We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
XBackBone
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 46b20c4d97
Branches Tags
XBackBone
/
app
/
Controllers
/
Auth
/
AuthController.php

AuthController.php 4.2 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace App\Controllers\Auth;
    5. 

  5. 

  6. use App\Controllers\Controller;
    7. 

  7. use App\Web\Session;
    8. 

  8. use App\Web\ValidationHelper;
    9. 

  9. use Psr\Http\Message\ServerRequestInterface as Request;
    10. 

  10. 

  11. abstract class AuthController extends Controller
    12. 

  12. {
    13. 

  13.     protected function checkRecaptcha(ValidationHelper $validator, Request $request)
    14. 

  14.     {
    15. 

  15.         $validator->callIf($this->getSetting('recaptcha_enabled') === 'on', function (Session $session) use (&$request) {
    16. 

  16.             $recaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$this->getSetting('recaptcha_secret_key').'&response='.param($request, 'recaptcha_token')));
    17. 

  17. 

  18.             if ($recaptcha->success && $recaptcha->score < 0.5) {
    19. 

  19.                 $session->alert(lang('recaptcha_failed'), 'danger');
    20. 

  20.                 return false;
    21. 

  21.             }
    22. 

  22.             return true;
    23. 

  23.         });
    24. 

  24.         return $validator;
    25. 

  25.     }
    26. 

  26. 

  27. 

  28.     /**
    29. 

  29.      * @return bool|false|resource
    30. 

  30.      */
    31. 

  31.     public function ldapConnect()
    32. 

  32.     {
    33. 

  33.         if (!extension_loaded('ldap')) {
    34. 

  34.             $this->logger->error('The LDAP extension is not loaded.');
    35. 

  35.             return false;
    36. 

  36.         }
    37. 

  37.         // Building LDAP URI
    38. 

  38.         $ldapSchema=array_key_exists('schema', $this->config['ldap']) ?
    39. 

  39.             strtolower($this->config['ldap']['schema']) : 'ldap';
    40. 

  40.         $ldapURI="$ldapSchema://".$this->config['ldap']['host'].':'.$this->config['ldap']['port'];
    41. 

  41.         
    42. 

  42.         // Connecting to LDAP server
    43. 

  43.         $server = ldap_connect($ldapURI);
    44. 

  44.         if ($server) {
    45. 

  45.             ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
    46. 

  46.             ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
    47. 

  47.             ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
    48. 

  48.         }
    49. 

  49.         
    50. 

  50.         // Upgrade to StartTLS
    51. 

  51.         if ($this->config['ldap']['useStartTLS'] === true) {
    52. 

  52.             if (ldap_start_tls($server) === false) { 
    53. 

  53.                 $this->logger-error("Failed to establish secure LDAP swith StartTLS");
    54. 

  54.                 return false;
    55. 

  55.             }
    56. 

  56.         }
    57. 

  57.         
    58. 

  58.         // Authenticating LDAP service account (if configured)
    59. 

  59.         $serviceAccountFQDN= (array_key_exists('service_account_dn', $this->config['ldap'])) ? 
    60. 

  60.             $this->config['ldap']['service_account_dn'] : null;
    61. 

  61.         if (is_string($serviceAccountFQDN)) {
    62. 

  62.             if (ldap_bind($server,$serviceAccountFQDN,$this->config['ldap']['service_account_password']) === false) {
    63. 

  63.                 $this->logger->error("Bind with service account ($serviceAccountFQDN) failed.");
    64. 

  64.                 return false;
    65. 

  65.             }
    66. 

  66.             
    67. 

  67.         } 
    68. 

  68. 

  69.         return $server;
    70. 

  70.     }
    71. 

  71. 

  72.     /**
    73. 

  73.      * Returns User's LDAP DN
    74. 

  74.      * @param  string  $username
    75. 

  75.      * @package resource $server LDAP Server Resource 
    76. 

  76.      * @return string|null
    77. 

  77.      */
    78. 

  78.     protected function getLdapRdn(string $username, $server)
    79. 

  79.     {
    80. 

  80.         //Dynamic LDAP User Binding
    81. 

  81.         if (@is_string($this->config['ldap']['search_filter'])) {
    82. 

  82.             //Replace ???? with username
    83. 

  83.             $searchFilter=str_replace('????', ldap_escape($username,null,LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
    84. 

  84.             $ldapAddributes=array ('dn');
    85. 

  85.             $ldapSearchResp=ldap_search(
    86. 

  86.                 $server, 
    87. 

  87.                 $this->config['ldap']['base_domain'], 
    88. 

  88.                 $searchFilter,
    89. 

  89.                 $ldapAddributes
    90. 

  90.             );
    91. 

  91.             if (ldap_count_entries($server, $ldapSearchResp) !== 1 ) {
    92. 

  92.                 $this->logger->warn("$username not found or had multiple entries");
    93. 

  93.                 return null;
    94. 

  94.             }
    95. 

  95.             $ldapEntry = ldap_first_entry($server, $$ldapSearchResp);
    96. 

  96.             $bindString=@ldap_get_values($server, $ldapEntry, 'dn');
    97. 

  97.             
    98. 

  98.             
    99. 

  99.         } else {
    100. 

  100.             // Static LDAP Binding
    101. 

  101.             $bindString = ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username);
    102. 

  102.             if ($this->config['ldap']['user_domain'] !== null) {
    103. 

  103.                 $bindString .= ','.$this->config['ldap']['user_domain'];
    104. 

  104.             }
    105. 

  105.             
    106. 

  106.             if ($this->config['ldap']['base_domain'] !== null) {
    107. 

  107.                 $bindString .= ','.$this->config['ldap']['base_domain'];
    108. 

  108.             }
    109. 

  109.         }
    110. 

  110.         
    111. 

  111.         return $bindString;
    112. 

  112.     }
    113. 

  113. }
    114.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5