diff --git a/Docker/mattermostldap/Dockerfile b/Docker/mattermostldap/Dockerfile index ef1a8ce..71329b9 100644 --- a/Docker/mattermostldap/Dockerfile +++ b/Docker/mattermostldap/Dockerfile @@ -10,6 +10,9 @@ RUN set -x \ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \ && docker-php-ext-install ldap +# Enable development php.ini config (Solve empty answer from token.php) +RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini + # Get Mattermost-LDAP project RUN git clone https://github.com/crivaledaz/Mattermost-LDAP.git /opt/Mattermost-LDAP/ diff --git a/Docker/php-ldap-pgsql/Dockerfile b/Docker/php-ldap-pgsql/Dockerfile index ee17d76..f901b35 100644 --- a/Docker/php-ldap-pgsql/Dockerfile +++ b/Docker/php-ldap-pgsql/Dockerfile @@ -9,4 +9,5 @@ RUN set -x \ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \ && docker-php-ext-install ldap +# Enable development php.ini config (Solve empty answer from token.php) RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini diff --git a/env.example b/env.example index 1f10418..665d55d 100644 --- a/env.example +++ b/env.example @@ -8,10 +8,10 @@ # # Client ID token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token. -client_id = 123456789abcdef123456789abcdef +client_id = "123456789abcdef123456789abcdef" # Client Secret token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token. -client_secret = fedcba987654321fedcba987654321 +client_secret = "fedcba987654321fedcba987654321" # Redirect URI use by Oauth server to redirect user after authentifictaion process. Must be the same than as Mattermost give to Oauth server. redirect_uri = "http://localhost/signup/gitlab/complete" @@ -30,13 +30,13 @@ user_id = "" # # Username for the PostgreSQL administrator account -POSTGRES_USER = postgres +POSTGRES_USER = "postgres" # Password for PostgreSQL administrator account -POSTGRES_PASSWORD = rootroot +POSTGRES_PASSWORD = "rootroot" # Method to use for connection to database -POSTGRES_HOST_AUTH_METHOD = trust +POSTGRES_HOST_AUTH_METHOD = "trust" # Oauth user to connect the database db_user = "oauth" @@ -61,16 +61,16 @@ db_type = "pgsql" # # LDAP host or IP -ldap_host = ldap://ldap.company.com:389/ +ldap_host = "ldap://ldap.company.com:389/" # LDAP port -ldap_port = 389 +ldap_port = "389" # LDAP protocol version -ldap_version = 3 +ldap_version = "3" # Unique identifier for entry in LDAP -ldap_search_attribute = uid +ldap_search_attribute = "uid" # Base DN to search from in LDAP ldap_base_dn = "ou=People,o=Company" diff --git a/oauth/authorize.php b/oauth/authorize.php index baf14e6..6de485c 100644 --- a/oauth/authorize.php +++ b/oauth/authorize.php @@ -70,13 +70,11 @@ else if (empty($_POST)) {   E-mail
- - - Login as : ' . $_SESSION['uid'] . ' - - -
+
+ Logged as : ' . $_SESSION['uid'] . ' +
+
@@ -96,6 +94,9 @@ else { // Print the authorization code if the user has authorized your client $server->handleAuthorizeRequest($request, $response, $is_authorized,$_SESSION['uid']); +// Authentication process is terminated, session can be destroyed. +$_SESSION=array(); + if ($is_authorized) { // This is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client diff --git a/oauth/connexion.php b/oauth/connexion.php deleted file mode 100644 index 5a48688..0000000 --- a/oauth/connexion.php +++ /dev/null @@ -1,60 +0,0 @@ - - */ - -// include our LDAP object -require_once __DIR__.'/LDAP/LDAP.php'; -require_once __DIR__.'/LDAP/config_ldap.php'; - - -// Verify all fields have been filled -if (empty($_POST['user']) || empty($_POST['password'])) { - echo 'Please fill in your Username and Password

'; - echo 'Click here to come back to login page'; -} else { - // Check received data length (to prevent code injection) - if (strlen($_POST['user']) > 15) { - echo 'Username has incorrect format ... Please try again

'; - echo 'Click here to come back to login page'; - } elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) { - echo 'Password has incorrect format ... Please try again

'; - echo 'Click here to come back to login page'; - } else { - // Remove every html tag and useless space on username (to prevent XSS) - $user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user'])))); - $password=$_POST['password']; - - // Open a LDAP connection - $ldap = new LDAP($ldap_host, $ldap_port, $ldap_version); - - // Check user credential on LDAP - try { - $authenticated = $ldap->checkLogin($user, $password, $ldap_search_attribute, $ldap_filter, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_pass); - } catch (Exception $e) { - $resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage())); - $authenticated = false; - } - - // If user is authenticated - if ($authenticated) { - $_SESSION['uid']=$user; - - // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message. - if (isset($_SESSION['auth_page'])) { - $auth_page=$_SESSION['auth_page']; - header('Location: ' . $auth_page); - exit(); - } else { - echo "Congratulation you are authenticated !

However there is nothing to do here ..."; - } - } - // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable - else { - echo "Authentication failed ... Check your username and password.
If error persist contact your administrator.

"; - echo 'Click here to come back to login page'; - echo '


' . $resp; - } - } -} diff --git a/oauth/style.css b/oauth/style.css index 1555d05..5f1f1d9 100644 --- a/oauth/style.css +++ b/oauth/style.css @@ -32,8 +32,7 @@ table { margin-left: auto; margin-right: auto; font-size: larger; - border-style: solid; - border-width: 2px; + border: none; margin-top: 5%; } @@ -191,7 +190,7 @@ button { } button.link { font-family: "Verdana" sans-serif; - font-size: 7pt; + font-size: 2pt; text-align: left; color: blue; background: none;