Added LDAP auth code
This commit is contained in:
viharm
parent
ccee842d09
commit
2844d6e131
|
|
@ -18,8 +18,8 @@
|
|||
"php-pushover/php-pushover": "dev-master",
|
||||
"paragonie/random_compat": "^2.0",
|
||||
"twig/twig": "~1.35",
|
||||
"jaxl/jaxl": "^3.1",
|
||||
"viharm/psm-ldap-auth": "^1.1"
|
||||
"jaxl/jaxl": "^3.1",
|
||||
"viharm/psm-ldap-auth": "^1.1"
|
||||
},
|
||||
"autoload": {
|
||||
"files": [
|
||||
|
|
|
|||
|
|
@ -230,20 +230,51 @@ class User
|
|||
{
|
||||
$user_name = trim($user_name);
|
||||
$user_password = trim($user_password);
|
||||
$ldapauthstatus = false;
|
||||
|
||||
if (empty($user_name) && empty($user_password)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$dirauthconfig = psm_get_conf('dirauth_status');
|
||||
|
||||
// LDAP auth enabled
|
||||
if ($dirauthconfig === '1') {
|
||||
$ldaplibpath = realpath(
|
||||
PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR .
|
||||
'vendor' . DIRECTORY_SEPARATOR .
|
||||
'viharm' . DIRECTORY_SEPARATOR .
|
||||
'psm-ldap-auth' . DIRECTORY_SEPARATOR .
|
||||
'psmldapauth.php'
|
||||
);
|
||||
// If the library is found
|
||||
if ($ldaplibpath) {
|
||||
// Delegate the authentication to the PsmLDAPauth module.
|
||||
// If LDAP auth fails or if library not found, fall back to native auth
|
||||
include_once($ldaplibpath);
|
||||
$ldapauthstatus = psmldapauth($user_name, $user_password, $GLOBALS['sm_config'], $this->db_connection);
|
||||
}
|
||||
}
|
||||
|
||||
$user = $this->getUserByUsername($user_name);
|
||||
|
||||
// using PHP 5.5's password_verify() function to check if the provided passwords
|
||||
// fits to the hash of that user's password
|
||||
if (!isset($user->user_id)) {
|
||||
password_verify($user_password, 'dummy_call_against_timing');
|
||||
return false;
|
||||
} elseif (!password_verify($user_password, $user->password)) {
|
||||
return false;
|
||||
}
|
||||
// Authenticated
|
||||
if ($ldapauthstatus === true) {
|
||||
// Remove password to prevent it from being saved in the DB.
|
||||
// Otherwise, user may still be authenticated if LDAP is disabled later.
|
||||
$user_password = null;
|
||||
@fn_Debug('Authenticated', $user);
|
||||
} else {
|
||||
|
||||
// using PHP 5.5's password_verify() function to check if the provided passwords
|
||||
// fits to the hash of that user's password
|
||||
if (!isset($user->user_id)) {
|
||||
password_verify($user_password, 'dummy_call_against_timing');
|
||||
return false;
|
||||
} elseif (!password_verify($user_password, $user->password)) {
|
||||
return false;
|
||||
}
|
||||
} // not authenticated
|
||||
|
||||
$this->setUserLoggedIn($user->user_id, true);
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,11 @@
|
|||
role="tab" aria-controls="config-general" aria-selected="{% if general_active %}true{% else %}false{% endif %}">{{
|
||||
label_general }}</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link {{ auth_active }}" id="config-auth-tab" data-toggle="tab" href="#config-auth" role="tab"
|
||||
aria-controls="config-auth" aria-selected="{% if auth_active %}true{% else %}false{% endif %}">{{
|
||||
label_tab_auth }}</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link {{ email_active }}" id="config-email-tab" data-toggle="tab" href="#config-email" role="tab"
|
||||
aria-controls="config-email" aria-selected="{% if email_active %}true{% else %}false{% endif %}">{{
|
||||
|
|
@ -93,6 +98,43 @@
|
|||
{{ macro.button_save("general_submit", label_save) }}
|
||||
</fieldset>
|
||||
</div>
|
||||
<div class="tab-pane {{ auth_active }}" id="config-auth" role="tabpanel" aria-labelledby="config-auth-tab">
|
||||
<!-- Auth settings -->
|
||||
<fieldset>
|
||||
<legend>{{ label_settings_dirauth }}</legend>
|
||||
<!-- enable ldap -->
|
||||
{{ macro.input_checkbox("dirauth_status", "dirauth_status[]", label_dirauth_status, dirauth_status_checked) }}
|
||||
<!-- Directory host -->
|
||||
{{ macro.input_field("text", "authdir_host_locn", null, "authdir_host_locn", label_authdir_host_locn, authdir_host_locn, label_authdir_host_locn, "100") }}
|
||||
<!-- smtp security -->
|
||||
{{ macro.input_select("authdir_type", "authdir_type", label_authdir_type, authdir_type, authdir_type_selected, "authdir_type_help", label_authdir_type_description) }}
|
||||
<!-- Directory port -->
|
||||
{{ macro.input_field("text", "authdir_host_port", null, "authdir_host_port", label_authdir_host_port, authdir_host_port, label_authdir_host_port, "10") }}
|
||||
<!-- Active Directory domain -->
|
||||
{{ macro.input_field("text", "authdir_userdomain", null, "authdir_userdomain", label_authdir_userdomain, authdir_userdomain, label_authdir_userdomain, "100", "authdir_userdomain_help", label_authdir_userdomain_description) }}
|
||||
<!-- LDAP protecol version -->
|
||||
{{ macro.input_field("text", "authdir_ldapver", null, "authdir_ldapver", label_authdir_ldapver, authdir_ldapver, label_authdir_ldapver, "100", "authdir_ldapver_help", label_authdir_ldapver_description) }}
|
||||
<!-- Follow referrals -->
|
||||
{{ macro.input_checkbox("authdir_ldapfollowref", "authdir_ldapfollowref[]", label_authdir_ldapfollowref, authdir_ldapfollowref_checked, "authdir_ldapfollowref_help", label_authdir_ldapfollowref_description) }}
|
||||
<!-- Base DN* -->
|
||||
{{ macro.input_field("text", "authdir_basedn", null, "authdir_basedn", label_authdir_basedn, authdir_basedn, "dc=domain,dc=tld", "100", "authdir_basedn_help", label_authdir_basedn_description) }}
|
||||
<!-- Username attribute -->
|
||||
{{ macro.input_field("text", "authdir_usernameattrib", null, "authdir_usernameattrib", label_authdir_usernameattrib, authdir_usernameattrib, label_authdir_usernameattrib, "100", "authdir_usernameattrib_help", label_authdir_usernameattrib_description) }}
|
||||
<!-- Group name attribute -->
|
||||
{{ macro.input_field("text", "authdir_groupnameattrib", null, "authdir_groupnameattrib", label_authdir_groupnameattrib, authdir_groupnameattrib, label_authdir_groupnameattrib, "100", "authdir_groupnameattrib_help", label_authdir_groupnameattrib_description) }}
|
||||
<!-- Group member attribute -->
|
||||
{{ macro.input_field("text", "authdir_groupmemattrib", null, "authdir_groupmemattrib", label_authdir_groupmemattrib, authdir_groupmemattrib, label_authdir_groupmemattrib, "100", "authdir_groupmemattrib_help", label_authdir_groupmemattrib_description) }}
|
||||
<!-- User container RDN -->
|
||||
{{ macro.input_field("text", "authdir_usercontainerrdn", null, "authdir_usercontainerrdn", label_authdir_usercontainerrdn, authdir_usercontainerrdn, "ou=Users", "100", "authdir_usercontainerrdn_help", label_authdir_usercontainerrdn_description) }}
|
||||
<!-- Group container RDN -->
|
||||
{{ macro.input_field("text", "authdir_groupcontainerrdn", null, "authdir_groupcontainerrdn", label_authdir_groupcontainerrdn, authdir_groupcontainerrdn, "ou=Groups", "100", "authdir_groupcontainerrdn_help", label_authdir_groupcontainerrdn_description) }}
|
||||
<!-- Authorised directory group -->
|
||||
{{ macro.input_field("text", "authdir_groupname", null, "authdir_groupname", label_authdir_groupname, authdir_groupname, label_authdir_groupname, "100", "authdir_groupname_help", label_authdir_groupname_description) }}
|
||||
<!-- Default role -->
|
||||
{{ macro.input_select("authdir_defaultrole", "authdir_defaultrole", label_authdir_defaultrole, authdir_defaultroles, authdir_defaultrole_selected, "authdir_defaultrole_help", label_authdir_defaultrole_description) }}
|
||||
{{ macro.button_save("auth_submit", label_save) }}
|
||||
</fieldset>
|
||||
</div>
|
||||
<div class="tab-pane {{ email_active }}" id="config-email" role="tabpanel" aria-labelledby="config-email-tab">
|
||||
<fieldset>
|
||||
<legend>{{ label_settings_email }}</legend>
|
||||
|
|
|
|||
Loading…
Reference in New Issue