mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-24 01:13:51 +01:00
- LSauth : Change to be extensible
- LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change
This commit is contained in:
parent
3e823a2b22
commit
2ed2dcac9d
6 changed files with 211 additions and 49 deletions
trunk
conf
includes/class
templates/default
|
@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array(
|
||||||
'filter' => '(objectClass=*)',
|
'filter' => '(objectClass=*)',
|
||||||
'scope' => 'sub'
|
'scope' => 'sub'
|
||||||
),
|
),
|
||||||
|
/*
|
||||||
|
'LSauth' => array (
|
||||||
|
'method' => 'HTTP'
|
||||||
|
),
|
||||||
|
*/
|
||||||
'LSprofiles' => array (
|
'LSprofiles' => array (
|
||||||
'admin' => array (
|
'admin' => array (
|
||||||
'o=ls' => array (
|
'o=ls' => array (
|
||||||
|
|
|
@ -29,6 +29,31 @@
|
||||||
*/
|
*/
|
||||||
class LSauth {
|
class LSauth {
|
||||||
|
|
||||||
|
static private $authData=NULL;
|
||||||
|
|
||||||
|
var $params = array (
|
||||||
|
'displayLoginForm' => true,
|
||||||
|
'displayLogoutBtn' => true
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check Post Data
|
||||||
|
*
|
||||||
|
* @retval boolean True if post data permit the authentification or False
|
||||||
|
**/
|
||||||
|
public function getPostData() {
|
||||||
|
if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
|
||||||
|
$this -> authData = array(
|
||||||
|
'username' => $_POST['LSsession_user'],
|
||||||
|
'password' => $_POST['LSsession_pwd'],
|
||||||
|
'ldapserver' => $_POST['LSsession_ldapserver'],
|
||||||
|
'topDn' => $_POST['LSsession_topDn']
|
||||||
|
);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check user login
|
* Check user login
|
||||||
*
|
*
|
||||||
|
@ -37,11 +62,11 @@ class LSauth {
|
||||||
*
|
*
|
||||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||||
*/
|
*/
|
||||||
public static function authenticate($username,$password) {
|
public function authenticate() {
|
||||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||||
$result = $authobject -> searchObject(
|
$result = $authobject -> searchObject(
|
||||||
$username,
|
$this -> authData['username'],
|
||||||
LSsession :: getTopDn(),
|
LSsession :: getTopDn(),
|
||||||
LSsession :: $ldapServer['authObjectFilter']
|
LSsession :: $ldapServer['authObjectFilter']
|
||||||
);
|
);
|
||||||
|
@ -56,7 +81,7 @@ class LSauth {
|
||||||
// duplication d'authentité
|
// duplication d'authentité
|
||||||
LSerror :: addErrorCode('LSauth_02');
|
LSerror :: addErrorCode('LSauth_02');
|
||||||
}
|
}
|
||||||
elseif ( self :: checkUserPwd($result[0],$password) ) {
|
elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
|
||||||
// Authentication succeeded
|
// Authentication succeeded
|
||||||
return $result[0];
|
return $result[0];
|
||||||
}
|
}
|
||||||
|
@ -85,6 +110,18 @@ class LSauth {
|
||||||
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
|
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Define if login form can be displayed or not
|
||||||
|
*
|
||||||
|
* @retval boolean
|
||||||
|
**/
|
||||||
|
public function __get($key) {
|
||||||
|
if ($key=='params') {
|
||||||
|
return $this -> params;
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
93
trunk/includes/class/class.LSauthHTTP.php
Normal file
93
trunk/includes/class/class.LSauthHTTP.php
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
<?php
|
||||||
|
/*******************************************************************************
|
||||||
|
* Copyright (C) 2007 Easter-eggs
|
||||||
|
* http://ldapsaisie.labs.libre-entreprise.org
|
||||||
|
*
|
||||||
|
* Author: See AUTHORS file in top-level directory.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU General Public License version 2
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||||
|
|
||||||
|
******************************************************************************/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gestion de l'authentification d'un utilisateur suite à une authentification
|
||||||
|
* HTTP
|
||||||
|
*
|
||||||
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||||
|
*/
|
||||||
|
class LSauthHTTP extends LSauth {
|
||||||
|
|
||||||
|
var $params = array (
|
||||||
|
'displayLoginForm' => false,
|
||||||
|
'displayLogoutBtn' => false
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check Post Data
|
||||||
|
*
|
||||||
|
* @retval array|False Array of post data if exist or False
|
||||||
|
**/
|
||||||
|
public function getPostData() {
|
||||||
|
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
$this -> authData = array(
|
||||||
|
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||||
|
'password' => $_SERVER['PHP_AUTH_PW'],
|
||||||
|
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
|
||||||
|
'topDn' => $_REQUEST['LSsession_topDn']
|
||||||
|
);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check user login
|
||||||
|
*
|
||||||
|
* @param[in] $username The username
|
||||||
|
* @param[in] $password The password
|
||||||
|
*
|
||||||
|
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||||
|
*/
|
||||||
|
public function authenticate() {
|
||||||
|
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||||
|
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||||
|
$result = $authobject -> searchObject(
|
||||||
|
$this -> authData['username'],
|
||||||
|
LSsession :: getTopDn(),
|
||||||
|
LSsession :: $ldapServer['authObjectFilter']
|
||||||
|
);
|
||||||
|
$nbresult=count($result);
|
||||||
|
|
||||||
|
if ($nbresult==0) {
|
||||||
|
// identifiant incorrect
|
||||||
|
LSdebug('identifiant incorrect');
|
||||||
|
LSerror :: addErrorCode('LSauth_01');
|
||||||
|
}
|
||||||
|
else if ($nbresult>1) {
|
||||||
|
// duplication d'authentité
|
||||||
|
LSerror :: addErrorCode('LSauth_02');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Authentication succeeded
|
||||||
|
return $result[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
LSerror :: addErrorCode('LSauth_03');
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
?>
|
|
@ -50,6 +50,9 @@ class LSsession {
|
||||||
// Les droits d'accès de l'utilisateur
|
// Les droits d'accès de l'utilisateur
|
||||||
private static $LSaccess = array();
|
private static $LSaccess = array();
|
||||||
|
|
||||||
|
// Authentification parameters
|
||||||
|
private static $authParams = array();
|
||||||
|
|
||||||
// Les fichiers temporaires
|
// Les fichiers temporaires
|
||||||
private static $tmp_file = array();
|
private static $tmp_file = array();
|
||||||
|
|
||||||
|
@ -466,6 +469,7 @@ class LSsession {
|
||||||
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
||||||
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
||||||
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
||||||
|
self :: $authParams = $_SESSION['LSsession']['authParams'];
|
||||||
|
|
||||||
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
|
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
|
||||||
self :: setLdapServer(self :: $ldapServerId);
|
self :: setLdapServer(self :: $ldapServerId);
|
||||||
|
@ -509,39 +513,48 @@ class LSsession {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Session inexistante
|
// Session inexistante
|
||||||
if (isset($_POST['LSsession_user'])) {
|
if (isset($_POST['LSsession_ldapserver'])) {
|
||||||
if (isset($_POST['LSsession_ldapserver'])) {
|
self :: setLdapServer($_POST['LSsession_ldapserver']);
|
||||||
self :: setLdapServer($_POST['LSsession_ldapserver']);
|
}
|
||||||
|
else {
|
||||||
|
self :: setLdapServer(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Connexion au serveur LDAP
|
||||||
|
if (self :: LSldapConnect()) {
|
||||||
|
|
||||||
|
// topDn
|
||||||
|
if ( $_POST['LSsession_topDn'] != '' ){
|
||||||
|
self :: $topDn = $_POST['LSsession_topDn'];
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
self :: setLdapServer(0);
|
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
|
||||||
}
|
}
|
||||||
|
$_SESSION['LSsession_topDn']=self :: $topDn;
|
||||||
|
|
||||||
// Connexion au serveur LDAP
|
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||||
if (self :: LSldapConnect()) {
|
$recoveryPasswordInfos = self :: recoverPasswd(
|
||||||
|
$_REQUEST['LSsession_user'],
|
||||||
|
$_GET['recoveryHash']
|
||||||
|
);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (self :: loadLSclass('LSauth')) {
|
||||||
|
if (isset(self :: $ldapServer['LSauth']['method'])) {
|
||||||
|
$LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
|
||||||
|
if (!self :: loadLSclass($LSauthClass)) {
|
||||||
|
LSerror :: addErrorCode('LSsession_08',$LSauthClass);
|
||||||
|
$LSauthClass = 'LSauth';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$LSauthClass = 'LSauth';
|
||||||
|
}
|
||||||
|
|
||||||
// topDn
|
$authObj = new $LSauthClass();
|
||||||
if ( $_POST['LSsession_topDn'] != '' ){
|
self :: $authParams = $authObj->params;
|
||||||
self :: $topDn = $_POST['LSsession_topDn'];
|
if ($authObj -> getPostData()) {
|
||||||
}
|
$LSuserObject = $authObj -> authenticate();
|
||||||
else {
|
|
||||||
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
|
|
||||||
}
|
|
||||||
$_SESSION['LSsession_topDn']=self :: $topDn;
|
|
||||||
|
|
||||||
|
|
||||||
if (isset($_GET['LSsession_recoverPassword'])) {
|
|
||||||
$recoveryPasswordInfos = self :: recoverPasswd(
|
|
||||||
$_REQUEST['LSsession_user'],
|
|
||||||
$_GET['recoveryHash']
|
|
||||||
);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if (self :: loadLSclass('LSauth')) {
|
|
||||||
$LSuserObject = LSauth :: authenticate(
|
|
||||||
$_REQUEST['LSsession_user'],
|
|
||||||
$_REQUEST['LSsession_pwd']
|
|
||||||
);
|
|
||||||
if ($LSuserObject) {
|
if ($LSuserObject) {
|
||||||
// Authentification réussi
|
// Authentification réussi
|
||||||
self :: $LSuserObject = $LSuserObject;
|
self :: $LSuserObject = $LSuserObject;
|
||||||
|
@ -555,10 +568,13 @@ class LSsession {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
LSerror :: addErrorCode('LSsession_05','LSauth');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
}
|
||||||
LSerror :: addErrorCode('LSsession_09');
|
else {
|
||||||
}
|
LSerror :: addErrorCode('LSsession_09');
|
||||||
}
|
}
|
||||||
if (self :: $ldapServerId) {
|
if (self :: $ldapServerId) {
|
||||||
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
|
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
|
||||||
|
@ -567,9 +583,13 @@ class LSsession {
|
||||||
if (isset($_GET['LSsession_recoverPassword'])) {
|
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||||
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
|
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
|
||||||
}
|
}
|
||||||
else {
|
elseif(self :: $authParams['displayLoginForm']) {
|
||||||
self :: displayLoginForm();
|
self :: displayLoginForm();
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
self :: setTemplate('blank.tpl');
|
||||||
|
LSerror :: addErrorCode('LSsession_10');
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -811,7 +831,8 @@ class LSsession {
|
||||||
'ldapServerId' => self :: $ldapServerId,
|
'ldapServerId' => self :: $ldapServerId,
|
||||||
'ldapServer' => self :: $ldapServer,
|
'ldapServer' => self :: $ldapServer,
|
||||||
'LSprofiles' => self :: $LSprofiles,
|
'LSprofiles' => self :: $LSprofiles,
|
||||||
'LSaccess' => self :: $LSaccess
|
'LSaccess' => self :: $LSaccess,
|
||||||
|
'authParams' => self :: $authParams
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1318,6 +1339,8 @@ class LSsession {
|
||||||
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
|
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
|
||||||
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
|
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
|
||||||
|
|
||||||
|
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
|
||||||
|
|
||||||
// Infos
|
// Infos
|
||||||
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
|
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
|
||||||
$txt_infos="<ul>\n";
|
$txt_infos="<ul>\n";
|
||||||
|
@ -2088,11 +2111,15 @@ class LSsession {
|
||||||
LSerror :: defineError('LSsession_07',
|
LSerror :: defineError('LSsession_07',
|
||||||
_("LSsession : Impossible to identify you : Duplication of identities.")
|
_("LSsession : Impossible to identify you : Duplication of identities.")
|
||||||
);
|
);
|
||||||
// 08
|
LSerror :: defineError('LSsession_08',
|
||||||
|
_("LSsession : Can't load class of authentification (%{class}).")
|
||||||
|
);
|
||||||
LSerror :: defineError('LSsession_09',
|
LSerror :: defineError('LSsession_09',
|
||||||
_("LSsession : Can't connect to LDAP server.")
|
_("LSsession : Can't connect to LDAP server.")
|
||||||
);
|
);
|
||||||
// 10
|
LSerror :: defineError('LSsession_10',
|
||||||
|
_("LSsession : Impossible to authenticate you.")
|
||||||
|
);
|
||||||
LSerror :: defineError('LSsession_11',
|
LSerror :: defineError('LSsession_11',
|
||||||
_("LSsession : Your are not authorized to do this action.")
|
_("LSsession : Your are not authorized to do this action.")
|
||||||
);
|
);
|
||||||
|
|
|
@ -1,20 +1,20 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
||||||
"http://www.w3.org/TR/html4/loose.dtd">
|
"http://www.w3.org/TR/html4/loose.dtd">
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
|
<meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
|
||||||
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
|
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
|
||||||
|
<link rel="icon" type="image/png" href="images/default/favicon.png" />
|
||||||
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
|
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
|
||||||
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
|
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
|
||||||
{$LSsession_css}
|
{$LSsession_css}
|
||||||
{$LSsession_js}
|
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div id='LSerror'>
|
|
||||||
{$LSerrors}
|
{include file='LSdefault.tpl'}
|
||||||
</div>
|
|
||||||
<div id='LSdebug'>
|
{$LSsession_js}
|
||||||
<a href='#' id='LSdebug_hidden'>X</a>
|
|
||||||
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
|
|
||||||
</div>
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
</select>
|
</select>
|
||||||
<input type='submit' value='->'/>
|
<input type='submit' value='->'/>
|
||||||
</form>
|
</form>
|
||||||
{$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>
|
{$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
|
|
Loading…
Reference in a new issue