AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow use of the user's DN as the group filter substitution

This commit is contained in:
mildis 2020-05-22 05:57:30 +02:00 committed by GitHub
parent a0a7a1eb31
commit 9e1e4ea381
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Core/Ldap/Group.php
View File

@ -56,7 +56,7 @@ class Group
*/
public function find($query)
{
$this->query->execute($this->getBasDn(), $query, $this->getAttributes());
$this->query->execute($this->getBaseDn(), $query, $this->getAttributes());
$groups = array();
if ($this->query->hasResult()) {
@ -119,7 +119,7 @@ class Group
* @access public
* @return string
*/
public function getBasDn()
public function getBaseDn()
{
if (! LDAP_GROUP_BASE_DN) {
throw new LogicException('LDAP group base DN empty, check the parameter LDAP_GROUP_BASE_DN');

33
app/Core/Ldap/User.php
View File

@ -67,7 +67,7 @@ class User
*/
public function find($query)
{
$this->query->execute($this->getBasDn(), $query, $this->getAttributes());
$this->query->execute($this->getBaseDn(), $query, $this->getAttributes());
$user = null;
if ($this->query->hasResult()) {
@ -85,15 +85,20 @@ class User
*
* @access protected
* @param Entry $entry
* @param string $username
* @return string[]
*/
protected function getGroups(Entry $entry, $username)
protected function getGroups(Entry $entry)
{
$userattr = '';
if ('username' == $this->getGroupUserAttribute()) {
$userattr = $entry->getFirstValue($this->getAttributeUsername());
} else if ('dn' == $this->getGroupUserAttribute()) {
$userattr = $entry->getDn();
}
$groupIds = array();
if (! empty($username) && $this->group !== null && $this->hasGroupUserFilter()) {
$groups = $this->group->find(sprintf($this->getGroupUserFilter(), $username));
if (! empty($userattr) && $this->group !== null && $this->hasGroupUserFilter()) {
$groups = $this->group->find(sprintf($this->getGroupUserFilter(), $userattr));
foreach ($groups as $group) {
$groupIds[] = $group->getExternalId();
@ -150,12 +155,11 @@ class User
protected function build()
{
$entry = $this->query->getEntries()->getFirstEntry();
$username = $entry->getFirstValue($this->getAttributeUsername());
$groupIds = $this->getGroups($entry, $username);
$groupIds = $this->getGroups($entry);
return new LdapUserProvider(
$entry->getDn(),
$username,
$entry->getFirstValue($this->getAttributeUsername()),
$entry->getFirstValue($this->getAttributeName()),
$entry->getFirstValue($this->getAttributeEmail()),
$this->getRole($groupIds),
@ -274,6 +278,17 @@ class User
return LDAP_GROUP_USER_FILTER;
}
/**
* Get LDAP Group User attribute
*
* @access public
* @return string
*/
public function getGroupUserAttribute()
{
return LDAP_GROUP_USER_ATTRIBUTE;
}
/**
* Return true if LDAP Group User filter is defined
*
@ -324,7 +339,7 @@ class User
* @access public
* @return string
*/
public function getBasDn()
public function getBaseDn()
{
if (! LDAP_USER_BASE_DN) {
throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN');

1
app/constants.php
View File

@ -89,6 +89,7 @@ defined('LDAP_GROUP_PROVIDER') or define('LDAP_GROUP_PROVIDER', strtolower(geten
defined('LDAP_GROUP_BASE_DN') or define('LDAP_GROUP_BASE_DN', getenv('LDAP_GROUP_BASE_DN') ?: '');
defined('LDAP_GROUP_FILTER') or define('LDAP_GROUP_FILTER', getenv('LDAP_GROUP_FILTER') ?: '');
defined('LDAP_GROUP_USER_FILTER') or define('LDAP_GROUP_USER_FILTER', getenv('LDAP_GROUP_USER_FILTER') ?: '');
defined('LDAP_GROUP_USER_ATTRIBUTE') or define('LDAP_GROUP_USER_ATTRIBUTE', getenv('LDAP_GROUP_USER_ATTRIBUTE') ?: 'username');
defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', getenv('LDAP_GROUP_ATTRIBUTE_NAME') ?: 'cn');
// Proxy authentication

4
config.default.php
View File

@ -184,6 +184,10 @@ define('LDAP_GROUP_FILTER', '');
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', '');
// LDAP attribute for the user in the group filter
// 'username' or 'dn'
define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
// LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

8
tests/units/Core/Ldap/LdapGroupTest.php
View File

@ -37,7 +37,7 @@ class LdapGroupTest extends Base
->setConstructorArgs(array($this->query))
->setMethods(array(
'getAttributeName',
'getBasDn',
'getBaseDn',
))
->getMock();
}
@ -96,7 +96,7 @@ class LdapGroupTest extends Base
$this->group
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('CN=Users,DC=kanboard,DC=local'));
$groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))');
@ -142,7 +142,7 @@ class LdapGroupTest extends Base
$this->group
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('CN=Users,DC=kanboard,DC=local'));
$groups = $this->group->find('(&(objectClass=group)(sAMAccountName=Kanboard*))');
@ -154,6 +154,6 @@ class LdapGroupTest extends Base
$this->expectException('\LogicException');
$group = new Group($this->query);
$group->getBasDn();
$group->getBaseDn();
}
}

20
tests/units/Core/Ldap/LdapUserTest.php
View File

@ -56,7 +56,7 @@ class LdapUserTest extends Base
'getGroupUserFilter',
'getGroupAdminDn',
'getGroupManagerDn',
'getBasDn',
'getBaseDn',
))
->getMock();
}
@ -127,7 +127,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)');
@ -202,7 +202,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)');
@ -293,7 +293,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)');
@ -396,7 +396,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)');
@ -451,7 +451,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('ou=People,dc=kanboard,dc=local'));
$user = $this->user->find('(uid=my_ldap_user)');
@ -543,7 +543,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group
@ -649,7 +649,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group
@ -760,7 +760,7 @@ class LdapUserTest extends Base
$this->user
->expects($this->any())
->method('getBasDn')
->method('getBaseDn')
->will($this->returnValue('OU=Users,DC=kanboard,DC=local'));
$this->group
@ -790,7 +790,7 @@ class LdapUserTest extends Base
$this->expectException('\LogicException');
$user = new User($this->query);
$user->getBasDn();
$user->getBaseDn();
}
public function testGetLdapUserPatternNotConfigured()