From 7634b4ca2e5e8bf02a05ef31ce04413e5bbefa1e Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Thu, 13 Jun 2019 15:21:59 +0200
Subject: [PATCH] FEAT #10887 TIME 1:30 Multi Ldap + suffix + connection
---
sql/data_fr.sql | 4 +--
.../models/ConfigurationModel.php | 9 ++-----
.../controllers/AuthenticationController.php | 27 +++++++++++--------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/sql/data_fr.sql b/sql/data_fr.sql
index d5c2d7aaad..b26b5cf1a3 100755
--- a/sql/data_fr.sql
+++ b/sql/data_fr.sql
@@ -65,5 +65,5 @@ INSERT INTO password_rules (label, "value") VALUES ('renewal', 90);
-----
TRUNCATE TABLE configurations;
INSERT INTO configurations (identifier, value) VALUES ('emailServer', '{"type" : "smtp", "host" : "smtp.gmail.com", "port" : 465, "user" : "", "password" : "", "auth" : true, "secure" : "ssl", "from" : "notifications@maarch.org", "charset" : "utf-8"}');
-INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "ssl" : false}]');
-INSERT INTO configurations (identifier, value) VALUES ('connection', '{"standard" : true, "ldap" : false}');
+INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "suffix" : "", "ssl" : false}]');
+INSERT INTO configurations (identifier, value) VALUES ('connection', '"standard"');
diff --git a/src/app/configuration/models/ConfigurationModel.php b/src/app/configuration/models/ConfigurationModel.php
index ea2fafc7ca..51876f97f3 100755
--- a/src/app/configuration/models/ConfigurationModel.php
+++ b/src/app/configuration/models/ConfigurationModel.php
@@ -83,13 +83,8 @@ class ConfigurationModel
return 'standard';
}
- $connections = json_decode($configuration[0]['value'], true);
- foreach ($connections as $key => $connection) {
- if ($connection) {
- return $key;
- }
- }
+ $connection = json_decode($configuration[0]['value']);
- return 'standard';
+ return $connection;
}
}
diff --git a/src/core/controllers/AuthenticationController.php b/src/core/controllers/AuthenticationController.php
index 8bb4906328..c312bcd772 100755
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -63,23 +63,28 @@ class AuthenticationController
$ldapConfigurations = json_decode($ldapConfigurations['value'], true);
foreach ($ldapConfigurations as $ldapConfiguration) {
$uri = ($ldapConfiguration['ssl'] === true ? "LDAPS://{$ldapConfiguration['uri']}" : $ldapConfiguration['uri']);
- $ldap = ldap_connect($uri);
- if ($ldap !== false) {
- break;
+ $ldap = @ldap_connect($uri);
+ if ($ldap === false) {
+ $error = 'Ldap connect failed';
+ continue;
+ }
+ ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 10);
+ $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
+ $login = (!empty($ldapConfiguration['suffix']) ? $login . $ldapConfiguration['suffix'] : $login);
+ $authenticated = @ldap_bind($ldap, $login, $body['password']);
+ if (!$authenticated) {
+ $error = ldap_error($ldap);
}
}
- if (empty($ldap)) {
- return $response->withStatus(400)->withJson(['errors' => 'Ldap connection failed']);
+ if (empty($authenticated) && !empty($error) && $error != 'Invalid credentials') {
+ return $response->withStatus(400)->withJson(['errors' => $error]);
}
- ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
- $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
- $authenticated = @ldap_bind($ldap, $login, $body['password']);
} else {
$authenticated = AuthenticationModel::authentication(['login' => $body['login'], 'password' => $body['password']]);
}
-
- if (!$authenticated) {
+ if (empty($authenticated)) {
return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}
--
GitLab