Closes #3225 - LDAP: apply user filter during auth on bind.

2021-09-08 12:02:59 +02:00 · 2021-09-08 12:02:59 +02:00 · d4dfd750b7
commit d4dfd750b7
parent febed2e8a3
2 changed files with 38 additions and 21 deletions
--- a/lib/ldap/user.rb
+++ b/lib/ldap/user.rb
@ -95,7 +95,7 @@ class Ldap
    def valid?(username, password)
      bind_success = @ldap.connection.bind_as(
        base:     @ldap.base_dn,
-        filter:   "(#{login_attribute}=#{username})",
+        filter:   @user_filter ? "(&(#{login_attribute}=#{username})#{@user_filter})" : "(#{login_attribute}=#{username})",
        password: password
      )
@ -179,6 +179,7 @@ class Ldap
      @uid_attribute = config[:uid_attribute]
      @filter        = config[:filter]
      @user_filter   = config[:user_filter]
    end
  end
 end
--- a/spec/lib/ldap/user_spec.rb
+++ b/spec/lib/ldap/user_spec.rb
@ -90,10 +90,7 @@ RSpec.describe Ldap::User do
    describe '#valid?' do
-      it 'responds to #valid?' do
+      shared_examples 'validates credentials' do
        expect(instance).to respond_to(:valid?)
      end
        it 'validates username and password' do
          connection = double
          allow(mocked_ldap).to receive(:connection).and_return(connection)
@ -119,6 +116,25 @@ RSpec.describe Ldap::User do
        end
      end
      it 'responds to #valid?' do
        expect(instance).to respond_to(:valid?)
      end
      it_behaves_like 'validates credentials'
      context 'with a user_filter inside of the config' do
        let(:initialization_config) do
          {
            uid_attribute: 'objectguid',
            filter:        '(objectClass=user)',
            user_filter:   '(cn=example)'
          }
        end
        it_behaves_like 'validates credentials'
      end
    end
    describe '#attributes' do
      it 'responds to #attributes' do