Added LDAP auth code
This commit is contained in:
parent
ccee842d09
commit
2844d6e131
|
@ -18,8 +18,8 @@
|
||||||
"php-pushover/php-pushover": "dev-master",
|
"php-pushover/php-pushover": "dev-master",
|
||||||
"paragonie/random_compat": "^2.0",
|
"paragonie/random_compat": "^2.0",
|
||||||
"twig/twig": "~1.35",
|
"twig/twig": "~1.35",
|
||||||
"jaxl/jaxl": "^3.1",
|
"jaxl/jaxl": "^3.1",
|
||||||
"viharm/psm-ldap-auth": "^1.1"
|
"viharm/psm-ldap-auth": "^1.1"
|
||||||
},
|
},
|
||||||
"autoload": {
|
"autoload": {
|
||||||
"files": [
|
"files": [
|
||||||
|
|
|
@ -230,20 +230,51 @@ class User
|
||||||
{
|
{
|
||||||
$user_name = trim($user_name);
|
$user_name = trim($user_name);
|
||||||
$user_password = trim($user_password);
|
$user_password = trim($user_password);
|
||||||
|
$ldapauthstatus = false;
|
||||||
|
|
||||||
if (empty($user_name) && empty($user_password)) {
|
if (empty($user_name) && empty($user_password)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$dirauthconfig = psm_get_conf('dirauth_status');
|
||||||
|
|
||||||
|
// LDAP auth enabled
|
||||||
|
if ($dirauthconfig === '1') {
|
||||||
|
$ldaplibpath = realpath(
|
||||||
|
PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR .
|
||||||
|
'vendor' . DIRECTORY_SEPARATOR .
|
||||||
|
'viharm' . DIRECTORY_SEPARATOR .
|
||||||
|
'psm-ldap-auth' . DIRECTORY_SEPARATOR .
|
||||||
|
'psmldapauth.php'
|
||||||
|
);
|
||||||
|
// If the library is found
|
||||||
|
if ($ldaplibpath) {
|
||||||
|
// Delegate the authentication to the PsmLDAPauth module.
|
||||||
|
// If LDAP auth fails or if library not found, fall back to native auth
|
||||||
|
include_once($ldaplibpath);
|
||||||
|
$ldapauthstatus = psmldapauth($user_name, $user_password, $GLOBALS['sm_config'], $this->db_connection);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$user = $this->getUserByUsername($user_name);
|
$user = $this->getUserByUsername($user_name);
|
||||||
|
|
||||||
// using PHP 5.5's password_verify() function to check if the provided passwords
|
// Authenticated
|
||||||
// fits to the hash of that user's password
|
if ($ldapauthstatus === true) {
|
||||||
if (!isset($user->user_id)) {
|
// Remove password to prevent it from being saved in the DB.
|
||||||
password_verify($user_password, 'dummy_call_against_timing');
|
// Otherwise, user may still be authenticated if LDAP is disabled later.
|
||||||
return false;
|
$user_password = null;
|
||||||
} elseif (!password_verify($user_password, $user->password)) {
|
@fn_Debug('Authenticated', $user);
|
||||||
return false;
|
} else {
|
||||||
}
|
|
||||||
|
// using PHP 5.5's password_verify() function to check if the provided passwords
|
||||||
|
// fits to the hash of that user's password
|
||||||
|
if (!isset($user->user_id)) {
|
||||||
|
password_verify($user_password, 'dummy_call_against_timing');
|
||||||
|
return false;
|
||||||
|
} elseif (!password_verify($user_password, $user->password)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} // not authenticated
|
||||||
|
|
||||||
$this->setUserLoggedIn($user->user_id, true);
|
$this->setUserLoggedIn($user->user_id, true);
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,11 @@
|
||||||
role="tab" aria-controls="config-general" aria-selected="{% if general_active %}true{% else %}false{% endif %}">{{
|
role="tab" aria-controls="config-general" aria-selected="{% if general_active %}true{% else %}false{% endif %}">{{
|
||||||
label_general }}</a>
|
label_general }}</a>
|
||||||
</li>
|
</li>
|
||||||
|
<li class="nav-item">
|
||||||
|
<a class="nav-link {{ auth_active }}" id="config-auth-tab" data-toggle="tab" href="#config-auth" role="tab"
|
||||||
|
aria-controls="config-auth" aria-selected="{% if auth_active %}true{% else %}false{% endif %}">{{
|
||||||
|
label_tab_auth }}</a>
|
||||||
|
</li>
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a class="nav-link {{ email_active }}" id="config-email-tab" data-toggle="tab" href="#config-email" role="tab"
|
<a class="nav-link {{ email_active }}" id="config-email-tab" data-toggle="tab" href="#config-email" role="tab"
|
||||||
aria-controls="config-email" aria-selected="{% if email_active %}true{% else %}false{% endif %}">{{
|
aria-controls="config-email" aria-selected="{% if email_active %}true{% else %}false{% endif %}">{{
|
||||||
|
@ -93,6 +98,43 @@
|
||||||
{{ macro.button_save("general_submit", label_save) }}
|
{{ macro.button_save("general_submit", label_save) }}
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="tab-pane {{ auth_active }}" id="config-auth" role="tabpanel" aria-labelledby="config-auth-tab">
|
||||||
|
<!-- Auth settings -->
|
||||||
|
<fieldset>
|
||||||
|
<legend>{{ label_settings_dirauth }}</legend>
|
||||||
|
<!-- enable ldap -->
|
||||||
|
{{ macro.input_checkbox("dirauth_status", "dirauth_status[]", label_dirauth_status, dirauth_status_checked) }}
|
||||||
|
<!-- Directory host -->
|
||||||
|
{{ macro.input_field("text", "authdir_host_locn", null, "authdir_host_locn", label_authdir_host_locn, authdir_host_locn, label_authdir_host_locn, "100") }}
|
||||||
|
<!-- smtp security -->
|
||||||
|
{{ macro.input_select("authdir_type", "authdir_type", label_authdir_type, authdir_type, authdir_type_selected, "authdir_type_help", label_authdir_type_description) }}
|
||||||
|
<!-- Directory port -->
|
||||||
|
{{ macro.input_field("text", "authdir_host_port", null, "authdir_host_port", label_authdir_host_port, authdir_host_port, label_authdir_host_port, "10") }}
|
||||||
|
<!-- Active Directory domain -->
|
||||||
|
{{ macro.input_field("text", "authdir_userdomain", null, "authdir_userdomain", label_authdir_userdomain, authdir_userdomain, label_authdir_userdomain, "100", "authdir_userdomain_help", label_authdir_userdomain_description) }}
|
||||||
|
<!-- LDAP protecol version -->
|
||||||
|
{{ macro.input_field("text", "authdir_ldapver", null, "authdir_ldapver", label_authdir_ldapver, authdir_ldapver, label_authdir_ldapver, "100", "authdir_ldapver_help", label_authdir_ldapver_description) }}
|
||||||
|
<!-- Follow referrals -->
|
||||||
|
{{ macro.input_checkbox("authdir_ldapfollowref", "authdir_ldapfollowref[]", label_authdir_ldapfollowref, authdir_ldapfollowref_checked, "authdir_ldapfollowref_help", label_authdir_ldapfollowref_description) }}
|
||||||
|
<!-- Base DN* -->
|
||||||
|
{{ macro.input_field("text", "authdir_basedn", null, "authdir_basedn", label_authdir_basedn, authdir_basedn, "dc=domain,dc=tld", "100", "authdir_basedn_help", label_authdir_basedn_description) }}
|
||||||
|
<!-- Username attribute -->
|
||||||
|
{{ macro.input_field("text", "authdir_usernameattrib", null, "authdir_usernameattrib", label_authdir_usernameattrib, authdir_usernameattrib, label_authdir_usernameattrib, "100", "authdir_usernameattrib_help", label_authdir_usernameattrib_description) }}
|
||||||
|
<!-- Group name attribute -->
|
||||||
|
{{ macro.input_field("text", "authdir_groupnameattrib", null, "authdir_groupnameattrib", label_authdir_groupnameattrib, authdir_groupnameattrib, label_authdir_groupnameattrib, "100", "authdir_groupnameattrib_help", label_authdir_groupnameattrib_description) }}
|
||||||
|
<!-- Group member attribute -->
|
||||||
|
{{ macro.input_field("text", "authdir_groupmemattrib", null, "authdir_groupmemattrib", label_authdir_groupmemattrib, authdir_groupmemattrib, label_authdir_groupmemattrib, "100", "authdir_groupmemattrib_help", label_authdir_groupmemattrib_description) }}
|
||||||
|
<!-- User container RDN -->
|
||||||
|
{{ macro.input_field("text", "authdir_usercontainerrdn", null, "authdir_usercontainerrdn", label_authdir_usercontainerrdn, authdir_usercontainerrdn, "ou=Users", "100", "authdir_usercontainerrdn_help", label_authdir_usercontainerrdn_description) }}
|
||||||
|
<!-- Group container RDN -->
|
||||||
|
{{ macro.input_field("text", "authdir_groupcontainerrdn", null, "authdir_groupcontainerrdn", label_authdir_groupcontainerrdn, authdir_groupcontainerrdn, "ou=Groups", "100", "authdir_groupcontainerrdn_help", label_authdir_groupcontainerrdn_description) }}
|
||||||
|
<!-- Authorised directory group -->
|
||||||
|
{{ macro.input_field("text", "authdir_groupname", null, "authdir_groupname", label_authdir_groupname, authdir_groupname, label_authdir_groupname, "100", "authdir_groupname_help", label_authdir_groupname_description) }}
|
||||||
|
<!-- Default role -->
|
||||||
|
{{ macro.input_select("authdir_defaultrole", "authdir_defaultrole", label_authdir_defaultrole, authdir_defaultroles, authdir_defaultrole_selected, "authdir_defaultrole_help", label_authdir_defaultrole_description) }}
|
||||||
|
{{ macro.button_save("auth_submit", label_save) }}
|
||||||
|
</fieldset>
|
||||||
|
</div>
|
||||||
<div class="tab-pane {{ email_active }}" id="config-email" role="tabpanel" aria-labelledby="config-email-tab">
|
<div class="tab-pane {{ email_active }}" id="config-email" role="tabpanel" aria-labelledby="config-email-tab">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>{{ label_settings_email }}</legend>
|
<legend>{{ label_settings_email }}</legend>
|
||||||
|
|
Loading…
Reference in New Issue