Index: app/controllers/account_controller.rb =================================================================== --- app/controllers/account_controller.rb (revision 2824) +++ app/controllers/account_controller.rb (working copy) @@ -15,10 +15,14 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +require 'casclient' +require 'casclient/frameworks/rails/filter' + class AccountController < ApplicationController helper :custom_fields include CustomFieldsHelper + before_filter CASClient::Frameworks::Rails::Filter # prevents login action to be filtered by check_if_login_required application scope filter skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate] @@ -41,16 +45,12 @@ # Login request and validation def login - if request.get? + if session[:cas_user].empty? # Logout user self.logged_user = nil + CASClient::Frameworks::Rails::Filter::redirect_to_cas_for_authentication(self) else - # Authenticate user - if Setting.openid? && using_open_id? - open_id_authenticate(params[:openid_url]) - else - password_authentication - end + cas_authentication(session[:cas_user]) end end @@ -59,7 +59,7 @@ cookies.delete :autologin Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged? self.logged_user = nil - redirect_to home_url + CASClient::Frameworks::Rails::Filter::logout(self) end # Enable user to choose a new password @@ -276,4 +276,48 @@ flash[:notice] = l(:notice_account_pending) redirect_to :action => 'login' end + + def cas_authentication(cas_user) + user = User.find_or_initialize_by_login(cas_user) + if user.new_record? + # Create on the fly + user.login = cas_user + + user = update_user_data_from_ldap(user) + + user.status = User::STATUS_REGISTERED + + register_automatically(user) do + onthefly_creation_failed(user) + end + else + if user.active? + user = update_user_data_from_ldap(user, true) + successful_authentication(user) + else + account_pending + end + end + end + + def update_user_data_from_ldap (user, save = false) + ldap = Net::LDAP::new + ldap.host = 'localhost' + ldap.port = '389' + + treebase = 'dc=example,dc=com' + + filter = Net::LDAP::Filter.eq('uid', user.login) + + entry = ldap.search( :base => treebase, :filter => filter, :attributes => ['cn', 'sn', 'mail'] ).first + + user.firstname = entry.cn.first + user.lastname = entry.sn.first + user.mail = entry.mail.first + + user.save if save + + return user + end + end Index: app/views/my/account.rhtml =================================================================== --- app/views/my/account.rhtml (revision 2824) +++ app/views/my/account.rhtml (working copy) @@ -11,9 +11,9 @@

<%=l(:label_information_plural)%>

-

<%= f.text_field :firstname, :required => true %>

-

<%= f.text_field :lastname, :required => true %>

-

<%= f.text_field :mail, :required => true %>

+

<%= f.text_field :firstname, :required => true, :disabled => true %>

+

<%= f.text_field :lastname, :required => true, :disabled => true %>

+

<%= f.text_field :mail, :required => true, :disabled => true %>

<%= f.select :language, lang_options_for_select %>

<% if Setting.openid? %>

<%= f.text_field :identity_url %>

Index: config/environment.rb =================================================================== --- config/environment.rb (revision 2824) +++ config/environment.rb (working copy) @@ -50,3 +50,8 @@ # It will automatically turn deliveries on config.action_mailer.perform_deliveries = false end + +CASClient::Frameworks::Rails::Filter.configure( + :cas_base_url => 'https://localhost/cas/' +) +