Skip to content
Permalink
Browse files

#0008311: LDAP Unable to login - OAuthservers config option error in …

…user log
  • Loading branch information...
fmancardi committed Jun 23, 2018
1 parent c2d4309 commit fff648f70cfe75f857c6264aa475e280fb91b331
Showing with 57 additions and 43 deletions.
  1. +55 −29 lib/functions/doAuthorize.php
  2. +0 −13 lib/functions/oauth_api.php
  3. +2 −1 login.php
@@ -30,9 +30,12 @@ function doAuthorize(&$db,$login,$pwd,$options=null) {
$result = array('status' => tl::ERROR, 'msg' => null);
$_SESSION['locale'] = TL_DEFAULT_LOCALE;
$my['options'] = array('doSessionExistsCheck' => true);
$my['options'] = array_merge($my['options'], (array)$options);
if( null == $options ) {
$options = new stdClass();
$options->doSessionExistsCheck = true;
$options->auth = null;
}
$login = trim($login);
$pwd = trim($pwd);
@@ -42,7 +45,11 @@ function doAuthorize(&$db,$login,$pwd,$options=null) {
$result['msg'] = ' ';
}
$isOauth = (strpos($options->auth,'oauth') !== false);
$isOauth = false;
if( property_exists($options, 'auth') ) {
$isOauth = strpos($options->auth,'oauth') !== false;
}
$loginExists = false;
$loginExpired = false;
$doLogin = false;
@@ -90,30 +97,49 @@ function doAuthorize(&$db,$login,$pwd,$options=null) {
}
}
}
} else {
// Will Try To Create a New User
$authCfg = config_get('authentication');
if ($isOauth){
$doLogin = create_oauth_user_db($db,$login,$options);
} else {
if( $authCfg['ldap_automatic_user_creation'] ) {
$user->authentication = 'LDAP'; // force for auth_does_password_match
$check = auth_does_password_match($user,$pwd);
if( $check->status_ok ) {
$user = new tlUser();
$user->login = $login;
$user->authentication = 'LDAP';
$user->isActive = true;
$user->setPassword($pwd); // write password on DB anyway
$uf = getUserFieldsFromLDAP($user->login,$authCfg['ldap'][$check->ldap_index]);
$user->emailAddress = $uf->emailAddress;
$user->firstName = $uf->firstName;
$user->lastName = $uf->lastName;
$doLogin = ($user->writeToDB($db) == tl::OK);
}
}
}
}
// Think not using else make things a little bit clear
// Will Try To Create a New User
if( FALSE == $loginExists ) {
$authCfg = config_get('authentication');
$forceUserCreation = false;
$user = new tlUser();
$user->login = $login;
$user->isActive = true;
if ($isOauth){
$forceUserCreation = true;
$user->authentication = 'OAUTH';
$user->emailAddress = $login;
$user->firstName = $options->givenName;
$user->lastName = $options->familyName;
} else {
if( $authCfg['ldap_automatic_user_creation'] ) {
$user->authentication = 'LDAP'; // force for auth_does_password_match
$check = auth_does_password_match($user,$pwd);
if( $check->status_ok ) {
$forceUserCreation = true;
$uf = getUserFieldsFromLDAP($user->login,
$authCfg['ldap'][$check->ldap_index]);
$user->emailAddress = $uf->emailAddress;
$user->firstName = $uf->firstName;
$user->lastName = $uf->lastName;
}
}
}
if( $forceUserCreation ) {
// Anyway, write a password on the DB.
$fake = 'the quick brown fox jumps over the lazy dog';
$user->setPassword( $fake );
$doLogin = ($user->writeToDB($db) == tl::OK);
}
}
if( $doLogin ) {
@@ -146,7 +172,7 @@ function doAuthorize(&$db,$login,$pwd,$options=null) {
tlSetCookie($ckObj);
// Disallow two sessions within one browser
if ($my['options']['doSessionExistsCheck'] &&
if ($options->doSessionExistsCheck &&
isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
$result['msg'] = lang_get('login_msg_session_exists1') .
' <a style="color:white;" href="logout.php">' .
@@ -32,16 +32,3 @@ function oauth_link($oauthCfg) {
$url = $oauthCfg['oauth_url'] . '?' . http_build_query($oauth_params);
return $url;
}
//Create new user
function create_oauth_user_db(&$dbHandler, $login, $options) {
$user = new tlUser();
$user->login = $login;
$user->emailAddress = $login;
$user->firstName = $options->givenName;
$user->lastName = $options->familyName;
$user->authentication = 'OAUTH';
$user->isActive = true;
$user->setPassword('oauth');
return ($user->writeToDB($dbHandler) == tl::OK);
}
@@ -40,7 +40,8 @@
// When doing ajax login we need to skip control regarding session already open
// that we use when doing normal login.
// If we do not proceed this way we will enter an infinite loop
$options = array('doSessionExistsCheck' => ($args->action=='doLogin'));
$options = new stdClass();
$options->doSessionExistsCheck = ($args->action =='doLogin');
$op = doAuthorize($db,$args->login,$args->pwd,$options);
$doAuthPostProcess = true;
$gui->draw = true;

0 comments on commit fff648f

Please sign in to comment.
You can’t perform that action at this time.