From a4b2910d5d613f77b788188ac52e950e9f20d9e9 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 17 Apr 2020 23:49:35 +0200 Subject: [PATCH] Refactor ldap class --- conf/class.auth.ldap.php | 121 ++++++++++++++++++++------------------- scripts/install | 4 +- scripts/upgrade | 4 +- 3 files changed, 66 insertions(+), 63 deletions(-) diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 7f85d30..02a172c 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -1,76 +1,79 @@ con->begin(); - $cur = $this->con->openCursor($this->user_table); - - # LDAP parameter - $server = "localhost"; - $port = "389"; - $racine = "dc=yunohost,dc=org"; - # LDAP connection - $ds=ldap_connect($server); - ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd)) + $ds = ldap_connect("ldap://".$this->server.":".$this->port); + if ($ds) { - # Store the password - $cur->user_pwd = $pwd; + ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - # search the user in ldap, and get infos - $filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))"; - $sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase - $info = ldap_get_entries($ds, $sr); + if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) + { + # search the user in ldap, and get infos + $filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))"; + $sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase + $info = ldap_get_entries($ds, $sr); - if ($info["count"] == 1) - { - # If the user exist, then we just update his password. - if ($this->core->userExists($user_id)) - { - $this->sudo(array($this->core,'updUser'),$user_id,$cur); - } - # If not, we create him. - # In order for him to connect, - # it is necessary to give him at least - # a permission "usage" on the blog "default". - else - { - $cur->user_id = $user_id; - $cur->user_email = $info[0]['mail'][0]; - $cur->user_name = $info[0]['givenname'][0]; - $cur->user_firstname = $info[0]['sn'][0]; - $cur->user_lang = 'fr'; # Can change this, PR are welcome - $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome - $cur->user_default_blog = 'default'; # Can change this, PR are welcome - $this->sudo(array($this->core,'addUser'),$cur); - # Possible roles: - #admin "administrator" - #usage "manage their own entries and comments" - #publish "publish entries and comments" - #delete "delete entries and comments" - #contentadmin "manage all entries and comments" - #categories "manage categories" - #media "manage their own media items" - #media_admin "manage all media items" - #pages "manage pages" - #blogroll "manage blogroll" - $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome - } - $this->con->commit(); - } + if ($info["count"] == 1) + { + $this->con->begin(); + $cur = $this->con->openCursor($this->user_table); + # Store the password + $cur->user_pwd = $pwd; - # The previous operations proceeded without error, - # we can now call the parent method - return parent::checkUser($user_id, $pwd, $user_key, $check_blog); + # If the user exist, then we just update his password. + if ($this->core->userExists($user_id)) + { + $this->sudo(array($this->core, 'updUser'), $user_id, $cur); + } + # If not, we create him. + # In order for him to connect, + # it is necessary to give him at least + # a permission "usage" on the blog "default". + else + { + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['givenname'][0]; + $cur->user_firstname = $info[0]['sn'][0]; + $cur->user_lang = 'fr'; # Can change this, PR are welcome + $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome + $cur->user_default_blog = 'default'; # Can change this, PR are welcome + $this->sudo(array($this->core,'addUser'), $cur); + # Possible roles: + #admin "administrator" + #usage "manage their own entries and comments" + #publish "publish entries and comments" + #delete "delete entries and comments" + #contentadmin "manage all entries and comments" + #categories "manage categories" + #media "manage their own media items" + #media_admin "manage all media items" + #pages "manage pages" + #blogroll "manage blogroll" + $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome + } + $this->con->commit(); + + # The previous operations proceeded without error, + # we can now call the parent method + return parent::checkUser($user_id, $pwd); + } + } } # In case of error we cancel and return "false" $this->con->rollback(); diff --git a/scripts/install b/scripts/install index 8aa824b..382262e 100755 --- a/scripts/install +++ b/scripts/install @@ -128,8 +128,8 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil cat << EOF >> $php_config -\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; -define('DC_AUTH_CLASS','myDcAuth'); +\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','ldapDcAuth'); EOF ynh_store_file_checksum --file=$php_config diff --git a/scripts/upgrade b/scripts/upgrade index 054a2d2..b1fd23b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -163,8 +163,8 @@ ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php cat << EOF >> $php_config -\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; -define('DC_AUTH_CLASS','myDcAuth'); +\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','ldapDcAuth'); EOF # Recalculate and store the checksum of the file for the next upgrade.