Merge branch 'ldap-auth'

2025-11-07 22:15:51 +01:00 · 2013-08-22 02:31:24 +09:00
parent c841d4a77a e0bd5a24f4
commit 6b57cca64d
10 changed files with 329 additions and 52 deletions
--- a/src/main/scala/service/AccountService.scala
+++ b/src/main/scala/service/AccountService.scala
@@ -3,9 +3,48 @@ package service
 import model._
 import scala.slick.driver.H2Driver.simple._
 import Database.threadLocalSession
+import service.SystemSettingsService.SystemSettings
+import util.StringUtil._
+import model.GroupMember
+import scala.Some
+import model.Account
+import util.LDAPUtil

 trait AccountService {

+  def authenticate(settings: SystemSettings, userName: String, password: String): Option[Account] =
+    if(settings.ldapAuthentication){
+      ldapAuthentication(settings, userName, password)
+    } else {
+      defaultAuthentication(userName, password)
+    }
+
+  /**
+   * Authenticate by internal database.
+   */
+  private def defaultAuthentication(userName: String, password: String) = {
+    getAccountByUserName(userName).collect {
+      case account if(!account.isGroupAccount && account.password == sha1(password)) => Some(account)
+    } getOrElse None
+  }
+
+  /**
+   * Authenticate by LDAP.
+   */
+  private def ldapAuthentication(settings: SystemSettings, userName: String, password: String) = {
+    LDAPUtil.authenticate(settings.ldap.get, userName, password) match {
+      case Right(mailAddress) => {
+        // Create or update account by LDAP information
+        getAccountByUserName(userName) match {
+          case Some(x) => updateAccount(x.copy(mailAddress = mailAddress))
+          case None    => createAccount(userName, "", mailAddress, false, None)
+        }
+        getAccountByUserName(userName)
+      }
+      case Left(errorMessage) => defaultAuthentication(userName, password)
+    }
+  }
+
  def getAccountByUserName(userName: String): Option[Account] = 
    Query(Accounts) filter(_.userName is userName.bind) firstOption

--- a/src/main/scala/service/SystemSettingsService.scala
+++ b/src/main/scala/service/SystemSettingsService.scala
@@ -19,6 +19,18 @@ trait SystemSettingsService {
        smtp.ssl.foreach(x => props.setProperty(SmtpSsl, x.toString))
      }
    }
+    props.setProperty(LdapAuthentication, settings.ldapAuthentication.toString)
+    if(settings.ldapAuthentication){
+      settings.ldap.map { ldap =>
+        props.setProperty(LdapHost, ldap.host)
+        ldap.port.foreach(x => props.setProperty(LdapPort, x.toString))
+        props.setProperty(LdapBindDN, ldap.bindDN)
+        props.setProperty(LdapBindPassword, ldap.bindPassword)
+        props.setProperty(LdapBaseDN, ldap.baseDN)
+        props.setProperty(LdapUserNameAttribute, ldap.userNameAttribute)
+        props.setProperty(LdapMailAddressAttribute, ldap.mailAttribute)
+      }
+    }
    props.store(new java.io.FileOutputStream(GitBucketConf), null)
  }

@@ -41,6 +53,19 @@ trait SystemSettingsService {
          getOptionValue[Boolean](props, SmtpSsl, None)))
      } else {
        None
+      },
+      getValue(props, LdapAuthentication, false),
+      if(getValue(props, LdapAuthentication, false)){
+        Some(Ldap(
+          getValue(props, LdapHost, ""),
+          getOptionValue(props, LdapPort, Some(DefaultLdapPort)),
+          getValue(props, LdapBindDN, ""),
+          getValue(props, LdapBindPassword, ""),
+          getValue(props, LdapBaseDN, ""),
+          getValue(props, LdapUserNameAttribute, ""),
+          getValue(props, LdapMailAddressAttribute, "")))
+      } else {
+        None
      }
    )
  }
@@ -54,8 +79,19 @@ object SystemSettingsService {
    allowAccountRegistration: Boolean,
    gravatar: Boolean,
    notification: Boolean,
-    smtp: Option[Smtp]
-  )
+    smtp: Option[Smtp],
+    ldapAuthentication: Boolean,
+    ldap: Option[Ldap])
+
+  case class Ldap(
+    host: String,
+    port: Option[Int],
+    bindDN: String,
+    bindPassword: String,
+    baseDN: String,
+    userNameAttribute: String,
+    mailAttribute: String)
+
  case class Smtp(
    host: String,
    port: Option[Int],
@@ -63,6 +99,8 @@ object SystemSettingsService {
    password: Option[String],
    ssl: Option[Boolean])

+  val DefaultLdapPort = 389
+
  private val AllowAccountRegistration = "allow_account_registration"
  private val Gravatar = "gravatar"
  private val Notification = "notification"
@@ -71,6 +109,14 @@ object SystemSettingsService {
  private val SmtpUser = "smtp.user"
  private val SmtpPassword = "smtp.password"
  private val SmtpSsl = "smtp.ssl"
+  private val LdapAuthentication = "ldap_authentication"
+  private val LdapHost = "ldap.host"
+  private val LdapPort = "ldap.port"
+  private val LdapBindDN = "ldap.bindDN"
+  private val LdapBindPassword = "ldap.bind_password"
+  private val LdapBaseDN = "ldap.baseDN"
+  private val LdapUserNameAttribute = "ldap.username_attribute"
+  private val LdapMailAddressAttribute = "ldap.mail_attribute"

  private def getValue[A: ClassTag](props: java.util.Properties, key: String, default: A): A = {
    val value = props.getProperty(key)