remove hardcoded club1 LDAP server

use Config param to setup LDAP auth
vincent-peugnet · Oct 29, 2024 · da427ff · da427ff
1 parent 1d8ab29
commit da427ff
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 17 deletions.
diff --git a/app/class/Config.php b/app/class/Config.php
@@ -59,8 +59,10 @@ abstract class Config
     /** Indicate if img should have loading="lazy" attribute */
     protected static bool $lazyloadimg = true;
 
-    /** Use club1 LDAP auth */
-    protected static bool $club1ldap = false;
+    /** LDAP auth */
+    protected static string $ldapserver = '';
+    protected static string $ldaptree = '';
+    protected static string $ldapu = '';
 
     public const LANG_MIN = 2;
     public const LANG_MAX = 16;
@@ -159,6 +161,18 @@ public static function url($endslash = true): string
         return self::$domain . (!empty(self::$basepath) ? '/' . self::$basepath : "") . ($endslash ? '/' : '');
     }
 
+    /**
+     * @return bool                         Indicate if ldap is configured. (all 3 params are not empty)
+     */
+    public static function isldap(): bool
+    {
+        return (
+            !empty(self::$ldapserver)
+            && !empty(self::$ldaptree)
+            && !empty(self::$ldapu)
+        );
+    }
+
     // ________________________________________ G E T _______________________________________
 
     public static function pagetable()
@@ -352,9 +366,19 @@ public static function lazyloadimg(): bool
         return self::$lazyloadimg;
     }
 
-    public static function club1ldap(): bool
+    public static function ldapserver(): string
     {
-        return self::$club1ldap;
+        return self::$ldapserver;
+    }
+
+    public static function ldaptree(): string
+    {
+        return self::$ldaptree;
+    }
+
+    public static function ldapu(): string
+    {
+        return self::$ldapu;
     }
 
 
@@ -601,8 +625,18 @@ public static function setlazyloadimg($lazyloadimg): bool
         return self::$lazyloadimg = boolval($lazyloadimg);
     }
 
-    public static function setclub1ldap($club1ldap): void
+    public static function setldapserver($ldapserver): void
+    {
+        self::$ldapserver = $ldapserver;
+    }
+
+    public static function setldaptree($ldaptree): void
+    {
+        self::$ldaptree = $ldaptree;
+    }
+
+    public static function setldapu($ldapu): void
     {
-        self::$club1ldap = boolval($club1ldap);
+        self::$ldapu = $ldapu;
     }
 }
diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php
@@ -60,10 +60,10 @@ protected function login(): void
                 return;
             }
 
-            if (Config::club1ldap()) {
+            if (Config::isldap()) {
                 // use ldap for password
                 try {
-                    $ldap = new Modelclub1ldap();
+                    $ldap = new Modelldap('ldap://localhost:389', 'ou=People,dc=club1,dc=fr', 'uid');
                     $pass = $ldap->auth($userid, $_POST['pass']);
                     $ldap->disconnect();
                 } catch (RuntimeException $e) {
@@ -72,7 +72,7 @@ protected function login(): void
                     return;
                 }
             } else {
-                // compare password
+                // compare password using database password
                 $pass = $this->usermanager->passwordcheck($this->user, $_POST['pass']);
             }
 

diff --git a/app/class/Modelclub1ldap.php → app/class/Modelldap.php b/app/class/Modelclub1ldap.php → app/class/Modelldap.php
@@ -4,28 +4,35 @@
 
 use RuntimeException;
 
-class Modelclub1ldap extends Model
+class Modelldap extends Model
 {
-    protected string $ldapserver = 'ldap://localhost:389';
-
-    protected string $d = 'ou=People,dc=club1,dc=fr';
-    protected string $u = 'uid';
+    protected string $ldapserver;
+    protected string $tree;
+    protected string $u;
 
 
     /** @var mixed $connection resource (PHP 7) or LDAPConnection (PHP 8)*/
     protected $connection;
 
-    private const LDAP_INVALID_CREDENTIALS = 0x31;
+    protected const LDAP_INVALID_CREDENTIALS = 0x31;
 
     /**
+     * @param string $ldapserver            LDAP server, like `ldap://server.tld:port` or just `ldap://localhost`
+     * @param string $tree                  LDAP structure tree without the username part.
+     *                                      Like `ou=people,dc=server,dc=tld`
+     * @param string $u                     Username storing name, something like `uid`.
+     *
      * @throws RuntimeException
      */
-    public function __construct()
+    public function __construct(string $ldapserver, string $tree, string $u)
     {
+        $this->ldapserver = $ldapserver;
         $this->connection = @ldap_connect($this->ldapserver);
         if ($this->connection === false) {
             throw new RuntimeException('bad LDAP server syntax');
         }
+        $this->tree = $tree;
+        $this->u = $u;
         ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
     }
 
@@ -41,7 +48,7 @@ public function __construct()
      */
     public function auth(string $username, string $password): bool
     {
-        $binddn = "$this->u=$username,$this->d";
+        $binddn = "$this->u=$username,$this->tree";
 
         $ldapbind = @ldap_bind($this->connection, $binddn, $password);
         if ($ldapbind === false) {