From 6feb55c85d3e38f6ef5bef94011ca8755a6fd263 Mon Sep 17 00:00:00 2001 From: Menno Dekker Date: Fri, 5 Apr 2013 16:55:33 +0200 Subject: [PATCH] New feature: basic LDAP authentication plugin --- .../controllers/admin/authentication.php | 3 + .../core/plugins/AuthLDAP/AuthLDAP.php | 110 ++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 application/core/plugins/AuthLDAP/AuthLDAP.php diff --git a/application/controllers/admin/authentication.php b/application/controllers/admin/authentication.php index 788be648dfa..bd6a8c04394 100644 --- a/application/controllers/admin/authentication.php +++ b/application/controllers/admin/authentication.php @@ -58,6 +58,9 @@ public function index() if (!$beforeLogin->isStopped() && is_null(App()->getRequest()->getPost('login_submit'))) { + if (!is_null($beforeLogin->get('default'))) { + $aData['defaultAuth'] = $beforeLogin->get('default'); + } $newLoginForm = new PluginEvent('newLoginForm'); App()->getPluginManager()->dispatchEvent($newLoginForm); $aData['summary'] = $this->_getSummary('logout'); diff --git a/application/core/plugins/AuthLDAP/AuthLDAP.php b/application/core/plugins/AuthLDAP/AuthLDAP.php new file mode 100644 index 00000000000..36cdadf97a9 --- /dev/null +++ b/application/core/plugins/AuthLDAP/AuthLDAP.php @@ -0,0 +1,110 @@ + array( + 'type' => 'string', + 'label' => 'Ldap server e.g. ldap://ldap.mydomain.com' + ), + 'domainsuffix' => array( + 'type' => 'string', + 'label' => 'Domain suffix for username e.g. @mydomain.com' + ), + 'is_default' => array( + 'type' => 'boolean', + 'label' => 'Should this plugin present itself as default authentication method?' + ) + ); + + public function __construct(PluginManager $manager, $id) { + parent::__construct($manager, $id); + + /** + * Here you should handle subscribing to the events your plugin will handle + */ + $this->subscribe('beforeLogin'); + $this->subscribe('newLoginForm'); + $this->subscribe('afterLoginFormSubmit'); + $this->subscribe('newUserSession'); + $this->subscribe('beforeDeactivate'); + } + + public function beforeDeactivate() + { + $this->getEvent()->set('success', false); + + // Optionally set a custom error message. + $this->getEvent()->set('message', gT('Core plugin can not be disabled.')); + } + + public function beforeLogin() + { + if ($this->get('is_default', null, null, false) == true) { + // This is configured to be the default login method + $this->getEvent()->set('default', get_class($this)); + } + } + + public function newLoginForm() + { + $this->getEvent()->getContent($this) + ->addContent(CHtml::tag('li', array(), "")) + ->addContent(CHtml::tag('li', array(), "")); + } + + public function afterLoginFormSubmit() + { + // Here we handle post data + $request = $this->api->getRequest(); + if ($request->getIsPostRequest()) { + $this->setUsername( $request->getPost('user')); + $this->setPassword($request->getPost('password')); + } + } + + public function newUserSession() + { + // Here we do the actual authentication + $username = $this->getUsername(); + $password = $this->getPassword(); + + $user = $this->api->getUserByName($username); + + if ($user === null) + { + // If the user doesnt exist ín th eLS database, he can not login + $this->setAuthFailure(self::ERROR_USERNAME_INVALID); + return; + } + + // Get configuration settings: + $ldapserver = $this->get('server'); + $domain = $this->get('domainsuffix');; + + // Try to connect + $ldapconn = ldap_connect($ldapserver); + if (false == $ldapconn) { + $this->setAuthFailure(1, gT('Could not connect to LDAP server.')); + return; + } + + if($ldapconn) { + // binding to ldap server + $ldapbind = ldap_bind($ldapconn, $username.$domain, $password); + // verify binding + if (!$ldapbind) { + $this->setAuthFailure(100, ldap_error($ldapconn)); + ldap_close($ldapconn); // all done? close connection + return; + } + ldap_close($ldapconn); // all done? close connection + } + + $this->setAuthSuccess($user); + } +} \ No newline at end of file