Class: BarkestCore::UserManager

Inherits:
Object
  • Object
show all
Defined in:
app/models/barkest_core/user_manager.rb

Overview

Handles login requests, group mapping, and password changing for both the DB and LDAP sources.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ UserManager

Creates a new user manager.



11
12
13
14
15
16
17
18
19
 
# File 'app/models/barkest_core/user_manager.rb', line 11

def initialize(options = {})
  @options = (options || {}).symbolize_keys
  if @options[:enable_ldap_auth]
    @ldap = get_ldap_connection
    raise ArgumentError.new('Failed to connect to LDAP host using supplied arguments.') unless @ldap.bind
  end
  @options[:enable_db_auth] = true unless @options[:enable_ldap_auth]
  User.ensure_admin_exists!
end

Class Method Details

.authenticate(email, password, client_ip) ⇒ Object

Attempts to authenticate the user and returns the model on success.



126
127
128
 
# File 'app/models/barkest_core/user_manager.rb', line 126

def self.authenticate(email, password, client_ip)
  default.authenticate email, password, client_ip
end

.auto_activate_ldap?Boolean

Should valid ldap users be auto-activated on first login?

Returns:

  • (Boolean) 


138
139
140
 
# File 'app/models/barkest_core/user_manager.rb', line 138

def self.auto_activate_ldap?
  default.auto_activate_ldap?
end

.ldap_system_admin_groupsObject

Gets the list of ldap groups that map to system administrators.



154
155
156
 
# File 'app/models/barkest_core/user_manager.rb', line 154

def self.ldap_system_admin_groups
  default.ldap_system_admin_groups
end

.primary_sourceObject

Gets the first authentication source for the user manager.



63
64
65
 
# File 'app/models/barkest_core/user_manager.rb', line 63

def self.primary_source
  default.primary_source
end

.using_db?Boolean

Is the user manager using the db?

Returns:

  • (Boolean) 


41
42
43
 
# File 'app/models/barkest_core/user_manager.rb', line 41

def self.using_db?
  default.using_db?
end

.using_ldap?Boolean

Is the user manager using ldap?

Returns:

  • (Boolean) 


29
30
31
 
# File 'app/models/barkest_core/user_manager.rb', line 29

def self.using_ldap?
  default.using_ldap?
end

Instance Method Details

#authenticate(email, password, client_ip) ⇒ Object

Attempts to authenticate the user and returns the model on success.



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'app/models/barkest_core/user_manager.rb', line 69

def authenticate(email, password, client_ip)
  return nil unless email && BarkestCore::EmailTester.valid_email?(email, false)

  email = email.downcase

  sources.each do |source|
    if source == :ldap
      entry = @ldap.search(filter: "(&(objectClass=user)(mail=#{email}))")
      if entry && entry.count == 1  # we found a match.
        user = User.find_by(email: email, ldap: true)

        # make sure it authenticates correctly.
        entry = @ldap.bind_as(filter: "(&(objectClass=user)(mail=#{email}))", password: password)

        # do not allow authenticating against the DB now.
        unless entry && entry.count == 1
          add_failure_to user || email, '(LDAP) failed to authenticate', client_ip
          return nil
        end

        # load the user and return.
        user = load_ldap_user(entry.first, true, client_ip)
        unless user.enabled?
          add_failure_to user, '(LDAP) account disabled', client_ip
          return nil
        end
        add_success_to user, '(LDAP)', client_ip
        return user
      end
    else
      user = User.find_by(email: email)
      if user
        # user must be enabled, cannot be LDAP, and the password must match.
        if user.ldap?
          add_failure_to user, '(DB) cannot authenticate LDAP user', client_ip
          return nil
        end
        unless user.enabled?
          add_failure_to user, '(DB) account disabled', client_ip
          return nil
        end
        if user.authenticate(password)
          add_success_to user, '(DB)', client_ip
          return user
        else
          add_failure_to user, '(DB) invalid password', client_ip
          return nil
        end
      end
    end
  end
  add_failure_to email, 'invalid email', client_ip
  nil
end

#auto_activate_ldap?Boolean

Should valid ldap users be auto-activated on first login?

Returns:

  • (Boolean) 


132
133
134
 
# File 'app/models/barkest_core/user_manager.rb', line 132

def auto_activate_ldap?
  @options[:ldap_auto_activate]
end

#ldap_system_admin_groupsObject

Gets the list of ldap groups that map to system administrators.



144
145
146
147
148
149
150
 
# File 'app/models/barkest_core/user_manager.rb', line 144

def ldap_system_admin_groups
  @ldap_system_admin_groups ||=
      begin
        val = @options[:ldap_system_admin_groups]
        val.blank? ? [] : val.strip.gsub(',', ';').split(';').map{|v| v.strip.upcase}
      end
end

#primary_sourceObject

Gets the first authentication source for this user manager.



47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'app/models/barkest_core/user_manager.rb', line 47

def primary_source
  return :ldap if using_ldap? && !using_db?
  return :db if using_db? && !using_ldap?

  source = @options[:primary_source]
  source = source.to_sym if source.is_a?(String)

  return source if [:ldap, :db].include?(source)

  return :ldap if using_ldap?

  :db
end

#using_db?Boolean

Is this user manager using the db?

Returns:

  • (Boolean) 


35
36
37
 
# File 'app/models/barkest_core/user_manager.rb', line 35

def using_db?
  @options[:enable_db_auth]
end

#using_ldap?Boolean

Is this user manager using ldap?

Returns:

  • (Boolean) 


23
24
25
 
# File 'app/models/barkest_core/user_manager.rb', line 23

def using_ldap?
  @options[:enable_ldap_auth]
end