mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-06 17:06:46 +02:00
Code Issues Projects Releases Wiki Activity

fix #257 and add optional domain handling (#258)

Browse Source 
* fix #257 and add optional domain handling

* format code and add to doc
This commit is contained in:
ahaenggli
2021-08-23 09:03:08 +02:00
committed by GitHub
parent 006c953b4b
commit d45346809f
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
backend/Services/Auth/Adapters/LDAP.php
View File

@@ -70,6 +70,22 @@ class LDAP implements Service, AuthInterface
public function authenticate($username, $password): bool public function authenticate($username, $password): bool
{ {
// prevent anonymous binding
if(!isset($password) || empty($password)) return false;
if(!isset($username) || empty($username)) return false;
// remove (optional) domains from the username
if(!empty($this->ldap_userFieldMapping['username_RemoveDomains']) && is_array($this->ldap_userFieldMapping['username_RemoveDomains'])) {
$username = str_replace($this->ldap_userFieldMapping['username_RemoveDomains'], '', $username);
}
// add the domain to the username
if(!empty($this->ldap_userFieldMapping['username_AddDomain'])) {
if(strpos($username, $this->ldap_userFieldMapping['username_AddDomain']) === false) {
$username .= $this->ldap_userFieldMapping['username_AddDomain'];
}
}
$all_users = $this->getUsers(); $all_users = $this->getUsers();
foreach ($all_users as &$u) { foreach ($all_users as &$u) {
@@ -184,6 +200,11 @@ class LDAP implements Service, AuthInterface
$user['permissions']=$this->ldap_userFieldMapping['default_permissions']; $user['permissions']=$this->ldap_userFieldMapping['default_permissions'];
$user['userDN'] = $ldapResults[$item][$this->ldap_userFieldMapping['userDN']]; $user['userDN'] = $ldapResults[$item][$this->ldap_userFieldMapping['userDN']];
if(!empty($this->ldap_userFieldMapping['username_AddDomain'])){
if(strpos($user['username'], $this->ldap_userFieldMapping['username_AddDomain']) === false)
$user['username'] .= $this->ldap_userFieldMapping['username_AddDomain'];
}
if(is_array($this->ldap_userFieldMapping['admin_usernames'])) if(is_array($this->ldap_userFieldMapping['admin_usernames']))
{ {
if(in_array($user['username'], $this->ldap_userFieldMapping['admin_usernames'])) $user['role'] = 'admin'; if(in_array($user['username'], $this->ldap_userFieldMapping['admin_usernames'])) $user['role'] = 'admin';
@@ -202,6 +223,7 @@ class LDAP implements Service, AuthInterface
if(is_array($user) && !empty($user)) $users[] = $user; if(is_array($user) && !empty($user)) $users[] = $user;
} }
// print_r($users); // uncomment this line to see all available ldap-login-users
return is_array($users) ? $users : []; return is_array($users) ? $users : [];
} }

2
docs/configuration/auth.md
View File

@@ -103,6 +103,8 @@ Replace your current Auth handler in `configuration.php` file like this:
'ldap_attributes' => ["uid","cn","dn"], 'ldap_attributes' => ["uid","cn","dn"],
'ldap_userFieldMapping'=> [ 'ldap_userFieldMapping'=> [
'username' =>'uid', 'username' =>'uid',
'username_AddDomain' =>'@example.com',
'username_RemoveDomains' =>['@department1.example.com', '@department2.example.com'],
'name' =>'cn', 'name' =>'cn',
'userDN' =>'dn', 'userDN' =>'dn',
'default_permissions' => 'read|write|upload|download|batchdownload|zip', 'default_permissions' => 'read|write|upload|download|batchdownload|zip',