Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 1563f7edd6
Branches Tags
zammad
/
lib
/
auth
/
backend
/
ldap.rb

ldap.rb 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class Auth
    4. 

  4.   class Backend
    5. 

  5.     class Ldap < Auth::Backend::Base
    6. 

  6. 

  7.       private
    8. 

  8. 

  9.       def source
    10. 

  10.         LdapSource.by_user(user)
    11. 

  11.       end
    12. 

  12. 

  13.       def login_valid?(ldap_user)
    14. 

  14.         # get from config or fallback to login
    15. 

  15.         # for a list of user attributes which should
    16. 

  16.         # be used for logging in
    17. 

  17.         login_attributes = config[:login_attributes] || %w[login]
    18. 

  18. 

  19.         login_attributes.any? do |attribute|
    20. 

  20.           ldap_user.valid?(user[attribute], password)
    21. 

  21.         end
    22. 

  22.       end
    23. 

  23. 

  24.       # Validation against the configured ldap integration.
    25. 

  25.       #
    26. 

  26.       # @returns [Boolean] true if the validation works, otherwise false.
    27. 

  27.       def authenticated?
    28. 

  28.         return if !source
    29. 

  29. 

  30.         ldap_user = ::Ldap::User.new(source.preferences)
    31. 

  31. 

  32.         authed = login_valid?(ldap_user)
    33. 

  33.         log_auth_result(authed)
    34. 

  34.         authed
    35. 

  35.       rescue => e
    36. 

  36.         message = "Can't connect to ldap backend #{e}"
    37. 

  37.         Rails.logger.info message
    38. 

  38.         Rails.logger.info e
    39. 

  39.         log(
    40. 

  40.           status:   'failed',
    41. 

  41.           response: message,
    42. 

  42.         )
    43. 

  43.         false
    44. 

  44.       end
    45. 

  45. 

  46.       # Checks the default behaviour and as a addition if the ldap integration is currently active.
    47. 

  47.       #
    48. 

  48.       # @returns [Boolean] true if the ldap integration is active and the default behaviour matches.
    49. 

  49.       def perform?
    50. 

  50.         user.source =~ %r{^Ldap::(\d+)$} && Setting.get('ldap_integration')
    51. 

  51.       end
    52. 

  52. 

  53.       # Logs the auth result
    54. 

  54.       #
    55. 

  55.       # @param authed [Boolean] true if the user is authed, otherwise false.
    56. 

  56.       def log_auth_result(authed)
    57. 

  57.         result = authed ? 'success' : 'failed'
    58. 

  58.         log(
    59. 

  59.           status: result,
    60. 

  60.         )
    61. 

  61.       end
    62. 

  62. 

  63.       # Created the http log for the current authentication.
    64. 

  64.       #
    65. 

  65.       # @param status [String] the status of the ldap authentication.
    66. 

  66.       # @param response [String] the response message.
    67. 

  67.       def log(status:, response: nil)
    68. 

  68.         HttpLog.create(
    69. 

  69.           direction:     'out',
    70. 

  70.           facility:      'ldap',
    71. 

  71.           url:           "bind -> #{user.login}",
    72. 

  72.           status:        status,
    73. 

  73.           ip:            nil,
    74. 

  74.           request:       { content: user.login },
    75. 

  75.           response:      { content: response || status },
    76. 

  76.           method:        'tcp',
    77. 

  77.           created_by_id: 1,
    78. 

  78.           updated_by_id: 1,
    79. 

  79.         )
    80. 

  80.       end
    81. 

  81.     end
    82. 

  82.   end
    83. 

  83. end
    84.