From da427ff5348215fe2839378d8898b09f7d804f37 Mon Sep 17 00:00:00 2001 From: vincent-peugnet Date: Tue, 29 Oct 2024 19:45:50 +0100 Subject: [PATCH] remove hardcoded club1 LDAP server use Config param to setup LDAP auth --- app/class/Config.php | 46 ++++++++++++++++--- app/class/Controllerconnect.php | 6 +-- .../{Modelclub1ldap.php => Modelldap.php} | 23 ++++++---- 3 files changed, 58 insertions(+), 17 deletions(-) rename app/class/{Modelclub1ldap.php => Modelldap.php} (63%) diff --git a/app/class/Config.php b/app/class/Config.php index 015abe24..d570096d 100644 --- a/app/class/Config.php +++ b/app/class/Config.php @@ -59,8 +59,10 @@ abstract class Config /** Indicate if img should have loading="lazy" attribute */ protected static bool $lazyloadimg = true; - /** Use club1 LDAP auth */ - protected static bool $club1ldap = false; + /** LDAP auth */ + protected static string $ldapserver = ''; + protected static string $ldaptree = ''; + protected static string $ldapu = ''; public const LANG_MIN = 2; public const LANG_MAX = 16; @@ -159,6 +161,18 @@ public static function url($endslash = true): string return self::$domain . (!empty(self::$basepath) ? '/' . self::$basepath : "") . ($endslash ? '/' : ''); } + /** + * @return bool Indicate if ldap is configured. (all 3 params are not empty) + */ + public static function isldap(): bool + { + return ( + !empty(self::$ldapserver) + && !empty(self::$ldaptree) + && !empty(self::$ldapu) + ); + } + // ________________________________________ G E T _______________________________________ public static function pagetable() @@ -352,9 +366,19 @@ public static function lazyloadimg(): bool return self::$lazyloadimg; } - public static function club1ldap(): bool + public static function ldapserver(): string { - return self::$club1ldap; + return self::$ldapserver; + } + + public static function ldaptree(): string + { + return self::$ldaptree; + } + + public static function ldapu(): string + { + return self::$ldapu; } @@ -601,8 +625,18 @@ public static function setlazyloadimg($lazyloadimg): bool return self::$lazyloadimg = boolval($lazyloadimg); } - public static function setclub1ldap($club1ldap): void + public static function setldapserver($ldapserver): void + { + self::$ldapserver = $ldapserver; + } + + public static function setldaptree($ldaptree): void + { + self::$ldaptree = $ldaptree; + } + + public static function setldapu($ldapu): void { - self::$club1ldap = boolval($club1ldap); + self::$ldapu = $ldapu; } } diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index ba1fd219..a858e528 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -60,10 +60,10 @@ protected function login(): void return; } - if (Config::club1ldap()) { + if (Config::isldap()) { // use ldap for password try { - $ldap = new Modelclub1ldap(); + $ldap = new Modelldap('ldap://localhost:389', 'ou=People,dc=club1,dc=fr', 'uid'); $pass = $ldap->auth($userid, $_POST['pass']); $ldap->disconnect(); } catch (RuntimeException $e) { @@ -72,7 +72,7 @@ protected function login(): void return; } } else { - // compare password + // compare password using database password $pass = $this->usermanager->passwordcheck($this->user, $_POST['pass']); } diff --git a/app/class/Modelclub1ldap.php b/app/class/Modelldap.php similarity index 63% rename from app/class/Modelclub1ldap.php rename to app/class/Modelldap.php index 92b6257b..7d2ad109 100644 --- a/app/class/Modelclub1ldap.php +++ b/app/class/Modelldap.php @@ -4,28 +4,35 @@ use RuntimeException; -class Modelclub1ldap extends Model +class Modelldap extends Model { - protected string $ldapserver = 'ldap://localhost:389'; - - protected string $d = 'ou=People,dc=club1,dc=fr'; - protected string $u = 'uid'; + protected string $ldapserver; + protected string $tree; + protected string $u; /** @var mixed $connection resource (PHP 7) or LDAPConnection (PHP 8)*/ protected $connection; - private const LDAP_INVALID_CREDENTIALS = 0x31; + protected const LDAP_INVALID_CREDENTIALS = 0x31; /** + * @param string $ldapserver LDAP server, like `ldap://server.tld:port` or just `ldap://localhost` + * @param string $tree LDAP structure tree without the username part. + * Like `ou=people,dc=server,dc=tld` + * @param string $u Username storing name, something like `uid`. + * * @throws RuntimeException */ - public function __construct() + public function __construct(string $ldapserver, string $tree, string $u) { + $this->ldapserver = $ldapserver; $this->connection = @ldap_connect($this->ldapserver); if ($this->connection === false) { throw new RuntimeException('bad LDAP server syntax'); } + $this->tree = $tree; + $this->u = $u; ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3); } @@ -41,7 +48,7 @@ public function __construct() */ public function auth(string $username, string $password): bool { - $binddn = "$this->u=$username,$this->d"; + $binddn = "$this->u=$username,$this->tree"; $ldapbind = @ldap_bind($this->connection, $binddn, $password); if ($ldapbind === false) {