mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-11 05:04:27 +02:00
Code Issues Projects Releases Wiki Activity

add docs to LDAP, fix trailing spaces

Browse Source
This commit is contained in:
Milos Stojanovic
2020-10-26 08:45:58 +01:00
parent 12a83d07c1
commit 86e582efb8
3 changed files with 74 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -2,6 +2,8 @@
## Upcoming... ## Upcoming...
* New LDAP auth adapter (Thanks @ahaenggli)
## 7.4.5 - 2020-10-12 ## 7.4.5 - 2020-10-12
* New config: 'download_inline' #141 (download configured extensions inline in the browser) * New config: 'download_inline' #141 (download configured extensions inline in the browser)

68
backend/Services/Auth/Adapters/LDAP.php
View File

@@ -1,7 +1,7 @@
<?php <?php
/* /*
* This file is NOT (yet) part of the FileGator package. * This file is part of the FileGator package.
* *
* (c) Adriano Hänggli <https://github.com/ahaenggli> * (c) Adriano Hänggli <https://github.com/ahaenggli>
* *
@@ -26,9 +26,9 @@ class LDAP implements Service, AuthInterface
protected $ldap_bindDN; protected $ldap_bindDN;
protected $ldap_bindPass; protected $ldap_bindPass;
protected $ldap_baseDN; protected $ldap_baseDN;
protected $ldap_filter; protected $ldap_filter;
protected $ldap_userFieldMapping; protected $ldap_userFieldMapping;
public function __construct(Session $session) public function __construct(Session $session)
{ {
$this->session = $session; $this->session = $session;
@@ -39,23 +39,23 @@ class LDAP implements Service, AuthInterface
if(!isset($config['ldap_server']) || empty($config['ldap_server'])) if(!isset($config['ldap_server']) || empty($config['ldap_server']))
throw new \Exception('config ldap_server missing'); throw new \Exception('config ldap_server missing');
if (!extension_loaded('ldap')) throw new \Exception('ldap extension missing'); if (!extension_loaded('ldap')) throw new \Exception('ldap extension missing');
if($connect=ldap_connect($config['ldap_server'])){ if($connect=ldap_connect($config['ldap_server'])){
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
$this->private_repos = $config['private_repos']; $this->private_repos = $config['private_repos'];
$this->ldap_server = $config['ldap_server']; $this->ldap_server = $config['ldap_server'];
$this->ldap_bindDN = $config['ldap_bindDN']; $this->ldap_bindDN = $config['ldap_bindDN'];
$this->ldap_bindPass = $config['ldap_bindPass']; $this->ldap_bindPass = $config['ldap_bindPass'];
$this->ldap_baseDN = $config['ldap_baseDN']; $this->ldap_baseDN = $config['ldap_baseDN'];
$this->ldap_filter = $config['ldap_filter']; $this->ldap_filter = $config['ldap_filter'];
$this->ldap_userFieldMapping = $config['ldap_userFieldMapping']; $this->ldap_userFieldMapping = $config['ldap_userFieldMapping'];
}else { }else {
@ldap_close($connect); @ldap_close($connect);
throw new \Exception('could not connect to domain'); throw new \Exception('could not connect to domain');
} }
@ldap_close($connect); @ldap_close($connect);
} }
public function user(): ?User public function user(): ?User
@@ -118,13 +118,13 @@ class LDAP implements Service, AuthInterface
{ {
$guest = $this->find(self::GUEST_USERNAME); $guest = $this->find(self::GUEST_USERNAME);
if (!$guest || !$guest->isGuest()) { if (!$guest || !$guest->isGuest()) {
$guest = new User(); $guest = new User();
$guest->setUsername('guest'); $guest->setUsername('guest');
$guest->setName('Guest'); $guest->setName('Guest');
$guest->setRole('guest'); $guest->setRole('guest');
$guest->setHomedir('/'); $guest->setHomedir('/');
$guest->setPermissions([]); $guest->setPermissions([]);
return $guest; return $guest;
} }
@@ -156,34 +156,34 @@ class LDAP implements Service, AuthInterface
protected function getUsers(): array protected function getUsers(): array
{ {
$ldapConn = @ldap_connect($this->ldap_server); $ldapConn = @ldap_connect($this->ldap_server);
if (!$ldapConn) throw new \Exception('Cannot Connect to LDAP server'); if (!$ldapConn) throw new \Exception('Cannot Connect to LDAP server');
@ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapBind = @ldap_bind($ldapConn, $this->ldap_bindDN,$this->ldap_bindPass); $ldapBind = @ldap_bind($ldapConn, $this->ldap_bindDN,$this->ldap_bindPass);
if (!$ldapBind) throw new \Exception('Cannot Bind to LDAP server: Wrong credentials?'); if (!$ldapBind) throw new \Exception('Cannot Bind to LDAP server: Wrong credentials?');
// search the LDAP server for users // search the LDAP server for users
$ldapSearch = @ldap_search($ldapConn, $this->ldap_baseDN, $this->ldap_filter, ['*']); $ldapSearch = @ldap_search($ldapConn, $this->ldap_baseDN, $this->ldap_filter, ['*']);
$ldapResults = @ldap_get_entries($ldapConn, $ldapSearch); $ldapResults = @ldap_get_entries($ldapConn, $ldapSearch);
@ldap_close($ldapConn); @ldap_close($ldapConn);
$users = []; $users = [];
for ($item = 0; $item < $ldapResults['count']; $item++) for ($item = 0; $item < $ldapResults['count']; $item++)
{ {
$user = []; $user = [];
$user['username'] = $ldapResults[$item][$this->ldap_userFieldMapping['username']][0]; $user['username'] = $ldapResults[$item][$this->ldap_userFieldMapping['username']][0];
$user['name'] = $ldapResults[$item][$this->ldap_userFieldMapping['name']][0]; $user['name'] = $ldapResults[$item][$this->ldap_userFieldMapping['name']][0];
$user['role'] = 'user'; $user['role'] = 'user';
$user['homedir'] = '/'; $user['homedir'] = '/';
$user['permissions']=$this->ldap_userFieldMapping['default_permissions']; $user['permissions']=$this->ldap_userFieldMapping['default_permissions'];
$user['userDN'] = $ldapResults[$item][$this->ldap_userFieldMapping['userDN']]; $user['userDN'] = $ldapResults[$item][$this->ldap_userFieldMapping['userDN']];
if(is_array($this->ldap_userFieldMapping['admin_usernames'])) if(is_array($this->ldap_userFieldMapping['admin_usernames']))
{ {
if(in_array($user['username'], $this->ldap_userFieldMapping['admin_usernames'])) $user['role'] = 'admin'; if(in_array($user['username'], $this->ldap_userFieldMapping['admin_usernames'])) $user['role'] = 'admin';
} }
// private repositories for each user? // private repositories for each user?
if ($this->private_repos) { if ($this->private_repos) {
$user->setHomedir('/'.$user['username']); $user->setHomedir('/'.$user['username']);
@@ -193,7 +193,7 @@ class LDAP implements Service, AuthInterface
if ($user['role'] == 'admin'){ if ($user['role'] == 'admin'){
$user['homedir'] = '/'; $user['homedir'] = '/';
$user['permissions'] = 'read|write|upload|download|batchdownload|zip'; $user['permissions'] = 'read|write|upload|download|batchdownload|zip';
} }
if(is_array($user) && !empty($user)) $users[] = $user; if(is_array($user) && !empty($user)) $users[] = $user;
} }
@@ -201,14 +201,14 @@ class LDAP implements Service, AuthInterface
} }
private function verifyPassword($auth_user, $password) private function verifyPassword($auth_user, $password)
{ {
if(!isset($this->ldap_server) || empty($this->ldap_server)) return false; if(!isset($this->ldap_server) || empty($this->ldap_server)) return false;
if(!extension_loaded('ldap')) return false; if(!extension_loaded('ldap')) return false;
if($connect=ldap_connect($this->ldap_server)) if($connect=ldap_connect($this->ldap_server))
{ {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
if($bind=ldap_bind($connect, $auth_user, $password)){ if($bind=ldap_bind($connect, $auth_user, $password)){
@ldap_close($connect); @ldap_close($connect);
return true; return true;
} else { } else {
@@ -216,8 +216,8 @@ class LDAP implements Service, AuthInterface
return false; return false;
} }
} }
@ldap_close($connect); @ldap_close($connect);
return false; return false;
} }
} }

38
docs/configuration/auth.md
View File

@@ -86,6 +86,44 @@ Note: With more recent versions of FileGator you can set `guest_redirection` in
] ]
``` ```
## Configuring Auth service to use LDAP
Replace your current Auth handler in `configuration.php` file like this:
```
'Filegator\Services\Auth\AuthInterface' => [
'handler' => '\Filegator\Services\Auth\Adapters\LDAP',
'config' => [
'private_repos' => false,
'ldap_server'=>'ldap://192.168.1.1',
'ldap_bindDN'=>'uid=ldapbinduser,cn=users,dc=ldap,dc=example,dc=com',
'ldap_bindPass'=>'ldapbinduser-password',
'ldap_baseDN'=>'cn=users,dc=ldap,dc=example,dc=com',
'ldap_filter'=>'(uid=*)', //ex: 'ldap_filter'=>'(&(uid=*)(memberOf=cn=administrators,cn=groups,dc=ldap,dc=example,dc=com))',
'ldap_userFieldMapping'=> [
'username' =>'uid',
'name' =>'cn',
'userDN' =>'dn',
'default_permissions' => 'read|write|upload|download|batchdownload|zip',
'admin_usernames' =>['user1', 'user2'],
],
],
],
```
Adjust in the config above:
- `wp_dir` should be the directory path of your wordpress installation
- `permissions` is the array of permissions given to each user
- `private_repos` each user will have its own sub folder, admin will see everything (false/true)
Note: With more recent versions of FileGator you can set `guest_redirection` in your `configuration.php` to redirect logged-out users back to your WP site:
```
'frontend_config' => [
...
'guest_redirection' => 'http://example.com/wp-admin/',
...
]
```
## Custom Authentication using 3rd party ## Custom Authentication using 3rd party
If you want to use FileGator as a part of another application, you probably already have users stored somewhere else. What you need in this case is to build a new custom Auth adapter that matches the [AuthInterface](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/AuthInterface.php) to connect those two. This new adapter will try to authenticate users in your application and translate each user into filegator [User](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/User.php) object. If you want to use FileGator as a part of another application, you probably already have users stored somewhere else. What you need in this case is to build a new custom Auth adapter that matches the [AuthInterface](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/AuthInterface.php) to connect those two. This new adapter will try to authenticate users in your application and translate each user into filegator [User](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/User.php) object.