Skip to content

Commit

Permalink
Merge branch 'develop' of github.com:snipe/snipe-it into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@snipe
snipe committed Nov 3, 2015
2 parents 725ca04 + fbd79fc commit 9cc542a
Showing 1 changed file with 85 additions and 12 deletions.
97 changes: 85 additions & 12 deletions app/controllers/AuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,14 @@ public function getSignin()
/**
* Authenticates a user to LDAP
*
* @return true if the username and/or password provided are valid
* false if the username and/or password provided are invalid
*
* @param $username
* @param $password
* @param bool|false $returnUser
* @return bool true if the username and/or password provided are valid
* false if the username and/or password provided are invalid
* array of ldap_attributes if $returnUser is true
*/
function ldap($username, $password) {
function ldap($username, $password, $returnUser = false) {

$ldaphost = Config::get('ldap.url');
$ldaprdn = Config::get('ldap.username');
Expand All @@ -35,11 +38,11 @@ function ldap($username, $password) {
$filterQuery = Config::get('ldap.authentication.filter.query') . $username;
$ldapversion = Config::get('ldap.version');

// Connecting to LDAP
$connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
// Needed for AD
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION,$ldapversion);
// Connecting to LDAP
$connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
// Needed for AD
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION,$ldapversion);

try {
if ($connection) {
Expand All @@ -49,7 +52,9 @@ function ldap($username, $password) {
$entry = ldap_first_entry($connection, $results);
if ( ($userDn = @ldap_get_dn($connection, $entry)) !== false ) {
if( ($isBound = ldap_bind($connection, $userDn, $password)) == "true") {
return true;
return $returnUser ?
array_change_key_case(ldap_get_attributes($connection, $entry),CASE_LOWER)
: true;
}
}
}
Expand All @@ -61,6 +66,65 @@ function ldap($username, $password) {
return false;
}

/**
* Create user from LDAP attributes
*
* @param $ldapatttibutes
* @return array|bool
*/
function createUserFromLdap($ldapatttibutes){
//Get LDAP attribute config
$ldap_result_username = Config::get('ldap.result.username');
$ldap_result_emp_num = Config::get('ldap.result.emp.num');
$ldap_result_last_name = Config::get('ldap.result.last.name');
$ldap_result_first_name = Config::get('ldap.result.first.name');
$ldap_result_email = Config::get('ldap.result.email');

//Get LDAP user data
$item = array();
$item["username"] = isset( $ldapatttibutes[$ldap_result_username][0] ) ? $ldapatttibutes[$ldap_result_username][0] : "";
$item["employee_number"] = isset( $ldapatttibutes[$ldap_result_emp_num][0] ) ? $ldapatttibutes[$ldap_result_emp_num][0] : "";
$item["lastname"] = isset( $ldapatttibutes[$ldap_result_last_name][0] ) ? $ldapatttibutes[$ldap_result_last_name][0] : "";
$item["firstname"] = isset( $ldapatttibutes[$ldap_result_first_name][0] ) ? $ldapatttibutes[$ldap_result_first_name][0] : "";
$item["email"] = isset( $ldapatttibutes[$ldap_result_email][0] ) ? $ldapatttibutes[$ldap_result_email][0] : "" ;

//create user
if(!empty($item["username"]) && !empty($item['email'])) {
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);

$newuser = array(
'first_name' => $item["firstname"],
'last_name' => $item["lastname"],
'username' => $item["username"],
'email' => $item["email"],
'employee_num' => $item["employee_number"],
'password' => $pass,
'activated' => 1,
'location_id' => null,
'permissions' => '{"user":1}',
'notes' => 'Imported from LDAP'
);

DB::table('users')->insert($newuser);
$updateuser = Sentry::findUserByLogin($item["username"]);

// Update the user details
$updateuser->password = $pass;

// Update the user
$updateuser->save();
} else {
throw new Cartalyst\Sentry\Users\UserNotFoundException();
}

//$item["note"] = "<strong>created</strong>";
$credentials = array(
'username' => $item["username"],
'password' => $pass,
);
return $credentials;
}


/**
* Account sign in form processing.
Expand All @@ -83,7 +147,6 @@ public function postSignin()
// Ooops.. something went wrong
return Redirect::back()->withInput()->withErrors($validator);
}

try {

/**
Expand All @@ -93,8 +156,18 @@ public function postSignin()

// Try to get the user from the database.
$user = (array) DB::table('users')->where('username', Input::get('username'))->first();
//If user does not exist and authenticates sucessfully with LDAP we will create it onf the fly and sign in with default permissions
if(!$user){
if($userattr = $this->ldap(Input::get('username'), Input::get('password'),true) ){
LOG::debug("Creating LDAP authenticated user.");
$credentials = $this->createUserFromLdap($userattr);
Sentry::authenticate($credentials, Input::get('remember-me', 0));


}
}

if ($user && strpos($user["notes"],'LDAP') !== false) {
else if ($user && strpos($user["notes"],'LDAP') !== false) {
LOG::debug("Authenticating user against LDAP.");
if( $this->ldap(Input::get('username'), Input::get('password')) ) {
LOG::debug("valid login");
Expand Down

0 comments on commit 9cc542a

Please sign in to comment.