1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-12-24 01:13:51 +01:00

- LSauth : Change to be extensible

- LSauthHTTP : Add new class to manage HTTP authentification
- LSsession : Update consequently to LSauth change
This commit is contained in:
Benjamin Renard 2009-10-31 01:33:01 +00:00
parent 3e823a2b22
commit 2ed2dcac9d
6 changed files with 211 additions and 49 deletions

View file

@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array(
'filter' => '(objectClass=*)', 'filter' => '(objectClass=*)',
'scope' => 'sub' 'scope' => 'sub'
), ),
/*
'LSauth' => array (
'method' => 'HTTP'
),
*/
'LSprofiles' => array ( 'LSprofiles' => array (
'admin' => array ( 'admin' => array (
'o=ls' => array ( 'o=ls' => array (

View file

@ -29,6 +29,31 @@
*/ */
class LSauth { class LSauth {
static private $authData=NULL;
var $params = array (
'displayLoginForm' => true,
'displayLogoutBtn' => true
);
/**
* Check Post Data
*
* @retval boolean True if post data permit the authentification or False
**/
public function getPostData() {
if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
$this -> authData = array(
'username' => $_POST['LSsession_user'],
'password' => $_POST['LSsession_pwd'],
'ldapserver' => $_POST['LSsession_ldapserver'],
'topDn' => $_POST['LSsession_topDn']
);
return true;
}
return;
}
/** /**
* Check user login * Check user login
* *
@ -37,11 +62,11 @@ class LSauth {
* *
* @retval LSldapObject|false The LSldapObject of the user authificated or false * @retval LSldapObject|false The LSldapObject of the user authificated or false
*/ */
public static function authenticate($username,$password) { public function authenticate() {
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) { if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
$authobject = new LSsession :: $ldapServer['authObjectType'](); $authobject = new LSsession :: $ldapServer['authObjectType']();
$result = $authobject -> searchObject( $result = $authobject -> searchObject(
$username, $this -> authData['username'],
LSsession :: getTopDn(), LSsession :: getTopDn(),
LSsession :: $ldapServer['authObjectFilter'] LSsession :: $ldapServer['authObjectFilter']
); );
@ -56,7 +81,7 @@ class LSauth {
// duplication d'authentité // duplication d'authentité
LSerror :: addErrorCode('LSauth_02'); LSerror :: addErrorCode('LSauth_02');
} }
elseif ( self :: checkUserPwd($result[0],$password) ) { elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
// Authentication succeeded // Authentication succeeded
return $result[0]; return $result[0];
} }
@ -85,6 +110,18 @@ class LSauth {
return LSldap :: checkBind($object -> getValue('dn'),$pwd); return LSldap :: checkBind($object -> getValue('dn'),$pwd);
} }
/**
* Define if login form can be displayed or not
*
* @retval boolean
**/
public function __get($key) {
if ($key=='params') {
return $this -> params;
}
return;
}
} }
/* /*

View file

@ -0,0 +1,93 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
/**
* Gestion de l'authentification d'un utilisateur suite à une authentification
* HTTP
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*/
class LSauthHTTP extends LSauth {
var $params = array (
'displayLoginForm' => false,
'displayLogoutBtn' => false
);
/**
* Check Post Data
*
* @retval array|False Array of post data if exist or False
**/
public function getPostData() {
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
$this -> authData = array(
'username' => $_SERVER['PHP_AUTH_USER'],
'password' => $_SERVER['PHP_AUTH_PW'],
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
'topDn' => $_REQUEST['LSsession_topDn']
);
return true;
}
return;
}
/**
* Check user login
*
* @param[in] $username The username
* @param[in] $password The password
*
* @retval LSldapObject|false The LSldapObject of the user authificated or false
*/
public function authenticate() {
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
$authobject = new LSsession :: $ldapServer['authObjectType']();
$result = $authobject -> searchObject(
$this -> authData['username'],
LSsession :: getTopDn(),
LSsession :: $ldapServer['authObjectFilter']
);
$nbresult=count($result);
if ($nbresult==0) {
// identifiant incorrect
LSdebug('identifiant incorrect');
LSerror :: addErrorCode('LSauth_01');
}
else if ($nbresult>1) {
// duplication d'authentité
LSerror :: addErrorCode('LSauth_02');
}
else {
// Authentication succeeded
return $result[0];
}
}
else {
LSerror :: addErrorCode('LSauth_03');
}
return;
}
}
?>

View file

@ -50,6 +50,9 @@ class LSsession {
// Les droits d'accès de l'utilisateur // Les droits d'accès de l'utilisateur
private static $LSaccess = array(); private static $LSaccess = array();
// Authentification parameters
private static $authParams = array();
// Les fichiers temporaires // Les fichiers temporaires
private static $tmp_file = array(); private static $tmp_file = array();
@ -466,6 +469,7 @@ class LSsession {
self :: $rdn = $_SESSION['LSsession']['rdn']; self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId']; self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file']; self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
self :: $authParams = $_SESSION['LSsession']['authParams'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) { if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId); self :: setLdapServer(self :: $ldapServerId);
@ -509,39 +513,48 @@ class LSsession {
} }
else { else {
// Session inexistante // Session inexistante
if (isset($_POST['LSsession_user'])) { if (isset($_POST['LSsession_ldapserver'])) {
if (isset($_POST['LSsession_ldapserver'])) { self :: setLdapServer($_POST['LSsession_ldapserver']);
self :: setLdapServer($_POST['LSsession_ldapserver']); }
else {
self :: setLdapServer(0);
}
// Connexion au serveur LDAP
if (self :: LSldapConnect()) {
// topDn
if ( $_POST['LSsession_topDn'] != '' ){
self :: $topDn = $_POST['LSsession_topDn'];
} }
else { else {
self :: setLdapServer(0); self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
} }
$_SESSION['LSsession_topDn']=self :: $topDn;
// Connexion au serveur LDAP if (isset($_GET['LSsession_recoverPassword'])) {
if (self :: LSldapConnect()) { $recoveryPasswordInfos = self :: recoverPasswd(
$_REQUEST['LSsession_user'],
$_GET['recoveryHash']
);
}
else {
if (self :: loadLSclass('LSauth')) {
if (isset(self :: $ldapServer['LSauth']['method'])) {
$LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
if (!self :: loadLSclass($LSauthClass)) {
LSerror :: addErrorCode('LSsession_08',$LSauthClass);
$LSauthClass = 'LSauth';
}
}
else {
$LSauthClass = 'LSauth';
}
// topDn $authObj = new $LSauthClass();
if ( $_POST['LSsession_topDn'] != '' ){ self :: $authParams = $authObj->params;
self :: $topDn = $_POST['LSsession_topDn']; if ($authObj -> getPostData()) {
} $LSuserObject = $authObj -> authenticate();
else {
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
}
$_SESSION['LSsession_topDn']=self :: $topDn;
if (isset($_GET['LSsession_recoverPassword'])) {
$recoveryPasswordInfos = self :: recoverPasswd(
$_REQUEST['LSsession_user'],
$_GET['recoveryHash']
);
}
else {
if (self :: loadLSclass('LSauth')) {
$LSuserObject = LSauth :: authenticate(
$_REQUEST['LSsession_user'],
$_REQUEST['LSsession_pwd']
);
if ($LSuserObject) { if ($LSuserObject) {
// Authentification réussi // Authentification réussi
self :: $LSuserObject = $LSuserObject; self :: $LSuserObject = $LSuserObject;
@ -555,10 +568,13 @@ class LSsession {
} }
} }
} }
else {
LSerror :: addErrorCode('LSsession_05','LSauth');
}
} }
else { }
LSerror :: addErrorCode('LSsession_09'); else {
} LSerror :: addErrorCode('LSsession_09');
} }
if (self :: $ldapServerId) { if (self :: $ldapServerId) {
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId); $GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
@ -567,9 +583,13 @@ class LSsession {
if (isset($_GET['LSsession_recoverPassword'])) { if (isset($_GET['LSsession_recoverPassword'])) {
self :: displayRecoverPasswordForm($recoveryPasswordInfos); self :: displayRecoverPasswordForm($recoveryPasswordInfos);
} }
else { elseif(self :: $authParams['displayLoginForm']) {
self :: displayLoginForm(); self :: displayLoginForm();
} }
else {
self :: setTemplate('blank.tpl');
LSerror :: addErrorCode('LSsession_10');
}
return; return;
} }
} }
@ -811,7 +831,8 @@ class LSsession {
'ldapServerId' => self :: $ldapServerId, 'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer, 'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles, 'LSprofiles' => self :: $LSprofiles,
'LSaccess' => self :: $LSaccess 'LSaccess' => self :: $LSaccess,
'authParams' => self :: $authParams
); );
} }
@ -1318,6 +1339,8 @@ class LSsession {
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding); $GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
$GLOBALS['Smarty'] -> assign('lang_label',_('Language')); $GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
// Infos // Infos
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) { if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
$txt_infos="<ul>\n"; $txt_infos="<ul>\n";
@ -2088,11 +2111,15 @@ class LSsession {
LSerror :: defineError('LSsession_07', LSerror :: defineError('LSsession_07',
_("LSsession : Impossible to identify you : Duplication of identities.") _("LSsession : Impossible to identify you : Duplication of identities.")
); );
// 08 LSerror :: defineError('LSsession_08',
_("LSsession : Can't load class of authentification (%{class}).")
);
LSerror :: defineError('LSsession_09', LSerror :: defineError('LSsession_09',
_("LSsession : Can't connect to LDAP server.") _("LSsession : Can't connect to LDAP server.")
); );
// 10 LSerror :: defineError('LSsession_10',
_("LSsession : Impossible to authenticate you.")
);
LSerror :: defineError('LSsession_11', LSerror :: defineError('LSsession_11',
_("LSsession : Your are not authorized to do this action.") _("LSsession : Your are not authorized to do this action.")
); );

View file

@ -1,20 +1,20 @@
<?xml version="1.0"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"> "http://www.w3.org/TR/html4/loose.dtd">
<html> <html>
<head> <head>
<meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title> <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="icon" type="image/png" href="images/default/favicon.png" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" /> <link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" /> <link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
{$LSsession_css} {$LSsession_css}
{$LSsession_js}
</head> </head>
<body> <body>
<div id='LSerror'>
{$LSerrors} {include file='LSdefault.tpl'}
</div>
<div id='LSdebug'> {$LSsession_js}
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
</body> </body>
</html> </html>

View file

@ -45,7 +45,7 @@
</select> </select>
<input type='submit' value='->'/> <input type='submit' value='->'/>
</form> </form>
{$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a> {$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
</td> </td>
</tr> </tr>
<tr> <tr>