[#45] sync_to_ldap now knows whether to add or modify; added `cap dep…

…loy:sync_from_staff`
wrekatlanta · Apr 21, 2014 · 9577809 · 9577809
1 parent c98dcb3
commit 9577809
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 48 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -31,9 +31,6 @@ def fix_ldap
 
     password = user_params[:current_password]
 
-    puts "LEGACY: #{@user.legacy_profile.password}"
-    puts "YOU: #{Legacy::Staff.legacy_password_hash(password)}"
-
     passwords_match = @user.legacy_profile.password == Legacy::Staff.legacy_password_hash(password)
 
     if passwords_match and @user.sync_to_legacy_profile!(password) and @user.sync_to_ldap(password)

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -55,7 +55,6 @@ class User < ActiveRecord::Base
 
   # before_validation :get_ldap_data, on: :create
   # before_save :strip_phone
-  # before_create :add_to_ldap
   before_validation :set_defaults, on: :create
   before_destroy :delete_from_ldap
 
@@ -201,61 +200,62 @@ def get_ldap_data
     end
   end
 
-  def add_to_ldap
-    if Rails.env.production? and not LdapHelper::find_user(self.username)
-      ldap_handle = LdapHelper::ldap_connect
-
-      # Build user attributes in line with the LDAP 'schema'
-      dn = "cn=#{self.username},ou=People,dc=staff,dc=wrek,dc=org"
-      user_attr = {
-        cn: self.username,
-        objectclass: "inetOrgPerson",
-        displayname: self.name,
-        mail: self.email,
-        employeenumber: "-1",
-        givenname: self.first_name,
-        sn: self.last_name,
-        userpassword: "{SHA}#{Digest::SHA1.base64digest self.password}"
-      }
-
-      unless ldap_handle.add(dn: dn, attributes: user_attr)
-        puts ldap_handle.get_operation_result
-        return false
-      end
-    end
-  end
-
   def sync_to_ldap(new_password = nil)
-    if Rails.env.production? and not LdapHelper::find_user(self.username)
+    if Rails.env.production?
       ldap_handle = LdapHelper::ldap_connect
 
-      # Build user attributes in line with the LDAP 'schema'
       dn = "cn=#{self.username},ou=People,dc=staff,dc=wrek,dc=org"
-      user_attr = {
-        cn: self.username,
-        objectclass: "inetOrgPerson",
-        displayname: self.name,
-        mail: self.email,
-        givenname: self.first_name,
-        sn: self.last_name
-      }
 
       pwd = new_password || self.password
 
-      unless pwd.blank?
-        user_attr[:userpassword] = "{SHA}#{Digest::SHA1.base64digest pwd}"
+      if pwd.blank?
+        return false
+      else
+        userpassword = "{SHA}#{Digest::SHA1.base64digest pwd}"
       end
 
-      unless ldap_handle.add(dn: dn, attributes: user_attr)
-        puts ldap_handle.get_operation_result
-        return false
+      if not LdapHelper::find_user(self.username)
+        # add an ldap entry
+
+        # build user attributes in line with the LDAP 'schema'
+        user_attr = {
+          cn: self.username,
+          objectclass: "inetOrgPerson",
+          displayname: self.name,
+          mail: "#{self.username}@wrek.org",
+          givenname: self.first_name,
+          sn: self.last_name,
+          userpassword: userpassword
+        }
+
+        unless ldap_handle.add(dn: dn, attributes: user_attr)
+          puts ldap_handle.get_operation_result
+          return false
+        end
+      else
+        # modify an existing ldap entry
+        ops = [
+          [:replace, :cn, self.username],
+          [:replace, :mail, "#{self.username}@wrek.org"],
+          [:replace, :display_name, self.name],
+          [:replace, :givenname, self.first_name],
+          [:replace, :sn, self.last_name],
+          [:replace, :userpassword, userpassword]
+        ]
+
+        ldap.modify(dn: dn, operations: ops)
+
+        unless ldap_handle.modify(dn: dn, operations: ops)
+          puts ldap_handle.get_operation_result
+          return false
+        end
       end
-    else
-      true
     end
+
+    # if you made it this far, success!
+    true
   end
 
-  # this will stay
   def delete_from_ldap
     if Rails.env.production?
       ldap_handle = LdapHelper::ldap_connect

diff --git a/app/views/admin/users/index.html.slim b/app/views/admin/users/index.html.slim
@@ -111,9 +111,9 @@ div ng-controller="userFilterCtrl" ng-init="init('admin')"
             div ng-repeat="role in user.roles"
               span.label.label-primary = "{{ role.full_name }}"
         tr.ng-cloak ng-if="!loadingTracker.active() && filtered.length == 0"
-          td colspan="7" No results found.
+          td colspan="9" No results found.
         tr ng-if="loadingTracker.active()"
-          td colspan="7" Loading...
+          td colspan="9" Loading...
 
   / bottom pagination
   .text-center

diff --git a/config/deploy.example.rb b/config/deploy.example.rb
@@ -36,6 +36,10 @@
     run "cd #{current_path}; bundle exec rake db:seed RAILS_ENV=#{rails_env}"
   end
 
+  task :sync_from_staff do
+    run "cd #{current_path}; bundle exec rake sync_from_staff RAILS_ENV=#{rails_env}"
+  end
+
   task :cold do
     transaction do
       update