From 749110b462b3147c6dfff076fb5d1bf0460a4f99 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 07 Aug 2012 08:14:15 -0400
Subject: [PATCH] Do not incrementally index blobs in submodules (issue 119)
---
src/com/gitblit/LdapUserService.java | 114 +++++++++++++++++++++++++++++++++++----------------------
1 files changed, 70 insertions(+), 44 deletions(-)
diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 674e2a0..61de01d 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -27,6 +27,7 @@
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
+import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.StringUtils;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.LDAPConnection;
@@ -56,7 +57,7 @@
@Override
public void setup(IStoredSettings settings) {
this.settings = settings;
- String file = settings.getString(Keys.realm.ldap_backingUserService, "users.conf");
+ String file = settings.getString(Keys.realm.ldap.backingUserService, "users.conf");
File realmFile = GitBlit.getFileOrFolder(file);
serviceImpl = createUserService(realmFile);
@@ -65,9 +66,9 @@
private LDAPConnection getLdapConnection() {
try {
- URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap_server));
- String bindUserName = settings.getString(Keys.realm.ldap_username, "");
- String bindPassword = settings.getString(Keys.realm.ldap_password, "");
+ URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+ String bindUserName = settings.getString(Keys.realm.ldap.username, "");
+ String bindPassword = settings.getString(Keys.realm.ldap.password, "");
int ldapPort = ldapUrl.getPort();
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { // SSL
@@ -106,6 +107,29 @@
}
/**
+ * If no displayName pattern is defined then Gitblit can manage the display name.
+ *
+ * @return true if Gitblit can manage the user display name
+ * @since 1.0.0
+ */
+ @Override
+ public boolean supportsDisplayNameChanges() {
+ return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.displayName, ""));
+ }
+
+ /**
+ * If no email pattern is defined then Gitblit can manage the email address.
+ *
+ * @return true if Gitblit can manage the user email address
+ * @since 1.0.0
+ */
+ @Override
+ public boolean supportsEmailAddressChanges() {
+ return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
+ }
+
+
+ /**
* If the LDAP server will maintain team memberships then LdapUserService
* will not allow team membership changes. In this scenario all team
* changes must be made on the LDAP server by the LDAP administrator.
@@ -114,18 +138,7 @@
* @since 1.0.0
*/
public boolean supportsTeamMembershipChanges() {
- return !settings.getBoolean(Keys.realm.ldap_maintainTeams, false);
- }
-
- /**
- * Does the user service support cookie authentication?
- *
- * @return true or false
- */
- @Override
- public boolean supportsCookies() {
- // TODO cookies need to be reviewed
- return false;
+ return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
}
@Override
@@ -135,8 +148,8 @@
LDAPConnection ldapConnection = getLdapConnection();
if (ldapConnection != null) {
// Find the logging in user's DN
- String accountBase = settings.getString(Keys.realm.ldap_accountBase, "");
- String accountPattern = settings.getString(Keys.realm.ldap_accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
+ String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
+ String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
@@ -145,13 +158,16 @@
String loggingInUserDN = loggingInUser.getDN();
if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
- logger.debug("Authenitcated: " + username);
+ logger.debug("LDAP authenticated: " + username);
UserModel user = getUserModel(simpleUsername);
if (user == null) // create user object for new authenticated user
user = new UserModel(simpleUsername);
-
-
+
+ // create a user cookie
+ if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
+ user.cookie = StringUtils.getSHA1(user.username + new String(password));
+ }
if (!supportsTeamMembershipChanges())
getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
@@ -176,7 +192,7 @@
private void setAdminAttribute(UserModel user) {
user.canAdmin = false;
- List<String> admins = settings.getStrings(Keys.realm.ldap_admins);
+ List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
for (String admin : admins) {
if (admin.startsWith("@")) { // Team
if (user.getTeam(admin.substring(1)) != null)
@@ -194,27 +210,37 @@
// Don't want visibility into the real password, make up a dummy
user.password = "StoredInLDAP";
- // Get Attributes for full name / email
- String displayName = settings.getString(Keys.realm.ldap_displayName, "displayName");
- String email = settings.getString(Keys.realm.ldap_email, "email");
+ // Get full name Attribute
+ String displayName = settings.getString(Keys.realm.ldap.displayName, "");
+ if (!StringUtils.isEmpty(displayName)) {
+ // Replace embedded ${} with attributes
+ if (displayName.contains("${")) {
+ for (Attribute userAttribute : userEntry.getAttributes())
+ displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
- // Replace embedded ${} with attributes
- if (displayName.contains("${")) {
- for (Attribute userAttribute : userEntry.getAttributes())
- displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-
- user.displayName = displayName;
- } else {
- user.displayName = userEntry.getAttribute(displayName).getValue();
+ user.displayName = displayName;
+ } else {
+ Attribute attribute = userEntry.getAttribute(displayName);
+ if (attribute != null && attribute.hasValue()) {
+ user.displayName = attribute.getValue();
+ }
+ }
}
- if (email.contains("${")) {
- for (Attribute userAttribute : userEntry.getAttributes())
- email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-
- user.emailAddress = email;
- } else {
- user.emailAddress = userEntry.getAttribute(email).getValue();
+ // Get email address Attribute
+ String email = settings.getString(Keys.realm.ldap.email, "");
+ if (!StringUtils.isEmpty(email)) {
+ if (email.contains("${")) {
+ for (Attribute userAttribute : userEntry.getAttributes())
+ email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
+
+ user.emailAddress = email;
+ } else {
+ Attribute attribute = userEntry.getAttribute(email);
+ if (attribute != null && attribute.hasValue()) {
+ user.emailAddress = attribute.getValue();
+ }
+ }
}
}
@@ -222,8 +248,8 @@
String loggingInUserDN = loggingInUser.getDN();
user.teams.clear(); // Clear the users team memberships - we're going to get them from LDAP
- String groupBase = settings.getString(Keys.realm.ldap_groupBase, "");
- String groupMemberPattern = settings.getString(Keys.realm.ldap_groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
+ String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
+ String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
groupMemberPattern = StringUtils.replace(groupMemberPattern, "${dn}", escapeLDAPSearchFilter(loggingInUserDN));
groupMemberPattern = StringUtils.replace(groupMemberPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
@@ -250,7 +276,7 @@
private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {
TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));
- // If attributes other than team name ever from from LDAP, this is where to get them
+ // potentially retrieve other attributes here in the future
return answer;
}
@@ -271,7 +297,7 @@
ldapConnection.bind(userDn, password);
return true;
} catch (LDAPException e) {
- logger.error("Error authenitcating user", e);
+ logger.error("Error authenticating user", e);
return false;
}
}
--
Gitblit v1.9.1