Class: Gitlab::Auth::Ldap::Person
- Inherits:
-
Object
- Object
- Gitlab::Auth::Ldap::Person
- Defined in:
- lib/gitlab/auth/ldap/person.rb
Constant Summary collapse
- AD_USER_DISABLED =
Active Directory-specific LDAP filter that checks if bit 2 of the userAccountControl attribute is set. Source: ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/
Net::LDAP::Filter.ex("userAccountControl:1.2.840.113556.1.4.803", "2")
- InvalidEntryError =
Class.new(StandardError)
Instance Attribute Summary collapse
-
#provider ⇒ Object
Returns the value of attribute provider.
Class Method Summary collapse
- .disabled_via_active_directory?(dn, adapter) ⇒ Boolean
- .find_by_dn(dn, adapter) ⇒ Object
- .find_by_email(email, adapter) ⇒ Object
- .find_by_uid(uid, adapter) ⇒ Object
- .ldap_attributes(config) ⇒ Object
- .normalize_dn(dn) ⇒ Object
-
.normalize_uid(uid) ⇒ Object
Returns the UID in a normalized form.
Instance Method Summary collapse
- #dn ⇒ Object
- #email ⇒ Object
-
#initialize(entry, provider) ⇒ Person
constructor
A new instance of Person.
- #name ⇒ Object
- #uid ⇒ Object
- #username ⇒ Object
Constructor Details
Instance Attribute Details
#provider ⇒ Object
Returns the value of attribute provider.
14 15 16 |
# File 'lib/gitlab/auth/ldap/person.rb', line 14 def provider @provider end |
Class Method Details
.disabled_via_active_directory?(dn, adapter) ⇒ Boolean
31 32 33 |
# File 'lib/gitlab/auth/ldap/person.rb', line 31 def self.disabled_via_active_directory?(dn, adapter) adapter.dn_matches_filter?(dn, AD_USER_DISABLED) end |
.find_by_dn(dn, adapter) ⇒ Object
21 22 23 |
# File 'lib/gitlab/auth/ldap/person.rb', line 21 def self.find_by_dn(dn, adapter) adapter.user('dn', dn) end |
.find_by_email(email, adapter) ⇒ Object
25 26 27 28 29 |
# File 'lib/gitlab/auth/ldap/person.rb', line 25 def self.find_by_email(email, adapter) email_fields = adapter.config.attributes['email'] adapter.user(email_fields, email) end |
.find_by_uid(uid, adapter) ⇒ Object
16 17 18 19 |
# File 'lib/gitlab/auth/ldap/person.rb', line 16 def self.find_by_uid(uid, adapter) uid = Net::LDAP::Filter.escape(uid) adapter.user(adapter.config.uid, uid) end |
.ldap_attributes(config) ⇒ Object
35 36 37 38 39 40 41 42 43 |
# File 'lib/gitlab/auth/ldap/person.rb', line 35 def self.ldap_attributes(config) [ 'dn', config.uid, *config.attributes['name'], *config.attributes['email'], *config.attributes['username'] ].compact.uniq.reject(&:blank?) end |
.normalize_dn(dn) ⇒ Object
45 46 47 48 49 50 51 |
# File 'lib/gitlab/auth/ldap/person.rb', line 45 def self.normalize_dn(dn) ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s rescue ::Gitlab::Auth::Ldap::DN::FormatError => e Gitlab::AppLogger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.}") dn end |
.normalize_uid(uid) ⇒ Object
Returns the UID in a normalized form.
-
Excess spaces are stripped
-
The string is downcased (for case-insensitivity)
57 58 59 60 61 62 63 |
# File 'lib/gitlab/auth/ldap/person.rb', line 57 def self.normalize_uid(uid) ::Gitlab::Auth::Ldap::DN.normalize_value(uid) rescue ::Gitlab::Auth::Ldap::DN::FormatError => e Gitlab::AppLogger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.}") uid end |
Instance Method Details
#dn ⇒ Object
95 96 97 |
# File 'lib/gitlab/auth/ldap/person.rb', line 95 def dn self.class.normalize_dn(entry.dn) end |
#email ⇒ Object
91 92 93 |
# File 'lib/gitlab/auth/ldap/person.rb', line 91 def email attribute_value(:email) end |
#name ⇒ Object
71 72 73 |
# File 'lib/gitlab/auth/ldap/person.rb', line 71 def name attribute_value(:name)&.first end |
#uid ⇒ Object
75 76 77 |
# File 'lib/gitlab/auth/ldap/person.rb', line 75 def uid entry.public_send(config.uid).first # rubocop:disable GitlabSecurity/PublicSend end |
#username ⇒ Object
79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/gitlab/auth/ldap/person.rb', line 79 def username username = attribute_value(:username) # Depending on the attribute, multiple values may # be returned. We need only one for username. # Ex. `uid` returns only one value but `mail` may # return an array of multiple email addresses. [username].flatten.first.tap do |username| username.downcase! if config.lowercase_usernames end end |