Rev 1288 | Rev 1305 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1288 | Rev 1293 | ||
---|---|---|---|
Line 115... | Line 115... | ||
115 | } |
115 | } |
116 | return -1; |
116 | return -1; |
117 | } |
117 | } |
118 | 118 | ||
119 | /** |
119 | /** |
120 | * @param string $actionID |
- | |
121 | * @param array $params |
120 | * @param array $params |
122 | * @return array |
121 | * @return array |
123 | * @throws OIDplusConfigInitializationException |
122 | * @throws OIDplusConfigInitializationException |
124 | * @throws OIDplusException |
123 | * @throws OIDplusException |
125 | */ |
124 | */ |
126 | public function action(string $actionID, array $params): array { |
125 | private function action_Login(array $params): array { |
127 | if ($actionID == 'ra_login_ldap') { |
- | |
128 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
126 | if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
129 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
127 | throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
130 | } |
128 | } |
131 | 129 | ||
132 | if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
130 | if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
133 | 131 | ||
134 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
132 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
135 | 133 | ||
136 | _CheckParamExists($params, 'email'); |
134 | _CheckParamExists($params, 'email'); |
137 | _CheckParamExists($params, 'password'); |
135 | _CheckParamExists($params, 'password'); |
138 | 136 | ||
139 | $upn = $params['email']; |
137 | $upn = $params['email']; |
140 | $password = $params['password']; |
138 | $password = $params['password']; |
141 | 139 | ||
142 | $domainNumber = $this->getDomainNumber($upn); |
140 | $domainNumber = $this->getDomainNumber($upn); |
143 | if ($domainNumber <= 0) { |
141 | if ($domainNumber <= 0) { |
144 | throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
142 | throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
145 | } |
143 | } |
146 | $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
144 | $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
147 | 145 | ||
148 | if (empty($upn)) { |
146 | if (empty($upn)) { |
149 | throw new OIDplusException(_L('Please enter a valid username')); |
147 | throw new OIDplusException(_L('Please enter a valid username')); |
150 | } |
148 | } |
151 | 149 | ||
152 | $ldap = new \VtsLDAPUtils(); |
150 | $ldap = new \VtsLDAPUtils(); |
153 | 151 | ||
154 | try { |
152 | try { |
155 | 153 | ||
156 | $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
154 | $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
157 | $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
155 | $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
158 | $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
156 | $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
159 | 157 | ||
160 | // Note: Will throw an Exception if connect fails |
158 | // Note: Will throw an Exception if connect fails |
161 | $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
159 | $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
162 | 160 | ||
163 | if (!$ldap->login($upn, $password)) { |
161 | if (!$ldap->login($upn, $password)) { |
164 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
162 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
165 | OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
163 | OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
166 | } |
- | |
167 | throw new OIDplusException(_L('Wrong password or user not registered')); |
- | |
168 | } |
164 | } |
- | 165 | throw new OIDplusException(_L('Wrong password or user not registered')); |
|
- | 166 | } |
|
169 | 167 | ||
170 | $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
168 | $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
171 | 169 | ||
172 | if (!$ldap_userinfo) { |
170 | if (!$ldap_userinfo) { |
173 | throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
171 | throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
174 | } |
172 | } |
175 | 173 | ||
176 | $foundSomething = false; |
174 | $foundSomething = false; |
177 | 175 | ||
178 | // --- |
176 | // --- |
179 | 177 | ||
180 | $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
178 | $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
181 | if (!empty($cfgAdminGroup)) { |
179 | if (!empty($cfgAdminGroup)) { |
182 | $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
180 | $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
183 | } else { |
181 | } else { |
184 | $isAdmin = false; |
182 | $isAdmin = false; |
185 | } |
183 | } |
186 | if ($isAdmin) { |
184 | if ($isAdmin) { |
187 | $foundSomething = true; |
185 | $foundSomething = true; |
188 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
186 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
189 | OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
187 | OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
190 | } |
188 | } |
191 | 189 | ||
192 | // --- |
190 | // --- |
193 | 191 | ||
194 | $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
192 | $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
195 | if (!empty($cfgRaGroup)) { |
193 | if (!empty($cfgRaGroup)) { |
196 | $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
194 | $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
197 | } else { |
195 | } else { |
198 | $isRA = true; |
196 | $isRA = true; |
- | 197 | } |
|
- | 198 | if ($isRA) { |
|
- | 199 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
|
- | 200 | $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
|
- | 201 | $foundSomething = true; |
|
- | 202 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
|
- | 203 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
|
199 | } |
204 | } |
200 | if ($isRA) { |
- | |
201 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
205 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
202 | $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
206 | $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
- | 207 | foreach ($mails as $mail) { |
|
203 | $foundSomething = true; |
208 | $foundSomething = true; |
204 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
209 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
205 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
210 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
206 | } |
211 | } |
207 | if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
- | |
208 | $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
- | |
209 | foreach ($mails as $mail) { |
- | |
210 | $foundSomething = true; |
- | |
211 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
- | |
212 | $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
- | |
213 | } |
- | |
214 | } |
- | |
215 | } |
212 | } |
216 | - | ||
217 | } finally { |
- | |
218 | $ldap->disconnect(); |
- | |
219 | $ldap = null; |
- | |
220 | } |
213 | } |
221 | 214 | ||
- | 215 | } finally { |
|
- | 216 | $ldap->disconnect(); |
|
- | 217 | $ldap = null; |
|
- | 218 | } |
|
- | 219 | ||
222 | if (!$foundSomething) { |
220 | if (!$foundSomething) { |
223 | throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
221 | throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
224 | } |
222 | } |
- | 223 | ||
- | 224 | return array("status" => 0); |
|
- | 225 | } |
|
225 | 226 | ||
- | 227 | /** |
|
- | 228 | * @param string $actionID |
|
- | 229 | * @param array $params |
|
- | 230 | * @return array |
|
- | 231 | * @throws OIDplusConfigInitializationException |
|
- | 232 | * @throws OIDplusException |
|
- | 233 | */ |
|
- | 234 | public function action(string $actionID, array $params): array { |
|
- | 235 | if ($actionID == 'ra_login_ldap') { |
|
226 | return array("status" => 0); |
236 | return $this->action_Login($params); |
227 | } else { |
237 | } else { |
228 | return parent::action($actionID, $params); |
238 | return parent::action($actionID, $params); |
229 | } |
239 | } |
230 | } |
240 | } |
231 | 241 |