Skip to content
Snippets Groups Projects
Commit c041ea49 authored by Christoph Seitz's avatar Christoph Seitz
Browse files

Clean up the code. Closes #1

- Rename LDAP vars
- Clean up classes and namespaces
- Add comments
parent b49233b5
No related branches found
No related tags found
No related merge requests found
...@@ -5,17 +5,13 @@ use Library\Authentication\AuthYubico; ...@@ -5,17 +5,13 @@ use Library\Authentication\AuthYubico;
use Concrete\Core\Authentication\AuthenticationTypeController; use Concrete\Core\Authentication\AuthenticationTypeController;
use Config; use Config;
use Exception; use Loader;
use Package;
use User; use User;
use UserInfo; use UserInfo;
use View;
class Controller extends AuthenticationTypeController { class Controller extends AuthenticationTypeController {
const YUBIKEY_VERIFY_URL = "http://api.yubico.com/wsapi/2.0/verify";
public function getHandle() { public function getHandle() {
return 'ldap'; return 'ldap';
} }
...@@ -26,34 +22,34 @@ class Controller extends AuthenticationTypeController { ...@@ -26,34 +22,34 @@ class Controller extends AuthenticationTypeController {
public function edit() public function edit()
{ {
$this->set('form', \Loader::helper('form')); $this->set('form', Loader::helper('form'));
$this->set('ldapServerURI', \Config::get('auth.ldap.ldapServerURI', '')); $this->set('ldapServerURI', Config::get('auth.ldap.ldapServerURI', ''));
$this->set('ldapBaseDN', \Config::get('auth.ldap.ldapBaseDN', '')); $this->set('ldapBaseDN', Config::get('auth.ldap.ldapBaseDN', ''));
$this->set('ldapBindDN', \Config::get('auth.ldap.ldapBindDN', '')); $this->set('ldapBindDN', Config::get('auth.ldap.ldapBindDN', ''));
$this->set('ldapBindPassword', \Config::get('auth.ldap.ldapBindPassword', '')); $this->set('ldapBindPassword', Config::get('auth.ldap.ldapBindPassword', ''));
$this->set('ldapSearchFilter', \Config::get('auth.ldap.ldapSearchFilter', '')); $this->set('ldapSearchFilter', Config::get('auth.ldap.ldapSearchFilter', ''));
$this->set('yubikeyEnabled',\Config::get('auth.ldap.yubikeyEnabled', false)); $this->set('yubikeyEnabled', Config::get('auth.ldap.yubikeyEnabled', false));
$this->set('yubikeyClientID',\Config::get('auth.ldap.yubikeyClientID', '')); $this->set('yubikeyClientID', Config::get('auth.ldap.yubikeyClientID', ''));
$this->set('yubikeySecretKey',\Config::get('auth.ldap.yubikeySecretKey', '')); $this->set('yubikeySecretKey', Config::get('auth.ldap.yubikeySecretKey', ''));
$this->set('yubikeyServerURI',\Config::get('auth.ldap.yubikeyServerURI', '')); $this->set('yubikeyServerURI', Config::get('auth.ldap.yubikeyServerURI', ''));
$this->set('yubikeyLDAPAtttribute',\Config::get('auth.ldap.yubikeyLDAPAtttribute', 'pager')); $this->set('yubikeyLDAPAtttribute', Config::get('auth.ldap.yubikeyLDAPAtttribute', 'pager'));
$this->set('yubikeyAllowEmptyKey',\Config::get('auth.ldap.yubikeyAllowEmptyKey', false)); $this->set('yubikeyAllowEmptyKey', Config::get('auth.ldap.yubikeyAllowEmptyKey', false));
} }
public function saveAuthenticationType($args) public function saveAuthenticationType($args)
{ {
\Config::save('auth.ldap.ldapServerURI',$args['ldapServerURI']); Config::save('auth.ldap.ldapServerURI',$args['ldapServerURI']);
\Config::save('auth.ldap.ldapBaseDN',$args['ldapBaseDN']); Config::save('auth.ldap.ldapBaseDN',$args['ldapBaseDN']);
\Config::save('auth.ldap.ldapBindDN',$args['ldapBindDN']); Config::save('auth.ldap.ldapBindDN',$args['ldapBindDN']);
\Config::save('auth.ldap.ldapBindPassword',$args['ldapBindPassword']); Config::save('auth.ldap.ldapBindPassword',$args['ldapBindPassword']);
\Config::save('auth.ldap.ldapSearchFilter',$args['ldapSearchFilter']); Config::save('auth.ldap.ldapSearchFilter',$args['ldapSearchFilter']);
\Config::save('auth.ldap.yubikeyEnabled',$args['yubikeyEnabled']); Config::save('auth.ldap.yubikeyEnabled',$args['yubikeyEnabled']);
\Config::save('auth.ldap.yubikeyClientID',$args['yubikeyClientID']); Config::save('auth.ldap.yubikeyClientID',$args['yubikeyClientID']);
\Config::save('auth.ldap.yubikeySecretKey',$args['yubikeySecretKey']); Config::save('auth.ldap.yubikeySecretKey',$args['yubikeySecretKey']);
\Config::save('auth.ldap.yubikeyServerURI',$args['yubikeyServerURI']); Config::save('auth.ldap.yubikeyServerURI',$args['yubikeyServerURI']);
\Config::save('auth.ldap.yubikeyLDAPAtttribute',$args['yubikeyLDAPAtttribute']); Config::save('auth.ldap.yubikeyLDAPAtttribute',$args['yubikeyLDAPAtttribute']);
\Config::save('auth.ldap.yubikeyAllowEmptyKey',$args['yubikeyAllowEmptyKey']); Config::save('auth.ldap.yubikeyAllowEmptyKey',$args['yubikeyAllowEmptyKey']);
} }
public function getAuthenticationTypeIconHTML() { public function getAuthenticationTypeIconHTML() {
...@@ -61,19 +57,19 @@ class Controller extends AuthenticationTypeController { ...@@ -61,19 +57,19 @@ class Controller extends AuthenticationTypeController {
} }
private function __connect() { private function __connect() {
if (!is_object($this->ldap_conn)) { if (!is_object($this->ldapConn)) {
$this->ldap_conn = ldap_connect(\Config::get('auth.ldap.ldapServerURI','')) $this->ldapConn = ldap_connect(Config::get('auth.ldap.ldapServerURI',''))
or die(t('Connection to LDAP Server failed.')); or die(t('Connection to LDAP Server failed.'));
ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$bindDN = \Config::get('auth.ldap.ldapBindDN', ''); $bindDN = Config::get('auth.ldap.ldapBindDN', '');
$bindPW = \Config::get('auth.ldap.ldapBindPassword', ''); $bindPW = Config::get('auth.ldap.ldapBindPassword', '');
if ($bindDN) { if ($bindDN) {
$this->ldap_bind = ldap_bind($this->ldap_conn,$bindDN,$bindPW); $this->ldapBind = ldap_bind($this->ldapConn,$bindDN,$bindPW);
} else { } else {
$this->ldap_bind = ldap_bind($this->ldap_conn); $this->ldapBind = ldap_bind($this->ldapConn);
} }
if (!$this->ldap_bind) { if (!$this->ldapBind) {
throw new Exception(t("Binding with LDAP Server failed.")); throw new \Exception(t("Binding with LDAP Server failed."));
} }
} }
} }
...@@ -88,11 +84,12 @@ class Controller extends AuthenticationTypeController { ...@@ -88,11 +84,12 @@ class Controller extends AuthenticationTypeController {
public function authenticate() { public function authenticate() {
$valc = Loader::helper('concrete/validation'); $valc = Loader::helper('concrete/validation');
$vals = Loader::helper('validation/strings');
$post = $this->post(); $post = $this->post();
//Check for empty username and password //Check for empty username and password
if (empty($post['uName']) || empty($post['uPassword'])) { if (empty($post['uName']) || empty($post['uPassword'])) {
throw new Exception(t('Please provide both username and password.')); throw new \Exception(t('Please provide both username and password.'));
} }
$uName = $post['uName']; $uName = $post['uName'];
...@@ -110,37 +107,37 @@ class Controller extends AuthenticationTypeController { ...@@ -110,37 +107,37 @@ class Controller extends AuthenticationTypeController {
//Connect to ldap, do the search and then auth the user //Connect to ldap, do the search and then auth the user
$this->__connect(); $this->__connect();
$search_result = ldap_search($this->ldap_conn,\Config::get('auth.ldap.ldapBaseDN', ''), $searchResult = ldap_search($this->ldapConn,Config::get('auth.ldap.ldapBaseDN', ''),
$searchFilter); $searchFilter);
if (ldap_count_entries($this->ldap_conn,$search_result)!=1) { if (ldap_count_entries($this->ldapConn,$searchResult)!=1) {
throw new \Exception(t('Invalid username or password.')); throw new \Exception(t('Invalid username or password.'));
} }
$entry = ldap_first_entry($this->ldap_conn,$search_result); $entry = ldap_first_entry($this->ldapConn,$searchResult);
//get it here because of the new bind. //get it here because of the new bind.
if (\Config::get('auth.ldap.yubikeyEnabled',false)) { if (Config::get('auth.ldap.yubikeyEnabled',false)) {
$yubikeys = ldap_get_values($this->ldap_conn,$entry,\Config::get('auth.ldap.yubikeyLDAPAtttribute','pager')); $yubikeys = ldap_get_values($this->ldapConn,$entry,Config::get('auth.ldap.yubikeyLDAPAtttribute','pager'));
} }
$user_bind = ldap_bind($this->ldap_conn,ldap_get_dn($this->ldap_conn,$entry),$uPassword); $user_bind = ldap_bind($this->ldap_conn,ldap_get_dn($this->ldap_conn,$entry),$uPassword);
if (!$user_bind) { if (!$user_bind) {
throw new \Exception(t('Invalid username or password.')); throw new \Exception(t('Invalid username or password.'));
} }
ldap_close($this->ldap_conn); ldap_close($this->ldapConn);
//Start yubikey two-factor //Start yubikey two-factor
if (\Config::get('auth.ldap.yubikeyEnabled',false)) { if (Config::get('auth.ldap.yubikeyEnabled',false)) {
if ($yubikeys) { if (!empty($yubikeys)) {
if (!$this->yubikeyIsOtp($uOTP)) { if (!$this->yubikeyIsOtp($uOTP)) {
throw new Exception(t('Invalid username or password.')); throw new \Exception(t('Invalid username or password.'));
} }
//Check the otp and then the key id //Check the otp and then the key id
$clientID = \Config::get('auth.ldap.yubikeyClientID',''); $clientID = Config::get('auth.ldap.yubikeyClientID','');
$secretKey = \Config::get('auth.ldap.yubikeySecretKey',''); $secretKey = Config::get('auth.ldap.yubikeySecretKey','');
$https = 1; $https = 1;
$yubi = new AuthYubico($clientID,$secretKey,$https); $yubi = new AuthYubico($clientID,$secretKey,$https);
$auth = $yubi->verify($uOTP); $auth = $yubi->verify($uOTP);
if (\PEAR::isError($auth)) { if (\PEAR::isError($auth)) {
throw new Exception(t('Invalid username or password.')); throw new \Exception(t('Invalid username or password.'));
} }
$foundKey = 0; $foundKey = 0;
foreach ($yubikeys as $yubikey) { foreach ($yubikeys as $yubikey) {
...@@ -150,11 +147,11 @@ class Controller extends AuthenticationTypeController { ...@@ -150,11 +147,11 @@ class Controller extends AuthenticationTypeController {
} }
} }
if (!$foundKey) { if (!$foundKey) {
throw new Exception(t('Invalid username or password.')); throw new \Exception(t('Invalid username or password.'));
} }
} else { } else {
if (!\Config::get('auth.ldap.yubikeyAllowEmptyKey',false)) { if (!Config::get('auth.ldap.yubikeyAllowEmptyKey',false)) {
throw new Exception(t('Yubikey is required to login.')); throw new \Exception(t('Yubikey is required to login.'));
} }
} }
} }
...@@ -188,6 +185,7 @@ class Controller extends AuthenticationTypeController { ...@@ -188,6 +185,7 @@ class Controller extends AuthenticationTypeController {
} }
} }
if ($post['uMaintainLogin']) { if ($post['uMaintainLogin']) {
//This is a little tricky. Use concrete AT to create a cookie.
$user->setAuthTypeCookie('concrete'); $user->setAuthTypeCookie('concrete');
} }
return $user; return $user;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment