ldap.rb 2.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class Auth
  3. class Backend
  4. class Ldap < Auth::Backend::Base
  5. private
  6. def source
  7. LdapSource.by_user(user)
  8. end
  9. def login_valid?(ldap_user)
  10. # get from config or fallback to login
  11. # for a list of user attributes which should
  12. # be used for logging in
  13. login_attributes = config[:login_attributes] || %w[login]
  14. login_attributes.any? do |attribute|
  15. ldap_user.valid?(user[attribute], password)
  16. end
  17. end
  18. # Validation against the configured ldap integration.
  19. #
  20. # @returns [Boolean] true if the validation works, otherwise false.
  21. def authenticated?
  22. return if !source
  23. ldap_user = ::Ldap::User.new(source.preferences)
  24. authed = login_valid?(ldap_user)
  25. log_auth_result(authed)
  26. authed
  27. rescue => e
  28. message = "Can't connect to ldap backend #{e}"
  29. Rails.logger.info message
  30. Rails.logger.info e
  31. log(
  32. status: 'failed',
  33. response: message,
  34. )
  35. false
  36. end
  37. # Checks the default behaviour and as a addition if the ldap integration is currently active.
  38. #
  39. # @returns [Boolean] true if the ldap integration is active and the default behaviour matches.
  40. def perform?
  41. user.source =~ %r{^Ldap::(\d+)$} && Setting.get('ldap_integration')
  42. end
  43. # Logs the auth result
  44. #
  45. # @param authed [Boolean] true if the user is authed, otherwise false.
  46. def log_auth_result(authed)
  47. result = authed ? 'success' : 'failed'
  48. log(
  49. status: result,
  50. )
  51. end
  52. # Created the http log for the current authentication.
  53. #
  54. # @param status [String] the status of the ldap authentication.
  55. # @param response [String] the response message.
  56. def log(status:, response: nil)
  57. HttpLog.create(
  58. direction: 'out',
  59. facility: 'ldap',
  60. url: "bind -> #{user.login}",
  61. status: status,
  62. ip: nil,
  63. request: { content: user.login },
  64. response: { content: response || status },
  65. method: 'tcp',
  66. created_by_id: 1,
  67. updated_by_id: 1,
  68. )
  69. end
  70. end
  71. end
  72. end