diff --git a/oauth/.htaccess b/oauth/.htaccess index 59b6f49..1022358 100644 --- a/oauth/.htaccess +++ b/oauth/.htaccess @@ -5,3 +5,18 @@ deny from all allow from all + +# Only allow access to CSS files + + allow from all + + +# Only allow access to image + + allow from all + + +# Only allow access to html files + + allow from all + diff --git a/oauth/authorize.php b/oauth/authorize.php index 51813ac..b1178bb 100644 --- a/oauth/authorize.php +++ b/oauth/authorize.php @@ -23,7 +23,7 @@ if (!$server->validateAuthorizeRequest($request, $response)) { if (!isset($_SESSION['uid'])) { //store the authorize request - $explode_url=explode("/", strip_tags(trim($_SERVER['REQUEST_URI']))); + $explode_url=explode("/", strip_tags(trim($_SERVER['REQUEST_URI']))); $_SESSION['auth_page']=end($explode_url); header('Location: index.php'); exit(); @@ -35,85 +35,52 @@ if (empty($_POST)) { exit(' - - - - Authorisation Mattermost - + + + Mattermost - LDAP Authorization - + + + -
- - - - - - -
  - - - - - -
-
Mattermost desires access to your LDAP data:
- - -
- - + +
+
+

LDAP Authentication

+
+ authentication icon +
+
+

Authorize Mattermost to get the following data:

+
- + - - - - - - - - - - - - -
- -
- -
-   - 		+   Full Name
+   E-mail
+   For the user ' . $_SESSION['uid'] . '
+
- Login as : ' . $_SESSION['uid'] . ' -
- -
- Requested Data :
-   -> Username,
-   -> Full Name,
-   -> Email - -
 
-
-
- -
- -
-
- +
+ +
+ + +
+ + + -'); + '); } // print the authorization code if the user has authorized your client $is_authorized = ($_POST['authorized'] === 'Authorize'); $server->handleAuthorizeRequest($request, $response, $is_authorized,strtolower($_SESSION['uid'])); -if ($is_authorized) +if ($is_authorized) { // This is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); @@ -122,4 +89,4 @@ if ($is_authorized) } // Send message in case of error -$response->send(); \ No newline at end of file +$response->send(); diff --git a/oauth/form_prompt.html b/oauth/form_prompt.html new file mode 100644 index 0000000..936672c --- /dev/null +++ b/oauth/form_prompt.html @@ -0,0 +1,41 @@ + + + + + LDAP Connection Interface + + + + + + + +
+
+

LDAP Authentication

+
+ authentication icon +
+
+ +
+
+ + +

+ +
+ + +

+ +
+
+ + +
+
+
+ + diff --git a/oauth/images/ButtonGreen.png b/oauth/images/ButtonGreen.png deleted file mode 100644 index 9a88c41..0000000 Binary files a/oauth/images/ButtonGreen.png and /dev/null differ diff --git a/oauth/images/auth_icon.png b/oauth/images/auth_icon.png new file mode 100644 index 0000000..28e98fd Binary files /dev/null and b/oauth/images/auth_icon.png differ diff --git a/oauth/images/login.png b/oauth/images/login.png deleted file mode 100644 index 6034af0..0000000 Binary files a/oauth/images/login.png and /dev/null differ diff --git a/oauth/images/prompt_icon.png b/oauth/images/prompt_icon.png new file mode 100644 index 0000000..74cb2bc Binary files /dev/null and b/oauth/images/prompt_icon.png differ diff --git a/oauth/index.php b/oauth/index.php index 11190e7..77baacd 100644 --- a/oauth/index.php +++ b/oauth/index.php @@ -1,72 +1,89 @@ +/** + * @author Denis CLAVIER + * A modified verion by dimst23 + */ - - - - - LDAP Connection Interface - - -
- - - - - - -
  - +// include our LDAP object +require_once __DIR__.'/LDAP/LDAP.php'; +require_once __DIR__.'/LDAP/config_ldap.php'; - - - -
-
LDAP Authentification
- +$prompt_template = new DOMDocument(); +$prompt_template->loadHTMLFile('form_prompt.html'); -
- - - - - - - - - - - - - - - - - - - -
- -
- -
-   -
- Username:  - - -
- Password:  - - -
 
-
- -
- -
-
- - \ No newline at end of file + +function messageShow($html_template, $message = 'No Msg') { + $modification_node = $html_template->getElementsByTagName('div')->item(5); + $page_fragment = $html_template->createDocumentFragment(); + $page_fragment->appendXML($message); + + $modification_node->appendChild($page_fragment); + + echo $html_template->saveHTML(); +} + + +// Verify all fields have been filled +if (empty($_POST['user']) || empty($_POST['password'])) +{ + if (empty($_POST['user'])) { + messageShow($prompt_template, 'Username field can\'t be empty.'); + } else { + messageShow($prompt_template, 'Password field can\'t be empty.'); + } +} +else +{ + // Check received data length (to prevent code injection) + if (strlen($_POST['user']) > 64) + { + messageShow($prompt_template, 'Username has incorrect format ... Please try again'); + } + elseif (strlen($_POST['password']) > 64 || strlen($_POST['password']) <= 7) + { + messageShow($prompt_template, 'Password has incorrect format ... Please try again'); + } + else + { + // Remove every html tag and useless space on username (to prevent XSS) + $user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user'])))); + $password=$_POST['password']; + + // Open a LDAP connection + $ldap = new LDAP($ldap_host,$ldap_port,$ldap_version); + + // Check user credential on LDAP + try{ + $authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass); + } + catch (Exception $e) + { + $authenticated = false; + } + + // If user is authenticated + if ($authenticated) + { + $_SESSION['uid']=$user; + + // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message. + if (isset($_SESSION['auth_page'])) + { + $auth_page=$_SESSION['auth_page']; + header('Location: ' . $auth_page); + exit(); + } + else + { + messageShow($prompt_template, 'Congratulation you are authenticated !

However there is nothing to do here ...'); + } + } + // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable + else + { + messageShow($prompt_template, 'Authentication failed ... Check your username and password.
If the error persists contact your administrator.

'); + } + } +} diff --git a/oauth/style.css b/oauth/style.css index 8b3765c..2a92f76 100644 --- a/oauth/style.css +++ b/oauth/style.css @@ -1,57 +1,187 @@ -html -{ - height: 100%; - margin: 0; -} - -body { - font-family:"Tahoma","Arial", serif; - font-size:8px; - font-weight: normal; - color: black; - text-decoration:none; - background-color: white; - height: 100%; - margin: 0; -} - - -.LoginTitle { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 18pt; - font-weight: normal; -} - -.LoginUsername { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 14pt; - font-weight: normal; -} - -.LoginComment { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 8pt; - font-weight: normal; -} - -.GreenButton -{ - color: white; - font-family : "Tahoma", "Arial", serif; - font-size : 10pt; - font-weight: normal; - height: 28px; - background: transparent url(images/ButtonGreen.png) repeat-x left top; - border: solid 1px #50B4AE; - font-weight: bold; -} - -.messageLogin { - color: Yellow; - font-family : "Tahoma", "Arial", serif; - font-size : 8pt; - font-weight: bold; -} +:root { + --input_bg: #E5E5E5; + --input_hover:#eaeaea; + --accept_bg: #1FCC44; + --accept_hover: #40e263; + --deny_bg: #cc1f1f; + --deny_hover: #e24040; + --icon_color:#6b6b6b; +} + +html { + height: 100%; + margin: 0; +} + +/* Overide browser defaults */ +* { + padding: 0; + margin: 0; + box-sizing: border-box; +} + +/* Style the form wrapper */ +body { + /* Set custom font */ + font-family: 'Roboto', sans-serif; + margin: auto; + text-align: center; +} + +table { + margin-left: auto; + margin-right: auto; + font-size: larger; + border-style: solid; + border-width: 2px; + margin-top: 5%; +} + +/* Format the different images*/ +#form_icon, +#form_icon_prompt { + display: flex; + justify-content: center; + align-items: center; + margin-top: 5%; +} + +#form_icon img { + width: 100%; + max-width: 450px; +} + +#form_icon_prompt img { + width: 50%; + max-width: 350px; +} + + +/* Style the form_credentials */ +#form_credentials { + /* Center the content */ + display: inline-block; + justify-content: center; + align-items: center; + position: absolute; + transform: translate(-50%, 25%); +} + +/* Style input fields */ +.input_container { + background-color: var(--input_bg); + + /* Vertically align icon and text inside the div*/ + display: flex; + align-items: center; + padding-left: 20px; +} + +.input_container:hover { + background-color: var(--input_hover); +} + +.input_container, +#input_accept, +#input_deny, +#input_login { + height: 60px; + + /* Make the borders more round */ + border-radius: 12px; + width: 100%; +} + +.input_field { + /* Customize the input tag with lighter font and some padding*/ + color: var(--icon_color); + background-color: inherit; + width: 95%; + border: none; + font-size: 1.3rem; + font-weight: 400; + padding-left: 6.5%; +} + +.input_field:hover, +.input_field:focus { + /* Remove the outline */ + outline: none; +} + +#input_accept, +#input_deny, +#input_login { + /* Submit button has a different color and different padding */ + background-color: var(--accept_bg); + padding-left: 0; + font-weight: bold; + color: white; + text-transform: capitalize; + text-align: center; + display: inline-block; + margin-top: 25%; + margin-right: 2%; + width: 50%; +} + +#input_accept:hover, +#input_deny:hover, +#input_login:hover { + /* Simple color transition on hover */ + transition: background-color, 500ms; + cursor: pointer; +} + +#input_accept, +#input_deny { + width: 45%; + margin-top: 6%; +} + +#input_deny { + background-color: var(--deny_bg); +} + +#input_deny:hover { + background-color: var(--deny_hover); +} + +/* Format the error messages */ +.err_msg { + color: red; + font-weight: bold; + font-size: 110%; +} + + +/* General page styling */ +h1, +span { + text-align: center; + padding-bottom: 2%; + padding-top: 0%; + font-weight: bolder; + font-size: 300%; +} + + +i { + color: var(--icon_color); +} + +/* Make it responsive */ +@media screen and (max-width:768px) { + + /* Make the layout a single column and add some margin to the wrapper */ + #form_wrapper { + grid-template-columns: 1fr; + margin-left: 10px; + margin-right: 10px; + } + + /* On small screens we don't display the image */ + #form_icon { + display: flex; + } +}