TASK-237 Fix the login with AD users
This commit is contained in:
Brayan Pereyra
@@ -2,6 +2,7 @@
|
||||
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use ProcessMaker\Exception\RBACException;
|
||||
use ProcessMaker\Model\RbacAuthenticationSource;
|
||||
|
||||
class RBAC
|
||||
{
|
||||
@@ -272,11 +273,6 @@ class RBAC
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!in_array('ldapAdvanced', $this->aRbacPlugins)) {
|
||||
if (class_exists('ldapAdvanced')) {
|
||||
$this->aRbacPlugins[] = 'ldapAdvanced';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -895,43 +891,33 @@ class RBAC
|
||||
*/
|
||||
public function checkAutomaticRegister($strUser, $strPass)
|
||||
{
|
||||
$result = -1; //default return value,
|
||||
|
||||
foreach ($this->aRbacPlugins as $className) {
|
||||
$plugin = new $className();
|
||||
if (method_exists($plugin, 'automaticRegister')) {
|
||||
$criteria = new Criteria('rbac');
|
||||
$criteria->add(AuthenticationSourcePeer::AUTH_SOURCE_PROVIDER, $className);
|
||||
$criteria->addAscendingOrderByColumn(AuthenticationSourcePeer::AUTH_SOURCE_NAME);
|
||||
$dataset = AuthenticationSourcePeer::doSelectRS($criteria, Propel::getDbConnection('rbac_ro'));
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$dataset->next();
|
||||
$row = $dataset->getRow();
|
||||
while (is_array($row)) {
|
||||
$row = array_merge($row, unserialize($row['AUTH_SOURCE_DATA']));
|
||||
//Check if this authsource is enabled for AutoRegister, if not skip this
|
||||
if ($row['AUTH_SOURCE_AUTO_REGISTER'] == 1) {
|
||||
$plugin->sAuthSource = $row['AUTH_SOURCE_UID'];
|
||||
$plugin->sSystem = $this->sSystem;
|
||||
//search the usersRolesObj
|
||||
//create the users in ProcessMaker
|
||||
try {
|
||||
$res = $plugin->automaticRegister($row, $strUser, $strPass);
|
||||
if ($res == 1) {
|
||||
return $res;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$message = $e->getMessage();
|
||||
$context = [
|
||||
'action' => 'ldapSynchronize',
|
||||
'authSource' => $row
|
||||
];
|
||||
Log::channel(':ldapSynchronize')->error($message, Bootstrap::context($context));
|
||||
$result = -1;
|
||||
$filters = array(
|
||||
'fields' => ['*'],
|
||||
'start' => 0,
|
||||
'limit'=> 1000
|
||||
);
|
||||
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
||||
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
||||
if (!empty($authSourceReturn['data'])) {
|
||||
foreach ($authSourceReturn['data'] as $authSource) {
|
||||
$authSource['AUTH_SOURCE_DATA'] = json_decode($authSource['AUTH_SOURCE_DATA'], true);
|
||||
if ((int)$authSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_AUTO_REGISTER'] == 1) {
|
||||
$ldapSource = new LdapSource();
|
||||
$ldapSource->authSourceUid = $authSource['AUTH_SOURCE_UID'];
|
||||
try {
|
||||
$res = $ldapSource->automaticRegister($authSource, $strUser, $strPass);
|
||||
if ($res == 1) {
|
||||
return $res;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$message = $e->getMessage();
|
||||
$context = [
|
||||
'action' => 'ldapSynchronize',
|
||||
'authSource' => $authSource
|
||||
];
|
||||
Log::channel(':ldapSynchronize')->error($message, Bootstrap::context($context));
|
||||
}
|
||||
|
||||
$dataset->next();
|
||||
$row = $dataset->getRow();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -965,26 +951,16 @@ class RBAC
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($this->aRbacPlugins as $className) {
|
||||
if (strtolower($className) === strtolower($authType)) {
|
||||
$plugin = new $className();
|
||||
$reflectionClass = new ReflectionClass($plugin);
|
||||
if ($reflectionClass->hasConstant('AUTH_TYPE')) {
|
||||
return $plugin->VerifyLogin($userFields['USR_USERNAME'], $strPass);
|
||||
}
|
||||
$plugin->sAuthSource = $userFields['UID_AUTH_SOURCE'];
|
||||
$plugin->sSystem = $this->sSystem;
|
||||
$ldapSource = new LdapSource();
|
||||
$ldapSource->authSourceUid = $userFields['UID_AUTH_SOURCE'];
|
||||
$bValidUser = $ldapSource->VerifyLogin($userFields['USR_AUTH_USER_DN'], $strPass);
|
||||
|
||||
$bValidUser = $plugin->VerifyLogin($userFields['USR_AUTH_USER_DN'], $strPass);
|
||||
if ($bValidUser === true) {
|
||||
return ($userFields['USR_UID']);
|
||||
} else {
|
||||
return -2; //wrong password
|
||||
}
|
||||
}
|
||||
if ($bValidUser === true) {
|
||||
return ($userFields['USR_UID']);
|
||||
} else {
|
||||
return -2; //wrong password
|
||||
}
|
||||
|
||||
return -5; //invalid authentication source
|
||||
//return -5; //invalid authentication source
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -218,9 +218,9 @@ class AuthSources
|
||||
*/
|
||||
public function testConnection($authSourceData) {
|
||||
try {
|
||||
$authSourceData = $this->verifyEditAuthSourceData($authSourceData);
|
||||
$ldapSource = new LdapSource();
|
||||
$authSourceConnectionData = $ldapSource->ldapConnection($authSourceData);
|
||||
$connectionEstablished = isset($authSourceConnectionData['connection']) && $authSourceConnectionData['connection'];
|
||||
|
||||
$response = ['success' => true, 'status' => 'OK'];
|
||||
if ($authSourceConnectionData['startTLS'] === false) {
|
||||
@@ -253,6 +253,7 @@ class AuthSources
|
||||
try {
|
||||
$ldapSource = new LdapSource();
|
||||
$authSourceData['AUTH_SOURCE_VERSION'] = 3;
|
||||
$authSourceData = $this->verifyEditAuthSourceData($authSourceData);
|
||||
$ldapConnection = $ldapSource->ldapConnection($authSourceData);
|
||||
|
||||
if (!isset($ldapConnection['connection']) || !$ldapConnection['connection']) {
|
||||
@@ -409,7 +410,6 @@ class AuthSources
|
||||
}
|
||||
|
||||
$sUserUID = $RBAC->createUser($aData, $usrRole, $authSourceReturn['AUTH_SOURCE_NAME']);
|
||||
|
||||
// Set USR_STATUS for User model (string format)
|
||||
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? $aUser['USR_STATUS'] : 'ACTIVE';
|
||||
$aData['USR_UID'] = $sUserUID;
|
||||
@@ -776,6 +776,29 @@ class AuthSources
|
||||
return ['success' => false, 'message' => $exception->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
private function verifyEditAuthSourceData($authSourceData) {
|
||||
try {
|
||||
if (!empty($authSourceData['AUTH_SOURCE_UID'])) {
|
||||
if (empty($authSourceData['AUTH_SOURCE_PASSWORD'])) {
|
||||
$filters = [
|
||||
'fields' => ['AUTH_SOURCE_PASSWORD'],
|
||||
'conditions' => ['AUTH_SOURCE_UID'=> $authSourceData['AUTH_SOURCE_UID']]
|
||||
];
|
||||
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
||||
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
||||
|
||||
if (!empty($authSourceReturn['data']) && !empty($authSourceReturn['data'][0]['AUTH_SOURCE_PASSWORD'])) {
|
||||
$authSourceData['AUTH_SOURCE_PASSWORD'] = G::decrypt($authSourceReturn['data'][0]['AUTH_SOURCE_PASSWORD'], URL_KEY);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $authSourceData;
|
||||
} catch (Exception $exception) {
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters and organizes departments based on parent-child relationships
|
||||
*
|
||||
@@ -969,7 +992,7 @@ class AuthSources
|
||||
$groupwf = new Groupwf();
|
||||
$filters = [
|
||||
'start' => 0, 'limit' => 100000,
|
||||
'conditions' => ['GRP_LDAP_DN' => ['!=', '']]
|
||||
'conditions' => ['GRP_LDAP_DN', '!=', '']
|
||||
];
|
||||
$allGroups = $groupwf->show($filters);
|
||||
return $allGroups['data'] ?? [];
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -280,6 +280,10 @@
|
||||
required
|
||||
};
|
||||
}
|
||||
if (this.flagEdit === true) {
|
||||
fields.form.password = {
|
||||
};
|
||||
}
|
||||
return fields;
|
||||
},
|
||||
data() {
|
||||
@@ -376,6 +380,7 @@
|
||||
},
|
||||
load(obj) {
|
||||
this.form = obj;
|
||||
this.flagEdit = true
|
||||
},
|
||||
test(form) {
|
||||
let formDataForName = new FormData();
|
||||
|
||||
@@ -15,6 +15,42 @@ class RbacUsers extends Model
|
||||
protected $table = 'RBAC_USERS';
|
||||
public $timestamps = false;
|
||||
|
||||
public function show($filters = array())
|
||||
{
|
||||
try {
|
||||
$query = static::query();
|
||||
|
||||
if (is_array($filters['fields'])) {
|
||||
$query->select($filters['fields']);
|
||||
}
|
||||
|
||||
if (is_array($filters['conditions'])) {
|
||||
$query->where($filters['conditions']);
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
|
||||
if (is_array($filters['start']) || is_array($filters['limit'])) {
|
||||
$start = $filters['start'] ?? 0;
|
||||
$limit = $filters['limit'] ?? 25;
|
||||
$query->offset($start)->limit($limit);
|
||||
}
|
||||
|
||||
if (is_array($filters['orderBy'])) {
|
||||
$query->orderBy($filters['orderBy'][0], $filters['orderBy'][1] ?? 'asc');
|
||||
}
|
||||
|
||||
$data =$query->get()->toArray();
|
||||
$result = [
|
||||
'total' => $total,
|
||||
'data' => $data
|
||||
];
|
||||
return $result;
|
||||
} catch (Exception $exception) {
|
||||
return $exception->getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a new user
|
||||
*
|
||||
@@ -49,6 +85,17 @@ class RbacUsers extends Model
|
||||
return $data;
|
||||
}
|
||||
|
||||
public static function updateData($userData, $conditions = [])
|
||||
{
|
||||
try {
|
||||
$responseSave = self::where($conditions)
|
||||
->update($userData);
|
||||
return $responseSave;
|
||||
} catch (Exception $exception) {
|
||||
return $exception->getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify if username exists
|
||||
*
|
||||
|
||||
@@ -1 +1 @@
|
||||
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/lib/authenticationSources/favicon.ico"><title>authenticationSources</title><script src="/js/ext/translation.en.js"></script><script>var pageSize=10;</script><link href="/lib/authenticationSources/css/app.a1f82e8b.css" rel="preload" as="style"><link href="/lib/authenticationSources/css/chunk-vendors.26dc108e.css" rel="preload" as="style"><link href="/lib/authenticationSources/js/app.09d204f4.js" rel="preload" as="script"><link href="/lib/authenticationSources/js/chunk-vendors.9b74053c.js" rel="preload" as="script"><link href="/lib/authenticationSources/css/chunk-vendors.26dc108e.css" rel="stylesheet"><link href="/lib/authenticationSources/css/app.a1f82e8b.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but authenticationSources doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="/lib/authenticationSources/js/chunk-vendors.9b74053c.js"></script><script src="/lib/authenticationSources/js/app.09d204f4.js"></script></body></html>
|
||||
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/lib/authenticationSources/favicon.ico"><title>authenticationSources</title><script src="/js/ext/translation.en.js"></script><script>var pageSize=10;</script><link href="/lib/authenticationSources/css/app.a1f82e8b.css" rel="preload" as="style"><link href="/lib/authenticationSources/css/chunk-vendors.26dc108e.css" rel="preload" as="style"><link href="/lib/authenticationSources/js/app.88f17c35.js" rel="preload" as="script"><link href="/lib/authenticationSources/js/chunk-vendors.9b74053c.js" rel="preload" as="script"><link href="/lib/authenticationSources/css/chunk-vendors.26dc108e.css" rel="stylesheet"><link href="/lib/authenticationSources/css/app.a1f82e8b.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but authenticationSources doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="/lib/authenticationSources/js/chunk-vendors.9b74053c.js"></script><script src="/lib/authenticationSources/js/app.88f17c35.js"></script></body></html>
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user