diff --git a/app/assets/javascripts/app/controllers/settings.js.coffee b/app/assets/javascripts/app/controllers/settings.js.coffee index e6f1c5ebb..6fb46a34a 100644 --- a/app/assets/javascripts/app/controllers/settings.js.coffee +++ b/app/assets/javascripts/app/controllers/settings.js.coffee @@ -27,8 +27,10 @@ class Index extends App.ControllerLevel2 # security if @type is 'security' @menu = [ - { name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }, - { name: 'Password', 'target': 'password', controller: App.SettingsArea, params: { area: 'Security::Password' } }, + { name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Security::Base' } }, +# { name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }, + { name: 'Password', 'target': 'password', controller: App.SettingsArea, params: { area: 'Security::Password' } }, + { name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsArea, params: { area: 'Security::ThirdPartyAuthentication' } }, # { name: 'Session', 'target': 'session', controller: '' }, ] @page = { diff --git a/app/models/application_model.rb b/app/models/application_model.rb index d066f3b31..01476ab6e 100644 --- a/app/models/application_model.rb +++ b/app/models/application_model.rb @@ -121,7 +121,7 @@ class ApplicationModel < ActiveRecord::Base records = self.where( :name => data[:name] ) records.each {|record| if record.name == data[:name] - record.update_attributes( :data => data[:data] ) + record.update_attributes( data ) return record end } diff --git a/app/models/user.rb b/app/models/user.rb index 2268b9a0c..36077928d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -56,56 +56,26 @@ class User < ApplicationModel end # use auth backends - config = { - :internal => { + config = [ + { :adapter => 'internal', }, - :test => { + { :adapter => 'test', }, - :env => { - :adapter => 'env', - }, - :ldap => { - :adapter => 'ldap', - :host => 'localhost', - :port => 389, - :bind_dn => 'cn=Manager,dc=example,dc=org', - :bind_pw => 'example', - :uid => 'mail', - :base => 'dc=example,dc=org', - :always_filter => '', - :always_roles => ['Admin', 'Agent'], - :always_groups => ['Users'], - :sync_params => { - :firstname => 'givenName', - :lastname => 'sn', - :email => 'mail', - :login => 'mail', - }, - }, - :otrs => { - :adapter => 'otrs', - :required_group_ro => 'stats', - :group_rw_role_map => { - 'admin' => 'Admin', - 'stats' => 'Report', - }, - :group_ro_role_map => { - 'stats' => 'Report', - }, - :always_role => { - 'Agent' => true, - }, - }, + ] + Setting.where( :area => 'Security::Authentication' ).each {|setting| + if setting.state[:value] + config.push setting.state[:value] + end } # try to login against configure auth backends user_auth = nil - config.each {|key, c| - file = "auth/#{c[:adapter]}" + config.each {|config_item| + file = "auth/#{config_item[:adapter]}" require file - user_auth = Auth.const_get("#{c[:adapter].to_s.upcase}").check( username, password, c, user ) + user_auth = Auth.const_get("#{config_item[:adapter].to_s.upcase}").check( username, password, config_item, user ) # auth ok if user_auth diff --git a/db/seeds.rb b/db/seeds.rb index 9f33d40c9..8deb2d12d 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -138,7 +138,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'New User Accounts', :name => 'user_create_account', - :area => 'Security::Authentication', + :area => 'Security::Base', :description => 'Enables users to create their own account via web interface.', :options => { :form => [ @@ -160,7 +160,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Lost Password', :name => 'user_lost_password', - :area => 'Security::Authentication', + :area => 'Security::Base', :description => 'Activates lost password feature for agents, in the agent interface.', :options => { :form => [ @@ -182,7 +182,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Switch to User', :name => 'switch_to_user', - :area => 'Security::Authentication', + :area => 'Security::Base', :description => 'Allows the administrators to login as other users, via the users administration panel.', :options => { :form => [ @@ -202,31 +202,55 @@ Setting.create_if_not_exists( :frontend => true ) Setting.create_if_not_exists( - :title => 'Authentication via Database', - :name => 'auth_db', + :title => 'Authentication via OTRS', + :name => 'auth_otrs', :area => 'Security::Authentication', - :description => 'Enables user authentication via database.', - :options => { - :form => [ - { - :display => '', - :null => true, - :name => 'auth_db', - :tag => 'boolean', - :options => { - true => 'yes', - false => 'no', - }, - }, - ], + :description => 'Enables user authentication via OTRS.', + :state => { + :adapter => 'otrs', + :required_group_ro => 'stats', + :group_rw_role_map => { + 'admin' => 'Admin', + 'stats' => 'Report', + }, + :group_ro_role_map => { + 'stats' => 'Report', + }, + :always_role => { + 'Agent' => true, + }, }, - :state => true, - :frontend => true + :frontend => false +) +Setting.create_if_not_exists( + :title => 'Authentication via LDAP', + :name => 'auth_ldap', + :area => 'Security::Authentication', + :description => 'Enables user authentication via LDAP.', + :state => { + :adapter => 'ldap', + :host => 'localhost', + :port => 389, + :bind_dn => 'cn=Manager,dc=example,dc=org', + :bind_pw => 'example', + :uid => 'mail', + :base => 'dc=example,dc=org', + :always_filter => '', + :always_roles => ['Admin', 'Agent'], + :always_groups => ['Users'], + :sync_params => { + :firstname => 'sn', + :lastname => 'givenName', + :email => 'mail', + :login => 'mail', + }, + }, + :frontend => false ) Setting.create_if_not_exists( :title => 'Authentication via Twitter', :name => 'auth_twitter', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via twitter. Register your app first at https://dev.twitter.com/apps', :options => { :form => [ @@ -248,7 +272,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Twitter App Credentials', :name => 'auth_twitter_credentials', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'App credentials for Twitter.', :options => { :form => [ @@ -272,7 +296,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Authentication via Facebook', :name => 'auth_facebook', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via Facebook. Register your app first at https://developers.facebook.com/apps/', :options => { :form => [ @@ -295,7 +319,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Facebook App Credentials', :name => 'auth_facebook_credentials', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'App credentials for Facebook.', :options => { :form => [ @@ -320,7 +344,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Authentication via Google', :name => 'auth_google_oauth2', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via Google.', :options => { :form => [ @@ -342,7 +366,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Google App Credentials', :name => 'auth_google_oauth2_credentials', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via Google.', :options => { :form => [ @@ -367,7 +391,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'Authentication via LinkedIn', :name => 'auth_linkedin', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via LinkedIn.', :options => { :form => [ @@ -389,7 +413,7 @@ Setting.create_if_not_exists( Setting.create_if_not_exists( :title => 'LinkedIn App Credentials', :name => 'auth_linkedin_credentials', - :area => 'Security::Authentication', + :area => 'Security::ThirdPartyAuthentication', :description => 'Enables user authentication via LinkedIn.', :options => { :form => [ diff --git a/lib/auth/ldap.rb b/lib/auth/ldap.rb index d1dd4a427..0a852c429 100644 --- a/lib/auth/ldap.rb +++ b/lib/auth/ldap.rb @@ -23,7 +23,7 @@ module Auth::LDAP # search user filter = "(#{config[:uid]}=#{username})" - if config[:always_filter] + if config[:always_filter] && !config[:always_filter].empty? filter = "(&#{filter}#{config[:always_filter]})" end user_dn = nil @@ -34,9 +34,9 @@ module Auth::LDAP # remember attributes for :sync_params entry.each do |attribute, values| - user_data[ attribute.to_sym ] = '' + user_data[ attribute.downcase.to_sym ] = '' values.each do |value| - user_data[ attribute.to_sym ] = value + user_data[ attribute.downcase.to_sym ] = value end end end @@ -60,8 +60,8 @@ module Auth::LDAP :updated_by_id => 1, } config[:sync_params].each {| local_data, ldap_data | - if user_data[ ldap_data.to_sym ] - user_attributes[ local_data.to_sym] = user_data[ ldap_data.to_sym ] + if user_data[ ldap_data.downcase.to_sym ] + user_attributes[ local_data.downcase.to_sym] = user_data[ ldap_data.downcase.to_sym ] end } if !user diff --git a/test/unit/auth_test.rb b/test/unit/auth_test.rb new file mode 100644 index 000000000..32e86767f --- /dev/null +++ b/test/unit/auth_test.rb @@ -0,0 +1,98 @@ +# encoding: utf-8 +require 'test_helper' + +Setting.create_or_update( + :title => 'Authentication via LDAP', + :name => 'auth_ldap', + :area => 'Security::Authentication', + :description => 'Enables user authentication via LDAP.', + :state => { + :adapter => 'ldap', + :host => 'localhost', + :port => 389, + :bind_dn => 'cn=Manager,dc=example,dc=org', + :bind_pw => 'example', + :uid => 'mail', + :base => 'dc=example,dc=org', + :always_filter => '', + :always_roles => ['Admin', 'Agent'], + :always_groups => ['Users'], + :sync_params => { + :firstname => 'sn', + :lastname => 'givenName', + :email => 'mail', + :login => 'mail', + }, + }, + :frontend => false +) + +user = User.lookup( :login => 'nicole.braun@zammad.org' ) +if user + user.update_attributes( + :password => 'some_pass', + :active => true, + ) +else + user = User.create_if_not_exists( + :login => 'nicole.braun@zammad.org', + :firstname => 'Nicole', + :lastname => 'Braun', + :email => 'nicole.braun@zammad.org', + :password => 'some_pass', + :active => true, + :updated_by_id => 1, + :created_by_id => 1 + ) +end +class AuthTest < ActiveSupport::TestCase + test 'auth' do + tests = [ + + # test 1 + { + :username => 'not_existing', + :password => 'password', + :result => nil, + }, + + # test 2 + { + :username => 'paige.chen@example.org', + :password => 'password', + :result => true, + :verify => { + :firstname => 'Chen', + :lastname => 'Paige', + :email => 'paige.chen@example.org', + } + }, + + # test 3 + { + :username => 'nicole.braun@zammad.org', + :password => 'some_pass', + :result => true, + :verify => { + :firstname => 'Nicole', + :lastname => 'Braun', + :email => 'nicole.braun@zammad.org', + } + }, + ] + tests.each { |test| + user = User.authenticate( test[:username], test[:password] ) + if test[:result] == true + if !user + assert( false, 'auth faild' ) + else + test[:verify].each {|key, value| + assert_equal( user[key], value, 'verify' ) + } + end + else + assert_equal( test[:result], user, 'faild or not existing' ) + end + } + end +end