├── MIT-LICENSE ├── README ├── Rakefile ├── app ├── controllers │ └── registration_controller.rb ├── helpers │ └── http_auth_helper.rb └── views │ ├── registration │ └── autoregistration_form.html.erb │ └── settings │ └── _redmine_http_auth_settings.html.erb ├── config ├── locales │ ├── de.yml │ ├── en.yml │ ├── fr.yml │ ├── hu.yml │ ├── ja.yml │ └── ru.yml └── routes.rb ├── init.rb ├── install.rb ├── lang ├── de.yml ├── en.yml ├── fr.yml ├── hu.yml ├── ja.yml ├── pt-br.yml └── ru.yml ├── lib └── http_auth_patch.rb └── uninstall.rb /MIT-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2010 Adam Lantos 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | HTTP Authentication plugin for Redmine 2 | ======= 3 | 4 | This plugin enables an optional HTTP authentication method in the Redmine 5 | project management tool. 6 | 7 | If the REMOTE_USER server environment variable is set, an attempt is 8 | made to look up the matching local user account and log in. An attempt is made 9 | to synchronize redmine session with the container managed authentication session, 10 | but this can be switched off. 11 | 12 | This module does not disable the form-based login unless HTTP authentication 13 | credentials are available, in which case the username from the environment 14 | will override the form-based login. 15 | 16 | 17 | Installation 18 | ======= 19 | 20 | Use the following command in your Redmine instance directory: 21 | 22 | # ruby script/plugin install http://github.com/AdamLantos/redmine_http_auth.git 23 | 24 | 25 | Settings 26 | ======= 27 | 28 | The behavior of this plugin can be customized through the 'settings' page in the 29 | plugins menu. Currently there are three options: 30 | 31 | - enable / disable HTTP Authentication (default: enable) 32 | - set the header / environment value to look for (default: REMOTE_USER) 33 | - change local user lookup mode from login name to email address 34 | (default: login name) 35 | - enable / disable automatic registration (default: disable), see below 36 | - enable / disable the "keep session" behavior (default: disable), see below 37 | 38 | 39 | Known issues 40 | ======= 41 | 42 | If you encounter "uninitialized constant Rails::Plugin::ApplicationController" 43 | exception with any Redmine version prior to Redmine-0.9, just rename your 44 | app/controllers/application.rb to app/controllers/application_controller.rb. 45 | 46 | 47 | Automatic registration of user accounts 48 | ======= 49 | 50 | If a user doesn't exist in the redmine local database, the http_authentication 51 | plugin can automatically create an account for them. This automatic registration 52 | currently presents a form to the user where additional attributes (like email 53 | address, first name or last name) should be entered. 54 | 55 | The plugin currently doesn't handle automatic attribute transformation from the 56 | authentication environment (eg. Shibboleth session), but it does enforce the 57 | lookup attribute matching with the environment. 58 | 59 | Automatically registered accounts don't have associated passwords, but the 60 | user can change their password via the common password change form. 61 | 62 | 63 | Session synchronization 64 | ======= 65 | 66 | When using container managed authentication (like SSO systems), one needs to 67 | ensure, that the currently logged-on user is the same which initiated the session. 68 | Additionally, there is a need to offer logout functionality to the end user. 69 | 70 | By default, the http_authentication plugin synchronizes the container managed 71 | authentication session to the redmine session. This means that if the underlying 72 | session changes or ends, the redmine session changes and ends as well. 73 | 74 | 75 | Using lazy authentication 76 | ======= 77 | 78 | The http_authentication plugin provides a top menu link for lazy, user-requested 79 | authentication purposes. This link points to the `/httpauth-login` URL. If you 80 | want to enable both http_authentication and normal form-based logins, you need 81 | to use this link to enforce container authentication. 82 | 83 | However, many authentication mechanisms (namely apache httpd mod_auth_basic) 84 | don't offer a way to do lazy authentication. If an URL is not "enforced", the 85 | authorization information (eg. REMOTE_USER) is not populated. Thus, the session 86 | synchronization code will invalidate user sessions outside the protected realm. 87 | 88 | You can alter this behavior by switching on the "keep sessions" setting. But 89 | please consider that this might be dangerous. Do not use this feature if you 90 | are implementing SSO systems, you've been warned. 91 | 92 | 93 | Planned features 94 | ======= 95 | 96 | - option to disable form-based login for users when the plugin is activated 97 | - integration with the custom features of various SSO systems (eg. Shibboleth) 98 | 99 | 100 | Copyright (c) 2010 NIIF Institute and Adam Lantos, released under the MIT license 101 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'rake' 2 | require 'rake/testtask' 3 | require 'rake/rdoctask' 4 | 5 | desc 'Default: run unit tests.' 6 | task :default => :test 7 | 8 | desc 'Test the http_auth plugin.' 9 | Rake::TestTask.new(:test) do |t| 10 | t.libs << 'lib' 11 | t.libs << 'test' 12 | t.pattern = 'test/**/*_test.rb' 13 | t.verbose = true 14 | end 15 | 16 | desc 'Generate documentation for the http_auth plugin.' 17 | Rake::RDocTask.new(:rdoc) do |rdoc| 18 | rdoc.rdoc_dir = 'rdoc' 19 | rdoc.title = 'HTTP Authentication plugin' 20 | rdoc.options << '--line-numbers' << '--inline-source' 21 | rdoc.rdoc_files.include('README') 22 | rdoc.rdoc_files.include('lib/**/*.rb') 23 | end 24 | -------------------------------------------------------------------------------- /app/controllers/registration_controller.rb: -------------------------------------------------------------------------------- 1 | class RegistrationController < ApplicationController 2 | unloadable 3 | skip_before_filter :user_setup, :check_if_login_required 4 | include HttpAuthHelper 5 | helper :http_auth 6 | before_filter :autoregistration_enabled, :remote_user_set 7 | 8 | def autoregistration_form 9 | @user = User.new :language => Setting.default_language 10 | set_default_attributes @user 11 | end 12 | 13 | def register 14 | @user = User.new params[:user] 15 | @user.login = params[:user][:login] if use_email? 16 | set_readonly_attributes @user 17 | if @user.save 18 | redirect_to home_url 19 | else 20 | render 'autoregistration_form' 21 | end 22 | end 23 | 24 | def autoregistration_enabled 25 | unless Setting. 26 | plugin_redmine_http_auth['auto_registration'] == "true" 27 | 28 | flash[:error] = l :error_autoregistration_disabled 29 | redirect_to home_url 30 | end 31 | end 32 | 33 | def remote_user_set 34 | if remote_user.nil? 35 | flash[:error] = l :error_remote_user_unset 36 | redirect_to home_url 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /app/helpers/http_auth_helper.rb: -------------------------------------------------------------------------------- 1 | module HttpAuthHelper 2 | unloadable 3 | 4 | def user_attributes 5 | ['login', 'mail', 'firstname', 'lastname'] 6 | end 7 | 8 | def use_email? 9 | Setting.plugin_redmine_http_auth['lookup_mode'] == 'mail' 10 | end 11 | 12 | def set_default_attributes(user) 13 | user_attributes.each do |attr| 14 | user.send(attr + "=", (get_attribute_value attr)) 15 | end 16 | end 17 | 18 | def set_readonly_attributes(user) 19 | user_attributes.each do |attr| 20 | user.send(attr + "=", (get_attribute_value attr)) if readonly_attribute? attr 21 | end 22 | end 23 | 24 | def remote_user 25 | request.env[Setting.plugin_redmine_http_auth['server_env_var']] 26 | end 27 | 28 | def readonly_attribute?(attribute_name) 29 | if remote_user_attribute? attribute_name 30 | true 31 | else 32 | conf = Setting.plugin_redmine_http_auth['readonly_attribute'] 33 | if conf.nil? || !conf.has_key?(attribute_name) 34 | false 35 | else 36 | conf[attribute_name] == "true" 37 | end 38 | end 39 | end 40 | 41 | private 42 | def remote_user_attribute?(attribute_name) 43 | (attribute_name == "login" && !use_email?) || (attribute_name == "mail" && use_email?) 44 | end 45 | 46 | def get_attribute_value(attribute_name) 47 | if remote_user_attribute? attribute_name 48 | remote_user 49 | else 50 | conf = Setting.plugin_redmine_http_auth['attribute_mapping'] 51 | if conf.nil? || !conf.has_key?(attribute_name) 52 | nil 53 | else 54 | request.env[conf[attribute_name]] 55 | end 56 | end 57 | end 58 | 59 | end 60 | -------------------------------------------------------------------------------- /app/views/registration/autoregistration_form.html.erb: -------------------------------------------------------------------------------- 1 |
9 | <%= text_field 'user', 'login', :size => 25, :disabled => (readonly_attribute? 'login') %>
10 | 11 |12 | <%= text_field 'user', 'firstname', :disabled => (readonly_attribute? 'firstname') %>
13 | 14 |15 | <%= text_field 'user', 'lastname', :disabled => (readonly_attribute? 'lastname') %>
16 | 17 |18 | <%= text_field 'user', 'mail', :disabled => (readonly_attribute? 'mail') %>
19 | 20 |21 | <%= select("user", "language", lang_options_for_select) %>
22 | 23 | 24 |2 | <%=content_tag(:label, l(:label_enable_http_auth))%> 3 | <%=check_box_tag 'settings[enable]', true, @settings['enable'] == "true" %> 4 |
5 | 6 |
7 | <%=content_tag(:label, l(:label_server_env_var)) %>
8 | <%=text_field_tag 'settings[server_env_var]', @settings['server_env_var'] %>
9 | (<%=l(:label_default)%>: REMOTE_USER)
10 |
13 | <%=content_tag(:label, l(:label_lookup_mode))%>
14 | <%=radio_button_tag 'settings[lookup_mode]', 'login', @settings['lookup_mode'] == 'login' %>
15 | <%=l(:label_login_name)%>
16 | <%=radio_button_tag 'settings[lookup_mode]', 'mail', @settings['lookup_mode'] == 'mail' %>
17 | <%=l(:label_email_address)%>
18 |
21 | <%=content_tag(:label, l(:label_enable_auto_registration))%> 22 | <%=check_box_tag 'settings[auto_registration]', true, @settings['auto_registration'] == "true" %> 23 |
24 | 25 |26 | <%=content_tag(:label, l(:label_keep_sessions))%> 27 | <%=check_box_tag 'settings[keep_sessions]', true, @settings['keep_sessions'] == "true" %> 28 |
29 | -------------------------------------------------------------------------------- /config/locales/de.yml: -------------------------------------------------------------------------------- 1 | # German strings 2 | de: 3 | label_enable_http_auth: HTTP Authentifizierung aktivieren 4 | label_server_env_var: Name für die Umgebungsvariable des Server 5 | label_default: Standard 6 | label_lookup_mode: Lokaler Lookup Modus 7 | label_login_name: Login Name 8 | label_email_address: Email Addresse 9 | login_httpauth_title: via HTTP-Authentifizierung einloggen 10 | label_enable_auto_registration: Automatische Registrierung 11 | label_autoregister: Registrierung 12 | error_autoregistration_disabled: Automatische Registrierung ist deaktiviert 13 | error_remote_user_unset: Benutzername wurde nicht angegeben 14 | error_unknown_user: Benutzer konnte nicht gefunden werden 15 | label_keep_sessions: Verbindung aufrecht erhalten nachdem die HTTP Authentifizierung abgelaufen ist (sicherheitskritisch und nicht empfohlen!) 16 | 17 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # English strings 2 | en: 3 | label_enable_http_auth: Enable HTTP Authentication 4 | label_server_env_var: Name of server environment variable 5 | label_default: default 6 | label_lookup_mode: Local user lookup mode 7 | label_login_name: login name 8 | label_email_address: email address 9 | login_httpauth_title: Sign in via HTTP-Auth 10 | label_enable_auto_registration: Automatic registration 11 | label_autoregister: Registration 12 | error_autoregistration_disabled: Automatic registration is disabled 13 | error_remote_user_unset: Username is not provided 14 | error_unknown_user: User was not found in the database 15 | label_keep_sessions: Keep redmine sessions open after HTTP authentication lost (dangerous!) 16 | -------------------------------------------------------------------------------- /config/locales/fr.yml: -------------------------------------------------------------------------------- 1 | # French strings 2 | fr: 3 | label_enable_http_auth: Activer l'authentification HTTP 4 | label_server_env_var: Nom de la variable d'environnement serveur 5 | label_default: défaut 6 | label_lookup_mode: Mode de recherche de l'utilisateur 7 | label_login_name: nom d'utilisateur 8 | label_email_address: adresse e-mail 9 | login_httpauth_title: Connexion via HTTP-Auth 10 | label_enable_auto_registration: Création de compte automatique 11 | label_autoregister: Création de compte 12 | error_autoregistration_disabled: La création de comtpe automatique est désactivée 13 | error_remote_user_unset: Le nom d'utilisateur n'a pas été fourni 14 | error_unknown_user: L'utilisateur n'a pas été trouvé dans la base de données 15 | label_keep_sessions: Garder les sessions Redmine ouvertes même après la perte de l'authentification HTTP (dangereux !) 16 | -------------------------------------------------------------------------------- /config/locales/hu.yml: -------------------------------------------------------------------------------- 1 | # Magyar fordítások 2 | hu: 3 | label_enable_http_auth: HTTP autentikáció engedélyezése 4 | label_server_env_var: Beléptetésre felhasznált környezeti változó 5 | label_default: alapértelmezett 6 | label_lookup_mode: Helyi felhasználó megkeresése 7 | label_login_name: felhasználónév alapján 8 | label_email_address: e-mail cím alapján 9 | login_httpauth_title: Bejelentkezés HTTP-Auth-tal 10 | label_enable_auto_registration: Automatikus regisztráció 11 | label_autoregister: Regisztráció 12 | error_autoregistration_disabled: Az automatikus regisztráció nincs engedélyezve 13 | error_remote_user_unset: A felhasználónév nem elérhető 14 | error_unknown_user: A felhasználó nem található az adatbázisban 15 | label_keep_sessions: Redmine munkamenet megtartása a HTTP authentikációs információ megszűnése után (veszélyes!) 16 | -------------------------------------------------------------------------------- /config/locales/ja.yml: -------------------------------------------------------------------------------- 1 | # Japanese translation by Akiko Takano 2 | ja: 3 | label_enable_http_auth: HTTP認証を有効にする 4 | label_server_env_var: サーバの環境変数名 5 | label_default: デフォルト 6 | label_lookup_mode: ローカルユーザの検索モード 7 | label_login_name: ログイン名 8 | label_email_address: メールアドレス 9 | login_httpauth_title: HTTP認証でログイン 10 | label_enable_auto_registration: 自動登録 11 | label_autoregister: 登録 12 | error_autoregistration_disabled: 自動登録を無効にする 13 | error_remote_user_unset: ユーザ名が設定されていません 14 | error_unknown_user: データベースに該当するユーザが存在しません 15 | label_keep_sessions: HTTP認証が切れたあともRedmineのセッションを継続させる (危険です!) 16 | 17 | -------------------------------------------------------------------------------- /config/locales/ru.yml: -------------------------------------------------------------------------------- 1 | # Russian strings 2 | ru: 3 | label_enable_http_auth: Включить HTTP Authentication 4 | label_server_env_var: Имя серверной переменной окружения 5 | label_default: по умолчанию 6 | label_lookup_mode: Способ поиска пользователя 7 | label_login_name: имя пользователя 8 | label_email_address: адрес электронной почты 9 | login_httpauth_title: Входить через HTTP-Auth 10 | label_enable_auto_registration: Автоматическая регистрация 11 | label_autoregister: Регистрация 12 | error_autoregistration_disabled: Автоматическая регистрация отключена 13 | error_remote_user_unset: Имя пользователя не указано 14 | error_unknown_user: Пользователь не найден в базе данных 15 | label_keep_sessions: Оставлять сессии redmine открытыми после потери HTTP authentication (опасно!) 16 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | ActionController::Routing::Routes.draw do |map| 2 | map.httpauthlogin 'httpauth-login', :controller => 'welcome' 3 | 4 | map.httpauthselfregister 'httpauth-selfregister/:action', 5 | :controller => 'registration', :action => 'autoregistration_form' 6 | end 7 | -------------------------------------------------------------------------------- /init.rb: -------------------------------------------------------------------------------- 1 | require 'redmine' 2 | require 'dispatcher' 3 | require 'http_auth_patch' 4 | 5 | Redmine::Plugin.register :redmine_http_auth do 6 | name 'HTTP Authentication plugin' 7 | author 'Adam Lantos' 8 | url 'http://github.com/AdamLantos/redmine_http_auth' if respond_to?(:url) 9 | description 'A plugin for doing HTTP authentication' 10 | version '0.3.0-dev' 11 | menu :account_menu, :login_httpauth, { :controller => 'httpauth-login' }, 12 | :before => :login, :caption => :login_httpauth_title, 13 | :if => Proc.new { User.current.anonymous? && Setting.plugin_redmine_http_auth['enable'] == 'true' } 14 | 15 | settings :partial => 'settings/redmine_http_auth_settings', 16 | :default => { 17 | 'enable' => 'true', 18 | 'server_env_var' => 'REMOTE_USER', 19 | 'lookup_mode' => 'login', 20 | 'auto_registration' => 'false', 21 | 'keep_sessions' => 'false' 22 | } 23 | end 24 | 25 | Dispatcher.to_prepare do 26 | #include our code 27 | ApplicationController.send(:include, HTTPAuthPatch) 28 | end 29 | 30 | -------------------------------------------------------------------------------- /install.rb: -------------------------------------------------------------------------------- 1 | # Install hook code here 2 | -------------------------------------------------------------------------------- /lang/de.yml: -------------------------------------------------------------------------------- 1 | # German strings 2 | label_enable_http_auth: HTTP Authentifizierung aktivieren 3 | label_server_env_var: Name für die Umgebungsvariable des Server 4 | label_default: Standard 5 | label_lookup_mode: Lokaler Lookup Modus 6 | label_login_name: Login Name 7 | label_email_address: Email Addresse 8 | login_httpauth_title: via HTTP-Authentifizierung einloggen 9 | label_enable_auto_registration: Automatische Registrierung 10 | label_autoregister: Registrierung 11 | error_autoregistration_disabled: Automatische Registrierung ist deaktiviert 12 | error_remote_user_unset: Benutzername wurde nicht angegeben 13 | error_unknown_user: Benutzer konnte nicht gefunden werden 14 | label_keep_sessions: Verbindung aufrecht erhalten nachdem die HTTP Authentifizierung abgelaufen ist (sicherheitskritisch und nicht empfohlen!) 15 | 16 | -------------------------------------------------------------------------------- /lang/en.yml: -------------------------------------------------------------------------------- 1 | # English strings 2 | label_enable_http_auth: Enable HTTP Authentication 3 | label_server_env_var: Name of server environment variable 4 | label_default: default 5 | label_lookup_mode: Local user lookup mode 6 | label_login_name: login name 7 | label_email_address: email address 8 | login_httpauth_title: Sign in via HTTP-Auth 9 | label_enable_auto_registration: Automatic registration 10 | label_autoregister: Registration 11 | error_autoregistration_disabled: Automatic registration is disabled 12 | error_remote_user_unset: Username is not provided 13 | error_unknown_user: User was not found in the database 14 | label_keep_sessions: Keep redmine sessions open after HTTP authentication lost (dangerous!) 15 | -------------------------------------------------------------------------------- /lang/fr.yml: -------------------------------------------------------------------------------- 1 | # French strings 2 | label_enable_http_auth: Activer l'authentification HTTP 3 | label_server_env_var: Nom de la variable d'environnement serveur 4 | label_default: défaut 5 | label_lookup_mode: Mode de recherche de l'utilisateur 6 | label_login_name: nom d'utilisateur 7 | label_email_address: adresse e-mail 8 | login_httpauth_title: Connexion via HTTP-Auth 9 | label_enable_auto_registration: Création de compte automatique 10 | label_autoregister: Création de compte 11 | error_autoregistration_disabled: La création de comtpe automatique est désactivée 12 | error_remote_user_unset: Le nom d'utilisateur n'a pas été fourni 13 | error_unknown_user: L'utilisateur n'a pas été trouvé dans la base de données 14 | label_keep_sessions: Garder les sessions Redmine ouvertes même après la perte de l'authentification HTTP (dangereux !) 15 | -------------------------------------------------------------------------------- /lang/hu.yml: -------------------------------------------------------------------------------- 1 | # Magyar fordítások 2 | label_enable_http_auth: HTTP autentikáció engedélyezése 3 | label_server_env_var: Beléptetésre felhasznált környezeti változó 4 | label_default: alapértelmezett 5 | label_lookup_mode: Helyi felhasználó megkeresése 6 | label_login_name: felhasználónév alapján 7 | label_email_address: e-mail cím alapján 8 | login_httpauth_title: Bejelentkezés HTTP-Auth-tal 9 | label_enable_auto_registration: Automatikus regisztráció 10 | label_autoregister: Regisztráció 11 | error_autoregistration_disabled: Az automatikus regisztráció nincs engedélyezve 12 | error_remote_user_unset: A felhasználónév nem elérhető 13 | error_unknown_user: A felhasználó nem található az adatbázisban 14 | label_keep_sessions: Redmine munkamenet megtartása a HTTP authentikációs információ megszűnése után (veszélyes!) 15 | -------------------------------------------------------------------------------- /lang/ja.yml: -------------------------------------------------------------------------------- 1 | # Japanese translation by Akiko Takano 2 | label_enable_http_auth: HTTP認証を有効にする 3 | label_server_env_var: サーバの環境変数名 4 | label_default: デフォルト 5 | label_lookup_mode: ローカルユーザの検索モード 6 | label_login_name: ログイン名 7 | label_email_address: メールアドレス 8 | login_httpauth_title: HTTP認証でログイン 9 | label_enable_auto_registration: 自動登録 10 | label_autoregister: 登録 11 | error_autoregistration_disabled: 自動登録を無効にする 12 | error_remote_user_unset: ユーザ名が設定されていません 13 | error_unknown_user: データベースに該当するユーザが存在しません 14 | label_keep_sessions: HTTP認証が切れたあともRedmineのセッションを継続させる (危険です!) 15 | -------------------------------------------------------------------------------- /lang/pt-br.yml: -------------------------------------------------------------------------------- 1 | # Brazilian Portuguese strings 2 | label_enable_http_auth: Habilitar Autenticação HTTP 3 | label_server_env_var: Nome da variável de ambiente 4 | label_default: padrão 5 | label_lookup_mode: Modo de validação local de usuário 6 | label_login_name: login 7 | label_email_address: endereço de e-mail 8 | login_httpauth_title: Autenticação via HTTP 9 | label_enable_auto_registration: Registro automático 10 | label_autoregister: Registro 11 | error_autoregistration_disabled: Registro automático está desabilitado 12 | error_remote_user_unset: Nome de usuário não informado 13 | error_unknown_user: Usuário não encontrado na base de usuários 14 | label_keep_sessions: Manter sessões do redmine ativas após a perda da autenticação HTTP (Muito perigoso) 15 | -------------------------------------------------------------------------------- /lang/ru.yml: -------------------------------------------------------------------------------- 1 | # Russian strings 2 | label_enable_http_auth: Включить HTTP Authentication 3 | label_server_env_var: Имя серверной переменной окружения 4 | label_default: по умолчанию 5 | label_lookup_mode: Способ поиска пользователя 6 | label_login_name: имя пользователя 7 | label_email_address: адрес электронной почты 8 | login_httpauth_title: Входить через HTTP-Auth 9 | label_enable_auto_registration: Автоматическая регистрация 10 | label_autoregister: Регистрация 11 | error_autoregistration_disabled: Автоматическая регистрация отключена 12 | error_remote_user_unset: Имя пользователя не указано 13 | error_unknown_user: Пользователь не найден в базе данных 14 | label_keep_sessions: Оставлять сессии redmine открытыми после потери HTTP authentication (опасно!) 15 | -------------------------------------------------------------------------------- /lib/http_auth_patch.rb: -------------------------------------------------------------------------------- 1 | module HTTPAuthPatch 2 | unloadable 3 | 4 | def self.included(base) 5 | base.send(:include, ClassMethods) 6 | base.class_eval do 7 | #avoid infinite recursion in development mode on subsequent requests 8 | alias_method :find_current_user, 9 | :find_current_user_without_httpauth if method_defined? 'find_current_user_without_httpauth' 10 | #chain our version of find_current_user implementation into redmine core 11 | alias_method_chain(:find_current_user, :httpauth) 12 | end 13 | end 14 | 15 | module ClassMethods 16 | include HttpAuthHelper 17 | 18 | def find_current_user_with_httpauth 19 | #first proceed with redmine's version of finding current user 20 | user = find_current_user_without_httpauth 21 | #if the http_auth is disabled in config, return the user 22 | return user unless Setting.plugin_redmine_http_auth['enable'] == "true" 23 | 24 | remote_username = remote_user 25 | if remote_username.nil? 26 | #do not touch user, if he didn't use http authentication to log in 27 | #or if the keep_sessions configuration directive is set 28 | if !used_http_authentication? || Setting.plugin_redmine_http_auth['keep_sessions'] == "true" 29 | return user 30 | end 31 | #log out previously authenticated user 32 | reset_session 33 | return nil 34 | end 35 | 36 | #return if the user has not been changed behind the session 37 | return user unless session_changed? user, remote_username 38 | 39 | #log out current logged in user 40 | reset_session 41 | try_login remote_username 42 | end 43 | 44 | def try_login(remote_username) 45 | #find user by login name or email address 46 | if use_email? 47 | user = User.active.find_by_mail remote_username 48 | else 49 | user = User.active.find_by_login remote_username 50 | end 51 | if user.nil? 52 | #user was not found in the database, try selfregistration if enabled 53 | if Setting.plugin_redmine_http_auth['auto_registration'] == 'true' 54 | redirect_to httpauthselfregister_url 55 | return nil 56 | else 57 | flash[:error] = l :error_unknown_user 58 | return nil 59 | end 60 | else 61 | #login and return user if user was found 62 | do_login user 63 | end 64 | end 65 | 66 | def used_http_authentication? 67 | session[:http_authentication] == true 68 | end 69 | 70 | def use_email? 71 | Setting.plugin_redmine_http_auth['lookup_mode'] == 'mail' 72 | end 73 | 74 | def session_changed?(user, remote_username) 75 | if user.nil? 76 | true 77 | else 78 | use_email? ? user.mail.casecmp(remote_username) != 0 : user.login.casecmp(remote_username) != 0 79 | end 80 | end 81 | 82 | def do_login(user) 83 | if (user && user.is_a?(User)) 84 | session[:user_id] = user.id 85 | session[:http_authentication] = true 86 | user.update_attribute(:last_login_on, Time.now) 87 | User.current = user 88 | else 89 | return nil 90 | end 91 | end 92 | end 93 | end 94 | 95 | -------------------------------------------------------------------------------- /uninstall.rb: -------------------------------------------------------------------------------- 1 | # Uninstall hook code here 2 | --------------------------------------------------------------------------------