cirandas.net

ref: master

plugins/ldap/lib/ldap_plugin.rb


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
require_relative 'ldap_authentication.rb'

class LdapPlugin < Noosfero::Plugin
  include Noosfero::Plugin::HotSpot

  def self.plugin_name
    "LdapPlugin"
  end

  def self.plugin_description
    _("A plugin that add ldap support.")
  end

  module Hotspots
    # -> Custom ldap plugin hotspot to set profile data before user creation
    # receive the followings params:
    # - attrs with ldap received data
    # - login received by ldap
    # - params from current context
    # returns = updated person_data hash
    def ldap_plugin_set_profile_data(attrs, params)
      [attrs, params]
    end

    # -> Custom ldap plugin hotspot to update user object
    # receive the followings params:
    # - user: user object
    # - attrs with ldap received data
    # returns = none
    def ldap_plugin_update_user(user, attrs)
    end
  end

  def allow_user_registration
    false
  end

  def allow_password_recovery
    context.environment.ldap_plugin['allow_password_recovery']
  end

  def alternative_authentication
    login = context.params[:login] || context.params[:user][:login]
    password = context.params[:password] || context.params[:user][:password]
    ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes)

    # try to authenticate
    begin
      attrs = ldap.authenticate(login, password)
    rescue Net::LDAP::LdapError => e
      puts "LDAP is not configured correctly"
    end
    return nil if attrs.nil?

    user_login = get_login(attrs, ldap.attr_login, login)
    user = User.find_or_initialize_by(login: user_login)
    return nil if !user.new_record? && !user.activated?

    user.login = user_login
    user.email = get_email(attrs, login)
    user.name =  attrs[:fullname]
    user.password = password
    user.password_confirmation = password
    user.person_data = plugins.pipeline(:ldap_plugin_set_profile_data, attrs, context.params).last[:profile_data]
    user.activated_at = Time.now.utc
    user.activation_code = nil

    ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes)
    begin
      if user.save
        user.activate
        plugins.dispatch(:ldap_plugin_update_user, user, attrs)
      else
        user = nil
      end
    rescue
      #User not saved
    end

    user
  end

  def get_login(attrs, attr_login, login)
    user_login = Array.wrap(attrs[attr_login.split.first.to_sym])
    user_login.empty? ? login : user_login.first
  end

  def get_email(attrs, login)
    return attrs[:mail] unless attrs[:mail].blank?

    if attrs[:fullname]
      return attrs[:fullname].to_slug + "@ldap.user"
    else
      return login.to_slug + "@ldap.user"
    end
  end

  def login_extra_contents
    proc do
      @person = Person.new(:environment => @environment)
      @profile_data = @person
      labelled_fields_for :profile_data, @person do |f|
        render :partial => 'profile_editor/person_form', :locals => {:f => f}
      end
    end
  end

end