diff --git a/oauth/authorize.php b/oauth/authorize.php index 1b1defd..f903eb9 100644 --- a/oauth/authorize.php +++ b/oauth/authorize.php @@ -35,78 +35,45 @@ if (empty($_POST)) { exit(' - - - - Authorisation Mattermost - + + + Mattermost - LDAP Authorization - + + + -
- - - - - - - -
  - + +
+
+

LDAP Authentication

+
+ authentication icon +
+
+

Authorize Mattermost to get the following data:

+
+ + + +
+   Full Name
+   E-mail
+   For the user ' . $_SESSION['uid'] . '
+
+
-
-
Mattermost desires access to your LDAP data:
- - -
- - - - - - - - - - - - - - - - - - -
- -
- -
-   -
- Login as : ' . $_SESSION['uid'] . ' -
- -
- Requested Data :
-   -> Username,
-   -> Full Name,
-   -> Email - -
 
-
-
- -
- - - - -
- +
+ + +
+ + + -'); + '); } // print the authorization code if the user has authorized your client @@ -122,4 +89,4 @@ if ($is_authorized) } // Send message in case of error -$response->send(); \ No newline at end of file +$response->send(); diff --git a/oauth/connexion.php b/oauth/connexion.php deleted file mode 100644 index 57edba1..0000000 --- a/oauth/connexion.php +++ /dev/null @@ -1,77 +0,0 @@ - - */ - -// include our LDAP object -require_once __DIR__.'/LDAP/LDAP.php'; -require_once __DIR__.'/LDAP/config_ldap.php'; - - -// Verify all fields have been filled -if (empty($_POST['user']) || empty($_POST['password'])) -{ - echo 'Please fill in your Username and Password

'; - echo 'Click here to come back to login page'; -} -else -{ - // Check received data length (to prevent code injection) - if (strlen($_POST['user']) > 15) - { - echo 'Username has incorrect format ... Please try again

'; - echo 'Click here to come back to login page'; - } - elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) - { - echo 'Password has incorrect format ... Please try again

'; - echo 'Click here to come back to login page'; - } - else - { - // Remove every html tag and useless space on username (to prevent XSS) - $user=strip_tags(trim($_POST['user'])); - - $user=$_POST['user']; - $password=$_POST['password']; - - // Open a LDAP connection - $ldap = new LDAP($ldap_host,$ldap_port,$ldap_version); - - // Check user credential on LDAP - try{ - $authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass); - } - catch (Exception $e) - { - $resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage())); - $authenticated = false; - } - - // If user is authenticated - if ($authenticated) - { - $_SESSION['uid']=$user; - - // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message. - if (isset($_SESSION['auth_page'])) - { - $auth_page=$_SESSION['auth_page']; - header('Location: ' . $auth_page); - exit(); - } - else - { - echo "Congratulation you are authenticated !

However there is nothing to do here ..."; - } - } - // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable - else - { - echo "Authentication failed ... Check your username and password.
If error persist contact your administrator.

"; - echo 'Click here to come back to login page'; - echo '


' . $resp; - } - } -} diff --git a/oauth/form_prompt.html b/oauth/form_prompt.html new file mode 100644 index 0000000..433fdc0 --- /dev/null +++ b/oauth/form_prompt.html @@ -0,0 +1,41 @@ + + + + + LDAP Connection Interface + + + + + + + +
+
+

LDAP Authentication

+
+ authentication icon +
+
+ +
+
+ + +

+ +
+ + +

+ +
+
+ + +
+
+
+ + diff --git a/oauth/images/auth_icon.png b/oauth/images/auth_icon.png new file mode 100644 index 0000000..28e98fd Binary files /dev/null and b/oauth/images/auth_icon.png differ diff --git a/oauth/images/prompt_icon.png b/oauth/images/prompt_icon.png new file mode 100644 index 0000000..74cb2bc Binary files /dev/null and b/oauth/images/prompt_icon.png differ diff --git a/oauth/index.php b/oauth/index.php index 11190e7..adb40e2 100644 --- a/oauth/index.php +++ b/oauth/index.php @@ -1,72 +1,91 @@ +/** + * @author Denis CLAVIER + * A modified verion by dimst23 + */ - - - - - LDAP Connection Interface - - -
- - - - - - -
  - +// include our LDAP object +require_once __DIR__.'/LDAP/LDAP.php'; +require_once __DIR__.'/LDAP/config_ldap.php'; - - - -
-
LDAP Authentification
- +$prompt_template = new DOMDocument(); +$prompt_template->loadHTMLFile('form_prompt.html'); -
- - - - - - - - - - - - - - - - - - - -
- -
- -
-   -
- Username:  - - -
- Password:  - - -
 
-
- -
- -
-
- - \ No newline at end of file + +function messageShow($html_template, $message = 'No Msg') { + $modification_node = $html_template->getElementsByTagName('div')->item(5); + $page_fragment = $html_template->createDocumentFragment(); + $page_fragment->appendXML($message); + + $modification_node->appendChild($page_fragment); + + echo $html_template->saveHTML(); +} + + +// Verify all fields have been filled +if (empty($_POST['user']) || empty($_POST['password'])) +{ + if (empty($_POST['user'])) { + messageShow($prompt_template, 'Username field can\'t be empty.'); + } else { + messageShow($prompt_template, 'Password field can\'t be empty.'); + } +} +else +{ + // Check received data length (to prevent code injection) + if (strlen($_POST['user']) > 15) + { + messageShow($prompt_template, 'Username has incorrect format ... Please try again'); + } + elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) + { + messageShow($prompt_template, 'Password has incorrect format ... Please try again'); + } + else + { + // Remove every html tag and useless space on username (to prevent XSS) + $user=strip_tags(trim($_POST['user'])); + + $user=$_POST['user']; + $password=$_POST['password']; + + // Open a LDAP connection + $ldap = new LDAP($ldap_host,$ldap_port,$ldap_version); + + // Check user credential on LDAP + try{ + $authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass); + } + catch (Exception $e) + { + $authenticated = false; + } + + // If user is authenticated + if ($authenticated) + { + $_SESSION['uid']=$user; + + // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message. + if (isset($_SESSION['auth_page'])) + { + $auth_page=$_SESSION['auth_page']; + header('Location: ' . $auth_page); + exit(); + } + else + { + messageShow($prompt_template, 'Congratulation you are authenticated !

However there is nothing to do here ...'); + } + } + // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable + else + { + messageShow($prompt_template, 'Authentication failed ... Check your username and password.
If the error persists contact your administrator.

'); + } + } +} diff --git a/oauth/style.css b/oauth/style.css index 8b3765c..bc25c46 100644 --- a/oauth/style.css +++ b/oauth/style.css @@ -1,57 +1,195 @@ -html -{ - height: 100%; - margin: 0; -} - -body { - font-family:"Tahoma","Arial", serif; - font-size:8px; - font-weight: normal; - color: black; - text-decoration:none; - background-color: white; - height: 100%; - margin: 0; -} - - -.LoginTitle { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 18pt; - font-weight: normal; -} - -.LoginUsername { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 14pt; - font-weight: normal; -} - -.LoginComment { - color: #000000; - font-family : "Tahoma","Arial", serif; - font-size : 8pt; - font-weight: normal; -} - -.GreenButton -{ - color: white; - font-family : "Tahoma", "Arial", serif; - font-size : 10pt; - font-weight: normal; - height: 28px; - background: transparent url(images/ButtonGreen.png) repeat-x left top; - border: solid 1px #50B4AE; - font-weight: bold; -} - -.messageLogin { - color: Yellow; - font-family : "Tahoma", "Arial", serif; - font-size : 8pt; - font-weight: bold; -} +:root { + --form_bg: #ffffff; + --input_bg: #E5E5E5; + --input_hover:#eaeaea; + --accept_bg: #1FCC44; + --accept_hover: #40e263; + --deny_bg: #cc1f1f; + --deny_hover: #e24040; + --icon_color:#6b6b6b; +} + +html { + height: 100%; + margin: 0; +} + + +/* Overide browser defaults */ +* { + padding: 0; + margin: 0; + box-sizing: border-box; +} + + + +/* Style the form wrapper */ +body { + /* Set custom font */ + font-family: 'Roboto', sans-serif; + margin: auto; + text-align: center; +} + +table { + margin-left: auto; + margin-right: auto; + font-size: larger; + border-style: solid; + border-width: 2px; + margin-top: 5%; +} + + + + + +/* Display the image centered on the left */ +#form_icon, +#form_icon_prompt { + /* Center the image */ + display: flex; + justify-content: center; + align-items: center; + margin-top: 5%; +} + +#form_icon img { + width: 100%; + max-width: 450px; +} + +#form_icon_prompt img { + width: 50%; + max-width: 350px; +} + + +/* Style the form_credentials */ +#form_credentials { + /* Center the content */ + display: inline-block; + justify-content: center; + align-items: center; + position: absolute; + transform: translate(-50%, 25%); +} + + + +/* Style input fields */ +.input_container { + background-color: var(--input_bg); + + /* Vertically align icon and text inside the div*/ + display: flex; + align-items: center; + padding-left: 20px; +} + +.input_container:hover { + background-color: var(--input_hover); +} + +.input_container, +#input_accept, +#input_deny, +#input_login { + height: 60px; + + /* Make the borders more round */ + border-radius: 12px; + width: 100%; +} + + +.input_field { + /* Customize the input tag with lighter font and some padding*/ + color: var(--icon_color); + background-color: inherit; + width: 95%; + border: none; + font-size: 1.3rem; + font-weight: 400; + padding-left: 6.5%; +} + +.input_field:hover, +.input_field:focus { + /* Remove the outline */ + outline: none; +} + +#input_accept, +#input_deny, +#input_login { + /* Submit button has a different color and different padding */ + background-color: var(--accept_bg); + padding-left: 0; + font-weight: bold; + color: white; + text-transform: capitalize; + text-align: center; + display: inline-block; + margin-top: 25%; + margin-right: 2%; + width: 50%; +} + +#input_accept:hover, +#input_deny:hover, +#input_login:hover { + /* Simple color transition on hover */ + transition: background-color, 500ms; + cursor: pointer; +} + +#input_accept, +#input_deny { + width: 45%; + margin-top: 6%; +} + +#input_deny { + background-color: var(--deny_bg); +} + +#input_deny:hover { + background-color: var(--deny_hover); +} + + +/* General page styling */ +h1, +span { + text-align: center; + padding-bottom: 2%; + padding-top: 0%; + font-weight: bolder; + font-size: 300%; +} + + +i { + color: var(--icon_color); +} + + + + +/* Make it responsive */ +@media screen and (max-width:768px) { + + /* Make the layout a single column and add some margin to the wrapper */ + #form_wrapper { + grid-template-columns: 1fr; + margin-left: 10px; + margin-right: 10px; + } + + /* On small screens we don't display the image */ + #form_icon { + display: flex; + } +}