From 6c5511020457c39961d069071ac60f7140ec724f Mon Sep 17 00:00:00 2001
From: Lukasz Jader <ljaderdev@gmail.com>
Date: Wed, 19 Sep 2012 16:24:10 -0400
Subject: [PATCH] Update polish translation of EmptyRepositoryPage

---
 src/com/gitblit/LdapUserService.java |  140 ++++++++++++++++++++++++++++++++--------------
 1 files changed, 97 insertions(+), 43 deletions(-)

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 80a966d..54a5575 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -27,14 +27,18 @@
 
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.unboundid.ldap.sdk.Attribute;
+import com.unboundid.ldap.sdk.ExtendedResult;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ResultCode;
 import com.unboundid.ldap.sdk.SearchResult;
 import com.unboundid.ldap.sdk.SearchResultEntry;
 import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
 import com.unboundid.util.ssl.SSLUtil;
 import com.unboundid.util.ssl.TrustAllTrustManager;
 
@@ -80,10 +84,22 @@
 				if (ldapPort == -1)	// Default Port
 					ldapPort = 389;
 				
-				return new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+				LDAPConnection conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+
+				if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+					SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+
+					ExtendedResult extendedResult = conn.processExtendedOperation(
+						new StartTLSExtendedRequest(sslUtil.createSSLContext()));
+
+					if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+						throw new LDAPException(extendedResult.getResultCode());
+					}
+				}
+				return conn;
 			}
 		} catch (URISyntaxException e) {
-			logger.error("Bad LDAP URL, should be in the form: ldap(s)://<server>:<port>", e);
+			logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
 		} catch (GeneralSecurityException e) {
 			logger.error("Unable to create SSL Connection", e);
 		} catch (LDAPException e) {
@@ -106,6 +122,29 @@
 	}
 	
 	/**
+	 * If no displayName pattern is defined then Gitblit can manage the display name.
+	 *
+	 * @return true if Gitblit can manage the user display name
+	 * @since 1.0.0
+	 */
+	@Override
+	public boolean supportsDisplayNameChanges() {
+		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.displayName, ""));
+	}
+	
+	/**
+	 * If no email pattern is defined then Gitblit can manage the email address.
+	 *
+	 * @return true if Gitblit can manage the user email address
+	 * @since 1.0.0
+	 */
+	@Override
+	public boolean supportsEmailAddressChanges() {
+		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
+	}
+
+	
+	/**
 	 * If the LDAP server will maintain team memberships then LdapUserService
 	 * will not allow team membership changes.  In this scenario all team
 	 * changes must be made on the LDAP server by the LDAP administrator.
@@ -115,17 +154,6 @@
 	 */	
 	public boolean supportsTeamMembershipChanges() {
 		return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
-	}
-
-	/**
-	 * Does the user service support cookie authentication?
-	 * 
-	 * @return true or false
-	 */
-	@Override
-	public boolean supportsCookies() {
-		// TODO cookies need to be reviewed
-		return false;
 	}
 
 	@Override
@@ -150,8 +178,11 @@
 					UserModel user = getUserModel(simpleUsername);
 					if (user == null)	// create user object for new authenticated user
 						user = new UserModel(simpleUsername);
-					
-					
+
+					// create a user cookie
+					if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
+						user.cookie = StringUtils.getSHA1(user.username + new String(password));
+					}
 					
 					if (!supportsTeamMembershipChanges())
 						getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
@@ -174,17 +205,30 @@
 		return null;		
 	}
 
+	/**
+	 * Set the admin attribute from team memberships retrieved from LDAP.
+	 * If we are not storing teams in LDAP and/or we have not defined any
+	 * administrator teams, then do not change the admin flag.
+	 * 
+	 * @param user
+	 */
 	private void setAdminAttribute(UserModel user) {
-	    user.canAdmin = false;
-	    List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);
-	    for (String admin : admins) {
-	        if (admin.startsWith("@")) { // Team
-	            if (user.getTeam(admin.substring(1)) != null)
-	                user.canAdmin = true;
-	        } else
-	            if (user.getName().equalsIgnoreCase(admin))
-	                user.canAdmin = true;
-	    }
+		if (!supportsTeamMembershipChanges()) {
+			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+			// if we have defined administrative teams, then set admin flag
+			// otherwise leave admin flag unchanged
+			if (!ArrayUtils.isEmpty(admins)) {
+				user.canAdmin = false;
+				for (String admin : admins) {
+					if (admin.startsWith("@")) { // Team
+						if (user.getTeam(admin.substring(1)) != null)
+							user.canAdmin = true;
+					} else
+						if (user.getName().equalsIgnoreCase(admin))
+							user.canAdmin = true;
+				}
+			}
+		}
 	}
 	
 	private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
@@ -194,27 +238,37 @@
 		// Don't want visibility into the real password, make up a dummy
 		user.password = "StoredInLDAP";
 		
-		// Get Attributes for full name / email
-		String displayName = settings.getString(Keys.realm.ldap.displayName, "displayName");
-		String email = settings.getString(Keys.realm.ldap.email, "email");
+		// Get full name Attribute
+		String displayName = settings.getString(Keys.realm.ldap.displayName, "");		
+		if (!StringUtils.isEmpty(displayName)) {
+			// Replace embedded ${} with attributes
+			if (displayName.contains("${")) {
+				for (Attribute userAttribute : userEntry.getAttributes())
+					displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
 
-		// Replace embedded ${} with attributes
-		if (displayName.contains("${")) {
-			for (Attribute userAttribute : userEntry.getAttributes())
-				displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-			
-			user.displayName = displayName;
-		} else {
-			user.displayName = userEntry.getAttribute(displayName).getValue();
+				user.displayName = displayName;
+			} else {
+				Attribute attribute = userEntry.getAttribute(displayName);
+				if (attribute != null && attribute.hasValue()) {
+					user.displayName = attribute.getValue();
+				}
+			}
 		}
 		
-		if (email.contains("${")) {
-			for (Attribute userAttribute : userEntry.getAttributes())
-				email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-			
-			user.emailAddress = email;
-		} else {
-			user.emailAddress = userEntry.getAttribute(email).getValue();
+		// Get email address Attribute
+		String email = settings.getString(Keys.realm.ldap.email, "");
+		if (!StringUtils.isEmpty(email)) {
+			if (email.contains("${")) {
+				for (Attribute userAttribute : userEntry.getAttributes())
+					email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
+
+				user.emailAddress = email;
+			} else {
+				Attribute attribute = userEntry.getAttribute(email);
+				if (attribute != null && attribute.hasValue()) {
+					user.emailAddress = attribute.getValue();
+				}
+			}
 		}
 	}
 

--
Gitblit v1.9.1