diff --git a/check_process b/check_process index aebf186..c638892 100644 --- a/check_process +++ b/check_process @@ -27,9 +27,7 @@ Level 1=auto Level 2=auto Level 3=auto -# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it. -# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well. - Level 4=0 + Level 4=1 Level 5=auto Level 6=auto Level 7=auto diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php new file mode 100644 index 0000000..1d753c4 --- /dev/null +++ b/conf/class.auth.ldap.php @@ -0,0 +1,81 @@ +con->begin(); + $cur = $this->con->openCursor($this->user_table); + + # LDAP parameter + $server = "localhost"; + $port = "389"; + $racine = "dc=yunohost,dc=org"; + + # LDAP connection + $ds=ldap_connect($server); + ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd)) + { + # Store the password + $cur->user_pwd = $pwd; + + # If the user exist, then we just update his password. + if ($this->core->userExists($user_id)) + { + $this->sudo(array($this->core,'updUser'),$user_id,$cur); + $this->con->commit(); + } + # If not, we create him. + # In order for him to connect, + # it is necessary to give him at least + # a permission "usage" on the blog "default". + else + { + # search the user in ldap, and get infos + $sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase + $info = ldap_get_entries($ds, $sr); + + + if ($info["count"] ==1) + { + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['givenname'][0]; + $cur->user_firstname = $info[0]['sn'][0]; + $cur->user_lang = 'fr'; # Can change this, PR are welcome + $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome + $cur->user_default_blog = 'default'; # Can change this, PR are welcome + $this->sudo(array($this->core,'addUser'),$cur); + # Possible roles: + #admin "administrator" + #usage "manage their own entries and comments" + #publish "publish entries and comments" + #delete "delete entries and comments" + #contentadmin "manage all entries and comments" + #categories "manage categories" + #media "manage their own media items" + #media_admin "manage all media items" + #pages "manage pages" + #blogroll "manage blogroll" + $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome + $this->con->commit(); + } + } + + # The previous operations proceeded without error, + # we can now call the parent method + return parent::checkUser($user_id, $pwd, $user_key, $check_blog); + } + # In case of error we cancel and return "false" + $this->con->rollback(); + return false; + } +} +?> \ No newline at end of file diff --git a/scripts/install b/scripts/install index 40ab25d..61828ba 100755 --- a/scripts/install +++ b/scripts/install @@ -105,6 +105,7 @@ email=$(yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') ynh_app_setting_set $app master_key $master_key cp $php_config.in $php_config +cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php admin_url=$(ynh_url_join $path_url admin/index.php) @@ -128,6 +129,13 @@ ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_c ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config +# Adding LDAP login +cat << EOF >> $php_config + +\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','myDcAuth'); +EOF + ynh_store_file_checksum $php_config #================================================= @@ -161,6 +169,8 @@ ynh_app_setting_delete $app skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set $app unprotected_uris "/" + # protect admin area + ynh_app_setting_set $app protected_uris "/admin" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index e5b8e49..9302134 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -125,6 +125,7 @@ ynh_add_fpm_config #================================================= cp $php_config.in $php_config +cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') @@ -151,6 +152,13 @@ ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_c ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config +# Adding LDAP login +cat << EOF >> $php_config + +\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','myDcAuth'); +EOF + # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "$php_config" @@ -173,6 +181,8 @@ if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway ynh_app_setting_set $app unprotected_uris "/" + # protect admin area + ynh_app_setting_set $app protected_uris "/admin" fi #=================================================