fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TASK-237 Fix the login with AD users

Browse Source
This commit is contained in:
Brayan Pereyra
2025-09-22 22:29:47 +00:00
parent a777147d6f
commit 554b4ad14b
9 changed files with 926 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
gulliver/system/class.rbac.php
View File

@@ -2,6 +2,7 @@
use Illuminate\Support\Facades\Log;
use ProcessMaker\Exception\RBACException;
use ProcessMaker\Model\RbacAuthenticationSource;
class RBAC
{
@@ -272,11 +273,6 @@ class RBAC
}
}
}
if (!in_array('ldapAdvanced', $this->aRbacPlugins)) {
if (class_exists('ldapAdvanced')) {
$this->aRbacPlugins[] = 'ldapAdvanced';
}
}
}
/**
@@ -895,43 +891,33 @@ class RBAC
*/
public function checkAutomaticRegister($strUser, $strPass)
{
$result = -1; //default return value,
foreach ($this->aRbacPlugins as $className) {
$plugin = new $className();
if (method_exists($plugin, 'automaticRegister')) {
$criteria = new Criteria('rbac');
$criteria->add(AuthenticationSourcePeer::AUTH_SOURCE_PROVIDER, $className);
$criteria->addAscendingOrderByColumn(AuthenticationSourcePeer::AUTH_SOURCE_NAME);
$dataset = AuthenticationSourcePeer::doSelectRS($criteria, Propel::getDbConnection('rbac_ro'));
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next();
$row = $dataset->getRow();
while (is_array($row)) {
$row = array_merge($row, unserialize($row['AUTH_SOURCE_DATA']));
//Check if this authsource is enabled for AutoRegister, if not skip this
if ($row['AUTH_SOURCE_AUTO_REGISTER'] == 1) {
$plugin->sAuthSource = $row['AUTH_SOURCE_UID'];
$plugin->sSystem = $this->sSystem;
//search the usersRolesObj
//create the users in ProcessMaker
try {
$res = $plugin->automaticRegister($row, $strUser, $strPass);
if ($res == 1) {
return $res;
}
} catch (Exception $e) {
$message = $e->getMessage();
$context = [
'action' => 'ldapSynchronize',
'authSource' => $row
];
Log::channel(':ldapSynchronize')->error($message, Bootstrap::context($context));
$result = -1;
$filters = array(
'fields' => ['*'],
'start' => 0,
'limit'=> 1000
);
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceReturn = $rbacAuthenticationSource->show($filters);
if (!empty($authSourceReturn['data'])) {
foreach ($authSourceReturn['data'] as $authSource) {
$authSource['AUTH_SOURCE_DATA'] = json_decode($authSource['AUTH_SOURCE_DATA'], true);
if ((int)$authSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_AUTO_REGISTER'] == 1) {
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $authSource['AUTH_SOURCE_UID'];
try {
$res = $ldapSource->automaticRegister($authSource, $strUser, $strPass);
if ($res == 1) {
return $res;
}
} catch (Exception $e) {
$message = $e->getMessage();
$context = [
'action' => 'ldapSynchronize',
'authSource' => $authSource
];
Log::channel(':ldapSynchronize')->error($message, Bootstrap::context($context));
}
$dataset->next();
$row = $dataset->getRow();
}
}
}
@@ -965,26 +951,16 @@ class RBAC
}
}
foreach ($this->aRbacPlugins as $className) {
if (strtolower($className) === strtolower($authType)) {
$plugin = new $className();
$reflectionClass = new ReflectionClass($plugin);
if ($reflectionClass->hasConstant('AUTH_TYPE')) {
return $plugin->VerifyLogin($userFields['USR_USERNAME'], $strPass);
}
$plugin->sAuthSource = $userFields['UID_AUTH_SOURCE'];
$plugin->sSystem = $this->sSystem;
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $userFields['UID_AUTH_SOURCE'];
$bValidUser = $ldapSource->VerifyLogin($userFields['USR_AUTH_USER_DN'], $strPass);
$bValidUser = $plugin->VerifyLogin($userFields['USR_AUTH_USER_DN'], $strPass);
if ($bValidUser === true) {
return ($userFields['USR_UID']);
} else {
return -2; //wrong password
}
}
if ($bValidUser === true) {
return ($userFields['USR_UID']);
} else {
return -2; //wrong password
}
return -5; //invalid authentication source
//return -5; //invalid authentication source
}
/**