TASK-237 Fix the login with AD users

2025-09-22 22:29:47 +00:00
parent a777147d6f
commit 554b4ad14b
9 changed files with 926 additions and 65 deletions
--- a/workflow/engine/classes/AuthSources.php
+++ b/workflow/engine/classes/AuthSources.php
@@ -218,9 +218,9 @@ class AuthSources
     */
    public function testConnection($authSourceData) {
        try {
+            $authSourceData = $this->verifyEditAuthSourceData($authSourceData);
            $ldapSource = new LdapSource();
            $authSourceConnectionData = $ldapSource->ldapConnection($authSourceData);
-            $connectionEstablished = isset($authSourceConnectionData['connection']) && $authSourceConnectionData['connection'];

            $response = ['success' => true, 'status' => 'OK'];
            if ($authSourceConnectionData['startTLS'] === false) {
@@ -253,6 +253,7 @@ class AuthSources
        try {
            $ldapSource = new LdapSource();
            $authSourceData['AUTH_SOURCE_VERSION'] = 3;
+            $authSourceData = $this->verifyEditAuthSourceData($authSourceData);
            $ldapConnection = $ldapSource->ldapConnection($authSourceData);

            if (!isset($ldapConnection['connection']) || !$ldapConnection['connection']) {
@@ -409,7 +410,6 @@ class AuthSources
                }

                $sUserUID = $RBAC->createUser($aData, $usrRole, $authSourceReturn['AUTH_SOURCE_NAME']);
-
                // Set USR_STATUS for User model (string format)
                $aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? $aUser['USR_STATUS'] : 'ACTIVE';
                $aData['USR_UID'] = $sUserUID;
@@ -776,6 +776,29 @@ class AuthSources
            return ['success' => false, 'message' => $exception->getMessage()];
        }
    }
+
+    private function verifyEditAuthSourceData($authSourceData) {
+        try {
+            if (!empty($authSourceData['AUTH_SOURCE_UID'])) {
+                if (empty($authSourceData['AUTH_SOURCE_PASSWORD'])) {
+                    $filters = [
+                        'fields' => ['AUTH_SOURCE_PASSWORD'],
+                        'conditions' => ['AUTH_SOURCE_UID'=> $authSourceData['AUTH_SOURCE_UID']]
+                    ];
+                    $rbacAuthenticationSource = new RbacAuthenticationSource();
+                    $authSourceReturn = $rbacAuthenticationSource->show($filters);
+
+                    if (!empty($authSourceReturn['data']) && !empty($authSourceReturn['data'][0]['AUTH_SOURCE_PASSWORD'])) {
+                        $authSourceData['AUTH_SOURCE_PASSWORD'] = G::decrypt($authSourceReturn['data'][0]['AUTH_SOURCE_PASSWORD'], URL_KEY);
+                    }
+                }
+            }
+            return $authSourceData;
+        } catch (Exception $exception) {
+            return [];
+        }
+    }
+
    /**
     * Filters and organizes departments based on parent-child relationships
     * 
@@ -969,7 +992,7 @@ class AuthSources
            $groupwf = new Groupwf();
            $filters = [
                'start' => 0, 'limit' => 100000,
-                'conditions' => ['GRP_LDAP_DN' => ['!=', '']]
+                'conditions' => ['GRP_LDAP_DN', '!=', '']
            ];
            $allGroups = $groupwf->show($filters);
            return $allGroups['data'] ?? [];