gitlab-org--gitlab-foss/lib/gitlab/ldap/person.rb

module Gitlab
  module LDAP
    class Person
      # Active Directory-specific LDAP filter that checks if bit 2 of the
      # userAccountControl attribute is set.
      # Source: http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/
      AD_USER_DISABLED = Net::LDAP::Filter.ex("userAccountControl:1.2.840.113556.1.4.803", "2")

      attr_accessor :entry, :provider

      def self.find_by_uid(uid, adapter)
        uid = Net::LDAP::Filter.escape(uid)
        adapter.user(adapter.config.uid, uid)
      end

      def self.find_by_dn(dn, adapter)
        adapter.user('dn', dn)
      end

      def self.disabled_via_active_directory?(dn, adapter)
        adapter.dn_matches_filter?(dn, AD_USER_DISABLED)
      end

      def initialize(entry, provider)
        Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" }
        @entry = entry
        @provider = provider
      end

      def name
        attribute_value(:name).first
      end

      def uid
        entry.send(config.uid).first
      end

      def username
        uid
      end

      def email
        attribute_value(:email)
      end

      delegate :dn, to: :entry

      private

      def entry
        @entry
      end

      def config
        @config ||= Gitlab::LDAP::Config.new(provider)
      end

      # Using the LDAP attributes configuration, find and return the first
      # attribute with a value. For example, by default, when given 'email',
      # this method looks for 'mail', 'email' and 'userPrincipalName' and
      # returns the first with a value.
      def attribute_value(attribute)
        attributes = Array(config.attributes[attribute.to_s])
        selected_attr = attributes.find { |attr| entry.respond_to?(attr) }

        return nil unless selected_attr

        entry.public_send(selected_attr)
      end
    end
  end
end
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`module Gitlab`
			`module LDAP`
			`class Person`
Document the Active Directory magic numbers 2014-05-14 13:08:42 -04:00			`# Active Directory-specific LDAP filter that checks if bit 2 of the`
			`# userAccountControl attribute is set.`
			`# Source: http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/`
Fix syntax error in AD disabled user filter 2014-05-14 12:54:05 -04:00			`AD_USER_DISABLED = Net::LDAP::Filter.ex("userAccountControl:1.2.840.113556.1.4.803", "2")`
Add LDAP::Person#ad_disabled? Check the bit for disabled Active Directory users. The filter is based on http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/ . 2014-05-14 12:26:58 -04:00
Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`attr_accessor :entry, :provider`

			`def self.find_by_uid(uid, adapter)`
Escape wildcards when searching LDAP by username. 2015-03-06 07:26:33 -05:00			`uid = Net::LDAP::Filter.escape(uid)`
Use server specific uid 2014-10-14 04:54:43 -04:00			`adapter.user(adapter.config.uid, uid)`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`

Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`def self.find_by_dn(dn, adapter)`
Allow passing an adapter to Gitlab::LDAP::Person 2014-03-14 03:52:57 -04:00			`adapter.user('dn', dn)`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`

Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`def self.disabled_via_active_directory?(dn, adapter)`
Add LDAP::Person#ad_disabled? Check the bit for disabled Active Directory users. The filter is based on http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/ . 2014-05-14 12:26:58 -04:00			`adapter.dn_matches_filter?(dn, AD_USER_DISABLED)`
			`end`

Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`def initialize(entry, provider)`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" }`
			`@entry = entry`
Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`@provider = provider`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`

			`def name`
LDAP attributes needs default values 2017-01-05 17:01:04 -05:00			`attribute_value(:name).first`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`

			`def uid`
			`entry.send(config.uid).first`
			`end`

			`def username`
			`uid`
			`end`

Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`def email`
Gitlab::LDAP::Person uses LDAP attributes configuration We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`. 2017-01-03 11:05:47 -05:00			`attribute_value(:email)`
Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`end`

Enable Rails/Delegate 2017-02-22 12:51:46 -05:00			`delegate :dn, to: :entry`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00
			`private`

			`def entry`
			`@entry`
			`end`

			`def config`
Refactor lib files for multiple LDAP groups 2014-10-13 11:24:05 -04:00			`@config \|\|= Gitlab::LDAP::Config.new(provider)`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`
Gitlab::LDAP::Person uses LDAP attributes configuration We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`. 2017-01-03 11:05:47 -05:00
			`# Using the LDAP attributes configuration, find and return the first`
			`# attribute with a value. For example, by default, when given 'email',`
			`# this method looks for 'mail', 'email' and 'userPrincipalName' and`
			`# returns the first with a value.`
			`def attribute_value(attribute)`
LDAP attributes needs default values 2017-01-05 17:01:04 -05:00			`attributes = Array(config.attributes[attribute.to_s])`
Gitlab::LDAP::Person uses LDAP attributes configuration We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`. 2017-01-03 11:05:47 -05:00			`selected_attr = attributes.find { \|attr\| entry.respond_to?(attr) }`

			`return nil unless selected_attr`

LDAP attributes needs default values 2017-01-05 17:01:04 -05:00			`entry.public_send(selected_attr)`
Gitlab::LDAP::Person uses LDAP attributes configuration We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`. 2017-01-03 11:05:47 -05:00			`end`
Port LDAP code from EE Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-10 08:48:08 -04:00			`end`
			`end`
			`end`