fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TASK-228 Encrypt the password for authentication sources

Browse Source
This commit is contained in:
Brayan Pereyra
2025-09-19 02:54:53 +00:00
parent 4de1190e02
commit a777147d6f
4 changed files with 735 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
workflow/engine/methods/authSources/authSourcesProxy.php
View File

@@ -1,19 +1,41 @@
<?php
/**
* Authentication Sources Proxy
*
* This script serves as a proxy handler for authentication source operations.
* It processes various AJAX requests related to LDAP/Active Directory authentication
* sources management including listing, creating, updating, deleting, testing
* connections, and importing users/groups/departments.
*
* @author Lurana System
* @version 1.0
* @package Workflow Engine
* @subpackage Authentication Sources
*/
try {
// Validate that an action parameter was provided in the request
if (isset($_REQUEST['action']) === false) {
throw new Exception('No action was sent');
}
// Ensure user is authenticated before processing any requests
if (isset($_SESSION['USER_LOGGED']) === false) {
throw new Exception('There is no logged in user');
}
// Extract request parameters and initialize response structure
$action = $_REQUEST['action'];
$userUid = $_SESSION['USER_LOGGED'];
$responseProxy = ['success' => true];
// Process the requested action using a switch statement
switch ($action) {
/**
* Retrieve a paginated list of authentication sources
* Parameters: start, limit, textFilter, orderBy, ascending
*/
case 'authSourcesList':
$start = $_REQUEST['start'] ?? 0;
$limit = $_REQUEST['limit'] ?? 25;
@@ -24,6 +46,10 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->getListAuthSources($userUid, $start, $limit, $orderBy, $ascending, $filter);
break;
/**
* Delete an authentication source by its UID
* Required parameter: auth_uid
*/
case 'authSourcesDelete':
if (!isset($_REQUEST['auth_uid'])) {
throw new Exception('No auth source UID was sent');
@@ -32,16 +58,30 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->removeAuthSource($authSourceUid);
break;
/**
* Verify if an authentication source name is unique/available
* Required parameter: AUTH_SOURCE_NAME
*/
case 'authSourcesVerifyName':
if (empty($_REQUEST['AUTH_SOURCE_NAME'])) {
throw new Exception('No auth source UID was sent');
throw new Exception('No auth source name was sent');
}
$authSourceName = $_REQUEST['AUTH_SOURCE_NAME'];
$authSources = new AuthSources();
$responseProxy = $authSources->verifyAuthSourceName($authSourceName);
break;
/**
* Test connection to an authentication source (LDAP/AD)
* Required parameter: AUTH_ANONYMOUS
* If anonymous auth is enabled, clears username and password
*/
case 'authSourcesTestConnection':
if (isset($_REQUEST['AUTH_ANONYMOUS']) === false) {
throw new Exception('No auth anonymous was sent');
}
// Clear credentials if anonymous authentication is enabled
if ($_REQUEST['AUTH_ANONYMOUS'] == '1') {
$_REQUEST['AUTH_SOURCE_SEARCH_USER'] = '';
$_REQUEST['AUTH_SOURCE_PASSWORD'] = '';
@@ -53,12 +93,19 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->testConnection($authSourceData);
break;
/**
* Save (create or update) an authentication source configuration
* Processes form data, separates common fields from extra data,
* and handles grid attributes if enabled
*/
case 'authSourcesSave':
$temporalData = $_REQUEST;
// Process grid attributes if the show grid checkbox is enabled
if (isset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'])) {
if ($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'] == 'on') {
$temporalData['AUTH_SOURCE_SHOWGRID'] = 'on';
// Parse JSON grid attributes and convert to array format
$attributes = G::json_decode($temporalData['AUTH_SOURCE_GRID_TEXT']);
$con = 1;
foreach ($attributes as $value) {
@@ -69,20 +116,19 @@ try {
unset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox']);
}
// Clear credentials for anonymous authentication
if ($temporalData['AUTH_ANONYMOUS'] == '1') {
$temporalData['AUTH_SOURCE_SEARCH_USER'] = '';
$temporalData['AUTH_SOURCE_PASSWORD'] = '';
}
unset($temporalData['AUTH_SOURCE_GRID_TEXT']);
unset($temporalData['DELETE1']);
unset($temporalData['DELETE2']);
unset($temporalData['AUTH_SOURCE_ATTRIBUTE_IDS']);
unset($temporalData['AUTH_SOURCE_SHOWGRID_FLAG']);
unset($temporalData['AUTH_SOURCE_GRID_TEXT']);
// Define core authentication source fields
$commonFields = array('AUTH_SOURCE_UID', 'AUTH_SOURCE_NAME', 'AUTH_SOURCE_PROVIDER', 'AUTH_SOURCE_SERVER_NAME', 'AUTH_SOURCE_PORT', 'AUTH_SOURCE_ENABLED_TLS', 'AUTH_ANONYMOUS', 'AUTH_SOURCE_SEARCH_USER', 'AUTH_SOURCE_PASSWORD', 'AUTH_SOURCE_VERSION', 'AUTH_SOURCE_BASE_DN', 'AUTH_SOURCE_OBJECT_CLASSES', 'AUTH_SOURCE_ATTRIBUTES');
// Separate common fields from extra configuration data
$authSourceData = $authSourceExtraData = array();
foreach ($temporalData as $sField => $sValue) {
if (in_array($sField, $commonFields)) {
@@ -92,6 +138,7 @@ try {
}
}
// Remove grid attributes if grid display is disabled
if (!isset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']) || $authSourceExtraData['AUTH_SOURCE_SHOWGRID'] == 'off') {
unset($authSourceExtraData['AUTH_SOURCE_GRID_ATTRIBUTE']);
unset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']);
@@ -102,12 +149,18 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->saveAuthSource($authSourceData);
break;
/**
* Search for users in an authentication source for import
* Required parameter: sUID (auth source UID)
* Optional parameters: start, limit/pageSize, sKeyword
*/
case 'authSourcesImportSearchUsers':
if (!isset($_REQUEST['sUID'])) {
if (!isset($_POST['sUID'])) {
throw new Exception('No auth source UID was sent');
}
$authSourceUid = $_POST['sUID'];
// Set up search filters with default values
$filters = [
'start'=> $_POST['start'] ?? 0,
'limit'=> $_POST['limit'] ?? ($_POST['pageSize'] ?? 10),
@@ -117,6 +170,10 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->searchUsers($authSourceUid, $filters);
break;
/**
* Import selected users from an authentication source
* Required parameters: UsersImport (JSON), AUTH_SOURCE_UID
*/
case 'authSourcesImportUsers':
if (!isset($_REQUEST['UsersImport'])) {
throw new Exception('There are no users to import');
@@ -128,11 +185,16 @@ try {
$authSourceUid = $_REQUEST['AUTH_SOURCE_UID'];
$usersImport = $_REQUEST['UsersImport'];
// Decode JSON list of users to import
$usersImport = json_decode($usersImport, true);
$authSources = new AuthSources();
$responseProxy = $authSources->importUsers($authSourceUid, $usersImport);
break;
/**
* Load/search departments from an authentication source
* Required parameter: authUid (auth source UID)
*/
case 'authSourcesImportLoadDepartment':
if (!isset($_REQUEST['authUid'])) {
throw new Exception('No auth source UID was sent');
@@ -140,14 +202,22 @@ try {
$authSourceUid = $_REQUEST['authUid'];
$authSources = new AuthSources();
$responseProxy = $authSources->searchDepartaments($authSourceUid);
$responseProxy = $authSources->searchDepartments($authSourceUid);
break;
/**
* Save/import selected departments from an authentication source
* Required parameters: departmentsDN, authUid
*/
case 'authSourcesImportSaveDepartment':
$authSources = new AuthSources();
$departmentsDN = $_REQUEST['departmentsDN'];
$authSourceUid = $_REQUEST['authUid'];
$responseProxy = $authSources->saveDepartments($departmentsDN, $authSourceUid);
break;
/**
* Load/search groups from an authentication source
* Required parameter: authUid (auth source UID)
*/
case 'authSourcesImportLoadGroup':
if (!isset($_REQUEST['authUid'])) {
throw new Exception('No auth source UID was sent');
@@ -157,23 +227,31 @@ try {
$authSources = new AuthSources();
$responseProxy = $authSources->searchGroups($authSourceUid);
break;
/**
* Save/import selected groups from an authentication source
* Required parameters: groupsDN, authUid
*/
case 'authSourcesImportSaveGroup':
$authSources = new AuthSources();
$groupsDN = $_REQUEST['groupsDN'];
$authSourceUid = $_REQUEST['authUid'];
$responseProxy = $authSources->saveGroups($groupsDN, $authSourceUid);
break;
/**
* Handle invalid/unknown actions
*/
default:
throw new Exception('The action "' . $action . '" is not allowed');
break;
}
// Return successful response as JSON
header('Content-Type: application/json');
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
} catch (Exception $exception) {
// Handle any exceptions and return error response
$responseProxy['success'] = false;
$responseProxy['message'] = htmlentities($exception->getMessage(), ENT_QUOTES, 'UTF-8');
$responseProxy['message'] = 'An error occurred while processing your request: ';
$responseProxy['message'] .= htmlentities($exception->getMessage(), ENT_QUOTES, 'UTF-8');
header('Content-Type: application/json');
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
}