Merge pull request #447 from dohnto/feature/ldap-auth

Added LDAP authentication support.

config/config.yml

@@ -42,6 +42,12 @@ ldap:
   # The LDAP attribute where to search for username. The default is 'uid'.
   uid: "uid"
 
+  # LDAP credentials used to search for a user.
+  authentication:
+    enabled: false
+    bind_dn: ""
+    password: ""
+
   # Portus needs an email for each user, but there's no standard way to get
   # that from LDAP servers. You can tell Portus how to get the email from users
   # registered in the LDAP server with this configurable value. There are three

lib/portus/ldap.rb

@@ -54,6 +54,35 @@ def self.enabled?
 
     protected
 
+    # Returns auth options according to configuration.
+    def auth_options
+      cfg = APP_CONFIG["ldap"]
+      {
+        auth: {
+          username: cfg["authentication"]["bind_dn"],
+          password: cfg["authentication"]["password"],
+          method:   :simple
+        }
+      }
+    end
+
+    # Returns true if authentication has been enabled in configuration, false
+    # otherwise.
+    def authentication?
+      APP_CONFIG["ldap"]["authentication"] && APP_CONFIG["ldap"]["authentication"]["enabled"]
+    end
+
+    def adapter_options
+      cfg = APP_CONFIG["ldap"]
+      {
+        host:       cfg["hostname"],
+        port:       cfg["port"],
+        encryption: encryption(cfg)
+      }.tap do |options|
+        options.merge!(auth_options) if authentication?
+      end
+    end
+
     # Loads the configuration and authenticates the current user.
     def load_configuration
       # Note that the Portus user needs to authenticate through the DB.
@@ -62,8 +91,7 @@ def load_configuration
       fill_user_params!
       return nil if params[:user].nil?
 
-      cfg = APP_CONFIG["ldap"]
-      adapter.new(host: cfg["hostname"], port: cfg["port"], encryption: encryption(cfg))
+      adapter.new(adapter_options)
     end
 
     # Returns the encryption method to be used. Invalid encryption methods will

spec/lib/portus/ldap_spec.rb

@@ -150,6 +150,7 @@ def load_configuration_test
     expect(cfg.opts[:host]).to eq "hostname"
     expect(cfg.opts[:port]).to eq 389
     expect(cfg.opts[:encryption]).to be nil
+    expect(cfg.opts).not_to have_key(:auth)
 
     # Test different encryption methods.
     [["starttls", :start_tls], ["simple_tls", :simple_tls], ["lala", nil]].each do |e|
@@ -159,6 +160,26 @@ def load_configuration_test
     end
   end
 
+  it "loads the auth configuration properly" do
+    # auth configuration disabled
+    auth = { "enabled" => false }
+    APP_CONFIG["ldap"] = { "enabled" => true, "authentication" => auth }
+
+    lm = LdapMock.new(username: "name", password: "1234")
+    cfg = lm.load_configuration_test
+    expect(cfg.opts).not_to have_key(:auth)
+
+    # auth configuration enabled
+    auth = { "enabled" => true, "bind_dn" => "foo", "password" => "pass" }
+    APP_CONFIG["ldap"] = { "enabled" => true, "authentication" => auth }
+
+    lm = LdapMock.new(username: "name", password: "1234")
+    cfg = lm.load_configuration_test
+    expect(cfg.opts[:auth][:username]).to eq "foo"
+    expect(cfg.opts[:auth][:password]).to eq "pass"
+    expect(cfg.opts[:auth][:method]).to eq :simple
+  end
+
   it "fetches the right bind options" do
     APP_CONFIG["ldap"] = { "enabled" => true, "base" => "", "uid" => "uid" }
     lm = LdapMock.new(username: "name", password: "1234")