mirror of
https://github.com/go-vikunja/vikunja.git
synced 2026-03-12 01:59:34 -05:00
feat(ldap): sync avatar from ldap
This commit is contained in:
kolaente
@@ -775,6 +775,11 @@
|
||||
"default_value": "(&(objectclass=*)(|(objectclass=group)(objectclass=groupOfNames)))",
|
||||
"comment": "The filter to search for group objects in the ldap directory. Only used when `groupsyncenabled` is set to `true`."
|
||||
},
|
||||
{
|
||||
"key": "avatarsyncattribute",
|
||||
"default_value": "",
|
||||
"comment": "The LDAP attribute where an image, decoded as raw bytes, can be found. If provided, Vikunja will use the value as avatar."
|
||||
},
|
||||
{
|
||||
"key": "attribute",
|
||||
"default_value": "",
|
||||
|
||||
@@ -90,6 +90,7 @@ const (
|
||||
AuthLdapBindPassword Key = `auth.ldap.bindpassword`
|
||||
AuthLdapGroupSyncEnabled Key = `auth.ldap.groupsyncenabled`
|
||||
AuthLdapGroupSyncFilter Key = `auth.ldap.groupsyncfilter`
|
||||
AuthLdapAvatarSyncAttribute Key = `auth.ldap.avatarsyncattribute`
|
||||
AuthLdapAttributeUsername Key = `auth.ldap.attribute.username`
|
||||
AuthLdapAttributeEmail Key = `auth.ldap.attribute.email`
|
||||
AuthLdapAttributeDisplayname Key = `auth.ldap.attribute.displayname`
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
@@ -27,6 +28,7 @@ import (
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/api/pkg/modules/auth"
|
||||
"code.vikunja.io/api/pkg/modules/avatar/upload"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
@@ -108,7 +110,7 @@ func sanitizedUserQuery(username string) (string, bool) {
|
||||
return fmt.Sprintf(config.AuthLdapUserFilter.GetString(), username), true
|
||||
}
|
||||
|
||||
func AuthenticateUserInLDAP(s *xorm.Session, username, password string, syncGroups bool) (u *user.User, err error) {
|
||||
func AuthenticateUserInLDAP(s *xorm.Session, username, password string, syncGroups bool, avatarSyncAttribute string) (u *user.User, err error) {
|
||||
if password == "" || username == "" {
|
||||
return nil, user.ErrNoUsernamePassword{}
|
||||
}
|
||||
@@ -137,6 +139,7 @@ func AuthenticateUserInLDAP(s *xorm.Session, username, password string, syncGrou
|
||||
config.AuthLdapAttributeUsername.GetString(),
|
||||
config.AuthLdapAttributeEmail.GetString(),
|
||||
config.AuthLdapAttributeDisplayname.GetString(),
|
||||
"jpegPhoto",
|
||||
},
|
||||
nil,
|
||||
)
|
||||
@@ -169,6 +172,15 @@ func AuthenticateUserInLDAP(s *xorm.Session, username, password string, syncGrou
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if avatarSyncAttribute != "" {
|
||||
raw := sr.Entries[0].GetRawAttributeValue(avatarSyncAttribute)
|
||||
u.AvatarProvider = "ldap"
|
||||
err = upload.StoreAvatarFile(s, u, bytes.NewReader(raw))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if !syncGroups {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -40,7 +40,7 @@ func TestLdapLogin(t *testing.T) {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
user, err := AuthenticateUserInLDAP(s, "professor", "professor", false)
|
||||
user, err := AuthenticateUserInLDAP(s, "professor", "professor", false, "")
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "professor", user.Username)
|
||||
@@ -58,7 +58,7 @@ func TestLdapLogin(t *testing.T) {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := AuthenticateUserInLDAP(s, "professor", "wrongpassword", false)
|
||||
_, err := AuthenticateUserInLDAP(s, "professor", "wrongpassword", false, "")
|
||||
|
||||
require.Error(t, err)
|
||||
assert.True(t, user2.IsErrWrongUsernameOrPassword(err))
|
||||
@@ -69,7 +69,7 @@ func TestLdapLogin(t *testing.T) {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := AuthenticateUserInLDAP(s, "gnome", "professor", false)
|
||||
_, err := AuthenticateUserInLDAP(s, "gnome", "professor", false, "")
|
||||
|
||||
require.Error(t, err)
|
||||
assert.True(t, user2.IsErrWrongUsernameOrPassword(err))
|
||||
@@ -80,7 +80,7 @@ func TestLdapLogin(t *testing.T) {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
user, err := AuthenticateUserInLDAP(s, "professor", "professor", true)
|
||||
user, err := AuthenticateUserInLDAP(s, "professor", "professor", true, "")
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "professor", user.Username)
|
||||
@@ -99,4 +99,20 @@ func TestLdapLogin(t *testing.T) {
|
||||
"external_id": "cn=git,ou=people,dc=planetexpress,dc=com",
|
||||
}, false)
|
||||
})
|
||||
|
||||
t.Run("should sync avatar when enabled", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
user, err := AuthenticateUserInLDAP(s, "professor", "professor", false, "jpegPhoto")
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "professor", user.Username)
|
||||
db.AssertExists(t, "users", map[string]interface{}{
|
||||
"username": "professor",
|
||||
"issuer": "ldap",
|
||||
"avatar_provider": "ldap",
|
||||
}, false)
|
||||
})
|
||||
}
|
||||
|
||||
30
pkg/modules/avatar/ldap/ldap.go
Normal file
30
pkg/modules/avatar/ldap/ldap.go
Normal file
@@ -0,0 +1,30 @@
|
||||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public Licensee for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public Licensee
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/modules/avatar/upload"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
)
|
||||
|
||||
type Provider struct{}
|
||||
|
||||
func (p *Provider) GetAvatar(user *user.User, size int64) (avatar []byte, mimeType string, err error) {
|
||||
up := upload.Provider{}
|
||||
|
||||
return up.GetAvatar(user, size)
|
||||
}
|
||||
@@ -55,7 +55,7 @@ func Login(c echo.Context) (err error) {
|
||||
|
||||
var user *user2.User
|
||||
if config.AuthLdapEnabled.GetBool() {
|
||||
user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password, config.AuthLdapGroupSyncEnabled.GetBool())
|
||||
user, err = ldap.AuthenticateUserInLDAP(s, u.Username, u.Password, config.AuthLdapGroupSyncEnabled.GetBool(), config.AuthLdapAvatarSyncAttribute.GetString())
|
||||
if err != nil && !user2.IsErrWrongUsernameOrPassword(err) {
|
||||
_ = s.Rollback()
|
||||
return handler.HandleHTTPError(err)
|
||||
|
||||
@@ -550,7 +550,8 @@ func UpdateUser(s *xorm.Session, user *User, forceOverride bool) (updatedUser *U
|
||||
user.AvatarProvider != "gravatar" &&
|
||||
user.AvatarProvider != "initials" &&
|
||||
user.AvatarProvider != "upload" &&
|
||||
user.AvatarProvider != "marble" {
|
||||
user.AvatarProvider != "marble" &&
|
||||
user.AvatarProvider != "ldap" {
|
||||
return updatedUser, &ErrInvalidAvatarProvider{AvatarProvider: user.AvatarProvider}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user