Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
LDAP: enable group(s) to role(s) mapping, and group(s) to one group m…
Browse files Browse the repository at this point in the history 
…apping (defining filter)

Multi Auth: fix groups listing
Update Conf backends: createGroup can automatically update
  • Loading branch information
@cdujeu
cdujeu committed Aug 26, 2013
2 parents 7f1dbb9 + b567c18 commit 37f4e64
Show file tree
Hide file tree
Showing 24 changed files with 394 additions and 213 deletions.
2 changes: 1 addition & 1 deletion core/src/conf/bootstrap_conf.php
View file
Expand Up @@ -29,7 +29,7 @@
* Windows users may define an empty string
* define("AJXP_LOCALE", "");
*/
//define("AJXP_LOCALE", "en_EN.UTF-8");
define("AJXP_LOCALE", "fr_FR.UTF-8");
//define("AJXP_LOCALE", "");


Expand Down
6 changes: 6 additions & 0 deletions core/src/conf/bootstrap_repositories.php
View file
Expand Up @@ -52,6 +52,9 @@
),
"meta.filehasher" => array(),
"meta.watch" => array(),
"meta.quota" => array(
"DEFAULT_QUOTA" => "8G"
),
"meta.exif" => array(
"meta_fields" => "COMPUTED_GPS.GPS_Latitude,COMPUTED_GPS.GPS_Longitude",
"meta_labels" => "Latitude,Longitude"
Expand Down Expand Up @@ -88,6 +91,9 @@
"meta_labels" => "Tags",
"meta_visibility" => "hidden"
),
"meta.quota" => array(
"DEFAULT_QUOTA" => "8G"
),
"meta.filehasher" => array(),
"meta.watch" => array(),
"meta.exif" => array(
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/access.fs/fsActions.xml
View file
Expand Up @@ -41,7 +41,7 @@
<action name="create">
<gui text="154" title="155" src="folder_new.png" iconClass="icon-plus" accessKey="folder_access_key" hasAccessKey="true">
<context selection="false" dir="true" recycle="hidden" actionBar="true"
contextMenu="true" infoPanel="false" actionBarGroup="put" inZip="false"/>
contextMenu="false" infoPanel="false" actionBarGroup="put" inZip="false"/>
</gui>
<rightsContext noUser="true" userLogged="only" read="true" write="true" adminOnly=""/>
<subMenu>
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/access.ftp/class.ftpAccessDriver.php
View file
Expand Up @@ -199,7 +199,7 @@ function uploadActions($action, $httpVars, $filesVars){
return array("ERROR" => array("CODE" => $errorCode, "MESSAGE" => $errorMessage));
}else{
AJXP_Logger::debug("Return success");
return array("SUCCESS" => true);
return array("SUCCESS" => true, "PREVENT_NOTIF" => true);
}

break;
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/auth.ftp/class.ftpAuthDriver.php
View file
Expand Up @@ -126,7 +126,7 @@ function testParameters($params){
return "ERROR: ".$e->getMessage();
}
}
return "SUCCESS; Could succesfully connect to the FTP server!";
return "SUCCESS: Could succesfully connect to the FTP server!";
}

function checkPassword($login, $pass, $seed){
Expand Down
62 changes: 40 additions & 22 deletions core/src/plugins/auth.ldap/class.ldapAuthDriver.php
View file
Expand Up @@ -347,8 +347,8 @@ function listChildrenGroups($baseGroup = "/"){
if($baseGroup != "/"){
$this->dynamicFilter = $this->hasGroupsMapping."=".ltrim($baseGroup, "/");
}else{
//STRANGE, SHOULD WORK BUT EXCLUDES ALL GROUPS
//$this->dynamicFilter = "!(".$this->hasGroupsMapping."=*)";
//STRANGE, SHOULD WORK BUT CAN EXCLUDES ALL GROUPS
$this->dynamicFilter = "!(".$this->hasGroupsMapping."=*)";
}

$entries = $this->getUserEntries();
Expand All @@ -357,7 +357,7 @@ function listChildrenGroups($baseGroup = "/"){
unset($entries['count']); // remove 'count' entry
foreach($entries as $id => $person){
$login = $person[$this->ldapUserAttr][0];
if(AuthService::ignoreUserCase()) $login = strtolower($login);
//if(AuthService::ignoreUserCase()) $login = strtolower($login);
$persons[$person["dn"]] = $login;
}
$this->ldapDN = $origUsersDN;
Expand All @@ -375,7 +375,7 @@ function listUsers($baseGroup = "/"){
if($baseGroup == "/"){
$this->dynamicFilter = $this->hasGroupsMapping."=";
}else{
$this->dynamicFilter = $this->hasGroupsMapping."=".ltrim($baseGroup, "/");
$this->dynamicFilter = $this->hasGroupsMapping."=".array_pop(explode("/", $baseGroup));
}
}else if(!empty($this->separateGroup) && $baseGroup != "/".$this->separateGroup) {
return array();
Expand Down Expand Up @@ -477,30 +477,48 @@ function updateUserObject(&$userObject){
$key = strtolower($params['MAPPING_LDAP_PARAM']);
if(isSet($entry[$key])){
$value = $entry[$key][0];
if($key == "memberof"){
$memberValues = array();
// get CN from value
foreach($entry[$key] as $possibleValue){
$hnParts = array();
$parts = explode(",", ltrim($possibleValue, '/'));
foreach($parts as $part){
list($att,$attVal) = explode("=", $part);
if(strtolower($att) == "cn") $hnParts[] = $attVal;
}
if(count($hnParts)) {
$memberValues[] = implode(",", $hnParts);
}
}
}
switch($params['MAPPING_LOCAL_TYPE']){
case "role_id":
if(!in_array($value, array_keys($userObject->getRoles()))){
$userObject->addRole(AuthService::getRole($value, true));
$changes = true;
if($key == "memberof"){
foreach($memberValues as $uniqValue){
if(!in_array($uniqValue, array_keys($userObject->getRoles()))){
$userObject->addRole(AuthService::getRole($uniqValue, true));
$changes = true;
}
}
}
break;
case "group_path":
$value = "/".ltrim($value, "/");
if(true /*$userObject->getGroupPath() != $value*/) {
$humanName = "LDAP ".$value;
if($key == "memberof"){
// get CN from value
$hnParts = array();
$parts = explode(",", ltrim($value, '/'));
foreach($parts as $part){
list($att,$attVal) = explode("=", $part);
if(strtolower($att) == "cn") $hnParts[] = $attVal;
}
if(count($hnParts)) $humanName = implode(",", $hnParts);
if($key == "memberof"){
$filter = $params["MAPPING_LOCAL_PARAM"];
if(strpos($filter, "preg:") !== false){
$matchFilter = "/".str_replace("preg:", "", $filter)."/i";
}else{
$valueFilters = array_map("trim", explode(",", $filter));
}
foreach($memberValues as $uniqValue){
if(isSet($matchFilter) && !preg_match($matchFilter, $uniqValue)) continue;
if(isSet($valueFilters) && !in_array($uniqValue, $matchFilter)) continue;
$humanName = $uniqValue;
AuthService::createGroup("/", $uniqValue, $humanName);
$userObject->setGroupPath("/".$uniqValue, true);
$changes = true;
}
AuthService::createGroup("/", $value, $humanName);
$userObject->setGroupPath($value, true);
$changes = true;
}
break;
case "profile":
Expand Down
12 changes: 6 additions & 6 deletions core/src/plugins/auth.multi/class.multiAuthDriver.php
View file
Expand Up @@ -253,13 +253,13 @@ function listChildrenGroups($baseGroup = "/"){
return $aGroups + $bGroups;
}
if($this->getCurrentDriver()){
return $this->drivers[$this->currentDriver]->listChildrenGroups($baseGroup);
}else{
$groups = array();
foreach($this->drivers as $d){
$groups = array_merge($groups, $d->listChildrenGroups($baseGroup));
}
// return $this->drivers[$this->currentDriver]->listChildrenGroups($baseGroup);
}
$groups = array();
foreach($this->drivers as $d){
$groups = array_merge($groups, $d->listChildrenGroups($baseGroup));
}
return $groups;
}


Expand Down
30 changes: 27 additions & 3 deletions core/src/plugins/auth.multi/login_patch.xml
View file
Expand Up @@ -9,10 +9,24 @@
}else{
modal.showDialogForm('Log In', ($('login_form')?'login_form':'login_form_dynamic'),
function(oForm){
$("generic_dialog_box").setStyle({
top:$("progressBox").getStyle('top'),
left:$("progressBox").getStyle('left')
});
if(!Modernizr.input.placeholder) oForm.addClassName('no_placeholder');
$("generic_dialog_box").down(".titleString").hide();
$("generic_dialog_box").down("#modalCloseBtn").hide();
$("generic_dialog_box").down(".dialogTitle").setAttribute("style", $("progressBox").down(".dialogTitle").getAttribute("style"));
if(!$("generic_dialog_box").down("#progressCustomMessage")){
if($("progressBox").down("#progressCustomMessage")) $("generic_dialog_box").down(".dialogContent").insert({top:$("progressBox").down("#progressCustomMessage").cloneNode(true)});
}
oForm.setStyle({display:'block'});
oForm.up(".dialogContent").setStyle({backgroundImage:'none', borderWidth:0});
if(!$('auth_source')){
var auth_chooser = '<div class="SF_element"> \
<div class="SF_label"><ajxp:message ajxp_message_id="396">'+MessageHash[396]+'</ajxp:message></div> \
<div class="SF_input"><select id="auth_source" name="auth_source" style="width: 100px; padding:0px;" class="dialogFocus"></select></div> \
<div class="SF_input"><select id="auth_source" name="auth_source" style="width: 210px; height:28px; padding:3px 0px; font-size:14px;" class="dialogFocus"></select></div> \
</div>';
oForm.down('div.SF_element').insert({before:auth_chooser});
$H(authSources).each(function(pair){
Expand All @@ -33,7 +47,17 @@
});
oForm.down('input[type="text"]').key_enter_attached = true;
}
},
var authConfs = ajaxplorer.getPluginConfigs("auth");
if(authConfs && authConfs.get("SECURE_LOGIN_FORM")){
try{
oForm.down('input[name="remember_me"]').up("div.SF_element").remove();
oForm.down('input[name="userid"]').setAttribute("autocomplete", "off");
oForm.down('input[name="password"]').setAttribute("autocomplete", "off");
oForm.setAttribute("autocomplete", "off");
}catch(e){}
}
modal.refreshDialogPosition();
},
function(){
var oForm = modal.getForm();
var connexion = new Connexion();
Expand All @@ -46,7 +70,7 @@
}
connexion.addParameter('login_seed', oForm.login_seed.value);
connexion.addParameter('auth_source', selectedSource);
connexion.addParameter('remember_me', (oForm.remember_me.checked?"true":"false"));
connexion.addParameter('remember_me', (oForm.remember_me && oForm.remember_me.checked?"true":"false"));
if(oForm.login_seed.value != '-1'){
connexion.addParameter('password', hex_md5(hex_md5(oForm.password.value)+oForm.login_seed.value));
}else{
Expand Down
53 changes: 50 additions & 3 deletions core/src/plugins/auth.remote/class.remoteAuthDriver.php
View file
Expand Up @@ -77,7 +77,7 @@ function init($options){
$logoutAction = $cmsOpts["LOGOUT_ACTION"];
switch($cmsOpts["cms"]){
case "wp":
$cmsOpts["LOGOUT_URL"] = ($logoutAction == "back" ? $cmsOpts["LOGIN_URL"] : $cmsOpts["MASTER_URL"]."/wp-login.php?action=logout");
$cmsOpts["LOGOUT_URL"] = ($logoutAction == "back" ? $cmsOpts["MASTER_URL"] : $cmsOpts["MASTER_URL"]."/wp-login.php?action=logout");
break;
case "joomla":
$cmsOpts["LOGOUT_URL"] = $cmsOpts["LOGIN_URL"];
Expand Down Expand Up @@ -108,14 +108,42 @@ function init($options){
$this->secret = $options["SECRET"];
$this->urls = array($options["LOGIN_URL"], $options["LOGOUT_URL"]);
}


function supportsUsersPagination(){
return true;
}

function listUsers(){
$users = AJXP_Utils::loadSerialFile($this->usersSerFile);
if(AuthService::ignoreUserCase()){
$users = array_combine(array_map("strtolower", array_keys($users)), array_values($users));
}
ksort($users);
return $users;
}

function listUsersPaginated($baseGroup = "/", $regexp, $offset = -1 , $limit = -1){
$users = $this->listUsers($baseGroup);
$result = array();
$index = 0;
foreach($users as $usr => $pass){
if(!empty($regexp) && !preg_match("/$regexp/i", $usr)){
continue;
}
if($offset != -1 && $index < $offset) {
$index ++;
continue;
}
$result[$usr] = $pass;
$index ++;
if($limit != -1 && count($result) >= $limit) break;
}
return $result;
}
function getUsersCount($baseGroup = "/", $regexp = ""){
return count($this->listUsersPaginated($baseGroup, $regexp));
}


function userExists($login){
$users = $this->listUsers();
Expand All @@ -128,7 +156,7 @@ function checkPassword($login, $pass, $seed){

if(AuthService::ignoreUserCase()) $login = strtolower($login);
global $AJXP_GLUE_GLOBALS;
if(isSet($AJXP_GLUE_GLOBALS)){
if(isSet($AJXP_GLUE_GLOBALS) || (isSet($this->options["LOCAL_PREFIX"]) && strpos($login, $this->options["LOCAL_PREFIX"]) === 0) ){
$userStoredPass = $this->getUserPass($login);
if(!$userStoredPass) return false;
if($seed == "-1"){ // Seed = -1 means that password is not encoded.
Expand All @@ -153,6 +181,25 @@ function checkPassword($login, $pass, $seed){
$funcName = $this->options["MASTER_AUTH_FUNCTION"];
require_once 'cms_auth_functions.php';
if(function_exists($funcName)){
$sessCookies = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
if($sessCookies != ""){
if(is_array($sessCookies)){
$sessid = $sessCookies["AjaXplorer"];
session_id($sessid);
session_start();
if(!$this->slaveMode){
foreach($sessCookies as $k => $v){
if($k == "AjaXplorer") continue;
setcookie($k, urldecode($v), 0, $uri);
}
}
}else if(is_string($sessCookies)){
session_id($sessCookies);
session_start();
}
return true;
}

$sessid = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
if($sessid != ""){
session_id($sessid);
Expand Down

0 comments on commit 37f4e64

Please sign in to comment.