mirror of
https://github.com/YunoHost-Apps/dotclear2_ynh.git
synced 2024-09-03 18:26:29 +02:00
Refactor ldap class
This commit is contained in:
Kay0u
parent
0bea9e1e6d
commit
a4b2910d5d
3 changed files with 66 additions and 63 deletions
|
|
@ -1,76 +1,79 @@
|
||||||
<?php
|
<?php
|
||||||
class myDcAuth extends dcAuth
|
class ldapDcAuth extends dcAuth
|
||||||
{
|
{
|
||||||
# The user can't change his password
|
# The user can't change his password
|
||||||
protected $allow_pass_change = false;
|
protected $allow_pass_change = false;
|
||||||
|
|
||||||
public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true)
|
# LDAP parameter
|
||||||
|
private $server = "localhost";
|
||||||
|
private $port = "389";
|
||||||
|
private $base = "dc=yunohost,dc=org";
|
||||||
|
|
||||||
|
public function checkUser($user_id, $pwd=null, $user_key=null)
|
||||||
{
|
{
|
||||||
if ($pwd == '') {
|
if ($pwd == '') {
|
||||||
return parent::checkUser($user_id, null, $user_key, $check_blog);
|
return parent::checkUser($user_id, null, $user_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->con->begin();
|
|
||||||
$cur = $this->con->openCursor($this->user_table);
|
|
||||||
|
|
||||||
# LDAP parameter
|
|
||||||
$server = "localhost";
|
|
||||||
$port = "389";
|
|
||||||
$racine = "dc=yunohost,dc=org";
|
|
||||||
|
|
||||||
# LDAP connection
|
# LDAP connection
|
||||||
$ds=ldap_connect($server);
|
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
|
||||||
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
if ($ds)
|
||||||
if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd))
|
|
||||||
{
|
{
|
||||||
# Store the password
|
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
$cur->user_pwd = $pwd;
|
|
||||||
|
|
||||||
# search the user in ldap, and get infos
|
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
|
||||||
$filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";
|
{
|
||||||
$sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
# search the user in ldap, and get infos
|
||||||
$info = ldap_get_entries($ds, $sr);
|
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
|
||||||
|
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||||
|
$info = ldap_get_entries($ds, $sr);
|
||||||
|
|
||||||
if ($info["count"] == 1)
|
if ($info["count"] == 1)
|
||||||
{
|
{
|
||||||
# If the user exist, then we just update his password.
|
$this->con->begin();
|
||||||
if ($this->core->userExists($user_id))
|
$cur = $this->con->openCursor($this->user_table);
|
||||||
{
|
# Store the password
|
||||||
$this->sudo(array($this->core,'updUser'),$user_id,$cur);
|
$cur->user_pwd = $pwd;
|
||||||
}
|
|
||||||
# If not, we create him.
|
|
||||||
# In order for him to connect,
|
|
||||||
# it is necessary to give him at least
|
|
||||||
# a permission "usage" on the blog "default".
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$cur->user_id = $user_id;
|
|
||||||
$cur->user_email = $info[0]['mail'][0];
|
|
||||||
$cur->user_name = $info[0]['givenname'][0];
|
|
||||||
$cur->user_firstname = $info[0]['sn'][0];
|
|
||||||
$cur->user_lang = 'fr'; # Can change this, PR are welcome
|
|
||||||
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
|
|
||||||
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
|
|
||||||
$this->sudo(array($this->core,'addUser'),$cur);
|
|
||||||
# Possible roles:
|
|
||||||
#admin "administrator"
|
|
||||||
#usage "manage their own entries and comments"
|
|
||||||
#publish "publish entries and comments"
|
|
||||||
#delete "delete entries and comments"
|
|
||||||
#contentadmin "manage all entries and comments"
|
|
||||||
#categories "manage categories"
|
|
||||||
#media "manage their own media items"
|
|
||||||
#media_admin "manage all media items"
|
|
||||||
#pages "manage pages"
|
|
||||||
#blogroll "manage blogroll"
|
|
||||||
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
|
|
||||||
}
|
|
||||||
$this->con->commit();
|
|
||||||
}
|
|
||||||
|
|
||||||
# The previous operations proceeded without error,
|
# If the user exist, then we just update his password.
|
||||||
# we can now call the parent method
|
if ($this->core->userExists($user_id))
|
||||||
return parent::checkUser($user_id, $pwd, $user_key, $check_blog);
|
{
|
||||||
|
$this->sudo(array($this->core, 'updUser'), $user_id, $cur);
|
||||||
|
}
|
||||||
|
# If not, we create him.
|
||||||
|
# In order for him to connect,
|
||||||
|
# it is necessary to give him at least
|
||||||
|
# a permission "usage" on the blog "default".
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$cur->user_id = $user_id;
|
||||||
|
$cur->user_email = $info[0]['mail'][0];
|
||||||
|
$cur->user_name = $info[0]['givenname'][0];
|
||||||
|
$cur->user_firstname = $info[0]['sn'][0];
|
||||||
|
$cur->user_lang = 'fr'; # Can change this, PR are welcome
|
||||||
|
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
|
||||||
|
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
|
||||||
|
$this->sudo(array($this->core,'addUser'), $cur);
|
||||||
|
# Possible roles:
|
||||||
|
#admin "administrator"
|
||||||
|
#usage "manage their own entries and comments"
|
||||||
|
#publish "publish entries and comments"
|
||||||
|
#delete "delete entries and comments"
|
||||||
|
#contentadmin "manage all entries and comments"
|
||||||
|
#categories "manage categories"
|
||||||
|
#media "manage their own media items"
|
||||||
|
#media_admin "manage all media items"
|
||||||
|
#pages "manage pages"
|
||||||
|
#blogroll "manage blogroll"
|
||||||
|
$this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome
|
||||||
|
}
|
||||||
|
$this->con->commit();
|
||||||
|
|
||||||
|
# The previous operations proceeded without error,
|
||||||
|
# we can now call the parent method
|
||||||
|
return parent::checkUser($user_id, $pwd);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
# In case of error we cancel and return "false"
|
# In case of error we cancel and return "false"
|
||||||
$this->con->rollback();
|
$this->con->rollback();
|
||||||
|
|
|
||||||
|
|
@ -128,8 +128,8 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
||||||
|
|
||||||
cat << EOF >> $php_config
|
cat << EOF >> $php_config
|
||||||
|
|
||||||
\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||||
define('DC_AUTH_CLASS','myDcAuth');
|
define('DC_AUTH_CLASS','ldapDcAuth');
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
ynh_store_file_checksum --file=$php_config
|
ynh_store_file_checksum --file=$php_config
|
||||||
|
|
|
||||||
|
|
@ -163,8 +163,8 @@ ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
|
||||||
|
|
||||||
cat << EOF >> $php_config
|
cat << EOF >> $php_config
|
||||||
|
|
||||||
\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||||
define('DC_AUTH_CLASS','myDcAuth');
|
define('DC_AUTH_CLASS','ldapDcAuth');
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Recalculate and store the checksum of the file for the next upgrade.
|
# Recalculate and store the checksum of the file for the next upgrade.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue