Guwan
/
ldap-matter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt v2 with merged PR

This commit is contained in:
Denis CLAVIER 2020-05-01 21:22:34 +02:00
parent 58dbdb957d
commit 09c68d7d12
6 changed files with 22 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Docker/mattermostldap/Dockerfile
View File

@ -10,6 +10,9 @@ RUN set -x \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
&& docker-php-ext-install ldap && docker-php-ext-install ldap
# Enable development php.ini config (Solve empty answer from token.php)
RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
# Get Mattermost-LDAP project # Get Mattermost-LDAP project
RUN git clone https://github.com/crivaledaz/Mattermost-LDAP.git /opt/Mattermost-LDAP/ RUN git clone https://github.com/crivaledaz/Mattermost-LDAP.git /opt/Mattermost-LDAP/

1
Docker/php-ldap-pgsql/Dockerfile
View File

@ -9,4 +9,5 @@ RUN set -x \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
&& docker-php-ext-install ldap && docker-php-ext-install ldap
# Enable development php.ini config (Solve empty answer from token.php)
RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini

18
env.example
View File

@ -8,10 +8,10 @@
# #
# Client ID token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token. # Client ID token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token.
client_id = 123456789abcdef123456789abcdef client_id = "123456789abcdef123456789abcdef"
# Client Secret token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token. # Client Secret token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token.
client_secret = fedcba987654321fedcba987654321 client_secret = "fedcba987654321fedcba987654321"
# Redirect URI use by Oauth server to redirect user after authentifictaion process. Must be the same than as Mattermost give to Oauth server. # Redirect URI use by Oauth server to redirect user after authentifictaion process. Must be the same than as Mattermost give to Oauth server.
redirect_uri = "http://localhost/signup/gitlab/complete" redirect_uri = "http://localhost/signup/gitlab/complete"
@ -30,13 +30,13 @@ user_id = ""
# #
# Username for the PostgreSQL administrator account # Username for the PostgreSQL administrator account
POSTGRES_USER = postgres POSTGRES_USER = "postgres"
# Password for PostgreSQL administrator account # Password for PostgreSQL administrator account
POSTGRES_PASSWORD = rootroot POSTGRES_PASSWORD = "rootroot"
# Method to use for connection to database # Method to use for connection to database
POSTGRES_HOST_AUTH_METHOD = trust POSTGRES_HOST_AUTH_METHOD = "trust"
# Oauth user to connect the database # Oauth user to connect the database
db_user = "oauth" db_user = "oauth"
@ -61,16 +61,16 @@ db_type = "pgsql"
# #
# LDAP host or IP # LDAP host or IP
ldap_host = ldap://ldap.company.com:389/ ldap_host = "ldap://ldap.company.com:389/"
# LDAP port # LDAP port
ldap_port = 389 ldap_port = "389"
# LDAP protocol version # LDAP protocol version
ldap_version = 3 ldap_version = "3"
# Unique identifier for entry in LDAP # Unique identifier for entry in LDAP
ldap_search_attribute = uid ldap_search_attribute = "uid"
# Base DN to search from in LDAP # Base DN to search from in LDAP
ldap_base_dn = "ou=People,o=Company" ldap_base_dn = "ou=People,o=Company"

13
oauth/authorize.php
View File

@ -70,13 +70,11 @@ else if (empty($_POST)) {
&nbsp; <strong>E-mail</strong><br/> &nbsp; <strong>E-mail</strong><br/>
</td> </td>
</tr> </tr>
<tr>
<td>
Login as : <strong>' . $_SESSION['uid'] . ' </strong> <button type="submit" class="link" name="disconnect" value="true" ><span>(not me ?)</span></button>
</td>
</tr>
</table> </table>
<br> <br/>
Logged as : <strong>' . $_SESSION['uid'] . ' </strong> <button type="submit" class="link" name="disconnect" value="true" ><span>(not me ?)</span></button>
<br/>
<br/>
<form method="POST"> <form method="POST">
<input type="submit" value="Authorize" name="authorized" id="input_accept" class="input_field"> <input type="submit" value="Authorize" name="authorized" id="input_accept" class="input_field">
@ -96,6 +94,9 @@ else {
// Print the authorization code if the user has authorized your client // Print the authorization code if the user has authorized your client
$server->handleAuthorizeRequest($request, $response, $is_authorized,$_SESSION['uid']); $server->handleAuthorizeRequest($request, $response, $is_authorized,$_SESSION['uid']);
// Authentication process is terminated, session can be destroyed.
$_SESSION=array();
if ($is_authorized) if ($is_authorized)
{ {
// This is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client // This is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client

60
oauth/connexion.php
View File

@ -1,60 +0,0 @@
<?php
session_start();
/**
* @author Denis CLAVIER <clavierd at gmail dot com>
*/
// include our LDAP object
require_once __DIR__.'/LDAP/LDAP.php';
require_once __DIR__.'/LDAP/config_ldap.php';
// Verify all fields have been filled
if (empty($_POST['user']) || empty($_POST['password'])) {
echo 'Please fill in your Username and Password<br /><br />';
echo 'Click <a href="./index.php">here</a> to come back to login page';
} else {
// Check received data length (to prevent code injection)
if (strlen($_POST['user']) > 15) {
echo 'Username has incorrect format ... Please try again<br /><br />';
echo 'Click <a href="./index.php">here</a> to come back to login page';
} elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) {
echo 'Password has incorrect format ... Please try again<br /><br />';
echo 'Click <a href="./index.php">here</a> to come back to login page';
} else {
// Remove every html tag and useless space on username (to prevent XSS)
$user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));
$password=$_POST['password'];
// Open a LDAP connection
$ldap = new LDAP($ldap_host, $ldap_port, $ldap_version);
// Check user credential on LDAP
try {
$authenticated = $ldap->checkLogin($user, $password, $ldap_search_attribute, $ldap_filter, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_pass);
} catch (Exception $e) {
$resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));
$authenticated = false;
}
// If user is authenticated
if ($authenticated) {
$_SESSION['uid']=$user;
// If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
if (isset($_SESSION['auth_page'])) {
$auth_page=$_SESSION['auth_page'];
header('Location: ' . $auth_page);
exit();
} else {
echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";
}
}
// check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
else {
echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";
echo 'Click <a href="./index.php">here</a> to come back to login page';
echo '<br /><br /><br />' . $resp;
}
}
}

5
oauth/style.css
View File

@ -32,8 +32,7 @@ table {
margin-left: auto; margin-left: auto;
margin-right: auto; margin-right: auto;
font-size: larger; font-size: larger;
border-style: solid; border: none;
border-width: 2px;
margin-top: 5%; margin-top: 5%;
} }
@ -191,7 +190,7 @@ button {
} }
button.link { button.link {
font-family: "Verdana" sans-serif; font-family: "Verdana" sans-serif;
font-size: 7pt; font-size: 2pt;
text-align: left; text-align: left;
color: blue; color: blue;
background: none; background: none;