From 92175eb700fd70d73b8bcd8740f10305ac9c8711 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 14 Jul 2016 23:49:32 -0700 Subject: [PATCH] Few more LDAP/AD tweaks --- app/Http/Controllers/Auth/AuthController.php | 9 ++- app/Http/Controllers/UsersController.php | 1 - app/Models/Ldap.php | 61 +++++++++++++++----- 3 files changed, 53 insertions(+), 18 deletions(-) diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php index 42e50e7ae6..db80a14448 100644 --- a/app/Http/Controllers/Auth/AuthController.php +++ b/app/Http/Controllers/Auth/AuthController.php @@ -126,10 +126,15 @@ class AuthController extends Controller LOG::debug("Local user ".Input::get('username')." exists in database. Authenticating existing user against LDAP."); - if (Ldap::findAndBindUserLdap($request->input('username'), $request->input('password'))) { + if ($ldap_user = Ldap::findAndBindUserLdap($request->input('username'), $request->input('password'))) { + $ldap_attr = Ldap::parseAndMapLdapAttributes($ldap_user); + LOG::debug("Valid LDAP login. Updating the local data."); - $user = User::find($user->id); //need the Sentry object, not the Eloquent object, to access critical password hashing functions + $user->password = bcrypt($request->input('password')); + $user->email = $ldap_attr['email']; + $user->first_name = $ldap_attr['firstname']; + $user->last_name = $ldap_attr['lastname']; $user->save(); } else { diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index fbac115dd7..f6abd9e9bf 100755 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -1209,7 +1209,6 @@ class UsersController extends Controller $user->password = bcrypt($pass); $user->activated = 1; $user->location_id = e($location_id); - $user->permissions = '{"user":1}'; $user->notes = 'Imported from LDAP'; $user->ldap_import = 1; diff --git a/app/Models/Ldap.php b/app/Models/Ldap.php index d71621f71d..3ac084a9d8 100644 --- a/app/Models/Ldap.php +++ b/app/Models/Ldap.php @@ -139,14 +139,16 @@ class Ldap extends Model } - /** - * Create user from LDAP attributes + * Parse and map LDAP attributes based on settings + * + * @author [A. Gianotto] [] + * @since [v3.0] * * @param $ldapatttibutes * @return array|bool */ - static function createUserFromLdap($ldapatttibutes) + static function parseAndMapLdapAttributes($ldapatttibutes) { //Get LDAP attribute config $ldap_result_username = Setting::getSettings()->ldap_username_field; @@ -163,22 +165,43 @@ class Ldap extends Model $item["firstname"] = isset($ldapatttibutes[$ldap_result_first_name][0]) ? $ldapatttibutes[$ldap_result_first_name][0] : ""; $item["email"] = isset($ldapatttibutes[$ldap_result_email][0]) ? $ldapatttibutes[$ldap_result_email][0] : "" ; + return $item; + + + } + + /** + * Create user from LDAP attributes + * + * @author [A. Gianotto] [] + * @since [v3.0] + * @param $ldapatttibutes + * @return array|bool + */ + static function createUserFromLdap($ldapatttibutes) + { + $item = Ldap::parseAndMapLdapAttributes($ldapatttibutes); + // Create user from LDAP data if (!empty($item["username"])) { - $newuser = new User; - $newuser->first_name = $item["firstname"]; - $newuser->last_name = $item["lastname"]; - $newuser->username = $item["username"]; - $newuser->email = $item["email"]; - $newuser->password = bcrypt(Input::get("password")); - $newuser->activated = 1; - $newuser->ldap_import = 1; - $newuser->notes = 'Imported on first login from LDAP'; - //dd($newuser); - if ($newuser->save()) { + + if (!$user) { + $user = new User; + } + + $user->first_name = $item["firstname"]; + $user->last_name = $item["lastname"]; + $user->username = $item["username"]; + $user->email = $item["email"]; + $user->password = bcrypt(Input::get("password")); + $user->activated = 1; + $user->ldap_import = 1; + $user->notes = 'Imported on first login from LDAP'; + + if ($user->save()) { return true; } else { - LOG::debug('Could not create user.'.$newuser->getErrors()); + LOG::debug('Could not create user.'.$user->getErrors()); exit; } } @@ -187,6 +210,14 @@ class Ldap extends Model } + /** + * Searches LDAP + * + * @author [A. Gianotto] [] + * @since [v3.0] + * @param $ldapatttibutes + * @return array|bool + */ static function findLdapUsers() { $ldapconn = Ldap::connectToLdap();