mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-18 22:43:47 +01:00
- LSauth : Change to be extensible
- LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change
This commit is contained in:
parent
3e823a2b22
commit
2ed2dcac9d
6 changed files with 211 additions and 49 deletions
|
@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array(
|
|||
'filter' => '(objectClass=*)',
|
||||
'scope' => 'sub'
|
||||
),
|
||||
/*
|
||||
'LSauth' => array (
|
||||
'method' => 'HTTP'
|
||||
),
|
||||
*/
|
||||
'LSprofiles' => array (
|
||||
'admin' => array (
|
||||
'o=ls' => array (
|
||||
|
|
|
@ -29,6 +29,31 @@
|
|||
*/
|
||||
class LSauth {
|
||||
|
||||
static private $authData=NULL;
|
||||
|
||||
var $params = array (
|
||||
'displayLoginForm' => true,
|
||||
'displayLogoutBtn' => true
|
||||
);
|
||||
|
||||
/**
|
||||
* Check Post Data
|
||||
*
|
||||
* @retval boolean True if post data permit the authentification or False
|
||||
**/
|
||||
public function getPostData() {
|
||||
if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_POST['LSsession_user'],
|
||||
'password' => $_POST['LSsession_pwd'],
|
||||
'ldapserver' => $_POST['LSsession_ldapserver'],
|
||||
'topDn' => $_POST['LSsession_topDn']
|
||||
);
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
*
|
||||
|
@ -37,11 +62,11 @@ class LSauth {
|
|||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public static function authenticate($username,$password) {
|
||||
public function authenticate() {
|
||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||
$result = $authobject -> searchObject(
|
||||
$username,
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
|
@ -56,7 +81,7 @@ class LSauth {
|
|||
// duplication d'authentité
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
elseif ( self :: checkUserPwd($result[0],$password) ) {
|
||||
elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
|
||||
// Authentication succeeded
|
||||
return $result[0];
|
||||
}
|
||||
|
@ -85,6 +110,18 @@ class LSauth {
|
|||
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
|
||||
}
|
||||
|
||||
/**
|
||||
* Define if login form can be displayed or not
|
||||
*
|
||||
* @retval boolean
|
||||
**/
|
||||
public function __get($key) {
|
||||
if ($key=='params') {
|
||||
return $this -> params;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
93
trunk/includes/class/class.LSauthHTTP.php
Normal file
93
trunk/includes/class/class.LSauthHTTP.php
Normal file
|
@ -0,0 +1,93 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Gestion de l'authentification d'un utilisateur suite à une authentification
|
||||
* HTTP
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
class LSauthHTTP extends LSauth {
|
||||
|
||||
var $params = array (
|
||||
'displayLoginForm' => false,
|
||||
'displayLogoutBtn' => false
|
||||
);
|
||||
|
||||
/**
|
||||
* Check Post Data
|
||||
*
|
||||
* @retval array|False Array of post data if exist or False
|
||||
**/
|
||||
public function getPostData() {
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||
'password' => $_SERVER['PHP_AUTH_PW'],
|
||||
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
|
||||
'topDn' => $_REQUEST['LSsession_topDn']
|
||||
);
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
*
|
||||
* @param[in] $username The username
|
||||
* @param[in] $password The password
|
||||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public function authenticate() {
|
||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||
$result = $authobject -> searchObject(
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
$nbresult=count($result);
|
||||
|
||||
if ($nbresult==0) {
|
||||
// identifiant incorrect
|
||||
LSdebug('identifiant incorrect');
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
}
|
||||
else if ($nbresult>1) {
|
||||
// duplication d'authentité
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
else {
|
||||
// Authentication succeeded
|
||||
return $result[0];
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_03');
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
|
@ -50,6 +50,9 @@ class LSsession {
|
|||
// Les droits d'accès de l'utilisateur
|
||||
private static $LSaccess = array();
|
||||
|
||||
// Authentification parameters
|
||||
private static $authParams = array();
|
||||
|
||||
// Les fichiers temporaires
|
||||
private static $tmp_file = array();
|
||||
|
||||
|
@ -466,6 +469,7 @@ class LSsession {
|
|||
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
||||
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
||||
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
||||
self :: $authParams = $_SESSION['LSsession']['authParams'];
|
||||
|
||||
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
|
||||
self :: setLdapServer(self :: $ldapServerId);
|
||||
|
@ -509,7 +513,6 @@ class LSsession {
|
|||
}
|
||||
else {
|
||||
// Session inexistante
|
||||
if (isset($_POST['LSsession_user'])) {
|
||||
if (isset($_POST['LSsession_ldapserver'])) {
|
||||
self :: setLdapServer($_POST['LSsession_ldapserver']);
|
||||
}
|
||||
|
@ -529,7 +532,6 @@ class LSsession {
|
|||
}
|
||||
$_SESSION['LSsession_topDn']=self :: $topDn;
|
||||
|
||||
|
||||
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||
$recoveryPasswordInfos = self :: recoverPasswd(
|
||||
$_REQUEST['LSsession_user'],
|
||||
|
@ -538,10 +540,21 @@ class LSsession {
|
|||
}
|
||||
else {
|
||||
if (self :: loadLSclass('LSauth')) {
|
||||
$LSuserObject = LSauth :: authenticate(
|
||||
$_REQUEST['LSsession_user'],
|
||||
$_REQUEST['LSsession_pwd']
|
||||
);
|
||||
if (isset(self :: $ldapServer['LSauth']['method'])) {
|
||||
$LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
|
||||
if (!self :: loadLSclass($LSauthClass)) {
|
||||
LSerror :: addErrorCode('LSsession_08',$LSauthClass);
|
||||
$LSauthClass = 'LSauth';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$LSauthClass = 'LSauth';
|
||||
}
|
||||
|
||||
$authObj = new $LSauthClass();
|
||||
self :: $authParams = $authObj->params;
|
||||
if ($authObj -> getPostData()) {
|
||||
$LSuserObject = $authObj -> authenticate();
|
||||
if ($LSuserObject) {
|
||||
// Authentification réussi
|
||||
self :: $LSuserObject = $LSuserObject;
|
||||
|
@ -555,11 +568,14 @@ class LSsession {
|
|||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSsession_05','LSauth');
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSsession_09');
|
||||
}
|
||||
}
|
||||
if (self :: $ldapServerId) {
|
||||
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
|
||||
}
|
||||
|
@ -567,9 +583,13 @@ class LSsession {
|
|||
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
|
||||
}
|
||||
else {
|
||||
elseif(self :: $authParams['displayLoginForm']) {
|
||||
self :: displayLoginForm();
|
||||
}
|
||||
else {
|
||||
self :: setTemplate('blank.tpl');
|
||||
LSerror :: addErrorCode('LSsession_10');
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -811,7 +831,8 @@ class LSsession {
|
|||
'ldapServerId' => self :: $ldapServerId,
|
||||
'ldapServer' => self :: $ldapServer,
|
||||
'LSprofiles' => self :: $LSprofiles,
|
||||
'LSaccess' => self :: $LSaccess
|
||||
'LSaccess' => self :: $LSaccess,
|
||||
'authParams' => self :: $authParams
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -1318,6 +1339,8 @@ class LSsession {
|
|||
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
|
||||
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
|
||||
|
||||
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
|
||||
|
||||
// Infos
|
||||
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
|
||||
$txt_infos="<ul>\n";
|
||||
|
@ -2088,11 +2111,15 @@ class LSsession {
|
|||
LSerror :: defineError('LSsession_07',
|
||||
_("LSsession : Impossible to identify you : Duplication of identities.")
|
||||
);
|
||||
// 08
|
||||
LSerror :: defineError('LSsession_08',
|
||||
_("LSsession : Can't load class of authentification (%{class}).")
|
||||
);
|
||||
LSerror :: defineError('LSsession_09',
|
||||
_("LSsession : Can't connect to LDAP server.")
|
||||
);
|
||||
// 10
|
||||
LSerror :: defineError('LSsession_10',
|
||||
_("LSsession : Impossible to authenticate you.")
|
||||
);
|
||||
LSerror :: defineError('LSsession_11',
|
||||
_("LSsession : Your are not authorized to do this action.")
|
||||
);
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
||||
"http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
|
||||
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
|
||||
<link rel="icon" type="image/png" href="images/default/favicon.png" />
|
||||
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
|
||||
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
|
||||
{$LSsession_css}
|
||||
{$LSsession_js}
|
||||
</head>
|
||||
<body>
|
||||
<div id='LSerror'>
|
||||
{$LSerrors}
|
||||
</div>
|
||||
<div id='LSdebug'>
|
||||
<a href='#' id='LSdebug_hidden'>X</a>
|
||||
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
|
||||
</div>
|
||||
|
||||
{include file='LSdefault.tpl'}
|
||||
|
||||
{$LSsession_js}
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
</select>
|
||||
<input type='submit' value='->'/>
|
||||
</form>
|
||||
{$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>
|
||||
{$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
Loading…
Reference in a new issue