FEAT #10887 TIME 4:00 Ldap connection

sql/data_fr.sql

@@ -65,4 +65,5 @@ INSERT INTO password_rules (label, "value") VALUES ('renewal', 90);
 -----
 TRUNCATE TABLE configurations;
 INSERT INTO configurations (identifier, value) VALUES ('emailServer', '{"type" : "smtp", "host" : "smtp.gmail.com", "port" : 465, "user" : "", "password" : "", "auth" : true, "secure" : "ssl", "from" : "notifications@maarch.org", "charset" : "utf-8"}');
-ALTER SEQUENCE configurations_id_seq RESTART WITH 2;
+INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "ssl" : false}]');
+INSERT INTO configurations (identifier, value) VALUES ('connection', '{"standard" : true, "ldap" : false}');

sql/structure.sql

@@ -56,7 +56,7 @@ CREATE TABLE configurations
 (
 id serial NOT NULL,
 identifier CHARACTER VARYING (64) NOT NULL,
-value json DEFAULT '{}' NOT NULL,
+value jsonb DEFAULT '{}' NOT NULL,
 CONSTRAINT configuration_pkey PRIMARY KEY (id),
 CONSTRAINT configuration_unique_key UNIQUE (identifier)
 )

src/app/configuration/models/ConfigurationModel.php

@@ -69,4 +69,27 @@ class ConfigurationModel
 
         return true;
     }
+
+    public static function getConnection()
+    {
+        $configuration = DatabaseModel::select([
+            'select'    => ['value'],
+            'table'     => ['configurations'],
+            'where'     => ['identifier = ?'],
+            'data'      => ['connection']
+        ]);
+
+        if (empty($configuration[0])) {
+            return 'standard';
+        }
+
+        $connections = json_decode($configuration[0]['value'], true);
+        foreach ($connections as $key => $connection) {
+            if ($connection) {
+                return $key;
+            }
+        }
+
+        return 'standard';
+    }
 }

src/core/controllers/AuthenticationController.php

@@ -14,6 +14,7 @@
 
 namespace SrcCore\controllers;
 
+use Configuration\models\ConfigurationModel;
 use History\controllers\HistoryController;
 use Respect\Validation\Validator;
 use Slim\Http\Request;
@@ -53,7 +54,32 @@ class AuthenticationController
             return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
         }
 
-        if (!AuthenticationModel::authentication(['login' => $body['login'], 'password' => $body['password']])) {
+        $connection = ConfigurationModel::getConnection();
+        if ($connection == 'ldap') {
+            $ldapConfigurations = ConfigurationModel::getByIdentifier(['identifier' => 'ldapServer', 'select' => ['value']]);
+            if (empty($ldapConfigurations)) {
+                return $response->withStatus(400)->withJson(['errors' => 'Ldap configuration is missing']);
+            }
+            $ldapConfigurations = json_decode($ldapConfigurations['value'], true);
+            foreach ($ldapConfigurations as $ldapConfiguration) {
+                $uri = ($ldapConfiguration['ssl'] === true ? "LDAPS://{$ldapConfiguration['uri']}" : $ldapConfiguration['uri']);
+                $ldap = ldap_connect($uri);
+                if ($ldap !== false) {
+                    break;
+                }
+            }
+            if (empty($ldap)) {
+                return $response->withStatus(400)->withJson(['errors' => 'Ldap connection failed']);
+            }
+            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+            ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+            $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
+            $authenticated = @ldap_bind($ldap, $login, $body['password']);
+        } else {
+            $authenticated = AuthenticationModel::authentication(['login' => $body['login'], 'password' => $body['password']]);
+        }
+
+        if (!$authenticated) {
             return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
         }