githubFork/gitblit.git - Solinfo Gitblit

			@@ -23,6 +23,8 @@
			import java.util.HashMap;
			import java.util.List;
			import java.util.Map;
			import java.util.concurrent.Executors;
			import java.util.concurrent.ScheduledExecutorService;
			import java.util.concurrent.TimeUnit;
			import java.util.concurrent.atomic.AtomicLong;

			@@ -32,8 +34,10 @@
			import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
			import com.gitblit.models.TeamModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.service.LdapSyncService;
			import com.gitblit.utils.ArrayUtils;
			import com.gitblit.utils.StringUtils;
			import com.gitblit.utils.TimeUtils;
			import com.unboundid.ldap.sdk.Attribute;
			import com.unboundid.ldap.sdk.DereferencePolicy;
			import com.unboundid.ldap.sdk.ExtendedResult;
			@@ -57,7 +61,7 @@
			*/
			public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {

			private AtomicLong lastLdapUserSync = new AtomicLong(0L);
			private final AtomicLong lastLdapUserSync = new AtomicLong(0L);

			public LdapAuthProvider() {
			super("ldap");
			@@ -77,6 +81,11 @@

			@Override
			public void setup() {
			synchronizeLdapUsers();
			configureLdapSyncService();
			}

			public void synchronizeWithLdapService() {
			synchronizeLdapUsers();
			}

			@@ -289,16 +298,17 @@
			UserModel user = null;
			synchronized (this) {
			user = userManager.getUserModel(simpleUsername);
			if (user == null) // create user object for new authenticated user
			if (user == null) {
			// create user object for new authenticated user
			user = new UserModel(simpleUsername);

			// create a user cookie
			if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
			user.cookie = StringUtils.getSHA1(user.username + new String(password));
			}

			if (!supportsTeamMembershipChanges())
			// create a user cookie
			setCookie(user, password);

			if (!supportsTeamMembershipChanges()) {
			getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
			}

			// Get User Attributes
			setUserAttributes(user, loggingInUser);
			@@ -307,8 +317,9 @@
			updateUser(user);

			if (!supportsTeamMembershipChanges()) {
			for (TeamModel userTeam : user.teams)
			for (TeamModel userTeam : user.teams) {
			updateTeam(userTeam);
			}
			}
			}

			@@ -337,12 +348,13 @@
			if (!ArrayUtils.isEmpty(admins)) {
			user.canAdmin = false;
			for (String admin : admins) {
			if (admin.startsWith("@")) { // Team
			if (user.getTeam(admin.substring(1)) != null)
			user.canAdmin = true;
			} else
			if (user.getName().equalsIgnoreCase(admin))
			user.canAdmin = true;
			if (admin.startsWith("@") && user.isTeamMember(admin.substring(1))) {
			// admin team
			user.canAdmin = true;
			} else if (user.getName().equalsIgnoreCase(admin)) {
			// admin user
			user.canAdmin = true;
			}
			}
			}
			}
			@@ -361,9 +373,9 @@
			if (!StringUtils.isEmpty(displayName)) {
			// Replace embedded ${} with attributes
			if (displayName.contains("${")) {
			for (Attribute userAttribute : userEntry.getAttributes())
			for (Attribute userAttribute : userEntry.getAttributes()) {
			displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());

			}
			user.displayName = displayName;
			} else {
			Attribute attribute = userEntry.getAttribute(displayName);
			@@ -377,9 +389,9 @@
			String email = settings.getString(Keys.realm.ldap.email, "");
			if (!StringUtils.isEmpty(email)) {
			if (email.contains("${")) {
			for (Attribute userAttribute : userEntry.getAttributes())
			for (Attribute userAttribute : userEntry.getAttributes()) {
			email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());

			}
			user.emailAddress = email;
			} else {
			Attribute attribute = userEntry.getAttribute(email);
			@@ -393,7 +405,9 @@
			private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {
			String loggingInUserDN = loggingInUser.getDN();

			user.teams.clear(); // Clear the users team memberships - we're going to get them from LDAP
			// Clear the users team memberships - we're going to get them from LDAP
			user.teams.clear();

			String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
			String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");

			@@ -514,4 +528,24 @@
			}
			return sb.toString();
			}

			private void configureLdapSyncService() {
			logger.info("Start configuring ldap sync service");
			LdapSyncService ldapSyncService = new LdapSyncService(settings, this);
			if (ldapSyncService.isReady()) {
			int mins = TimeUtils.convertFrequencyToMinutes(settings.getString(Keys.realm.ldap.synchronizeUsers.ldapSyncPeriod, "5 mins"));
			if (mins < 5) {
			mins = 5;
			}
			int delay = 1;
			ScheduledExecutorService scheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
			scheduledExecutorService.scheduleAtFixedRate(ldapSyncService, delay, mins, TimeUnit.MINUTES);
			logger.info("Ldap sync service will update user and groups every {} minutes.", mins);
			logger.info("Next scheduled ldap sync is in {} minutes", delay);
			} else {
			logger.info("Ldap sync service is disabled.");
			}
			logger.info("Finished configuring ldap sync service");
			}

			}