LDAP authentication hook

This commit is contained in:
Aladin Alaily
2015-08-14 14:29:32 -04:00
parent 286df911c0
commit 43efe4e80b
+74 -3
View File
@@ -18,6 +18,46 @@ class AuthController extends BaseController
return View::make('frontend.auth.signin');
}
/**
* Authenticates a user to LDAP
*
* @return true if the username and/or password provided are valid
* false if the username and/or password provided are invalid
*
*/
function ldap($username, $password) {
$ldaphost = Config::get('ldap.url');
$ldaprdn = Config::get('ldap.username');
$ldappass = Config::get('ldap.password');
$baseDn = Config::get('ldap.basedn');
$filterQuery = Config::get('ldap.authentication.filter.query') . $username;
// Connecting to LDAP
$connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
try {
if ($connection) {
// binding to ldap server
$ldapbind = ldap_bind($connection, $ldaprdn, $ldappass);
if ( ($results = @ldap_search($connection, $baseDn, $filterQuery)) !==false ) {
$entry = ldap_first_entry($connection, $results);
if ( ($userDn = @ldap_get_dn($connection, $entry)) !== false ) {
if( ($isBound = ldap_bind($connection, $userDn, $password)) == "true") {
return true;
}
}
}
}
} catch (Exception $e) {
LOG::error($e->getMessage());
}
ldap_close($connection);
return false;
}
/**
* Account sign in form processing.
*
@@ -41,9 +81,40 @@ class AuthController extends BaseController
}
try {
// Try to log the user in
Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0));
/**
* =================================================================
* Hack in LDAP authentication
*/
// Try to get the user from the database.
$user = (array) DB::table('users')->where('username', Input::get('username'))->first();
if ($user && strpos($user["notes"],'LDAP') !== false) {
LOG::debug("Authenticating user against LDAP.");
if( $this->ldap(Input::get('username'), Input::get('password')) ) {
LOG::debug("valid login");
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);
$user = Sentry::findUserByLogin( Input::get('username') );
$user->password = $pass;
$user->save();
$credentials = array(
'username' => Input::get('username'),
'password' => $pass,
);
Sentry::authenticate($credentials, Input::get('remember-me', 0));
}
else {
throw new Cartalyst\Sentry\Users\UserNotFoundException();
}
}
/* ============================================================== */
else {
LOG::debug("Authenticating user against database.");
// Try to log the user in
Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0));
}
// Get the page we were before
$redirect = Session::get('loginRedirect', 'account');