(refs #78)LDAP authentication is completed? (not tested yet)

2025-11-06 05:25:50 +01:00 · 2013-08-16 11:46:16 +09:00
parent 582df3239f
commit 231fd268df
1 changed files with 48 additions and 13 deletions
--- a/src/main/scala/app/SignInController.scala
+++ b/src/main/scala/app/SignInController.scala
@@ -3,6 +3,8 @@ package app
 import service._
 import util.StringUtil._
 import jp.sf.amateras.scalatra.forms._
+import util.LDAPUtil
+import service.SystemSettingsService.SystemSettings

 class SignInController extends SignInControllerBase with SystemSettingsService with AccountService

@@ -24,8 +26,48 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
  }

  post("/signin", form){ form =>
+    val settings = loadSystemSettings()
+    settings.authType match {
+      case "LDAP" => ldapAuthentication(form, settings)
+      case _      => defaultAuthentication(form)
+    }
+  }
+
+  get("/signout"){
+    session.invalidate
+    redirect("/")
+  }
+
+  /**
+   * Authenticate by internal database.
+   */
+  private def defaultAuthentication(form: SignInForm) = {
    getAccountByUserName(form.userName).collect {
-      case account if(!account.isGroupAccount && account.password == sha1(form.password)) => {
+      case account if(!account.isGroupAccount && account.password == sha1(form.password)) => signin(account)
+    } getOrElse redirect("/signin")
+  }
+
+  /**
+   * Authenticate by LDAP.
+   */
+  private def ldapAuthentication(form: SignInForm, settings: SystemSettings) = {
+    LDAPUtil.authenticate(settings.ldap.get, form.userName, form.password) match {
+      case Right(mailAddress) => {
+        // Create or update account by LDAP information
+        getAccountByUserName(form.userName) match {
+          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
+          case None    => createAccount(form.userName, "", mailAddress, false, None)
+        }
+        signin(getAccountByUserName(form.userName).get)
+      }
+      case Left(errorMessage) => defaultAuthentication(form)
+    }
+  }
+
+  /**
+   * Set account information into HttpSession and redirect.
+   */
+  private def signin(account: model.Account) = {
    session.setAttribute("LOGIN_ACCOUNT", account)
    updateLastLoginDate(account.userName)

@@ -36,12 +78,5 @@ trait SignInControllerBase extends ControllerBase { self: SystemSettingsService
      redirect("/")
    }
  }
-    } getOrElse redirect("/signin")
-  }
-
-  get("/signout"){
-    session.invalidate
-    redirect("/")
-  }

 }