Browse Source

:sparkles: Convert LDAP username (#12461)

* :sparkles: Convert LDAP username #12021

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* :bug: Fix conversion var use

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* :bug: Fix LDAP uid conversion test

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* :ok_hand: Remove comments with ref to PR

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* :ok_hand: Remove unnecessary paranthesis

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>

* :wrench: Move space in conversion string

Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
master^2^2
Mathieu Brunot 6 days ago
parent
commit
d70268f099
4 changed files with 25 additions and 2 deletions
  1. 3
    0
      .env.nanobox
  2. 3
    0
      .env.production.sample
  3. 10
    2
      app/models/concerns/ldap_authenticable.rb
  4. 9
    0
      config/initializers/devise.rb

+ 3
- 0
.env.nanobox View File

@@ -183,6 +183,9 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
# LDAP_BIND_DN=
# LDAP_PASSWORD=
# LDAP_UID=cn
# LDAP_UID_CONVERSION_ENABLED=true
# LDAP_UID_CONVERSION_SEARCH=., -
# LDAP_UID_CONVERSION_REPLACE=_

# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable

+ 3
- 0
.env.production.sample View File

@@ -179,6 +179,9 @@ STREAMING_CLUSTER_NUM=1
# LDAP_PASSWORD=
# LDAP_UID=cn
# LDAP_SEARCH_FILTER=%{uid}=%{email}
# LDAP_UID_CONVERSION_ENABLED=true
# LDAP_UID_CONVERSION_SEARCH=., -
# LDAP_UID_CONVERSION_REPLACE=_

# PAM authentication (optional)
# PAM authentication uses for the email generation the "email" pam variable

+ 10
- 2
app/models/concerns/ldap_authenticable.rb View File

@@ -14,10 +14,18 @@ module LdapAuthenticable
end

def ldap_get_user(attributes = {})
resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
safe_username = attributes[Devise.ldap_uid.to_sym].first
if Devise.ldap_uid_conversion_enabled
keys = Regexp.union(Devise.ldap_uid_conversion_search.chars)
replacement = Devise.ldap_uid_conversion_replace

safe_username = safe_username.gsub(keys, replacement)
end

resource = joins(:account).find_by(accounts: { username: safe_username })

if resource.blank?
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }, admin: false, external: true, confirmed_at: Time.now.utc)
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc)
resource.save!
end


+ 9
- 0
config/initializers/devise.rb View File

@@ -61,6 +61,12 @@ module Devise
@@ldap_tls_no_verify = false
mattr_accessor :ldap_search_filter
@@ldap_search_filter = nil
mattr_accessor :ldap_uid_conversion_enabled
@@ldap_uid_conversion_enabled = false
mattr_accessor :ldap_uid_conversion_search
@@ldap_uid_conversion_search = nil
mattr_accessor :ldap_uid_conversion_replace
@@ldap_uid_conversion_replace = nil

class Strategies::PamAuthenticatable
def valid?
@@ -365,5 +371,8 @@ Devise.setup do |config|
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
end
end

Loading…
Cancel
Save