From 34490339108666055728219d006499eeec55582a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 28 Jan 2014 07:49:55 -0500
Subject: [PATCH] Merge pull request #136 from culmat/patch-1

---
 src/main/java/com/gitblit/auth/LdapAuthProvider.java |   54 ++++++++++++++++++++++++++++++++++--------------------
 1 files changed, 34 insertions(+), 20 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 7a6b74d..8fef620 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -162,15 +162,20 @@
 			String bindUserName = settings.getString(Keys.realm.ldap.username, "");
 			String bindPassword = settings.getString(Keys.realm.ldap.password, "");
 
-
 			LDAPConnection conn;
 			if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {
 				// SSL
 				SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
 				conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
+				if (ldapPort == -1) {
+					ldapPort = 636;
+				}
 			} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
 				// no encryption or StartTLS
 				conn = new LDAPConnection();
+				 if (ldapPort == -1) {
+					 ldapPort = 389;
+				 }
 			} else {
 				logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
 				return null;
@@ -187,7 +192,11 @@
 				}
 			}
 
-			if (!StringUtils.isEmpty(bindUserName) || !StringUtils.isEmpty(bindPassword)) {
+			if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
+				// anonymous bind
+				conn.bind(new SimpleBindRequest());
+			} else {
+				// authenticated bind
 				conn.bind(new SimpleBindRequest(bindUserName, bindPassword));
 			}
 
@@ -280,16 +289,17 @@
 						UserModel user = null;
 						synchronized (this) {
 							user = userManager.getUserModel(simpleUsername);
-							if (user == null)	// create user object for new authenticated user
+							if (user == null) {
+								// create user object for new authenticated user
 								user = new UserModel(simpleUsername);
-
-							// create a user cookie
-							if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
-								user.cookie = StringUtils.getSHA1(user.username + new String(password));
 							}
 
-							if (!supportsTeamMembershipChanges())
+							// create a user cookie
+							setCookie(user, password);
+
+							if (!supportsTeamMembershipChanges()) {
 								getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
+							}
 
 							// Get User Attributes
 							setUserAttributes(user, loggingInUser);
@@ -298,8 +308,9 @@
 							updateUser(user);
 
 							if (!supportsTeamMembershipChanges()) {
-								for (TeamModel userTeam : user.teams)
+								for (TeamModel userTeam : user.teams) {
 									updateTeam(userTeam);
+								}
 							}
 						}
 
@@ -328,12 +339,13 @@
 			if (!ArrayUtils.isEmpty(admins)) {
 				user.canAdmin = false;
 				for (String admin : admins) {
-					if (admin.startsWith("@")) { // Team
-						if (user.getTeam(admin.substring(1)) != null)
-							user.canAdmin = true;
-					} else
-						if (user.getName().equalsIgnoreCase(admin))
-							user.canAdmin = true;
+					if (admin.startsWith("@") && user.isTeamMember(admin.substring(1))) {
+						// admin team
+						user.canAdmin = true;
+					} else if (user.getName().equalsIgnoreCase(admin)) {
+						// admin user
+						user.canAdmin = true;
+					}
 				}
 			}
 		}
@@ -352,9 +364,9 @@
 		if (!StringUtils.isEmpty(displayName)) {
 			// Replace embedded ${} with attributes
 			if (displayName.contains("${")) {
-				for (Attribute userAttribute : userEntry.getAttributes())
+				for (Attribute userAttribute : userEntry.getAttributes()) {
 					displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-
+				}
 				user.displayName = displayName;
 			} else {
 				Attribute attribute = userEntry.getAttribute(displayName);
@@ -368,9 +380,9 @@
 		String email = settings.getString(Keys.realm.ldap.email, "");
 		if (!StringUtils.isEmpty(email)) {
 			if (email.contains("${")) {
-				for (Attribute userAttribute : userEntry.getAttributes())
+				for (Attribute userAttribute : userEntry.getAttributes()) {
 					email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-
+				}
 				user.emailAddress = email;
 			} else {
 				Attribute attribute = userEntry.getAttribute(email);
@@ -384,7 +396,9 @@
 	private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {
 		String loggingInUserDN = loggingInUser.getDN();
 
-		user.teams.clear();		// Clear the users team memberships - we're going to get them from LDAP
+		// Clear the users team memberships - we're going to get them from LDAP
+		user.teams.clear();
+
 		String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
 		String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
 

--
Gitblit v1.9.1