Clean up the code. Closes #1

- Rename LDAP vars - Clean up classes and namespaces - Add comments

Clean up the code. Closes #1
c041ea49 · Christoph Seitz · b49233b5 · c041ea49
Commit c041ea49 authored 10 years ago by Christoph Seitz
--- a/authentication/ldap/controller.php
+++ b/authentication/ldap/controller.php
@@ -5,17 +5,13 @@ use Library\Authentication\AuthYubico;
 use Concrete\Core\Authentication\AuthenticationTypeController;

 use Config;
-use Exception;
-use Package;
+use Loader;
 use User;
 use UserInfo;
-use View;


 class Controller extends AuthenticationTypeController {

-  const YUBIKEY_VERIFY_URL = "http://api.yubico.com/wsapi/2.0/verify";
-
  public function getHandle() {
    return 'ldap';
  }
@@ -26,34 +22,34 @@ class Controller extends AuthenticationTypeController {

  public function edit()
  {
-    $this->set('form', \Loader::helper('form'));
-    $this->set('ldapServerURI', \Config::get('auth.ldap.ldapServerURI', ''));
-    $this->set('ldapBaseDN', \Config::get('auth.ldap.ldapBaseDN', ''));
-    $this->set('ldapBindDN', \Config::get('auth.ldap.ldapBindDN', ''));
-    $this->set('ldapBindPassword', \Config::get('auth.ldap.ldapBindPassword', ''));
-    $this->set('ldapSearchFilter', \Config::get('auth.ldap.ldapSearchFilter', ''));
-    $this->set('yubikeyEnabled',\Config::get('auth.ldap.yubikeyEnabled', false));
-    $this->set('yubikeyClientID',\Config::get('auth.ldap.yubikeyClientID', ''));
-    $this->set('yubikeySecretKey',\Config::get('auth.ldap.yubikeySecretKey', ''));
-    $this->set('yubikeyServerURI',\Config::get('auth.ldap.yubikeyServerURI', ''));
-    $this->set('yubikeyLDAPAtttribute',\Config::get('auth.ldap.yubikeyLDAPAtttribute', 'pager'));
-    $this->set('yubikeyAllowEmptyKey',\Config::get('auth.ldap.yubikeyAllowEmptyKey', false));
+    $this->set('form', Loader::helper('form'));
+    $this->set('ldapServerURI', Config::get('auth.ldap.ldapServerURI', ''));
+    $this->set('ldapBaseDN', Config::get('auth.ldap.ldapBaseDN', ''));
+    $this->set('ldapBindDN', Config::get('auth.ldap.ldapBindDN', ''));
+    $this->set('ldapBindPassword', Config::get('auth.ldap.ldapBindPassword', ''));
+    $this->set('ldapSearchFilter', Config::get('auth.ldap.ldapSearchFilter', ''));
+    $this->set('yubikeyEnabled', Config::get('auth.ldap.yubikeyEnabled', false));
+    $this->set('yubikeyClientID', Config::get('auth.ldap.yubikeyClientID', ''));
+    $this->set('yubikeySecretKey', Config::get('auth.ldap.yubikeySecretKey', ''));
+    $this->set('yubikeyServerURI', Config::get('auth.ldap.yubikeyServerURI', ''));
+    $this->set('yubikeyLDAPAtttribute', Config::get('auth.ldap.yubikeyLDAPAtttribute', 'pager'));
+    $this->set('yubikeyAllowEmptyKey', Config::get('auth.ldap.yubikeyAllowEmptyKey', false));

  }

  public function saveAuthenticationType($args)
  {
-    \Config::save('auth.ldap.ldapServerURI',$args['ldapServerURI']);
-    \Config::save('auth.ldap.ldapBaseDN',$args['ldapBaseDN']);
-    \Config::save('auth.ldap.ldapBindDN',$args['ldapBindDN']);
-    \Config::save('auth.ldap.ldapBindPassword',$args['ldapBindPassword']);
-    \Config::save('auth.ldap.ldapSearchFilter',$args['ldapSearchFilter']);
-    \Config::save('auth.ldap.yubikeyEnabled',$args['yubikeyEnabled']);
-    \Config::save('auth.ldap.yubikeyClientID',$args['yubikeyClientID']);
-    \Config::save('auth.ldap.yubikeySecretKey',$args['yubikeySecretKey']);
-    \Config::save('auth.ldap.yubikeyServerURI',$args['yubikeyServerURI']);
-    \Config::save('auth.ldap.yubikeyLDAPAtttribute',$args['yubikeyLDAPAtttribute']);
-    \Config::save('auth.ldap.yubikeyAllowEmptyKey',$args['yubikeyAllowEmptyKey']);
+    Config::save('auth.ldap.ldapServerURI',$args['ldapServerURI']);
+    Config::save('auth.ldap.ldapBaseDN',$args['ldapBaseDN']);
+    Config::save('auth.ldap.ldapBindDN',$args['ldapBindDN']);
+    Config::save('auth.ldap.ldapBindPassword',$args['ldapBindPassword']);
+    Config::save('auth.ldap.ldapSearchFilter',$args['ldapSearchFilter']);
+    Config::save('auth.ldap.yubikeyEnabled',$args['yubikeyEnabled']);
+    Config::save('auth.ldap.yubikeyClientID',$args['yubikeyClientID']);
+    Config::save('auth.ldap.yubikeySecretKey',$args['yubikeySecretKey']);
+    Config::save('auth.ldap.yubikeyServerURI',$args['yubikeyServerURI']);
+    Config::save('auth.ldap.yubikeyLDAPAtttribute',$args['yubikeyLDAPAtttribute']);
+    Config::save('auth.ldap.yubikeyAllowEmptyKey',$args['yubikeyAllowEmptyKey']);
  }

  public function getAuthenticationTypeIconHTML() {
@@ -61,19 +57,19 @@ class Controller extends AuthenticationTypeController {
  }

  private function __connect() {
-    if (!is_object($this->ldap_conn)) {
-      $this->ldap_conn = ldap_connect(\Config::get('auth.ldap.ldapServerURI',''))
+    if (!is_object($this->ldapConn)) {
+      $this->ldapConn = ldap_connect(Config::get('auth.ldap.ldapServerURI',''))
        or die(t('Connection to LDAP Server failed.'));
-      ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
-      $bindDN = \Config::get('auth.ldap.ldapBindDN', '');
-      $bindPW = \Config::get('auth.ldap.ldapBindPassword', '');
+      ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
+      $bindDN = Config::get('auth.ldap.ldapBindDN', '');
+      $bindPW = Config::get('auth.ldap.ldapBindPassword', '');
      if ($bindDN) {
-        $this->ldap_bind = ldap_bind($this->ldap_conn,$bindDN,$bindPW);
+        $this->ldapBind = ldap_bind($this->ldapConn,$bindDN,$bindPW);
      } else {
-        $this->ldap_bind = ldap_bind($this->ldap_conn);
+        $this->ldapBind = ldap_bind($this->ldapConn);
      }
-      if (!$this->ldap_bind) {
-        throw new Exception(t("Binding with LDAP Server failed."));
+      if (!$this->ldapBind) {
+        throw new \Exception(t("Binding with LDAP Server failed."));
      }
    }
  }
@@ -88,11 +84,12 @@ class Controller extends AuthenticationTypeController {

  public function authenticate() {
    $valc = Loader::helper('concrete/validation');
+    $vals = Loader::helper('validation/strings');
    $post = $this->post();

    //Check for empty username and password
    if (empty($post['uName']) || empty($post['uPassword'])) {
-      throw new Exception(t('Please provide both username and password.'));
+      throw new \Exception(t('Please provide both username and password.'));
    }

    $uName = $post['uName'];
@@ -110,37 +107,37 @@ class Controller extends AuthenticationTypeController {

    //Connect to ldap, do the search and then auth the user
    $this->__connect();
-    $search_result = ldap_search($this->ldap_conn,\Config::get('auth.ldap.ldapBaseDN', ''),
+    $searchResult = ldap_search($this->ldapConn,Config::get('auth.ldap.ldapBaseDN', ''),
      $searchFilter);
-    if (ldap_count_entries($this->ldap_conn,$search_result)!=1) {
+    if (ldap_count_entries($this->ldapConn,$searchResult)!=1) {
      throw new \Exception(t('Invalid username or password.'));
    }
-    $entry = ldap_first_entry($this->ldap_conn,$search_result);
+    $entry = ldap_first_entry($this->ldapConn,$searchResult);
    //get it here because of the new bind.
-    if (\Config::get('auth.ldap.yubikeyEnabled',false)) {
-      $yubikeys = ldap_get_values($this->ldap_conn,$entry,\Config::get('auth.ldap.yubikeyLDAPAtttribute','pager'));
+    if (Config::get('auth.ldap.yubikeyEnabled',false)) {
+      $yubikeys = ldap_get_values($this->ldapConn,$entry,Config::get('auth.ldap.yubikeyLDAPAtttribute','pager'));
    }
    $user_bind = ldap_bind($this->ldap_conn,ldap_get_dn($this->ldap_conn,$entry),$uPassword);
    if (!$user_bind) {
      throw new \Exception(t('Invalid username or password.'));
    }
-    ldap_close($this->ldap_conn);
+    ldap_close($this->ldapConn);

    //Start yubikey two-factor
-    if (\Config::get('auth.ldap.yubikeyEnabled',false)) {
-      if ($yubikeys) {
+    if (Config::get('auth.ldap.yubikeyEnabled',false)) {
+      if (!empty($yubikeys)) {
        if (!$this->yubikeyIsOtp($uOTP)) {
-          throw new Exception(t('Invalid username or password.'));
+          throw new \Exception(t('Invalid username or password.'));
        }

        //Check the otp and then the key id
-        $clientID = \Config::get('auth.ldap.yubikeyClientID','');
-        $secretKey = \Config::get('auth.ldap.yubikeySecretKey','');
+        $clientID = Config::get('auth.ldap.yubikeyClientID','');
+        $secretKey = Config::get('auth.ldap.yubikeySecretKey','');
        $https = 1;
        $yubi = new AuthYubico($clientID,$secretKey,$https);
        $auth = $yubi->verify($uOTP);
        if (\PEAR::isError($auth)) {
-          throw new Exception(t('Invalid username or password.'));
+          throw new \Exception(t('Invalid username or password.'));
        }
        $foundKey = 0;
        foreach ($yubikeys as $yubikey) {
@@ -150,11 +147,11 @@ class Controller extends AuthenticationTypeController {
          }
        }
        if (!$foundKey) {
-          throw new Exception(t('Invalid username or password.'));
+          throw new \Exception(t('Invalid username or password.'));
        }
      } else {
-        if (!\Config::get('auth.ldap.yubikeyAllowEmptyKey',false)) {
-          throw new Exception(t('Yubikey is required to login.'));
+        if (!Config::get('auth.ldap.yubikeyAllowEmptyKey',false)) {
+          throw new \Exception(t('Yubikey is required to login.'));
        }
      }
    }
@@ -188,6 +185,7 @@ class Controller extends AuthenticationTypeController {
      }
    }
    if ($post['uMaintainLogin']) {
+      //This is a little tricky. Use concrete AT to create a cookie.
      $user->setAuthTypeCookie('concrete');
    }
    return $user;