
assert_raise AuthSourceException do
auth_source.test_connection
end
end
else
puts '(Test LDAP server not configured)'
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment