Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
New feature: Auto creation of users from LDAP
Reworked code from original idea of PR #225 (by wilberth)
  • Loading branch information
Aestu committed Aug 22, 2015
1 parent 724be21 commit dc0fb88
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 37 deletions.
83 changes: 47 additions & 36 deletions application/core/plugins/AuthLDAP/AuthLDAP.php
Expand Up @@ -6,14 +6,6 @@ class AuthLDAP extends ls\pluginmanager\AuthPluginBase
static protected $description = 'Core: LDAP authentication';
static protected $name = 'LDAP';

/**
* Can we autocreate users? For the moment this is disabled, will be moved
* to a setting when we have more robust user creation system.
*
* @var boolean
*/
protected $autoCreate = false;

protected $settings = array(
'server' => array(
'type' => 'string',
Expand Down Expand Up @@ -91,6 +83,10 @@ class AuthLDAP extends ls\pluginmanager\AuthPluginBase
'is_default' => array(
'type' => 'checkbox',
'label' => 'Check to make default authentication method'
),
'autocreate' => array(
'type' => 'checkbox',
'label' => 'Automatically create user if it exists in LDAP server'
)
);

Expand Down Expand Up @@ -119,8 +115,17 @@ public function createNewUser()
return;
}

$this->_createNewUser(flattenText(Yii::app()->request->getPost('new_user'), false, true));
}

/**
* Create a LDAP user
*
* @return unknown_type
*/
private function _createNewUser($new_user)
{
$oEvent = $this->getEvent();
$new_user = flattenText(Yii::app()->request->getPost('new_user'), false, true);

// Get configuration settings:
$ldapserver = $this->get('server');
Expand Down Expand Up @@ -206,7 +211,16 @@ public function createNewUser()
return;
}
$new_pass = createPassword();
$iNewUID = User::model()->insertUser($new_user, $new_pass, $new_full_name, Yii::app()->session['loginID'], $new_email);
// If user is being auto created we set parent ID to 1 (admin user)
if (isset(Yii::app()->session['loginID']))
{
$parentID = Yii::app()->session['loginID'];
}
else
{
$parentID = 1;
}
$iNewUID = User::model()->insertUser($new_user, $new_pass, $new_full_name, $parentID, $new_email);
if (!$iNewUID)
{
$oEvent->set('errorCode',self::ERROR_ALREADY_EXISTING_USER);
Expand All @@ -224,7 +238,6 @@ public function createNewUser()
$oEvent->set('errorCode',self::ERROR_NONE);
}


/**
* Create LDAP connection
*
Expand Down Expand Up @@ -348,15 +361,22 @@ public function newUserSession()
$username = $this->getUsername();
$password = $this->getPassword();

$autoCreateFlag = false;
$user = $this->api->getUserByName($username);

if ($user === null)
{
// If the user doesnt exist in the LS database, he can not login
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
return;
if ($this->get('autocreate', null, null, false) == true)
{
$autoCreateFlag = true;
}
else
{
// If the user doesnt exist in the LS database, he can not login
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
return;
}
}
if ($user->uid == 1 || !Permission::model()->hasGlobalPermission('auth_ldap','read',$user->uid))
if ($user !== null && ($user->uid == 1 || !Permission::model()->hasGlobalPermission('auth_ldap','read',$user->uid)))
{
$this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('LDAP authentication method is not allowed for this user'));
return;
Expand Down Expand Up @@ -452,28 +472,19 @@ public function newUserSession()
return;
}

// Authentication was successful, now see if we have a user or that we should create one
if (is_null($user)) {
if ($this->autoCreate === true) {
/*
* Dispatch the newUserLogin event, and hope that after this we can find the user
* this allows users to create their own plugin for handling the user creation
* we will need more methods to pass username, rdn and ldap connection.
*/
$this->pluginManager->dispatchEvent(new PluginEvent('newUserLogin', $this));

// Check ourselves, we do not want fake responses from a plugin
$user = $this->api->getUserByName($username);
}
ldap_close($ldapconn); // all done? close connection

if (is_null($user)) {
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
ldap_close($ldapconn); // all done? close connection
return;
}
// Finally, if user didn't exist and auto creation is enabled, we create it
if ($autoCreateFlag)
{
$this->_createNewUser($username);
}
$user = $this->api->getUserByName($username);
if ($user === null)
{
$this->setAuthFailure(self::ERROR_USERNAME_INVALID, gT('Credentials are valid but we failed to create user'));
return;
}

ldap_close($ldapconn); // all done? close connection

// If we made it here, authentication was a success and we do have a valid user
$this->setAuthSuccess($user);
Expand Down
7 changes: 6 additions & 1 deletion plugins/AuditLog/AuditLog.php
Expand Up @@ -190,7 +190,12 @@ public function beforeUserSave()
if (count(array_diff_assoc($aNewValues,$aOldValues)))
{
$oAutoLog = $this->api->newModel($this, 'log');
$oAutoLog->uid=$oCurrentUser->uid;
if ($oCurrentUser) {
$oAutoLog->uid=$oCurrentUser->uid;
}
else {
$oAutoLog->uid='Automatic creation';
}
$oAutoLog->entity='user';
if ($sAction=='update') $oAutoLog->entityid=$oOldUser['uid'];
$oAutoLog->action=$sAction;
Expand Down

0 comments on commit dc0fb88

Please sign in to comment.