From 1c63f0dbad91de6ca1c68384b6ee433f874cfe04 Mon Sep 17 00:00:00 2001
From: vincent-peugnet <vincent-peugnet@riseup.net>
Date: Sat, 2 Nov 2024 21:06:58 +0100
Subject: [PATCH] new LDAP fields in admin view see  #237

---
 app/class/Config.php            | 10 ++---
 app/class/Controllerconnect.php |  5 +++
 app/class/Modelldap.php         |  7 +++-
 app/view/templates/admin.php    | 65 +++++++++++++++++++++++++++++++++
 4 files changed, 81 insertions(+), 6 deletions(-)

diff --git a/app/class/Config.php b/app/class/Config.php
index 10041bfa..ce71abb9 100644
--- a/app/class/Config.php
+++ b/app/class/Config.php
@@ -631,24 +631,24 @@ public static function setlazyloadimg($lazyloadimg): bool
         return self::$lazyloadimg = boolval($lazyloadimg);
     }
 
-    public static function setldapserver($ldapserver): void
+    public static function setldapserver(string $ldapserver): void
     {
         self::$ldapserver = $ldapserver;
     }
 
-    public static function setldaptree($ldaptree): void
+    public static function setldaptree(string $ldaptree): void
     {
         self::$ldaptree = $ldaptree;
     }
 
-    public static function setldapu($ldapu): void
+    public static function setldapu(string $ldapu): void
     {
         self::$ldapu = $ldapu;
     }
 
-    public static function setldapuserlevel($ldapuserlevel): void
+    public static function setldapuserlevel(int $ldapuserlevel): void
     {
-        if (is_int($ldapuserlevel) && $ldapuserlevel >= 0 && $ldapuserlevel <= 10) {
+        if ($ldapuserlevel >= 0 && $ldapuserlevel <= 10) {
             self::$ldapuserlevel = $ldapuserlevel;
         }
     }
diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php
index de4b8c4c..9713234c 100644
--- a/app/class/Controllerconnect.php
+++ b/app/class/Controllerconnect.php
@@ -67,6 +67,11 @@ protected function login(): void
             }
 
             if ($this->user->isldap()) {
+                if (!Config::isldap()) {
+                    $this->sendflashmessage('Error with LDAP connection', self::FLASH_ERROR);
+                    Logger::error("User $userid tried to authenticate against LDAP, but LDAP is not configured");
+                    return;
+                }
                 try {
                     $ldap = new Modelldap(Config::ldapserver(), Config::ldaptree(), Config::ldapu());
                     $pass = $ldap->auth($userid, $_POST['pass']);
diff --git a/app/class/Modelldap.php b/app/class/Modelldap.php
index 7d2ad109..310421a1 100644
--- a/app/class/Modelldap.php
+++ b/app/class/Modelldap.php
@@ -3,6 +3,7 @@
 namespace Wcms;
 
 use RuntimeException;
+use Wcms\Exception\Missingextensionexception;
 
 class Modelldap extends Model
 {
@@ -22,10 +23,14 @@ class Modelldap extends Model
      *                                      Like `ou=people,dc=server,dc=tld`
      * @param string $u                     Username storing name, something like `uid`.
      *
-     * @throws RuntimeException
+     * @throws RuntimeException if LDAP server syntax did pass the sanity test
+     * @throws Missingextensionexception if LDAP extension is not installed
      */
     public function __construct(string $ldapserver, string $tree, string $u)
     {
+        if (!extension_loaded('ldap')) {
+            throw new Missingextensionexception('PHP LDAP extension is not installed');
+        }
         $this->ldapserver = $ldapserver;
         $this->connection = @ldap_connect($this->ldapserver);
         if ($this->connection === false) {
diff --git a/app/view/templates/admin.php b/app/view/templates/admin.php
index be51b99c..3affe764 100644
--- a/app/view/templates/admin.php
+++ b/app/view/templates/admin.php
@@ -362,6 +362,71 @@
         </p>
     </div>
 
+    <div class="grid-item" id="ldap">
+        <h2>LDAP auth</h2>
+
+        <p class="info">
+            W authenticates users with a password linked to their account, stored in your instance database.
+            If you have an LDAP server, you can choose to authenticate your users with this server instead,
+            rather than using W's database to store their password.
+            In this case, W will no longer allow user's passwords to be changed.
+        </p>
+
+        <h3>LDAP connection infos</h3>
+
+        <p class="info">
+            Address of the LDAP server. Should start with:
+            <em>ldap://</em> or <em>ldaps://</em>.
+            Followed by the server address.
+            For a local server, put <em>localhost</em>.
+            A port can be specified by adding <em>:port</em> at the end.
+        </p>
+
+        <p class="field">
+            <label for="ldapserver">LDAP server address</label>
+            <input type="text" name="ldapserver" id="ldapserver" value="<?= Wcms\Config::ldapserver() ?>" form="admin" placeholder="ldap://localhost:389">
+        </p>
+
+        <p class="info">
+            The LDAP tree structure, but without the part containing user identifier.
+        </p>
+
+        <p class="field">
+            <label for="ldaptree">LDAP hierarchical structure</label>
+            <input type="text" name="ldaptree" id="ldaptree" value="<?= Wcms\Config::ldaptree() ?>" form="admin" placeholder="ou=People,dc=domain,dc=tld">
+        </p>
+
+        <p class="info">
+            The name of the user field in the LDAP database.
+        </p>
+
+        <p class="field">
+            <label for="ldapu">LDAP user field</label>
+            <input type="text" name="ldapu" id="ldapu" value="<?= Wcms\Config::ldapu() ?>" form="admin" placeholder="uid">
+        </p>
+
+
+
+        <h3>New account creation</h3>
+
+        <p class="info">
+            Users can be registered in LDAP but not have an account in W.
+            In this case, you can choose to have accounts created by defining the level of these new users.
+        </p>
+
+        <p class="field">
+            <label for="ldapuserlevel">Level of user that are created.</label>
+            <select name="ldapuserlevel" id="ldapuserlevel" form="admin">
+                <option value="0">--don't create new users--</option>
+                <option value="1"  <?= Wcms\Config::ldapuserlevel() === 1 ? 'selected' : '' ?>>reader</option>
+                <option value="2"  <?= Wcms\Config::ldapuserlevel() === 2 ? 'selected' : '' ?>>invite</option>
+                <option value="3"  <?= Wcms\Config::ldapuserlevel() === 3 ? 'selected' : '' ?>>editor</option>
+                <option value="4"  <?= Wcms\Config::ldapuserlevel() === 4 ? 'selected' : '' ?>>super editor</option>
+                <option value="10" <?= Wcms\Config::ldapuserlevel() === 10 ? 'selected' : '' ?>>admin</option>
+            </select>
+        </p>
+    </div>
+
 </main>
 
 <?php $this->stop('page') ?>