Merge pull request #454 from paichi81/master

LDAPユーザ追加時にusernameだけでなくnameにセットできるようにした

lib/form/admin/securityPassportLdap.js

@@ -16,9 +16,9 @@ module.exports = form(
   field('settingForm[security:passport-ldap:bindDNPassword]'),
   field('settingForm[security:passport-ldap:searchFilter]'),
   field('settingForm[security:passport-ldap:attrMapUsername]'),
+  field('settingForm[security:passport-ldap:attrMapName]'),
   field('settingForm[security:passport-ldap:isSameUsernameTreatedAsIdenticalUser]').trim().toBooleanStrict(),
   field('settingForm[security:passport-ldap:groupSearchBase]'),
   field('settingForm[security:passport-ldap:groupSearchFilter]'),
   field('settingForm[security:passport-ldap:groupDnProperty]')
 );
-

lib/locales/en-US/translation.json

@@ -351,7 +351,8 @@
       "search_filter_detail3": "If empty, the filter <code>(uid=&#123;&#123;username&#125;&#125;)</code> is used.",
       "search_filter_example1": "Match with 'uid' or 'mail'",
       "search_filter_example2": "Match with 'sAMAccountName' for Active Directory",
-      "username_detail": "Specification of mappings when creating new users",
+      "username_detail": "Specification of mappings when creating new users (username)",
+      "name_detail": "Specification of mappings when creating new users (name)'",
       "Treat username matching as identical": "Automatically bind external accounts newly logged in to local accounts when <code>username</code> match",
   		"Treat username matching as identical_warn": "WARNING: Be aware of security because the system treats the same user as a match of <code>username</code>.",
       "group_search_base_DN": "Group Search Base DN",

lib/locales/ja/translation.json

@@ -368,7 +368,8 @@
       "search_filter_detail3": "空欄の場合 <code>(uid=&#123;&#123;username&#125;&#125;)</code> が使用されます。",
       "search_filter_example1": "'uid' または 'mail' に一致",
       "search_filter_example2": "'sAMAccountName' に一致 (Active Directory)",
-      "username_detail": "新規ユーザーの関連付けを設定",
+      "username_detail": "新規ユーザーのアカウント名usernameに関連付け",
+      "name_detail": "新規ユーザーの表示名nameに関連付け",
       "Treat username matching as identical": "新規ログイン時、<code>username</code> が一致したローカルアカウントが存在した場合は自動的に紐付ける",
       "Treat username matching as identical_warn": "WARNING: <code>username</code> の一致を以て同一ユーザーであるとみなすので、セキュリティに注意してください",
       "group_search_base_DN": "グループ検索ベース DN",

lib/models/config.js

@@ -59,6 +59,7 @@ module.exports = function(crowi) {
       'security:passport-ldap:bindDNPassword' : undefined,
       'security:passport-ldap:searchFilter' : undefined,
       'security:passport-ldap:attrMapUsername' : undefined,
+      'security:passport-ldap:attrMapName' : undefined,
       'security:passport-ldap:groupSearchBase' : undefined,
       'security:passport-ldap:groupSearchFilter' : undefined,
       'security:passport-ldap:groupDnProperty' : undefined,

lib/models/external-account.js

@@ -68,7 +68,7 @@ class ExternalAccount {
    * @returns {Promise<ExternalAccount>}
    * @memberof ExternalAccount
    */
-  static findOrRegister(providerType, accountId, usernameToBeRegistered) {
+  static findOrRegister(providerType, accountId, usernameToBeRegistered, nameToBeRegistered) {
 
     return this.findOne({ providerType, accountId })
       .then(account => {
@@ -86,10 +86,13 @@ class ExternalAccount {
             if (user != null) {
               throw new DuplicatedUsernameException(`User '${usernameToBeRegistered}' already exists`, user);
             }
+            if (nameToBeRegistered == null) {
+              nameToBeRegistered = '';
+            }
 
             // create a new User with STATUS_ACTIVE
             debug(`ExternalAccount '${accountId}' is not found, it is going to be registered.`);
-            return User.createUser('', usernameToBeRegistered, undefined, undefined, undefined, User.STATUS_ACTIVE);
+            return User.createUser(nameToBeRegistered, usernameToBeRegistered, undefined, undefined, undefined, User.STATUS_ACTIVE);
           })
           .then(newUser => {
             return this.associate(providerType, accountId, newUser);

lib/routes/login-passport.js

@@ -108,10 +108,12 @@ module.exports = function(crowi, app) {
       const ldapAccountId = passportService.getLdapAccountIdFromReq(req);
 
       const attrMapUsername = passportService.getLdapAttrNameMappedToUsername();
+      const attrMapName = passportService.getLdapAttrNameMappedToName();
       const usernameToBeRegistered = ldapAccountInfo[attrMapUsername];
+      const nameToBeRegistered = ldapAccountInfo[attrMapName];
 
       // find or register(create) user
-      ExternalAccount.findOrRegister('ldap', ldapAccountId, usernameToBeRegistered)
+      ExternalAccount.findOrRegister('ldap', ldapAccountId, usernameToBeRegistered, nameToBeRegistered)
         .catch((err) => {
           if (err.name === 'DuplicatedUsernameException') {
             // get option

lib/service/passport.js

@@ -137,6 +137,16 @@ class PassportService {
     const config = this.crowi.config;
     return config.crowi['security:passport-ldap:attrMapUsername'] || 'uid';
   }
+  /**
+   * return attribute name for mapping to name of Crowi DB
+   *
+   * @returns
+   * @memberof PassportService
+   */
+  getLdapAttrNameMappedToName() {
+    const config = this.crowi.config;
+    return config.crowi['security:passport-ldap:attrMapName'] || '';
+  }
 
   /**
    * CAUTION: this method is capable to use only when `req.body.loginForm` is not null

lib/views/admin/widget/passport/ldap.html

@@ -120,6 +120,7 @@
       <h4>Attribute Mapping ({{ t("security_setting.optional") }})</h4>
 
       <div class="form-group">
+        <div class="row">
         <label for="settingForm[security:passport-ldap:attrMapUsername]" class="col-xs-3 control-label">username</label>
         <div class="col-xs-6">
           <input class="form-control" type="text" placeholder="Default: uid"
@@ -129,7 +130,24 @@
               {{ t("security_setting.ldap.username_detail") }}
             </small>
           </p>
+        </div>
+        </div>
 
+        <div class="row">
+        <label for="settingForm[security:passport-ldap:attrMapName]" class="col-xs-3 control-label">name</label>
+        <div class="col-xs-6">
+          <input class="form-control" type="text" placeholder="Default: null"
+              name="settingForm[security:passport-ldap:attrMapName]" value="{{ settingForm['security:passport-ldap:attrMapName'] || '' }}">
+          <p class="help-block">
+            <small>
+              {{ t("security_setting.ldap.name_detail") }}
+            </small>
+          </p>
+        </div>
+        </div>
+
+        <div class="row">
+        <div class="col-xs-6 col-xs-offset-3">
           <div class="checkbox checkbox-info">
             <input type="checkbox" id="cbSameUsernameTreatedAsIdenticalUser" name="settingForm[security:passport-ldap:isSameUsernameTreatedAsIdenticalUser]" value="1"
                 {% if settingForm['security:passport-ldap:isSameUsernameTreatedAsIdenticalUser'] %}checked{% endif %} />
@@ -143,6 +161,7 @@
             </p>
           </div>
         </div>
+        </div>
       </div>