jannik/grav-plugin-login-ldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

many improvements

Browse Source
This commit is contained in:
Andy Miller
2018-05-08 17:07:29 -06:00
parent d4d885a874
commit 21cd46df14
3 changed files with 152 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
blueprints.yaml
View File

@@ -29,12 +29,14 @@ form:
server_section: server_section:
type: section type: section
title: LDAP Server title: LDAP Server
underline: true
fields: fields:
host: host:
type: text type: text
label: Host label: Host
size: large
help: Host name of the LDAP server help: Host name of the LDAP server
validate: validate:
required: true required: true
@@ -43,6 +45,7 @@ form:
type: number type: number
label: Port label: Port
default: 389 default: 389
size: x-small
help: Port to connect to host help: Port to connect to host
validate: validate:
required: true required: true
@@ -51,6 +54,7 @@ form:
type: number type: number
label: Version label: Version
default: 3 default: 3
size: x-small
help: LDAP Version 3 is most popular, only change this if you know what you are doing help: LDAP Version 3 is most popular, only change this if you know what you are doing
validate: validate:
required: true required: true
@@ -93,12 +97,14 @@ form:
config_section: config_section:
type: section type: section
title: LDAP Configuration title: LDAP Configuration
underline: true
fields: fields:
user_dn: user_dn:
type: text type: text
label: User Search DN label: User Search DN
size: large
placeholder: uid=[username],dc=company,dc=com placeholder: uid=[username],dc=company,dc=com
help: String used to authenticate a user, where [username] is directly replaced by user value entered via login help: String used to authenticate a user, where [username] is directly replaced by user value entered via login
validate: validate:
@@ -107,12 +113,14 @@ form:
data_dn: data_dn:
type: text type: text
label: User Data DN label: User Data DN
size: large
placeholder: dc=company,dc=com placeholder: dc=company,dc=com
help: String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file help: String used to retrieve user data. If not provided, extra LDAP user data will not be stored in Grav user account file
map_username: map_username:
type: text type: text
label: Username Mapping label: Username Mapping
size: large
help: LDAP Attribute(s) that contains the user's username help: LDAP Attribute(s) that contains the user's username
placeholder: uid placeholder: uid
validate: validate:
@@ -121,6 +129,7 @@ form:
map_fullname: map_fullname:
type: text type: text
label: User Fullname Mapping label: User Fullname Mapping
size: large
help: LDAP Attribute(s) that contains the user's full name help: LDAP Attribute(s) that contains the user's full name
placeholder: givenName lastName placeholder: givenName lastName
validate: validate:
@@ -129,7 +138,57 @@ form:
map_email: map_email:
type: text type: text
label: User Email Mapping label: User Email Mapping
size: large
help: LDAP Attribute that contains the user's email help: LDAP Attribute that contains the user's email
placeholder: mail placeholder: mail
validate: validate:
required: true required: true
advanced_section:
type: section
title: Advanced Configuration
underline: true
fields:
save_grav_user:
type: toggle
label: Save Grav user
highlight: 0
default: 0
options:
1: Enabled
0: Disabled
validate:
type: bool
store_ldap_data:
type: toggle
label: Store LDAP data
help: If sotring a local Grav user, you can also store LDAP data to use in Grav
highlight: 0
default: 0
options:
1: Enabled
0: Disabled
validate:
type: bool
default_access_levels.groups:
type: selectize
size: large
label: Default Groups
'@data-options': '\Grav\User\Groups::groups'
classes: fancy
validate:
type: commalist
default_access_levels.access.site:
type: array
label: Default Site Access
multiple: false
placeholder_key: login
placeholder_value: 'true'
validate:
type: array
required: true

103
login-ldap.php
View File

@@ -66,44 +66,99 @@ class LoginLDAPPlugin extends Plugin
public function userLoginAuthenticate(UserLoginEvent $event) public function userLoginAuthenticate(UserLoginEvent $event)
{ {
$username = $event->getUser();
$credentials = $event->getCredentials(); $credentials = $event->getCredentials();
// This gets fired for user authentication. // Get Proper username
$username="cn=amiller,ou=users,dc=trilbymedia,dc=com"; $user_dn = $this->config->get('plugins.login-ldap.user_dn');
$credentials="gom8Jabar"; $search_dn = $this->config->get('plugins.login-ldap.search_dn');
$username = str_replace('[username]', $credentials['username'], $user_dn);
// Get Host info
$host = $this->config->get('plugins.login-ldap.host');
$port = $this->config->get('plugins.login-ldap.port');
$version = $this->config->get('plugins.login-ldap.version');
$ssl = $this->config->get('plugins.login-ldap.ssl');
$start_tls = $this->config->get('plugins.login-ldap.start_tls');
$opt_referrals = $this->config->get('plugins.login-ldap.opt_referrals');
// Set Encryption
if ((bool) $ssl) {
$encryption = 'ssl';
} elseif ((bool) $start_tls) {
$encryption = 'tls';
} else {
$encryption = 'none';
}
try { try {
$ldap = Ldap::create('ext_ldap', array( $ldap = Ldap::create('ext_ldap', array(
'host' => 'ldap.trilbymedia.com', 'host' => $host,
'port' => $port,
'encryption' => $encryption,
'options' => array(
'protocol_version' => $version,
'referrals' => (bool) $opt_referrals,
),
)); ));
// Map Info
$map_username = $this->config->get('plugins.login-ldap.map_username');
$map_fullname = $this->config->get('plugins.login-ldap.map_fullname');
$map_email = $this->config->get('plugins.login-ldap.map_email');
$ldap->bind($username, $credentials); $ldap->bind($username, $credentials['password']);
$query = $ldap->query($search_dn, $map_username .'='. $credentials['username']);
$results = $query->execute()->toArray();
$query = $ldap->query('dc=trilbymedia,dc=com', 'uid=amiller');
$results = $query->execute();
$userdata = ['ldap' => $results[0]->getAttributes()];
unset($userdata['ldap']['userPassword']);
// Create Grav User // Create Grav User
$grav_user = User::load($username); $grav_user = User::load($username);
// Get LDAP Data
$ldap_data = array_shift($results)->getAttributes();
$userdata = [];
$userdata['login'] = $this->getLDAPMappedItem($map_username, $ldap_data);
$userdata['fullname'] = $this->getLDAPMappedItem($map_fullname, $ldap_data);
$userdata['email'] = $this->getLDAPMappedItem($map_email, $ldap_data);
// Get LDAP Data if required
if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
// $userdata['ldap'] = $ldap_data;
foreach($ldap_data as $key => $data) {
$userdata['ldap'][$key] = array_shift($data);
}
unset($userdata['ldap']['userPassword']);
}
$grav_user->merge($userdata);
// Set Groups
$current_groups = $grav_user->get('groups');
if (!$current_groups) {
$groups = $this->config->get('plugins.login-ldap.default_access_levels.groups', []);
if (count($groups) > 0) {
$data['groups'] = $groups;
$grav_user->merge($data);
}
}
// Set Access
$current_access = $grav_user->get('access'); $current_access = $grav_user->get('access');
if (!$current_access) { $access = $this->config->get('plugins.login-ldap.default_access_levels.access.site');
$access = $this->config->get('plugins.login.user_registration.access.site', []);
if (!$current_access && $access) {
if (count($access) > 0) { if (count($access) > 0) {
$data['access']['site'] = $access; $data['access']['site'] = $access;
$grav_user->merge($data); $grav_user->merge($data);
} }
} }
$grav_user->merge($userdata); // Optional save
$grav_user->save(); if ($this->config->get('plugins.login-ldap.save_grav_user', false)) {
$grav_user->save();
}
$event->setUser($grav_user); $event->setUser($grav_user);
@@ -115,6 +170,8 @@ class LoginLDAPPlugin extends Plugin
} catch (ConnectionException $e) { } catch (ConnectionException $e) {
print $e->getMessage(); print $e->getMessage();
$this->grav['log']->error('plugin.login-ldap: ' . $username . ' - ' . $e->getMessage());
$event->setStatus($event::AUTHENTICATION_FAILURE); $event->setStatus($event::AUTHENTICATION_FAILURE);
$event->stopPropagation(); $event->stopPropagation();
@@ -138,4 +195,16 @@ class LoginLDAPPlugin extends Plugin
// This gets fired on user logout. // This gets fired on user logout.
} }
protected function getLDAPMappedItem($map, $ldap_data)
{
$item_bits = [];
$map_bits = explode(' ', $map);
foreach($map_bits as $bit) {
if(isset($ldap_data[$bit])) {
$item_bits[] = array_shift($ldap_data[$bit]);
}
}
$item = implode(' ', $item_bits);
return $item;
}
} }

8
login-ldap.yaml
View File

@@ -11,4 +11,10 @@ map_username: uid
map_fullname: givenName lastName map_fullname: givenName lastName
map_email: mail map_email: mail
save_grav_user: false
store_ldap_data: false
default_access_levels:
groups: ldap_users
access:
site:
login: 'true'