[obs-commits] [openSUSE/open-build-service] 096e5d: [api] Fail authentication if we are not able to bi...

Branch: refs/heads/master Home: https://github.com/openSUSE/open-build-service Commit: 096e5d6423e3a84413a4b524337cca1121381524 https://github.com/openSUSE/open-build-service/commit/096e5d6423e3a84413a4b5... Author: Jan Blunck Date: 2014-11-27 (Thu, 27 Nov 2014) Changed paths: M src/api/app/models/user_ldap_strategy.rb Log Message: ----------- [api] Fail authentication if we are not able to bind with user credentials We need to fail the authentication here because otherwise we create the user in OBS without the proper permissions. Signed-off-by: Jan Blunck Commit: c7f79ed2174cb84c22b0af68585576055398b727 https://github.com/openSUSE/open-build-service/commit/c7f79ed2174cb84c22b0af... Author: Jan Blunck Date: 2014-11-27 (Thu, 27 Nov 2014) Changed paths: M src/api/app/models/user_ldap_strategy.rb Log Message: ----------- [api] Fix UserLdapStrategy.initialize_ldap_con() error handling The code needs to check if the bind was successful before calling unbind(): LDAP::InvalidDataError: The LDAP handler has already unbound. from /srv/www/obs/api/app/models/user_ldap_strategy.rb:574:in `err' from /srv/www/obs/api/app/models/user_ldap_strategy.rb:574:in `rescue in initialize_ldap_con' from /srv/www/obs/api/app/models/user_ldap_strategy.rb:551:in `initialize_ldap_con' from /srv/www/obs/api/app/models/user_ldap_strategy.rb:382:in `block in find_with_ldap' from /srv/www/obs/api/app/models/user_ldap_strategy.rb:380:in `times' from /srv/www/obs/api/app/models/user_ldap_strategy.rb:380:in `find_with_ldap' Signed-off-by: Jan Blunck Commit: 27a5b35623572c8e2e4b10815ba86d2d66fe318c https://github.com/openSUSE/open-build-service/commit/27a5b35623572c8e2e4b10... Author: Jan Blunck Date: 2014-11-27 (Thu, 27 Nov 2014) Changed paths: M src/api/app/models/user_ldap_strategy.rb A src/api/test/unit/user_ldap_strategy_test.rb Log Message: ----------- [api] Extract authenticate_with_local() method from UserLdapStrategy.find_with_ldap() This refactoring extracts the local authentication into a separate function. They main purpose though was to move the extraction of user information *AFTER* the authentication is successful. Signed-off-by: Jan Blunck Commit: 9387c9b57ac9f2e43ecf28e062bf6c57e4087a36 https://github.com/openSUSE/open-build-service/commit/9387c9b57ac9f2e43ecf28... Author: Jan Blunck Date: 2014-11-27 (Thu, 27 Nov 2014) Changed paths: M src/api/app/models/user_ldap_strategy.rb Log Message: ----------- [api] Indention fix in UserLdapStrategy.find_with_ldap() This is a whitespace only change. Signed-off-by: Jan Blunck Commit: 938e94fd136f4f34113af6d86e1563788badb707 https://github.com/openSUSE/open-build-service/commit/938e94fd136f4f34113af6... Author: Jan Blunck Date: 2014-11-27 (Thu, 27 Nov 2014) Changed paths: M src/api/app/models/user_ldap_strategy.rb M src/api/test/unit/user_ldap_strategy_test.rb Log Message: ----------- [api] Support Distinguished Name to User Principal Name conversion for LDAP user email This is described in http://technet.microsoft.com/en-us/library/cc977992.aspx and can be used in cases the full email address of the person object is not available. Signed-off-by: Jan Blunck Compare: https://github.com/openSUSE/open-build-service/compare/378cb8bfe0b6...938e94...