We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
XBackBone
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 1d5bb6ccc7
分支列表 标签列表
XBackBone
/
app
/
Controllers
/
Auth
/
AuthController.php

AuthController.php 4.9 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace App\Controllers\Auth;
    5. 

  5. 

  6. use App\Controllers\Controller;
    7. 

  7. use App\Web\Session;
    8. 

  8. use App\Web\ValidationHelper;
    9. 

  9. use Psr\Http\Message\ServerRequestInterface as Request;
    10. 

  10. 

  11. abstract class AuthController extends Controller
    12. 

  12. {
    13. 

  13.     protected function checkRecaptcha(ValidationHelper $validator, Request $request)
    14. 

  14.     {
    15. 

  15.         $validator->callIf($this->getSetting('recaptcha_enabled') === 'on', function (Session $session) use (&$request) {
    16. 

  16.             $recaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$this->getSetting('recaptcha_secret_key').'&response='.param($request, 'recaptcha_token')));
    17. 

  17. 

  18.             if ($recaptcha->success && $recaptcha->score < 0.5) {
    19. 

  19.                 $session->alert(lang('recaptcha_failed'), 'danger');
    20. 

  20.                 return false;
    21. 

  21.             }
    22. 

  22.             return true;
    23. 

  23.         });
    24. 

  24.         return $validator;
    25. 

  25.     }
    26. 

  26. 

  27. 

  28.     /**
    29. 

  29.      * Connects to LDAP server and logs in with service account (if configured)
    30. 

  30.      * @return resource|false
    31. 

  31.      */
    32. 

  32.     public function ldapConnect()
    33. 

  33.     {
    34. 

  34.         if (!extension_loaded('ldap')) {
    35. 

  35.             $this->logger->error('The LDAP extension is not loaded.');
    36. 

  36.             return false;
    37. 

  37.         }
    38. 

  38.         // Building LDAP URI
    39. 

  39.         $ldapSchema=(@is_string($this->config['ldap']['schema'])) ?
    40. 

  40.             strtolower($this->config['ldap']['schema']) : 'ldap';
    41. 

  41.         $ldapURI="$ldapSchema://".$this->config['ldap']['host'].':'.$this->config['ldap']['port'];
    42. 

  42.         
    43. 

  43.         // Connecting to LDAP server
    44. 

  44.         $this->logger->debug("Connecting to $ldapURI");
    45. 

  45.         $server = ldap_connect($ldapURI);
    46. 

  46.         if ($server) {
    47. 

  47.             ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
    48. 

  48.             ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
    49. 

  49.             ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
    50. 

  50.         } else {
    51. 

  51.             $this->logger->error(ldap_error($server));
    52. 

  52.             return false;
    53. 

  53.         }
    54. 

  54.         
    55. 

  55.         // Upgrade to StartTLS
    56. 

  56.         $useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false;
    57. 

  57.         if ( $useStartTLS === true) {
    58. 

  58.             if (ldap_start_tls($server) === false) { 
    59. 

  59.                 $this->logger-debug(ldap_error($server));
    60. 

  60.                 $this->logger->error("Failed to establish secure LDAP swith StartTLS");
    61. 

  61.                 return false;
    62. 

  62.             }
    63. 

  63.         }
    64. 

  64.         
    65. 

  65.         // Authenticating LDAP service account (if configured)
    66. 

  66.         $serviceAccountFQDN= (@is_string($this->config['ldap']['service_account_dn'])) ? 
    67. 

  67.             $this->config['ldap']['service_account_dn'] : null;
    68. 

  68.         if (is_string($serviceAccountFQDN)) {
    69. 

  69.             if (ldap_bind($server,$serviceAccountFQDN,$this->config['ldap']['service_account_password']) === false) {
    70. 

  70.                 $this->logger->debug(ldap_error($server));
    71. 

  71.                 $this->logger->error("Bind with service account ($serviceAccountFQDN) failed.");
    72. 

  72.                 return false;
    73. 

  73.             }
    74. 

  74.             
    75. 

  75.         } 
    76. 

  76. 

  77.         return $server;
    78. 

  78.     }
    79. 

  79. 

  80.     /**
    81. 

  81.      * Returns User's LDAP DN
    82. 

  82.      * @param  string  $username
    83. 

  83.      * @package resource $server LDAP Server Resource 
    84. 

  84.      * @return string|null
    85. 

  85.      */
    86. 

  86.     protected function getLdapRdn(string $username, $server)
    87. 

  87.     {
    88. 

  88.         //Dynamic LDAP User Binding
    89. 

  89.         if (@is_string($this->config['ldap']['search_filter'])) {
    90. 

  90.             //Replace ???? with username
    91. 

  91.             $searchFilter = str_replace('????', ldap_escape($username,null,LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
    92. 

  92.             $ldapAddributes = array ('dn');
    93. 

  93.             $this->logger->debug("LDAP Search filter: $searchFilter");
    94. 

  94.             $ldapSearchResp = ldap_search(
    95. 

  95.                 $server, 
    96. 

  96.                 $this->config['ldap']['base_domain'], 
    97. 

  97.                 $searchFilter,
    98. 

  98.                 $ldapAddributes
    99. 

  99.             );
    100. 

  100.             if (!is_resource($ldapSearchResp) ) {
    101. 

  101.                 $this->logger->debug(ldap_error($server));
    102. 

  102.                 $this->logger->error("User LDAP search for user $username failed");
    103. 

  103.                 return null;
    104. 

  104.             }
    105. 

  105.             if (ldap_count_entries($server, $ldapSearchResp) !== 1 ) {
    106. 

  106.                 $this->logger->notice("LDAP search for $username not found or had multiple entries");
    107. 

  107.                 return null;
    108. 

  108.             }
    109. 

  109.             $ldapEntry = ldap_first_entry($server, $ldapSearchResp);
    110. 

  110.             //Returns full DN
    111. 

  111.             $bindString = ldap_get_dn($server, $ldapEntry);
    112. 

  112.             
    113. 

  113.             
    114. 

  114.         } else {
    115. 

  115.             // Static LDAP Binding
    116. 

  116.             $bindString = ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username);
    117. 

  117.             if ($this->config['ldap']['user_domain'] !== null) {
    118. 

  118.                 $bindString .= ','.$this->config['ldap']['user_domain'];
    119. 

  119.             }
    120. 

  120.             
    121. 

  121.             if ($this->config['ldap']['base_domain'] !== null) {
    122. 

  122.                 $bindString .= ','.$this->config['ldap']['base_domain'];
    123. 

  123.             }
    124. 

  124.             //returns partial DN
    125. 

  125.         }
    126. 

  126.         
    127. 

  127.         return $bindString;
    128. 

  128.     }
    129. 

  129. }
    130.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5