Item14275: add parameter to switch off cUIdity

foswiki · Jan 16, 2017 · 18776fd · 18776fd
1 parent 3e6e85c
commit 18776fd
Show file tree

Hide file tree

Showing 9 changed files with 51 additions and 29 deletions.
diff --git a/data/System/LdapContrib.txt b/data/System/LdapContrib.txt
@@ -500,6 +500,8 @@ This work was partly sponsored by
 ---++ Change History
 
 %TABLE{columnwidths="7em" tablewidth="100%"}%
+|  16 Jan 2017: | fixed logging in via email using an ldap-apache login manager |
+|  11 Jan 2017: | added config parameter to switch off mapping of login names to cUIDs |
 |  02 Sep 2016: | added ability to login using an email address |
 |  22 Apr 2016: | added <nop>IgnoreReferrals switch; \
                   fixed occasional infinite loop when checking for an existing user; \
@@ -632,7 +634,7 @@ This work was partly sponsored by
 
 %META:FORM{name="PackageForm"}%
 %META:FIELD{name="Author" title="Author" value="Michael Daum"}%
-%META:FIELD{name="Copyright" title="Copyright" value="&copy; 2006-2016 Michael Daum http://michaeldaumconsulting.com"}%
+%META:FIELD{name="Copyright" title="Copyright" value="&copy; 2006-2017 Michael Daum http://michaeldaumconsulting.com"}%
 %META:FIELD{name="Home" value="https://foswiki.org/Extensions/LdapContrib"}%
 %META:FIELD{name="License" title="License" value="GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]])"}%
 %META:FIELD{name="Release" title="Release" value="%$RELEASE%"}%

diff --git a/lib/Foswiki/Contrib/LdapContrib.pm b/lib/Foswiki/Contrib/LdapContrib.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2006-2016 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2017 Michael Daum http://michaeldaumconsulting.com
 # Portions Copyright (C) 2006 Spanlink Communications
 #
 # This program is free software; you can redistribute it and/or
@@ -30,8 +30,8 @@ use Encode ();
 use Foswiki::Func ();
 use Foswiki::Plugins ();
 
-our $VERSION = '7.50';
-our $RELEASE = '02 Sep 2016';
+our $VERSION = '7.60';
+our $RELEASE = '16 Jan 2017';
 our $SHORTDESCRIPTION = 'LDAP services for Foswiki';
 our $NO_PREFS_IN_TOPIC = 1;
 our %sharedLdapContrib;
@@ -185,6 +185,7 @@ sub new {
 
     normalizeWikiName => $Foswiki::cfg{Ldap}{NormalizeWikiNames},
     normalizeLoginName => $Foswiki::cfg{Ldap}{NormalizeLoginNames},
+    useCanonicalUserIDs => $Foswiki::cfg{Ldap}{UseCanonicalUserIDs} || 0,
     caseSensitiveLogin => $Foswiki::cfg{Ldap}{CaseSensitiveLogin} || 0,
     normalizeGroupName => $Foswiki::cfg{Ldap}{NormalizeGroupNames},
     ignorePrivateGroups => $Foswiki::cfg{Ldap}{IgnorePrivateGroups},
@@ -1426,6 +1427,9 @@ sub cacheUserFromEntry {
   my $emails;
   @{$emails} = $entry->get_value($this->{mailAttribute});
 
+  # lower case all emails
+  @{$emails} = map {lc $_} @$emails if defined $emails;
+
   # get primary group
   if ($this->{primaryGroupAttribute}) {
     my $groupId = $entry->get_value($this->{primaryGroupAttribute});

diff --git a/lib/Foswiki/Contrib/LdapContrib/Config.spec b/lib/Foswiki/Contrib/LdapContrib/Config.spec
@@ -158,6 +158,13 @@ $Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1;
 # Enable/disable normalization of login names
 $Foswiki::cfg{Ldap}{NormalizeLoginNames} = 0;
 
+# **BOOLEAN EXPERT**
+# Enable/disable use of canonical user ids (cUIDs). WARNING: if you toggle this option
+# existing content might not be attributed to the correct user anymore. if disabled (default),
+# then cUIDs will be identical to the login name. if enabled, any non-alphanumeric character
+# will be translated to its hex value. 
+$Foswiki::cfg{Ldap}{UseCanonicalUserIDs} = 0;
+
 # **BOOLEAN**
 # Enable/disable case sensitive login names. If disabled case doesn't matter logging in.
 $Foswiki::cfg{Ldap}{CaseSensitiveLogin} = 0;

diff --git a/lib/Foswiki/LoginManager/KerberosLogin.pm b/lib/Foswiki/LoginManager/KerberosLogin.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2015-2016 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2015-2017 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/LoginManager/LdapApacheLogin.pm b/lib/Foswiki/LoginManager/LdapApacheLogin.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2007-2016 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2007-2017 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -68,6 +68,13 @@ sub loadSession {
 
   if ($this->{ldap}->getWikiNameOfLogin($authUser)) {
     $authUser =  $this->{ldap}->loadSession($authUser);
+  } else {
+    # try email
+    my $logins = $this->{ldap}->getLoginOfEmail($authUser);
+    if (defined $logins && scalar(@$logins)) {
+      $authUser = $logins->[0];
+      $authUser =  $this->{ldap}->loadSession(shift @$logins);
+    }
   }
 
   return $authUser;

diff --git a/lib/Foswiki/LoginManager/LdapTemplateLogin.pm b/lib/Foswiki/LoginManager/LdapTemplateLogin.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2007-2016 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2007-2017 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Users/LdapPasswdUser.pm b/lib/Foswiki/Users/LdapPasswdUser.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2006-2015 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2017 Michael Daum http://michaeldaumconsulting.com
 # Portions Copyright (C) 2006 Spanlink Communications
 #
 # This program is free software; you can redistribute it and/or

diff --git a/lib/Foswiki/Users/LdapUserMapping.pm b/lib/Foswiki/Users/LdapUserMapping.pm
@@ -1,6 +1,6 @@
 # Module of Foswiki - The Free and Open Source Wiki http://foswiki.org/
 #
-# Copyright (C) 2006-2015 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2017 Michael Daum http://michaeldaumconsulting.com
 # Portions Copyright (C) 2006 Spanlink Communications
 #
 # This program is free software; you can redistribute it and/or
@@ -121,36 +121,38 @@ sub getLoginName {
   # Remove the mapping id in case this is a subclass
   $login =~ s/$this->{mapping_id}// if $this->{mapping_id};
 
-  $login = _mapcUID2Login($login);
-
+  $login = $this->mapcUID2Login($login);
   $login = lc($login) unless $this->{ldap}{caseSensitiveLogin};
 
   return $login if $this->{ldap}->getWikiNameOfLogin($login);
-  return $this->SUPER::getLoginName($cUID) if $this->{ldap}{secondaryPasswordManager};
+  $login = $this->SUPER::getLoginName($cUID) if $this->{ldap}{secondaryPasswordManager};
+  $login ||= $cUID;
   return $login;
 }
 
 # Reverse the encoding used to generate cUIDs in login2cUID
 # use bytes to ignore character encoding
-sub _mapcUID2Login {
-  my $cUID = shift;
+sub mapcUID2Login {
+  my ($this, $cUID) = @_;
 
-  # SMELL: disabled this to allow underscores in login names
-  use bytes;
-  $cUID =~ s/_([0-9a-f][0-9a-f])/chr(hex($1))/gei;
-  no bytes;
+  if ($this->{ldap}{useCanonicalUserIDs}) {
+    use bytes;
+    $cUID =~ s/_([0-9a-f][0-9a-f])/chr(hex($1))/gei;
+    no bytes;
+  }
 
   return $cUID;
 }
 
 # local copy of Foswiki::Users::mapLogin2cUID
-sub _mapLogin2cUID {
-  my $login = shift;
+sub mapLogin2cUID {
+  my ($this, $login) = @_;
 
-  # SMELL: disabled this to allow underscores in login names
-  use bytes;
-  $login =~ s/([^a-zA-Z0-9])/'_'.sprintf('%02x', ord($1))/ge;
-  no bytes;
+  if ($this->{ldap}{useCanonicalUserIDs}) {
+    use bytes;
+    $login =~ s/([^a-zA-Z0-9])/'_'.sprintf('%02x', ord($1))/ge;
+    no bytes;
+  }
 
   return $login;
 }
@@ -169,7 +171,7 @@ sub getWikiName {
 
   #writeDebug("called LdapUserMapping::getWikiName($cUID)");
 
-  my $loginName = _mapcUID2Login($cUID);
+  my $loginName = $this->mapcUID2Login($cUID);
 
   return $loginName if $this->isGroup($loginName);
 
@@ -442,7 +444,7 @@ sub isGroup {
   return 0 unless $user;
   #writeDebug("called isGroup($user)");
 
-  my $wikiName = _mapcUID2Login($user);
+  my $wikiName = $this->mapcUID2Login($user);
 
   # special treatment for build-in groups
   return 1 if $wikiName eq $Foswiki::cfg{SuperAdminGroup};
@@ -571,10 +573,10 @@ sub login2cUID {
   $name = $loginName if defined $loginName;    # called with a wikiname
 
   #$name = lc($name) unless $this->{ldap}{caseSensitiveLogin};
-  my $cUID = $this->{mapping_id} . _mapLogin2cUID($name);
+  my $cUID = $this->{mapping_id} . $this->mapLogin2cUID($name);
 
   # don't ask topic user mapping for large wikis
-  if ($this->{ldap}{secondaryPasswordManager} && (! defined($cUID) || $cUID eq $origName)) {
+  if ($this->{ldap}{secondaryPasswordManager} && ! defined($cUID)) {
     $cUID = $this->SUPER::login2cUID($origName, $dontcheck);
   }
 

diff --git a/tools/ldaptest b/tools/ldaptest
@@ -1,7 +1,7 @@
 #!/usr/bin/env perl
 # Test program to check your ldap connectivity using perl
 #
-# Copyright (C) 2006-2016 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2017 Michael Daum http://michaeldaumconsulting.com
 # Portions Copyright (C) 2006 Spanlink Communications
 #
 # This program is free software; you can redistribute it and/or