AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow use of the user's DN as the group filter substitution

This commit is contained in:
mildis 2020-05-22 05:57:30 +02:00 committed by GitHub
parent a0a7a1eb31
commit 9e1e4ea381
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Core/Ldap/Group.php
View File

@ -56,7 +56,7 @@ class Group
*/ */
public function find($query) public function find($query)
{ {
$this->query->execute($this->getBasDn(), $query, $this->getAttributes()); $this->query->execute($this->getBaseDn(), $query, $this->getAttributes());
$groups = array(); $groups = array();
if ($this->query->hasResult()) { if ($this->query->hasResult()) {
@ -119,7 +119,7 @@ class Group
* @access public * @access public
* @return string * @return string
*/ */
public function getBasDn() public function getBaseDn()
{ {
if (! LDAP_GROUP_BASE_DN) { if (! LDAP_GROUP_BASE_DN) {
throw new LogicException('LDAP group base DN empty, check the parameter LDAP_GROUP_BASE_DN'); throw new LogicException('LDAP group base DN empty, check the parameter LDAP_GROUP_BASE_DN');

33
app/Core/Ldap/User.php
View File

@ -67,7 +67,7 @@ class User
*/ */
public function find($query) public function find($query)
{ {
$this->query->execute($this->getBasDn(), $query, $this->getAttributes()); $this->query->execute($this->getBaseDn(), $query, $this->getAttributes());
$user = null; $user = null;
if ($this->query->hasResult()) { if ($this->query->hasResult()) {
@ -85,15 +85,20 @@ class User
* *
* @access protected * @access protected
* @param Entry $entry * @param Entry $entry
* @param string $username
* @return string[] * @return string[]
*/ */
protected function getGroups(Entry $entry, $username) protected function getGroups(Entry $entry)
{ {
$userattr = '';
if ('username' == $this->getGroupUserAttribute()) {
$userattr = $entry->getFirstValue($this->getAttributeUsername());
} else if ('dn' == $this->getGroupUserAttribute()) {
$userattr = $entry->getDn();
}
$groupIds = array(); $groupIds = array();
if (! empty($username) && $this->group !== null && $this->hasGroupUserFilter()) { if (! empty($userattr) && $this->group !== null && $this->hasGroupUserFilter()) {
$groups = $this->group->find(sprintf($this->getGroupUserFilter(), $username)); $groups = $this->group->find(sprintf($this->getGroupUserFilter(), $userattr));
foreach ($groups as $group) { foreach ($groups as $group) {
$groupIds[] = $group->getExternalId(); $groupIds[] = $group->getExternalId();
@ -150,12 +155,11 @@ class User
protected function build() protected function build()
{ {
$entry = $this->query->getEntries()->getFirstEntry(); $entry = $this->query->getEntries()->getFirstEntry();
$username = $entry->getFirstValue($this->getAttributeUsername()); $groupIds = $this->getGroups($entry);
$groupIds = $this->getGroups($entry, $username);
return new LdapUserProvider( return new LdapUserProvider(
$entry->getDn(), $entry->getDn(),
$username, $entry->getFirstValue($this->getAttributeUsername()),
$entry->getFirstValue($this->getAttributeName()), $entry->getFirstValue($this->getAttributeName()),
$entry->getFirstValue($this->getAttributeEmail()), $entry->getFirstValue($this->getAttributeEmail()),
$this->getRole($groupIds), $this->getRole($groupIds),
@ -274,6 +278,17 @@ class User
return LDAP_GROUP_USER_FILTER; return LDAP_GROUP_USER_FILTER;
} }
/**
* Get LDAP Group User attribute
*
* @access public
* @return string
*/
public function getGroupUserAttribute()
{
return LDAP_GROUP_USER_ATTRIBUTE;
}
/** /**
* Return true if LDAP Group User filter is defined * Return true if LDAP Group User filter is defined
* *
@ -324,7 +339,7 @@ class User
* @access public * @access public
* @return string * @return string
*/ */
public function getBasDn() public function getBaseDn()
{ {
if (! LDAP_USER_BASE_DN) { if (! LDAP_USER_BASE_DN) {
throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN'); throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN');

1
app/constants.php
View File

@ -89,6 +89,7 @@ defined('LDAP_GROUP_PROVIDER') or define('LDAP_GROUP_PROVIDER', strtolower(geten
defined('LDAP_GROUP_BASE_DN') or define('LDAP_GROUP_BASE_DN', getenv('LDAP_GROUP_BASE_DN') ?: ''); defined('LDAP_GROUP_BASE_DN') or define('LDAP_GROUP_BASE_DN', getenv('LDAP_GROUP_BASE_DN') ?: '');
defined('LDAP_GROUP_FILTER') or define('LDAP_GROUP_FILTER', getenv('LDAP_GROUP_FILTER') ?: ''); defined('LDAP_GROUP_FILTER') or define('LDAP_GROUP_FILTER', getenv('LDAP_GROUP_FILTER') ?: '');
defined('LDAP_GROUP_USER_FILTER') or define('LDAP_GROUP_USER_FILTER', getenv('LDAP_GROUP_USER_FILTER') ?: ''); defined('LDAP_GROUP_USER_FILTER') or define('LDAP_GROUP_USER_FILTER', getenv('LDAP_GROUP_USER_FILTER') ?: '');
defined('LDAP_GROUP_USER_ATTRIBUTE') or define('LDAP_GROUP_USER_ATTRIBUTE', getenv('LDAP_GROUP_USER_ATTRIBUTE') ?: 'username');
defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', getenv('LDAP_GROUP_ATTRIBUTE_NAME') ?: 'cn'); defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', getenv('LDAP_GROUP_ATTRIBUTE_NAME') ?: 'cn');
// Proxy authentication // Proxy authentication

4
config.default.php
View File

@ -184,6 +184,10 @@ define('LDAP_GROUP_FILTER', '');
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s)) // Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', ''); define('LDAP_GROUP_USER_FILTER', '');
// LDAP attribute for the user in the group filter
// 'username' or 'dn'
define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
// LDAP attribute for the group name // LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

8
tests/units/Core/Ldap/LdapGroupTest.php
View File

@ -37,7 +37,7 @@ class LdapGroupTest extends Base
->setConstructorArgs(array($this->query)) ->setConstructorArgs(array($this->query))
->setMethods(array( ->setMethods(array(
'getAttributeName', 'getAttributeName',
'getBasDn', 'getBaseDn',
)) ))
->getMock(); ->getMock();
} }
@ -96,7 +96,7 @@ class LdapGroupTest extends Base
$this->group $this->group
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('CN=Users,DC=kanboard,DC=local')); ->will($this->returnValue('CN=Users,DC=kanboard,DC=local'));
$groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))'); $groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))');
@ -142,7 +142,7 @@ class LdapGroupTest extends Base
$this->group $this->group
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('CN=Users,DC=kanboard,DC=local')); ->will($this->returnValue('CN=Users,DC=kanboard,DC=local'));
$groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))'); $groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))');
@ -154,6 +154,6 @@ class LdapGroupTest extends Base
$this->expectException('\LogicException'); $this->expectException('\LogicException');
$group = new Group($this->query); $group = new Group($this->query);
$group->getBasDn(); $group->getBaseDn();
} }
} }

20
tests/units/Core/Ldap/LdapUserTest.php
View File

@ -56,7 +56,7 @@ class LdapUserTest extends Base
'getGroupUserFilter', 'getGroupUserFilter',
'getGroupAdminDn', 'getGroupAdminDn',
'getGroupManagerDn', 'getGroupManagerDn',
'getBasDn', 'getBaseDn',
)) ))
->getMock(); ->getMock();
} }
@ -127,7 +127,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local')); ->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)'); $user = $this->user->find('(uid=my_ldap_user)');
@ -202,7 +202,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local')); ->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)'); $user = $this->user->find('(uid=my_ldap_user)');
@ -293,7 +293,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local')); ->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)'); $user = $this->user->find('(uid=my_ldap_user)');
@ -396,7 +396,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local')); ->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)'); $user = $this->user->find('(uid=my_ldap_user)');
@ -451,7 +451,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local')); ->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)'); $user = $this->user->find('(uid=my_ldap_user)');
@ -543,7 +543,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local')); ->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group $this->group
@ -649,7 +649,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local')); ->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group $this->group
@ -760,7 +760,7 @@ class LdapUserTest extends Base
$this->user $this->user
->expects($this->any()) ->expects($this->any())
->method('getBasDn') ->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local')); ->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group $this->group
@ -790,7 +790,7 @@ class LdapUserTest extends Base
$this->expectException('\LogicException'); $this->expectException('\LogicException');
$user = new User($this->query); $user = new User($this->query);
$user->getBasDn(); $user->getBaseDn();
} }
public function testGetLdapUserPatternNotConfigured() public function testGetLdapUserPatternNotConfigured()