githubFork/gitblit.git - Solinfo Gitblit

			@@ -30,12 +30,15 @@
			import com.gitblit.utils.ArrayUtils;
			import com.gitblit.utils.StringUtils;
			import com.unboundid.ldap.sdk.Attribute;
			import com.unboundid.ldap.sdk.ExtendedResult;
			import com.unboundid.ldap.sdk.LDAPConnection;
			import com.unboundid.ldap.sdk.LDAPException;
			import com.unboundid.ldap.sdk.LDAPSearchException;
			import com.unboundid.ldap.sdk.ResultCode;
			import com.unboundid.ldap.sdk.SearchResult;
			import com.unboundid.ldap.sdk.SearchResultEntry;
			import com.unboundid.ldap.sdk.SearchScope;
			import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
			import com.unboundid.util.ssl.SSLUtil;
			import com.unboundid.util.ssl.TrustAllTrustManager;

			@@ -81,10 +84,22 @@
			if (ldapPort == -1) // Default Port
			ldapPort = 389;

			return new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
			LDAPConnection conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);

			if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
			SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());

			ExtendedResult extendedResult = conn.processExtendedOperation(
			new StartTLSExtendedRequest(sslUtil.createSSLContext()));

			if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
			throw new LDAPException(extendedResult.getResultCode());
			}
			}
			return conn;
			}
			} catch (URISyntaxException e) {
			logger.error("Bad LDAP URL, should be in the form: ldap(s)://<server>:<port>", e);
			logger.error("Bad LDAP URL, should be in the form: ldap(s\|+tls)://<server>:<port>", e);
			} catch (GeneralSecurityException e) {
			logger.error("Unable to create SSL Connection", e);
			} catch (LDAPException e) {
			@@ -145,62 +160,78 @@
			public UserModel authenticate(String username, char[] password) {
			String simpleUsername = getSimpleUsername(username);

			LDAPConnection ldapConnection = getLdapConnection();
			LDAPConnection ldapConnection = getLdapConnection();
			if (ldapConnection != null) {
			// Find the logging in user's DN
			String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
			String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
			accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
			try {
			// Find the logging in user's DN
			String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
			String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
			accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));

			SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
			if (result != null && result.getEntryCount() == 1) {
			SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
			String loggingInUserDN = loggingInUser.getDN();

			if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
			logger.debug("LDAP authenticated: " + username);

			UserModel user = getUserModel(simpleUsername);
			if (user == null) // create user object for new authenticated user
			user = new UserModel(simpleUsername);
			SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
			if (result != null && result.getEntryCount() == 1) {
			SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
			String loggingInUserDN = loggingInUser.getDN();

			// create a user cookie
			if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
			user.cookie = StringUtils.getSHA1(user.username + new String(password));
			if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
			logger.debug("LDAP authenticated: " + username);

			UserModel user = getUserModel(simpleUsername);
			if (user == null) // create user object for new authenticated user
			user = new UserModel(simpleUsername);

			// create a user cookie
			if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
			user.cookie = StringUtils.getSHA1(user.username + new String(password));
			}

			if (!supportsTeamMembershipChanges())
			getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);

			// Get User Attributes
			setUserAttributes(user, loggingInUser);

			// Push the ldap looked up values to backing file
			super.updateUserModel(user);
			if (!supportsTeamMembershipChanges()) {
			for (TeamModel userTeam : user.teams)
			updateTeamModel(userTeam);
			}

			return user;
			}

			if (!supportsTeamMembershipChanges())
			getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);

			// Get User Attributes
			setUserAttributes(user, loggingInUser);

			// Push the ldap looked up values to backing file
			super.updateUserModel(user);
			if (!supportsTeamMembershipChanges()) {
			for (TeamModel userTeam : user.teams)
			updateTeamModel(userTeam);
			}

			return user;
			}
			} finally {
			ldapConnection.close();
			}
			}

			return null;
			}

			/**
			* Set the admin attribute from team memberships retrieved from LDAP.
			* If we are not storing teams in LDAP and/or we have not defined any
			* administrator teams, then do not change the admin flag.
			*
			* @param user
			*/
			private void setAdminAttribute(UserModel user) {
			user.canAdmin = false;
			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
			for (String admin : admins) {
			if (admin.startsWith("@")) { // Team
			if (user.getTeam(admin.substring(1)) != null)
			user.canAdmin = true;
			} else
			if (user.getName().equalsIgnoreCase(admin))
			user.canAdmin = true;
			}
			if (!supportsTeamMembershipChanges()) {
			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
			// if we have defined administrative teams, then set admin flag
			// otherwise leave admin flag unchanged
			if (!ArrayUtils.isEmpty(admins)) {
			user.canAdmin = false;
			for (String admin : admins) {
			if (admin.startsWith("@")) { // Team
			if (user.getTeam(admin.substring(1)) != null)
			user.canAdmin = true;
			} else
			if (user.getName().equalsIgnoreCase(admin))
			user.canAdmin = true;
			}
			}
			}
			}

			private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
			@@ -220,7 +251,10 @@

			user.displayName = displayName;
			} else {
			user.displayName = userEntry.getAttribute(displayName).getValue();
			Attribute attribute = userEntry.getAttribute(displayName);
			if (attribute != null && attribute.hasValue()) {
			user.displayName = attribute.getValue();
			}
			}
			}

			@@ -233,7 +267,10 @@

			user.emailAddress = email;
			} else {
			user.emailAddress = userEntry.getAttribute(email).getValue();
			Attribute attribute = userEntry.getAttribute(email);
			if (attribute != null && attribute.hasValue()) {
			user.emailAddress = attribute.getValue();
			}
			}
			}
			}