diff --git a/apps/maarch_entreprise/xml/login_method.xml b/apps/maarch_entreprise/xml/login_method.xml
index 8466ae658ca14d81a532c592b3afdb949ab6104d..480b4bab09b517d9ccedd9a497683e307bf1fab9 100755
--- a/apps/maarch_entreprise/xml/login_method.xml
+++ b/apps/maarch_entreprise/xml/login_method.xml
@@ -2,14 +2,10 @@
<ROOT>
<METHOD>
<ID>standard</ID>
- <NAME>_STANDARD_LOGIN</NAME>
- <SCRIPT>standard_connect.php</SCRIPT>
<ENABLED>true</ENABLED>
</METHOD>
<METHOD>
<ID>ldap</ID>
- <NAME>_STANDARD_LOGIN</NAME>
- <SCRIPT>standard_connect.php</SCRIPT>
<ENABLED>false</ENABLED>
</METHOD>
<METHOD>
diff --git a/modules/ldap/xml/config.xml.default b/modules/ldap/xml/config.xml.default
index 8c49f5938bce9fc7e1e75d9e946bf521c7e38e0c..e45cbd7872e3d2e04cc30763b42625c5eb7d01b1 100755
--- a/modules/ldap/xml/config.xml.default
+++ b/modules/ldap/xml/config.xml.default
@@ -4,10 +4,10 @@
<ldap>
<!-- Appel la class_<type_ldap> en fonction du type d'annuaire -->
<type_ldap>adLDAP</type_ldap>
- <!-- Prefixe les group_id de letterbox par -->
- <group_prefix_ldap>LDAP</group_prefix_ldap>
<!-- nom / ip du serveur ldap -->
<domain>192.168.1.1</domain>
+ <!-- base DN (que pour openLDAP, ne pas remplir si adLDAP) -->
+ <baseDN>DC=maarch,DC=com</baseDN>
<!-- prefixe les logins si saisi -->
<prefix_login>MAARCH</prefix_login>
<!-- suffix les logins si saisi -->
@@ -22,8 +22,6 @@
<purge_log>1</purge_log>
<!-- Import des users qui n'appartiennent a aucun groupe -->
<lost_users>false</lost_users>
- <!-- Si LDAP est desactive alors le pass de chaque utilisateur est son login -->
- <pass_is_login>true</pass_is_login>
<standardConnect>false</standardConnect>
</ldap>
</config>
diff --git a/src/app/search/controllers/SearchController.php b/src/app/search/controllers/SearchController.php
index 38cbe16a8020a2bdd1de8d81cca8e2cc34055b61..f2ef7890dc030c4c68df69042e7ef250cd8e0538 100644
--- a/src/app/search/controllers/SearchController.php
+++ b/src/app/search/controllers/SearchController.php
@@ -313,7 +313,7 @@ class SearchController
if ($body['meta']['values'][0] == '"' && $body['meta']['values'][strlen($body['meta']['values']) - 1] == '"') {
$quick = trim($body['meta']['values'], '"');
$quickWhere = "subject = ? OR alt_identifier = ? OR barcode = ?";
- $quickWhere .= " OR res_id in (select res_id_master from res_attachments where title = ? OR identifier = ? and status in ('TRA', 'A_TRA'))";
+ $quickWhere .= " OR res_id in (select res_id_master from res_attachments where (title = ? OR identifier = ?) and status in ('TRA', 'A_TRA'))";
if (ctype_digit($quick)) {
$quickWhere .= ' OR res_id = ?';
$args['searchData'][] = $quick;
@@ -1677,7 +1677,7 @@ class SearchController
$wherePlus .= ' OR ';
}
$quick = trim($body['meta']['values'], '"');
- $wherePlus .= "res_id in (select res_id_master from res_attachments where title = ? OR identifier = ? and status in ('TRA', 'A_TRA'))";
+ $wherePlus .= "res_id in (select res_id_master from res_attachments where (title = ? OR identifier = ?) and status in ('TRA', 'A_TRA'))";
$data[] = $quick;
$data[] = $quick;
} else {
diff --git a/src/app/user/models/UserModel.php b/src/app/user/models/UserModel.php
index b5137751d6e312ffa9c9417151405aa3f17455de..45369da5147fadd518e8a27d6a0f33bd1c151a91 100755
--- a/src/app/user/models/UserModel.php
+++ b/src/app/user/models/UserModel.php
@@ -234,20 +234,20 @@ class UserModel
return true;
}
- public static function updatePassword(array $aArgs)
+ public static function updatePassword(array $args)
{
- ValidatorModel::notEmpty($aArgs, ['id', 'password']);
- ValidatorModel::intVal($aArgs, ['id']);
- ValidatorModel::stringType($aArgs, ['password']);
+ ValidatorModel::notEmpty($args, ['id', 'password']);
+ ValidatorModel::intVal($args, ['id']);
+ ValidatorModel::stringType($args, ['password']);
DatabaseModel::update([
'table' => 'users',
'set' => [
- 'password' => AuthenticationModel::getPasswordHash($aArgs['password']),
+ 'password' => AuthenticationModel::getPasswordHash($args['password']),
'password_modification_date' => 'CURRENT_TIMESTAMP'
],
'where' => ['id = ?'],
- 'data' => [$aArgs['id']]
+ 'data' => [$args['id']]
]);
return true;
diff --git a/src/core/controllers/AuthenticationController.php b/src/core/controllers/AuthenticationController.php
index 05e79c913e58addad86bd97ae5a82c6f0ab58941..54954844dc4bd2fa2c60fd2598735e70ca841e9f 100755
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -222,25 +222,24 @@ class AuthenticationController
}
$login = strtolower($body['login']);
- $authenticated = AuthenticationModel::authentication(['login' => $login, 'password' => $body['password']]);
- if (empty($authenticated)) {
- $user = UserModel::getByLogin(['login' => $login, 'select' => ['id', 'status']]);
- if (empty($user)) {
- return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
- } elseif ($user['status'] == 'SPD') {
- return $response->withStatus(401)->withJson(['errors' => 'Account Suspended']);
- } else {
- $handle = AuthenticationController::handleFailedAuthentication(['userId' => $user['id']]);
- if (!empty($handle['accountLocked'])) {
- return $response->withStatus(401)->withJson(['errors' => 'Account Locked', 'date' => $handle['lockedDate']]);
- }
- return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
- }
+ $user = UserModel::getByLogin(['login' => $login, 'select' => ['id', 'mode', 'refresh_token', 'user_id', 'status']]);
+ if (empty($user) || $user['mode'] == 'rest' || $user['status'] == 'SPD') {
+ return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
}
- $user = UserModel::getByLogin(['login' => $login, 'select' => ['id', 'mode', 'refresh_token', 'user_id']]);
- if (empty($user) || $user['mode'] == 'rest') {
- return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
+ $loggingMethod = CoreConfigModel::getLoggingMethod();
+ if ($loggingMethod['id'] == 'standard') {
+ $authenticated = AuthenticationController::standardConnection(['login' => $login, 'password' => $body['password']]);
+ if (!empty($authenticated['date'])) {
+ return $response->withStatus(401)->withJson(['errors' => $authenticated['errors'], 'date' => $authenticated['date']]);
+ } elseif (!empty($authenticated['errors'])) {
+ return $response->withStatus(401)->withJson(['errors' => $authenticated['errors']]);
+ }
+ } elseif ($loggingMethod['id'] == 'ldap') {
+ $authenticated = AuthenticationController::ldapConnection(['login' => $login, 'password' => $body['password']]);
+ if (!empty($authenticated['errors'])) {
+ return $response->withStatus(401)->withJson(['errors' => $authenticated['errors']]);
+ }
}
$GLOBALS['id'] = $user['id'];
@@ -282,6 +281,87 @@ class AuthenticationController
return $response->withStatus(204);
}
+ private static function standardConnection(array $args)
+ {
+ $login = $args['login'];
+ $password = $args['password'];
+
+ $authenticated = AuthenticationModel::authentication(['login' => $login, 'password' => $password]);
+ if (empty($authenticated)) {
+ $user = UserModel::getByLogin(['login' => $login, 'select' => ['id']]);
+ $handle = AuthenticationController::handleFailedAuthentication(['userId' => $user['id']]);
+ if (!empty($handle['accountLocked'])) {
+ return ['errors' => 'Account Locked', 'date' => $handle['lockedDate']];
+ }
+ return ['errors' => 'Authentication Failed'];
+ }
+
+ return true;
+ }
+
+ private static function ldapConnection(array $args)
+ {
+ $login = $args['login'];
+ $password = $args['password'];
+
+ $ldapConfigurations = CoreConfigModel::getXmlLoaded(['path' => 'modules/ldap/xml/config.xml']);
+ if (empty($ldapConfigurations)) {
+ return ['errors' => 'No ldap configurations'];
+ }
+
+ foreach ($ldapConfigurations->config->ldap as $ldapConfiguration) {
+ $ssl = (string)$ldapConfiguration->ssl;
+ $domain = (string)$ldapConfiguration->domain;
+ $prefix = (string)$ldapConfiguration->prefix_login;
+ $suffix = (string)$ldapConfiguration->suffix_login;
+ $standardConnect = (string)$ldapConfiguration->standardConnect;
+
+ $uri = ($ssl == 'true' ? "LDAPS://{$domain}" : $domain);
+
+ $ldap = @ldap_connect($uri);
+ if ($ldap === false) {
+ $error = 'Ldap connect failed : uri is maybe wrong';
+ continue;
+ }
+ ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 10);
+ $ldapLogin = (!empty($prefix) ? $prefix . '\\' . $login : $login);
+ $ldapLogin = (!empty($suffix) ? $ldapLogin . $suffix : $ldapLogin);
+ if (!empty((string)$ldapConfiguration->baseDN)) { //OpenLDAP
+ $search = @ldap_search($ldap, (string)$ldapConfiguration->baseDN, "(uid={$ldapLogin})", ['dn']);
+ if ($search === false) {
+ $error = 'Ldap search failed : baseDN is maybe wrong => ' . ldap_error($ldap);
+ continue;
+ }
+ $entries = ldap_get_entries($ldap, $search);
+ $ldapLogin = $entries[0]['dn'];
+ }
+ $authenticated = @ldap_bind($ldap, $ldapLogin, $password);
+ if ($authenticated) {
+ break;
+ }
+ $error = ldap_error($ldap);
+ }
+
+ if (!empty($standardConnect) && $standardConnect == 'true') {
+ if (empty($authenticated)) {
+ $authenticated = AuthenticationModel::authentication(['login' => $login, 'password' => $password]);
+ } else {
+ $user = UserModel::getByLogin(['login' => $login, 'select' => ['id']]);
+ UserModel::updatePassword(['id' => $user['id'], 'password' => $password]);
+ }
+ }
+
+ if (empty($authenticated) && !empty($error) && $error != 'Invalid credentials') {
+ return ['errors' => $error];
+ } elseif (empty($authenticated) && !empty($error) && $error == 'Invalid credentials') {
+ return ['errors' => 'Authentication Failed'];
+ }
+
+ return true;
+ }
+
public function getRefreshedToken(Request $request, Response $response)
{
$queryParams = $request->getQueryParams();
diff --git a/src/core/models/CoreConfigModel.php b/src/core/models/CoreConfigModel.php
index 3b5b54b034f704837bd6e249c51dec3e12832888..fca2e40f58b5c4861aea9af1d229edc9662456a4 100755
--- a/src/core/models/CoreConfigModel.php
+++ b/src/core/models/CoreConfigModel.php
@@ -212,9 +212,7 @@ class CoreConfigModel
if ($loadedXml) {
foreach ($loadedXml->METHOD as $value) {
if ((string)$value->ENABLED == 'true') {
- $loggingMethod['id'] = (string)$value->ID;
- $loggingMethod['name'] = (string)$value->NAME;
- $loggingMethod['script'] = (string)$value->SCRIPT;
+ $loggingMethod['id'] = (string)$value->ID;
}
}
}