Moved auth backend config settings to db, added unit test for ldap auth.

2013-02-08 00:03:46 +01:00 · 2013-02-08 00:03:46 +01:00 · f6545672ee
parent 409dbe31d1
commit f6545672ee
6 changed files with 172 additions and 78 deletions
--- a/app/assets/javascripts/app/controllers/settings.js.coffee
+++ b/app/assets/javascripts/app/controllers/settings.js.coffee
@ -27,8 +27,10 @@ class Index extends App.ControllerLevel2
    # security
    if @type is 'security'
      @menu = [
-        { name: 'Authentication', 'target': 'auth',      controller: App.SettingsArea, params: { area: 'Security::Authentication' } },
-        { name: 'Password',       'target': 'password',  controller: App.SettingsArea, params: { area: 'Security::Password' } },
+        { name: 'Base',                     'target': 'base',             controller: App.SettingsArea, params: { area: 'Security::Base' } },
+#        { name: 'Authentication',           'target': 'auth',             controller: App.SettingsArea, params: { area: 'Security::Authentication' } },
+        { name: 'Password',                 'target': 'password',         controller: App.SettingsArea, params: { area: 'Security::Password' } },
+        { name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsArea, params: { area: 'Security::ThirdPartyAuthentication' } },
 #        { name: 'Session',        'target': 'session',   controller: '' },
      ] 
      @page = {
--- a/app/models/application_model.rb
+++ b/app/models/application_model.rb
@ -121,7 +121,7 @@ class ApplicationModel < ActiveRecord::Base
      records = self.where( :name => data[:name] )
      records.each {|record|
        if record.name == data[:name]
-          record.update_attributes( :data => data[:data] )
+          record.update_attributes( data )
          return record
        end
      }
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -56,56 +56,26 @@ class User < ApplicationModel
    end

    # use auth backends
-    config = {
-      :internal => {
+    config = [
+      {
        :adapter => 'internal',
      },
-      :test => {
+      {
        :adapter => 'test',
      },
-      :env => {
-        :adapter => 'env',
-      },
-      :ldap => {
-        :adapter        => 'ldap',
-        :host           => 'localhost',
-        :port           => 389,
-        :bind_dn        => 'cn=Manager,dc=example,dc=org',
-        :bind_pw        => 'example',
-        :uid            => 'mail',
-        :base           => 'dc=example,dc=org',
-        :always_filter  => '',
-        :always_roles   => ['Admin', 'Agent'],
-        :always_groups  => ['Users'],
-        :sync_params    => {
-          :firstname  => 'givenName',
-          :lastname   => 'sn',
-          :email      => 'mail',
-          :login      => 'mail',
-        },
-      },
-      :otrs => {
-        :adapter           => 'otrs',
-        :required_group_ro => 'stats',
-        :group_rw_role_map => {
-          'admin' => 'Admin',
-          'stats' => 'Report',
-        },
-        :group_ro_role_map => {
-          'stats' => 'Report',
-        },
-        :always_role => {
-          'Agent' => true,
-        },
-      },
+    ]
+    Setting.where( :area => 'Security::Authentication' ).each {|setting|
+      if setting.state[:value]
+        config.push setting.state[:value]
+      end
    }

    # try to login against configure auth backends
    user_auth = nil
-    config.each {|key, c|
-      file = "auth/#{c[:adapter]}"
+    config.each {|config_item|
+      file = "auth/#{config_item[:adapter]}"
      require file
-      user_auth = Auth.const_get("#{c[:adapter].to_s.upcase}").check( username, password, c, user )
+      user_auth = Auth.const_get("#{config_item[:adapter].to_s.upcase}").check( username, password, config_item, user )

      # auth ok
      if user_auth
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -138,7 +138,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'New User Accounts',
  :name        => 'user_create_account',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::Base',
  :description => 'Enables users to create their own account via web interface.',
  :options     => {
    :form => [
@ -160,7 +160,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Lost Password',
  :name        => 'user_lost_password',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::Base',
  :description => 'Activates lost password feature for agents, in the agent interface.',
  :options     => {
    :form => [
@ -182,7 +182,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Switch to User',
  :name        => 'switch_to_user',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::Base',
  :description => 'Allows the administrators to login as other users, via the users administration panel.',
  :options     => {
    :form => [
@ -202,31 +202,55 @@ Setting.create_if_not_exists(
  :frontend => true
 )
 Setting.create_if_not_exists(
-  :title       => 'Authentication via Database',
-  :name        => 'auth_db',
+  :title       => 'Authentication via OTRS',
+  :name        => 'auth_otrs',
  :area        => 'Security::Authentication',
-  :description => 'Enables user authentication via database.',
-  :options     => {
-    :form => [
-      {
-        :display  => '',
-        :null     => true,
-        :name     => 'auth_db', 
-        :tag      => 'boolean',
-        :options  => {
-          true  => 'yes',
-          false => 'no',
-        },
-      },
-    ],
+  :description => 'Enables user authentication via OTRS.',
+  :state    => {
+    :adapter           => 'otrs',
+    :required_group_ro => 'stats',
+    :group_rw_role_map => {
+      'admin' => 'Admin',
+      'stats' => 'Report',
+    },
+    :group_ro_role_map => {
+      'stats' => 'Report',
+    },
+    :always_role => {
+      'Agent' => true,
+    },
  },
-  :state    => true,
-  :frontend => true
+  :frontend => false
+)
+Setting.create_if_not_exists(
+  :title       => 'Authentication via LDAP',
+  :name        => 'auth_ldap',
+  :area        => 'Security::Authentication',
+  :description => 'Enables user authentication via LDAP.',
+  :state    => {
+    :adapter        => 'ldap',
+    :host           => 'localhost',
+    :port           => 389,
+    :bind_dn        => 'cn=Manager,dc=example,dc=org',
+    :bind_pw        => 'example',
+    :uid            => 'mail',
+    :base           => 'dc=example,dc=org',
+    :always_filter  => '',
+    :always_roles   => ['Admin', 'Agent'],
+    :always_groups  => ['Users'],
+    :sync_params    => {
+      :firstname  => 'sn',
+      :lastname   => 'givenName',
+      :email      => 'mail',
+      :login      => 'mail',
+    },
+  },
+  :frontend => false
 )
 Setting.create_if_not_exists(
  :title       => 'Authentication via Twitter',
  :name        => 'auth_twitter',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via twitter. Register your app first at https://dev.twitter.com/apps',
  :options     => {
    :form => [
@ -248,7 +272,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Twitter App Credentials',
  :name        => 'auth_twitter_credentials',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'App credentials for Twitter.',
  :options     => {
    :form => [
@ -272,7 +296,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Authentication via Facebook',
  :name        => 'auth_facebook',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via Facebook. Register your app first at https://developers.facebook.com/apps/',
  :options     => {
    :form => [
@ -295,7 +319,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Facebook App Credentials',
  :name        => 'auth_facebook_credentials',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'App credentials for Facebook.',
  :options     => {
    :form => [
@ -320,7 +344,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Authentication via Google',
  :name        => 'auth_google_oauth2',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via Google.',
  :options     => {
    :form => [
@ -342,7 +366,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Google App Credentials',
  :name        => 'auth_google_oauth2_credentials',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via Google.',
  :options     => {
    :form => [
@ -367,7 +391,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'Authentication via LinkedIn',
  :name        => 'auth_linkedin',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via LinkedIn.',
  :options     => {
    :form => [
@ -389,7 +413,7 @@ Setting.create_if_not_exists(
 Setting.create_if_not_exists(
  :title       => 'LinkedIn App Credentials',
  :name        => 'auth_linkedin_credentials',
-  :area        => 'Security::Authentication',
+  :area        => 'Security::ThirdPartyAuthentication',
  :description => 'Enables user authentication via LinkedIn.',
  :options     => {
    :form => [
--- a/lib/auth/ldap.rb
+++ b/lib/auth/ldap.rb
@ -23,7 +23,7 @@ module Auth::LDAP

    # search user
    filter = "(#{config[:uid]}=#{username})"
-    if config[:always_filter]
+    if config[:always_filter] && !config[:always_filter].empty?
      filter = "(&#{filter}#{config[:always_filter]})"
    end
    user_dn = nil
@ -34,9 +34,9 @@ module Auth::LDAP

      # remember attributes for :sync_params
      entry.each do |attribute, values|
-        user_data[ attribute.to_sym ] = ''
+        user_data[ attribute.downcase.to_sym ] = ''
        values.each do |value|
-          user_data[ attribute.to_sym ] = value
+          user_data[ attribute.downcase.to_sym ] = value
        end
      end
    end
@ -60,8 +60,8 @@ module Auth::LDAP
        :updated_by_id => 1,
      }
      config[:sync_params].each {| local_data, ldap_data |
-        if user_data[ ldap_data.to_sym ]
-          user_attributes[ local_data.to_sym] = user_data[ ldap_data.to_sym ]
+        if user_data[ ldap_data.downcase.to_sym ]
+          user_attributes[ local_data.downcase.to_sym] = user_data[ ldap_data.downcase.to_sym ]
        end
      }
      if !user
--- a/test/unit/auth_test.rb
+++ b/test/unit/auth_test.rb
@ -0,0 +1,98 @@
+# encoding: utf-8
+require 'test_helper'
+
+Setting.create_or_update(
+  :title       => 'Authentication via LDAP',
+  :name        => 'auth_ldap',
+  :area        => 'Security::Authentication',
+  :description => 'Enables user authentication via LDAP.',
+  :state    => {
+    :adapter        => 'ldap',
+    :host           => 'localhost',
+    :port           => 389,
+    :bind_dn        => 'cn=Manager,dc=example,dc=org',
+    :bind_pw        => 'example',
+    :uid            => 'mail',
+    :base           => 'dc=example,dc=org',
+    :always_filter  => '',
+    :always_roles   => ['Admin', 'Agent'],
+    :always_groups  => ['Users'],
+    :sync_params    => {
+      :firstname  => 'sn',
+      :lastname   => 'givenName',
+      :email      => 'mail',
+      :login      => 'mail',
+    },
+  },
+  :frontend => false
+)
+
+user = User.lookup( :login => 'nicole.braun@zammad.org' )
+if user
+  user.update_attributes(
+    :password => 'some_pass',
+    :active   => true,
+  )
+else
+  user = User.create_if_not_exists(
+    :login         => 'nicole.braun@zammad.org',
+    :firstname     => 'Nicole',
+    :lastname      => 'Braun',
+    :email         => 'nicole.braun@zammad.org',
+    :password      => 'some_pass',
+    :active        => true,
+    :updated_by_id => 1,
+    :created_by_id => 1
+  )
+end
+class AuthTest < ActiveSupport::TestCase
+  test 'auth' do
+    tests = [
+
+      # test 1
+      {
+        :username => 'not_existing',
+        :password => 'password',
+        :result   => nil,
+      },
+
+      # test 2
+      {
+        :username => 'paige.chen@example.org',
+        :password => 'password',
+        :result   => true,
+        :verify => {
+          :firstname => 'Chen',
+          :lastname  => 'Paige',
+          :email     => 'paige.chen@example.org',
+        }
+      },
+
+      # test 3
+      {
+        :username => 'nicole.braun@zammad.org',
+        :password => 'some_pass',
+        :result   => true,
+        :verify => {
+          :firstname => 'Nicole',
+          :lastname  => 'Braun',
+          :email     => 'nicole.braun@zammad.org',
+        }
+      },
+    ]
+    tests.each { |test|
+      user = User.authenticate( test[:username], test[:password] )
+      if test[:result] == true
+        if !user
+          assert( false, 'auth faild' )
+        else
+          test[:verify].each {|key, value|
+            assert_equal( user[key], value, 'verify' )
+          }
+        end
+      else
+        assert_equal( test[:result], user, 'faild or not existing' )
+      end
+    }
+  end
+end