From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.

---
 tests/com/gitblit/tests/LdapUserServiceTest.java |   66 +++++++++++++++++++++++++++++----
 1 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/tests/com/gitblit/tests/LdapUserServiceTest.java b/tests/com/gitblit/tests/LdapUserServiceTest.java
index 48c9741..ffe8264 100644
--- a/tests/com/gitblit/tests/LdapUserServiceTest.java
+++ b/tests/com/gitblit/tests/LdapUserServiceTest.java
@@ -16,6 +16,7 @@
  */
 package com.gitblit.tests;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
@@ -24,6 +25,7 @@
 import java.util.Map;
 
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
 import com.gitblit.LdapUserService;
@@ -45,23 +47,28 @@
 	
 	private LdapUserService ldapUserService;
 	
-	int ldapPort = 1389;
+	static int ldapPort = 1389;
 	
-	@Before
-	public void createInMemoryLdapServer() throws Exception {
+	@BeforeClass
+	public static void createInMemoryLdapServer() throws Exception {
 		InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
 		config.addAdditionalBindCredentials("cn=Directory Manager", "password");
 		config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", ldapPort));
 		config.setSchema(null);
 		
 		InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
-		ds.importFromLDIF(true, new LDIFReader(this.getClass().getResourceAsStream("resources/ldapUserServiceSampleData.ldif")));
+		ds.importFromLDIF(true, new LDIFReader(LdapUserServiceTest.class.getResourceAsStream("resources/ldapUserServiceSampleData.ldif")));
 		ds.startListening();
 	}
 	
 	@Before
 	public void createLdapUserService() {
-		Map<Object, Object> backingMap = new HashMap<Object, Object>();
+		ldapUserService = new LdapUserService();
+		ldapUserService.setup(getSettings());
+	}
+	
+	private MemorySettings getSettings() {
+		Map<String, Object> backingMap = new HashMap<String, Object>();
 		backingMap.put("realm.ldap.server", "ldap://localhost:" + ldapPort);
 		backingMap.put("realm.ldap.domain", "");
 		backingMap.put("realm.ldap.username", "cn=Directory Manager");
@@ -73,11 +80,11 @@
 		backingMap.put("realm.ldap.groupBase", "OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain");
 		backingMap.put("realm.ldap.groupPattern", "(&(objectClass=group)(member=${dn}))");
 		backingMap.put("realm.ldap.admins", "UserThree @Git_Admins \"@Git Admins\"");
+		backingMap.put("realm.ldap.displayName", "displayName");
+		backingMap.put("realm.ldap.email", "email");
 		
 		MemorySettings ms = new MemorySettings(backingMap);
-		
-		ldapUserService = new LdapUserService();
-		ldapUserService.setup(ms);
+		return ms;
 	}
 	
 	@Test
@@ -104,5 +111,48 @@
 		assertNull(userThreeModel.getTeam("git_admins"));
 		assertTrue(userThreeModel.canAdmin);
 	}
+	
+	@Test
+	public void testDisplayName() {
+		UserModel userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
+		assertNotNull(userOneModel);
+		assertEquals("User One", userOneModel.displayName);
+		
+		// Test more complicated scenarios - concat
+		MemorySettings ms = getSettings();
+		ms.put("realm.ldap.displayName", "${personalTitle}. ${givenName} ${surname}");
+		ldapUserService = new LdapUserService();
+		ldapUserService.setup(ms);
+		
+		userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
+		assertNotNull(userOneModel);
+		assertEquals("Mr. User One", userOneModel.displayName);
+	}
+	
+	@Test
+	public void testEmail() {
+		UserModel userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
+		assertNotNull(userOneModel);
+		assertEquals("userone@gitblit.com", userOneModel.emailAddress);
+		
+		// Test more complicated scenarios - concat
+		MemorySettings ms = getSettings();
+		ms.put("realm.ldap.email", "${givenName}.${surname}@gitblit.com");
+		ldapUserService = new LdapUserService();
+		ldapUserService.setup(ms);
+		
+		userOneModel = ldapUserService.authenticate("UserOne", "userOnePassword".toCharArray());
+		assertNotNull(userOneModel);
+		assertEquals("User.One@gitblit.com", userOneModel.emailAddress);
+	}
+	
+	@Test
+	public void testLdapInjection() {
+		// Inject so "(&(objectClass=person)(sAMAccountName=${username}))" becomes "(&(objectClass=person)(sAMAccountName=*)(userPassword=userOnePassword))"
+		// Thus searching by password
+		
+		UserModel userOneModel = ldapUserService.authenticate("*)(userPassword=userOnePassword", "userOnePassword".toCharArray());
+		assertNull(userOneModel);
+	}
 
 }

--
Gitblit v1.9.1