kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-18 03:25:50 +00:00
Code Issues Projects Releases Wiki Activity

Implemented LDAP authentication support (closes #305)

Browse Source
This commit is contained in:
Bernd Bestel
2020-10-20 21:43:58 +02:00
parent def61eee6e
commit 31fcdf377a
3 changed files with 88 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
middleware/LdapAuthMiddleware.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
namespace Grocy\Middleware;
use Grocy\Services\DatabaseService;
use Grocy\Services\UsersService;
use Grocy\Services\SessionService;
use Psr\Http\Message\ServerRequestInterface as Request;
class LdapAuthMiddleware extends AuthMiddleware
{
public function authenticate(Request $request)
{
// TODO: Reuse DefaultAuthMiddleware->authenticate somehow
// First try to authenticate by API key
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
if ($user !== null)
{
return $user;
}
// Then by session cookie
$auth = new SessionAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
return $user;
}
public static function ProcessLogin(array $postParams)
{
if ($connect = ldap_connect(GROCY_LDAP_ADDRESS))
{
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if ($bind = ldap_bind($connect, GROCY_LDAP_DOMAIN . '\\' . $postParams['username'], $postParams['password']))
{
$fields = '(|(samaccountname=*' . $postParams['username'] . '*))';
$search = ldap_search($connect, GROCY_LDAP_BASE_DN, $fields);
$result = ldap_get_entries($connect, $search);
$ldapFirstName = $result[0]['givenname'][0];
$ldapLastName = $result[0]['sn'][0];
ldap_close($connect);
$db = DatabaseService::getInstance()->GetDbConnection();
$user = $db->users()->where('username', $postParams['username'])->fetch();
if ($user == null)
{
$user = UsersService::getInstance()->CreateUser($postParams['username'], $ldapFirstName, $ldapLastName, '');
}
$sessionKey = SessionService::getInstance()->CreateSession($user->id, $postParams['stay_logged_in'] == 'on');
self::SetSessionCookie($sessionKey);
return true;
}
else
{
// LDAP authentication failed
return false;
}
}
else
{
// LDAP connection failed
return false;
}
}
}