Rev 1288 | Rev 1305 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1288 | Rev 1293 | ||
|---|---|---|---|
| 1 | <?php |
1 | <?php |
| 2 | 2 | ||
| 3 | /* |
3 | /* |
| 4 | * OIDplus 2.0 |
4 | * OIDplus 2.0 |
| 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
| 6 | * |
6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | * you may not use this file except in compliance with the License. |
8 | * you may not use this file except in compliance with the License. |
| 9 | * You may obtain a copy of the License at |
9 | * You may obtain a copy of the License at |
| 10 | * |
10 | * |
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | * |
12 | * |
| 13 | * Unless required by applicable law or agreed to in writing, software |
13 | * Unless required by applicable law or agreed to in writing, software |
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | * See the License for the specific language governing permissions and |
16 | * See the License for the specific language governing permissions and |
| 17 | * limitations under the License. |
17 | * limitations under the License. |
| 18 | */ |
18 | */ |
| 19 | 19 | ||
| 20 | namespace ViaThinkSoft\OIDplus; |
20 | namespace ViaThinkSoft\OIDplus; |
| 21 | 21 | ||
| 22 | // phpcs:disable PSR1.Files.SideEffects |
22 | // phpcs:disable PSR1.Files.SideEffects |
| 23 | \defined('INSIDE_OIDPLUS') or die; |
23 | \defined('INSIDE_OIDPLUS') or die; |
| 24 | // phpcs:enable PSR1.Files.SideEffects |
24 | // phpcs:enable PSR1.Files.SideEffects |
| 25 | 25 | ||
| 26 | class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic |
26 | class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic |
| 27 | implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */ |
27 | implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */ |
| 28 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */ |
28 | INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */ |
| 29 | { |
29 | { |
| 30 | 30 | ||
| 31 | /** |
31 | /** |
| 32 | * @param OIDplusRA $ra |
32 | * @param OIDplusRA $ra |
| 33 | * @param array $ldap_userinfo |
33 | * @param array $ldap_userinfo |
| 34 | * @return void |
34 | * @return void |
| 35 | * @throws OIDplusException |
35 | * @throws OIDplusException |
| 36 | */ |
36 | */ |
| 37 | private function registerRA(OIDplusRA $ra, array $ldap_userinfo) { |
37 | private function registerRA(OIDplusRA $ra, array $ldap_userinfo) { |
| 38 | $email = $ra->raEmail(); |
38 | $email = $ra->raEmail(); |
| 39 | 39 | ||
| 40 | $ra->register_ra(null); // create a user account without password |
40 | $ra->register_ra(null); // create a user account without password |
| 41 | 41 | ||
| 42 | /* |
42 | /* |
| 43 | OIDplus DB Field ActiveDirectory field |
43 | OIDplus DB Field ActiveDirectory field |
| 44 | ------------------------------------------------ |
44 | ------------------------------------------------ |
| 45 | ra_name cn |
45 | ra_name cn |
| 46 | personal_name displayname (or: givenname + " " + sn) |
46 | personal_name displayname (or: givenname + " " + sn) |
| 47 | organization company |
47 | organization company |
| 48 | office physicaldeliveryofficename or department |
48 | office physicaldeliveryofficename or department |
| 49 | street streetaddress |
49 | street streetaddress |
| 50 | zip_town postalcode + " " + l |
50 | zip_town postalcode + " " + l |
| 51 | country co (human-readable) or c (ISO country code) |
51 | country co (human-readable) or c (ISO country code) |
| 52 | phone telephonenumber or homephone |
52 | phone telephonenumber or homephone |
| 53 | mobile mobile |
53 | mobile mobile |
| 54 | fax facsimiletelephonenumber |
54 | fax facsimiletelephonenumber |
| 55 | (none) wwwhomepage |
55 | (none) wwwhomepage |
| 56 | */ |
56 | */ |
| 57 | 57 | ||
| 58 | $opuserdata = array(); |
58 | $opuserdata = array(); |
| 59 | $opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn'); |
59 | $opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn'); |
| 60 | if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) { |
60 | if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) { |
| 61 | $opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname'); |
61 | $opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname'); |
| 62 | } else { |
62 | } else { |
| 63 | $opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn')); |
63 | $opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn')); |
| 64 | } |
64 | } |
| 65 | $opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company'); |
65 | $opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company'); |
| 66 | if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) { |
66 | if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) { |
| 67 | $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'); |
67 | $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'); |
| 68 | } else { |
68 | } else { |
| 69 | $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department'); |
69 | $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department'); |
| 70 | } |
70 | } |
| 71 | $opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress'); |
71 | $opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress'); |
| 72 | $opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l')); |
72 | $opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l')); |
| 73 | $opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c') |
73 | $opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c') |
| 74 | $opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number |
74 | $opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number |
| 75 | $opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile'); |
75 | $opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile'); |
| 76 | $opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber'); |
76 | $opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber'); |
| 77 | 77 | ||
| 78 | foreach ($opuserdata as $dbfield => $val) { |
78 | foreach ($opuserdata as $dbfield => $val) { |
| 79 | if (!empty($val)) { |
79 | if (!empty($val)) { |
| 80 | OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email)); |
80 | OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email)); |
| 81 | } |
81 | } |
| 82 | } |
82 | } |
| 83 | } |
83 | } |
| 84 | 84 | ||
| 85 | /** |
85 | /** |
| 86 | * @param bool $remember_me |
86 | * @param bool $remember_me |
| 87 | * @param string $email |
87 | * @param string $email |
| 88 | * @param array $ldap_userinfo |
88 | * @param array $ldap_userinfo |
| 89 | * @return void |
89 | * @return void |
| 90 | * @throws OIDplusException |
90 | * @throws OIDplusException |
| 91 | */ |
91 | */ |
| 92 | private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) { |
92 | private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) { |
| 93 | $ra = new OIDplusRA($email); |
93 | $ra = new OIDplusRA($email); |
| 94 | if (!$ra->existing()) { |
94 | if (!$ra->existing()) { |
| 95 | $this->registerRA($ra, $ldap_userinfo); |
95 | $this->registerRA($ra, $ldap_userinfo); |
| 96 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' was created because of successful LDAP login", $email); |
96 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' was created because of successful LDAP login", $email); |
| 97 | } |
97 | } |
| 98 | 98 | ||
| 99 | OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP'); |
99 | OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP'); |
| 100 | 100 | ||
| 101 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
101 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
| 102 | } |
102 | } |
| 103 | 103 | ||
| 104 | /** |
104 | /** |
| 105 | * @param string $upn |
105 | * @param string $upn |
| 106 | * @return int |
106 | * @return int |
| 107 | * @throws OIDplusException |
107 | * @throws OIDplusException |
| 108 | */ |
108 | */ |
| 109 | private function getDomainNumber(string $upn): int { |
109 | private function getDomainNumber(string $upn): int { |
| 110 | $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1); |
110 | $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1); |
| 111 | for ($i=1; $i<=$numDomains; $i++) { |
111 | for ($i=1; $i<=$numDomains; $i++) { |
| 112 | $cfgSuffix = $i == 1 ? '' : "__$i"; |
112 | $cfgSuffix = $i == 1 ? '' : "__$i"; |
| 113 | $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, ''); |
113 | $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, ''); |
| 114 | if (str_ends_with($upn, $upnSuffix)) return $i; |
114 | if (str_ends_with($upn, $upnSuffix)) return $i; |
| 115 | } |
115 | } |
| 116 | return -1; |
116 | return -1; |
| 117 | } |
117 | } |
| 118 | 118 | ||
| 119 | /** |
119 | /** |
| 120 | * @param string $actionID |
- | |
| 121 | * @param array $params |
120 | * @param array $params |
| 122 | * @return array |
121 | * @return array |
| 123 | * @throws OIDplusConfigInitializationException |
122 | * @throws OIDplusConfigInitializationException |
| 124 | * @throws OIDplusException |
123 | * @throws OIDplusException |
| 125 | */ |
124 | */ |
| 126 | public function action(string $actionID, array $params): array { |
125 | private function action_Login(array $params): array { |
| 127 | if ($actionID == 'ra_login_ldap') { |
- | |
| 128 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
126 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| 129 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
127 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
| 130 | } |
128 | } |
| 131 | 129 | ||
| 132 | if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
130 | if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
| 133 | 131 | ||
| 134 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
132 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| 135 | 133 | ||
| 136 | _CheckParamExists($params, 'email'); |
134 | _CheckParamExists($params, 'email'); |
| 137 | _CheckParamExists($params, 'password'); |
135 | _CheckParamExists($params, 'password'); |
| 138 | 136 | ||
| 139 | $upn = $params['email']; |
137 | $upn = $params['email']; |
| 140 | $password = $params['password']; |
138 | $password = $params['password']; |
| 141 | 139 | ||
| 142 | $domainNumber = $this->getDomainNumber($upn); |
140 | $domainNumber = $this->getDomainNumber($upn); |
| 143 | if ($domainNumber <= 0) { |
141 | if ($domainNumber <= 0) { |
| 144 | throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
142 | throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
| 145 | } |
143 | } |
| 146 | $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
144 | $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
| 147 | 145 | ||
| 148 | if (empty($upn)) { |
146 | if (empty($upn)) { |
| 149 | throw new OIDplusException(_L('Please enter a valid username')); |
147 | throw new OIDplusException(_L('Please enter a valid username')); |
| 150 | } |
148 | } |
| 151 | 149 | ||
| 152 | $ldap = new \VtsLDAPUtils(); |
150 | $ldap = new \VtsLDAPUtils(); |
| 153 | 151 | ||
| 154 | try { |
152 | try { |
| 155 | 153 | ||
| 156 | $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
154 | $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
| 157 | $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
155 | $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
| 158 | $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
156 | $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
| 159 | 157 | ||
| 160 | // Note: Will throw an Exception if connect fails |
158 | // Note: Will throw an Exception if connect fails |
| 161 | $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
159 | $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
| 162 | 160 | ||
| 163 | if (!$ldap->login($upn, $password)) { |
161 | if (!$ldap->login($upn, $password)) { |
| 164 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
162 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| 165 | OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
163 | OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
| 166 | } |
164 | } |
| 167 | throw new OIDplusException(_L('Wrong password or user not registered')); |
165 | throw new OIDplusException(_L('Wrong password or user not registered')); |
| 168 | } |
166 | } |
| 169 | 167 | ||
| 170 | $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
168 | $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
| 171 | 169 | ||
| 172 | if (!$ldap_userinfo) { |
170 | if (!$ldap_userinfo) { |
| 173 | throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
171 | throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
| 174 | } |
172 | } |
| 175 | 173 | ||
| 176 | $foundSomething = false; |
174 | $foundSomething = false; |
| 177 | 175 | ||
| 178 | // --- |
176 | // --- |
| 179 | 177 | ||
| 180 | $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
178 | $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
| 181 | if (!empty($cfgAdminGroup)) { |
179 | if (!empty($cfgAdminGroup)) { |
| 182 | $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
180 | $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
| 183 | } else { |
181 | } else { |
| 184 | $isAdmin = false; |
182 | $isAdmin = false; |
| 185 | } |
183 | } |
| 186 | if ($isAdmin) { |
184 | if ($isAdmin) { |
| 187 | $foundSomething = true; |
185 | $foundSomething = true; |
| 188 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
186 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| 189 | OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
187 | OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
| 190 | } |
188 | } |
| 191 | 189 | ||
| 192 | // --- |
190 | // --- |
| 193 | 191 | ||
| 194 | $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
192 | $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
| 195 | if (!empty($cfgRaGroup)) { |
193 | if (!empty($cfgRaGroup)) { |
| 196 | $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
194 | $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
| 197 | } else { |
195 | } else { |
| 198 | $isRA = true; |
196 | $isRA = true; |
| 199 | } |
197 | } |
| 200 | if ($isRA) { |
198 | if ($isRA) { |
| 201 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
199 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
| 202 | $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
200 | $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
| 203 | $foundSomething = true; |
201 | $foundSomething = true; |
| 204 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
202 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| 205 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
203 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
| 206 | } |
204 | } |
| 207 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
205 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
| 208 | $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
206 | $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
| 209 | foreach ($mails as $mail) { |
207 | foreach ($mails as $mail) { |
| 210 | $foundSomething = true; |
208 | $foundSomething = true; |
| 211 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
209 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| 212 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
210 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
| 213 | } |
211 | } |
| 214 | } |
212 | } |
| 215 | } |
213 | } |
| 216 | 214 | ||
| 217 | } finally { |
215 | } finally { |
| 218 | $ldap->disconnect(); |
216 | $ldap->disconnect(); |
| 219 | $ldap = null; |
217 | $ldap = null; |
| 220 | } |
218 | } |
| 221 | 219 | ||
| 222 | if (!$foundSomething) { |
220 | if (!$foundSomething) { |
| 223 | throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
221 | throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
| 224 | } |
222 | } |
| 225 | 223 | ||
| 226 | return array("status" => 0); |
224 | return array("status" => 0); |
| - | 225 | } |
|
| - | 226 | ||
| - | 227 | /** |
|
| - | 228 | * @param string $actionID |
|
| - | 229 | * @param array $params |
|
| - | 230 | * @return array |
|
| - | 231 | * @throws OIDplusConfigInitializationException |
|
| - | 232 | * @throws OIDplusException |
|
| - | 233 | */ |
|
| - | 234 | public function action(string $actionID, array $params): array { |
|
| - | 235 | if ($actionID == 'ra_login_ldap') { |
|
| - | 236 | return $this->action_Login($params); |
|
| 227 | } else { |
237 | } else { |
| 228 | return parent::action($actionID, $params); |
238 | return parent::action($actionID, $params); |
| 229 | } |
239 | } |
| 230 | } |
240 | } |
| 231 | 241 | ||
| 232 | /** |
242 | /** |
| 233 | * @param bool $html |
243 | * @param bool $html |
| 234 | * @return void |
244 | * @return void |
| 235 | */ |
245 | */ |
| 236 | public function init(bool $html=true) { |
246 | public function init(bool $html=true) { |
| 237 | // Nothing |
247 | // Nothing |
| 238 | } |
248 | } |
| 239 | 249 | ||
| 240 | /** |
250 | /** |
| 241 | * @param string $id |
251 | * @param string $id |
| 242 | * @param array $out |
252 | * @param array $out |
| 243 | * @param bool $handled |
253 | * @param bool $handled |
| 244 | * @return void |
254 | * @return void |
| 245 | * @throws OIDplusException |
255 | * @throws OIDplusException |
| 246 | */ |
256 | */ |
| 247 | public function gui(string $id, array &$out, bool &$handled) { |
257 | public function gui(string $id, array &$out, bool &$handled) { |
| 248 | if ($id === 'oidplus:login_ldap') { |
258 | if ($id === 'oidplus:login_ldap') { |
| 249 | $handled = true; |
259 | $handled = true; |
| 250 | $out['title'] = _L('Login using LDAP / ActiveDirectory'); |
260 | $out['title'] = _L('Login using LDAP / ActiveDirectory'); |
| 251 | $out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png'; |
261 | $out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png'; |
| 252 | 262 | ||
| 253 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
263 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| 254 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.'), $out['title']); |
264 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.'), $out['title']); |
| 255 | } |
265 | } |
| 256 | 266 | ||
| 257 | if (!function_exists('ldap_connect')) { |
267 | if (!function_exists('ldap_connect')) { |
| 258 | throw new OIDplusException(_L('PHP extension "%1" not installed','LDAP'), $out['title']); |
268 | throw new OIDplusException(_L('PHP extension "%1" not installed','LDAP'), $out['title']); |
| 259 | } |
269 | } |
| 260 | 270 | ||
| 261 | $out['text'] = '<noscript>'; |
271 | $out['text'] = '<noscript>'; |
| 262 | $out['text'] .= '<p><font color="red">'._L('You need to enable JavaScript to use the login area.').'</font></p>'; |
272 | $out['text'] .= '<p><font color="red">'._L('You need to enable JavaScript to use the login area.').'</font></p>'; |
| 263 | $out['text'] .= '</noscript>'; |
273 | $out['text'] .= '</noscript>'; |
| 264 | 274 | ||
| 265 | $out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">'; |
275 | $out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">'; |
| 266 | 276 | ||
| 267 | $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA')); |
277 | $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA')); |
| 268 | $out['text'] .= '<br>'; |
278 | $out['text'] .= '<br>'; |
| 269 | 279 | ||
| 270 | $out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>'; |
280 | $out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>'; |
| 271 | 281 | ||
| 272 | $out['text'] .= '<h2>'._L('Login as RA').'</h2>'; |
282 | $out['text'] .= '<h2>'._L('Login as RA').'</h2>'; |
| 273 | 283 | ||
| 274 | $login_list = OIDplus::authUtils()->loggedInRaList(); |
284 | $login_list = OIDplus::authUtils()->loggedInRaList(); |
| 275 | if (count($login_list) > 0) { |
285 | if (count($login_list) > 0) { |
| 276 | foreach ($login_list as $x) { |
286 | foreach ($login_list as $x) { |
| 277 | $out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>'; |
287 | $out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>'; |
| 278 | } |
288 | } |
| 279 | $out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>'; |
289 | $out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>'; |
| 280 | } else { |
290 | } else { |
| 281 | $out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>'; |
291 | $out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>'; |
| 282 | } |
292 | } |
| 283 | $out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">'; |
293 | $out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">'; |
| 284 | $out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">'; |
294 | $out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">'; |
| 285 | $out['text'] .= ' '; |
295 | $out['text'] .= ' '; |
| 286 | $out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">'; |
296 | $out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">'; |
| 287 | 297 | ||
| 288 | $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1); |
298 | $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1); |
| 289 | for ($i=1; $i<=$numDomains; $i++) { |
299 | for ($i=1; $i<=$numDomains; $i++) { |
| 290 | $cfgSuffix = $i == 1 ? '' : "__$i"; |
300 | $cfgSuffix = $i == 1 ? '' : "__$i"; |
| 291 | $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, ''); |
301 | $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, ''); |
| 292 | if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix)); |
302 | if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix)); |
| 293 | $out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>'; |
303 | $out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>'; |
| 294 | } |
304 | } |
| 295 | 305 | ||
| 296 | $out['text'] .= '</select>'; |
306 | $out['text'] .= '</select>'; |
| 297 | $out['text'] .= '</div>'; |
307 | $out['text'] .= '</div>'; |
| 298 | $out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>'; |
308 | $out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>'; |
| 299 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
309 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
| 300 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
310 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
| 301 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
311 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
| 302 | $att = 'disabled checked'; |
312 | $att = 'disabled checked'; |
| 303 | } else { |
313 | } else { |
| 304 | $att = 'disabled'; |
314 | $att = 'disabled'; |
| 305 | } |
315 | } |
| 306 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
316 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
| 307 | $att = 'disabled'; |
317 | $att = 'disabled'; |
| 308 | } else { |
318 | } else { |
| 309 | $att = ''; |
319 | $att = ''; |
| 310 | } |
320 | } |
| 311 | $out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>'; |
321 | $out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>'; |
| 312 | } |
322 | } |
| 313 | $out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
323 | $out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
| 314 | $out['text'] .= '</form>'; |
324 | $out['text'] .= '</form>'; |
| 315 | 325 | ||
| 316 | $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite |
326 | $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite |
| 317 | $out['text'] .= '<p><b>'._L('How to register?').'</b> '._L('You don\'t need to register. Just enter your Windows/Company credentials.').'</p>'; |
327 | $out['text'] .= '<p><b>'._L('How to register?').'</b> '._L('You don\'t need to register. Just enter your Windows/Company credentials.').'</p>'; |
| 318 | 328 | ||
| 319 | $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60); |
329 | $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60); |
| 320 | $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins); |
330 | $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins); |
| 321 | $privacy_document_file = 'OIDplus/privacy_documentation.html'; |
331 | $privacy_document_file = 'OIDplus/privacy_documentation.html'; |
| 322 | $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources |
332 | $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources |
| 323 | if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) { |
333 | if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) { |
| 324 | $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>'; |
334 | $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>'; |
| 325 | } |
335 | } |
| 326 | $out['text'] .= '</font></p></div>'; |
336 | $out['text'] .= '</font></p></div>'; |
| 327 | 337 | ||
| 328 | $out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>'; |
338 | $out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>'; |
| 329 | } |
339 | } |
| 330 | } |
340 | } |
| 331 | 341 | ||
| 332 | /** |
342 | /** |
| 333 | * @param array $out |
343 | * @param array $out |
| 334 | * @return void |
344 | * @return void |
| 335 | */ |
345 | */ |
| 336 | public function publicSitemap(array &$out) { |
346 | public function publicSitemap(array &$out) { |
| 337 | $out[] = 'oidplus:login_ldap'; |
347 | $out[] = 'oidplus:login_ldap'; |
| 338 | } |
348 | } |
| 339 | 349 | ||
| 340 | /** |
350 | /** |
| 341 | * @param array $json |
351 | * @param array $json |
| 342 | * @param string|null $ra_email |
352 | * @param string|null $ra_email |
| 343 | * @param bool $nonjs |
353 | * @param bool $nonjs |
| 344 | * @param string $req_goto |
354 | * @param string $req_goto |
| 345 | * @return bool |
355 | * @return bool |
| 346 | */ |
356 | */ |
| 347 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
357 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
| 348 | return true; |
358 | return true; |
| 349 | } |
359 | } |
| 350 | 360 | ||
| 351 | /** |
361 | /** |
| 352 | * @param string $request |
362 | * @param string $request |
| 353 | * @return array|false |
363 | * @return array|false |
| 354 | */ |
364 | */ |
| 355 | public function tree_search(string $request) { |
365 | public function tree_search(string $request) { |
| 356 | return false; |
366 | return false; |
| 357 | } |
367 | } |
| 358 | 368 | ||
| 359 | /** |
369 | /** |
| 360 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5 |
370 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5 |
| 361 | * @return array |
371 | * @return array |
| 362 | * @throws OIDplusException |
372 | * @throws OIDplusException |
| 363 | */ |
373 | */ |
| 364 | public function alternativeLoginMethods(): array { |
374 | public function alternativeLoginMethods(): array { |
| 365 | $logins = array(); |
375 | $logins = array(); |
| 366 | if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
376 | if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| 367 | $logins[] = array( |
377 | $logins[] = array( |
| 368 | 'oidplus:login_ldap', |
378 | 'oidplus:login_ldap', |
| 369 | _L('Login using LDAP / ActiveDirectory'), |
379 | _L('Login using LDAP / ActiveDirectory'), |
| 370 | OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png' |
380 | OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png' |
| 371 | ); |
381 | ); |
| 372 | } |
382 | } |
| 373 | return $logins; |
383 | return $logins; |
| 374 | } |
384 | } |
| 375 | 385 | ||
| 376 | /** |
386 | /** |
| 377 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 |
387 | * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 |
| 378 | * @param string|null $user |
388 | * @param string|null $user |
| 379 | * @return array |
389 | * @return array |
| 380 | * @throws OIDplusException |
390 | * @throws OIDplusException |
| 381 | */ |
391 | */ |
| 382 | public function getNotifications(string $user=null): array { |
392 | public function getNotifications(string $user=null): array { |
| 383 | $notifications = array(); |
393 | $notifications = array(); |
| 384 | if ((!$user || ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) { |
394 | if ((!$user || ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) { |
| 385 | if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
395 | if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| 386 | if (!function_exists('ldap_connect')) { |
396 | if (!function_exists('ldap_connect')) { |
| 387 | $title = _L('LDAP Login'); |
397 | $title = _L('LDAP Login'); |
| 388 | $notifications[] = new OIDplusNotification('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap')); |
398 | $notifications[] = new OIDplusNotification('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap')); |
| 389 | } |
399 | } |
| 390 | } |
400 | } |
| 391 | } |
401 | } |
| 392 | return $notifications; |
402 | return $notifications; |
| 393 | } |
403 | } |
| 394 | 404 | ||
| 395 | } |
405 | } |
| 396 | 406 | ||