fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TASK-229 Validate all Endpoints for delete Old Ajax files

Browse Source
This commit is contained in:
Brayan Pereyra
2025-09-18 03:47:29 +00:00
parent 9ea66b21a1
commit a7fe9048bf
15 changed files with 937 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

445
workflow/engine/classes/AuthSources.php
View File

@@ -3,6 +3,10 @@
use ProcessMaker\Model\RbacAuthenticationSource;
use ProcessMaker\Model\RbacUsers;
use ProcessMaker\Model\Configuration;
use ProcessMaker\Model\GroupUser;
use ProcessMaker\Model\Groupwf;
use ProcessMaker\Model\User;
use ProcessMaker\Model\Department;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Cache;
@@ -92,7 +96,7 @@ class AuthSources
return ['success' => false, 'message' => $exception->getMessage()];
}
}
public function verifyAuthSourceName($authSourceName) {
try {
$row = false;
@@ -116,12 +120,12 @@ class AuthSources
//get suggest name
$pieces = explode( ' ', $name);
$last = array_pop($pieces);
$number = trim($last, "()");
$number = trim($last, '()');
if ("({$number})" === $last) {
$number = intval($number) + 1;
$suggestName = implode('', $pieces) . " ({$number})";
} else {
$suggestName = $name . " (1)";
$suggestName = $name . ' (1)';
}
}
}
@@ -138,7 +142,7 @@ class AuthSources
$response = ['success' => true, 'status' => 'OK'];
if ($authSourceConnectionData['startTLS'] === false) {
$response["message"] = G::LoadTranslation("ID_TLS_CERTIFICATE_IS_NOT_INSTALLED_IN_THE_SERVER");
$response['message'] = G::LoadTranslation('ID_TLS_CERTIFICATE_IS_NOT_INSTALLED_IN_THE_SERVER');
}
return $response;
} catch (Exception $exception) {
@@ -158,7 +162,7 @@ class AuthSources
);
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceData['AUTH_SOURCE_ID'] = $authSourceData['AUTH_SOURCE_ID'] ?? 'vacio';
$authSourceData['AUTH_SOURCE_UID'] = $authSourceData['AUTH_SOURCE_UID'] ?? '';
$authSourceData['AUTH_SOURCE_DATA'] = json_encode($authSourceData['AUTH_SOURCE_DATA']);
$saveDataResponse = $rbacAuthenticationSource->saveData($authSourceData);
return ['success' => true, 'saveData' => $saveDataResponse];
@@ -173,7 +177,7 @@ class AuthSources
$usersAuthSources = $rbacUsers->listUsersAuthSources();
foreach ($usersAuthSources['data'] as $row) {
$listUsers[strtolower($row["USR_USERNAME"])] = $row['UID_AUTH_SOURCE'];
$listUsers[strtolower($row['USR_USERNAME'])] = $row['UID_AUTH_SOURCE'];
}
$ldapSource = new LdapSource();
@@ -223,14 +227,14 @@ class AuthSources
$aUser = (array) $sUser;
$matches = array();
$aData = array();
$aData['USR_USERNAME'] = str_replace("*", "'", $aUser['sUsername']);
$aData["USR_PASSWORD"] = "00000000000000000000000000000000";
$aData['USR_USERNAME'] = str_replace('*', "'", $aUser['sUsername']);
$aData['USR_PASSWORD'] = '00000000000000000000000000000000';
// note added by gustavo gustavo-at-colosa.com
// asign the FirstName and LastName variables
// add replace to change D*Souza to D'Souza by krlos
$aData['USR_FIRSTNAME'] = str_replace("*", "'", $aUser['sFirstname']);
$aData['USR_FIRSTNAME'] = str_replace('*', "'", $aUser['sFirstname']);
$aData['USR_FIRSTNAME'] = ($aData['USR_FIRSTNAME'] == '') ? $aData['USR_USERNAME'] : $aData['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = str_replace("*", "'", $aUser['sLastname']);
$aData['USR_LASTNAME'] = str_replace('*', "'", $aUser['sLastname']);
$aData['USR_EMAIL'] = $aUser['sEmail'];
$aData['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
$aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
@@ -249,10 +253,10 @@ class AuthSources
$aUser['sDN'] = str_replace($match, $newMatch, $aUser['sDN']);
}
$aData['USR_AUTH_USER_DN'] = $aUser['sDN'];
$usrRole = 'LURANA_OPERATOR';
if (!empty($authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'])) {
//$usrRole = $authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'];
$usrRole = $authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'];
}
$sUserUID = $RBAC->createUser($aData, $usrRole, $authSourceReturn['AUTH_SOURCE_NAME']);
@@ -269,7 +273,7 @@ class AuthSources
if (count($aAttributes)) {
foreach ($aAttributes as $value) {
if (isset($aUser[$value['attributeUser']])) {
$aData[$value['attributeUser']] = str_replace("*", "'", $aUser[$value['attributeUser']]);
$aData[$value['attributeUser']] = str_replace('*', "'", $aUser[$value['attributeUser']]);
if ($value['attributeUser'] == 'USR_STATUS') {
$evalValue = $aData[$value['attributeUser']];
$statusValue = $aData['USR_STATUS'];
@@ -287,6 +291,408 @@ class AuthSources
}
}
public function searchGroups($authSourceUid) {
try {
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $authSourceUid;
$groupsLdap = $ldapSource->searchGroups();
$allGroupsLdap = [];
foreach ($groupsLdap as $group) {
$node = array();
$node['GRP_UID'] = $group['cn'];
$node['GRP_TITLE'] = $group['cn'];
$node['GRP_USERS'] = $group['users'];
$node['GRP_DN'] = $group['dn'];
$allGroupsLdap[] = $node;
}
$groupUser = new GroupUser();
$groupsNumberUsers = $groupUser->getNumberOfUsersByGroups();
$listGroupsNumberUsers = [];
foreach ($groupsNumberUsers['data'] as $group) {
$listGroupsNumberUsers[$group['GRP_UID']] = $group['NUM_REC'];
}
$groupwf = new Groupwf();
$groupsObjects = [];
foreach ($allGroupsLdap as $group) {
$groupObject = new TreeNodeAuthSource();
$groupObject->text = htmlentities($group['GRP_TITLE'], ENT_QUOTES, 'UTF-8');
$groupUid = $groupwf->getGroupWithDN($group['GRP_DN']);
if (!empty($groupUid[0]['GRP_UID'])) {
$groupUid = $groupUid[0]['GRP_UID'];
$groupObject->text .= ' (' . ($listGroupsNumberUsers[$groupUid] ?? 0) . ')';
$groupObject->checked = true;
} else {
$groupObject->checked = false;
}
$groupObject->id = urlencode($group['GRP_DN']);
$groupsObjects[] = $groupObject;
}
return $groupsObjects;
} catch (Exception $exception) {
return ['success' => false, 'message' => $exception->getMessage()];
}
}
public function searchDepartaments($authSourceUid) {
try {
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $authSourceUid;
$departments = $ldapSource->searchDepartments();
$departmentsObjects = array();
$user = new User();
$departmentsNumberUsers = $user->getNumberOfUsersByDepartments();
$listDepartmentsNumberUsers = [];
foreach ($departmentsNumberUsers['data'] as $group) {
$listDepartmentsNumberUsers[$group['DEP_UID']] = $group['NUM_REC'];
}
$departmentsObject = $this->getChildrenDepartments($departments, '', $listDepartmentsNumberUsers, $ldapSource->terminatedOu);
return $departmentsObject;
} catch (Exception $exception) {
return ['success' => false, 'message' => $exception->getMessage()];
}
}
public function saveGroups($groupsDN, $authSourceUid) {
$groupsToCheck = explode('|', $groupsDN);
$groupsToCheck = array_map('urldecode', $groupsToCheck);
$groupsToUncheck = $this->getGroupsToUncheck($groupsToCheck);
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceReturn = $rbacAuthenticationSource->show($filters);
$authenticationSourceData = $authSourceReturn['data'][0];
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $authSourceUid;
$groupwf = new Groupwf();
foreach ($groupsToCheck as $groupDN) {
$ous = $ldapSource->custom_ldap_explode_dn($groupDN);
$currentGroup = array_shift($ous);
$groupAux = explode('=', $currentGroup);
$groupTitle = isset($groupAux[1]) ? trim($groupAux[1]) : '';
$groupTitle = stripslashes($groupTitle);
if (empty($groupTitle)) {
continue;
}
$filters = array(
'fields' => ['GRP_UID'],
'conditions' => ['GRP_TITLE' => $groupTitle, 'GRP_STATUS' => 'ACTIVE']
);
$allGroups = $groupwf->show($filters);
$groupUid = $allGroups['data'][0]['GRP_UID'] ?? '';
if ($groupUid === '') {
$group = [
'GRP_TITLE' => $groupTitle,
'GRP_LDAP_DN' => $groupDN
];
} else {
$group = $allGroups['data'][0];
$group['GRP_LDAP_DN'] = $groupDN;
}
$groupwf->saveData($group);
}
if (count($groupsToUncheck) > 0) {
foreach ($groupsToUncheck as $groupDN) {
$ous = $ldapSource->custom_ldap_explode_dn($groupDN);
$currentGroup = array_shift($ous);
$groupAux = explode('=', $currentGroup);
$groupTitle = isset($groupAux[1]) ? trim($groupAux[1]) : '';
$groupTitle = stripslashes($groupTitle);
if (empty($groupTitle)) {
continue;
}
$filters = array(
'fields' => ['GRP_UID'],
'conditions' => ['GRP_TITLE' => $groupTitle, 'GRP_STATUS' => 'ACTIVE']
);
$allGroups = $groupwf->show($filters);
$groupUid = $allGroups['data'][0]['GRP_UID'] ?? '';
if ($groupUid != '') {
$group = $allGroups['data'][0];
$group['GRP_LDAP_DN'] = '';
$groupwf->saveData($group);
if (!isset($authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'])) {
$authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'] = [];
}
if (!in_array($groupUid, $authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'])) {
$authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'][] = $groupUid;
}
}
}
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_encode($authenticationSourceData['AUTH_SOURCE_DATA']);
$rbacAuthenticationSource->saveData($authenticationSourceData);
}
$responseSaveGroups = [
'status' => 'OK',
'success' => true
];
return $responseSaveGroups;
if ($ldapSource->checkDuplicateTitles()) {
$response->warning = G::LoadTranslation('ID_IT_WAS_IDENTIFIED_DUPLICATED_GROUPS_PLEASE_REMOVE_THESE_GROUPS');
}
}
public function saveDepartments($departmentsDN, $authSourceUid) {
$depsToCheck = ($departmentsDN != '') ? explode('|', $departmentsDN) : [];
$depsToCheck = array_map('urldecode', $depsToCheck);
$depsToUncheck = $this->getDepartmentsToUncheck($depsToCheck);
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceReturn = $rbacAuthenticationSource->show($filters);
$authenticationSourceData = $authSourceReturn['data'][0];
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
$ldapSource = new LdapSource();
$ldapSource->authSourceUid = $authSourceUid;
$department = new Department();
foreach ($depsToCheck as $departmentDn) {
$departmentUid = $department->getDepUidIfExistsDN($departmentDn);
$departmentUid = $departmentUid['data'][0]['DEP_UID'] ?? '';
if ($departmentUid == '') {
if (strcasecmp($departmentDn, $authenticationSourceData['AUTH_SOURCE_BASE_DN']) == 0) {
$departmentTitle = 'ROOT (' . $authenticationSourceData['AUTH_SOURCE_BASE_DN'] . ')';
$parentUid = '';
} else {
$ous = $ldapSource->custom_ldap_explode_dn($departmentDn);
$departmentCurrent = array_shift($ous);
$parentDn = implode(',', $ous);
$ous = explode('=', $departmentCurrent);
$departmentTitle = trim($ous[1]);
$parentUid = $department->getDepUidIfExistsDN($parentDn);
$parentUid = $parentUid['data'][0]['DEP_UID'] ?? '';
if (str_ireplace($authenticationSourceData['AUTH_SOURCE_BASE_DN'], '', $parentDn) != '' && $parentUid == '') {
$response = new stdClass();
$response->status = 'ERROR';
$response->message = G::LoadTranslation(
'ID_DEPARTMENT_CHECK_PARENT_DEPARTMENT',
[$parentDn, $departmentTitle]
);
echo json_encode($response);
exit(0);
}
}
$filters = array(
'conditions' => ['DEP_STATUS' => 'ACTIVE', 'DEP_TITLE' => $departmentTitle]
);
$allDepartments = $department->show($filters);
$departmentUid = $allDepartments['data'][0]['DEP_UID'] ?? '';
if (empty($departmentUid)) {
$data = [
'DEP_TITLE' => stripslashes($departmentTitle),
'DEP_PARENT' => $parentUid,
'DEP_LDAP_DN' => $departmentDn,
'DEP_REF_CODE' => ''
];
$saveDerpartment = $department->saveData($data);
if (empty($saveDerpartment)) {
$response = new stdClass();
$response->status = 'ERROR';
$response->message = G::LoadTranslation('ID_DEPARTMENT_ERROR_CREATE');
echo json_encode($response);
exit(0);
}
} else {
$data = $allDepartments['data'][0];
$data['DEP_LDAP_DN'] = $departmentDn;
$department->saveData($data);
}
}
}
if (count($depsToUncheck) > 0) {
$baseDnLength = strlen($authenticationSourceData['AUTH_SOURCE_BASE_DN']);
foreach ($depsToUncheck as $departmentDn) {
$departmentUid = $department->getDepUidIfExistsDN($departmentDn);
$departmentUid = $departmentUid['data'][0]['DEP_UID'] ?? '';
if ($departmentUid != '' &&
strcasecmp(
substr($departmentDn, strlen($departmentDn) - $baseDnLength),
$authenticationSourceData['AUTH_SOURCE_BASE_DN']
) == 0
) {
$filters = array(
'conditions' => ['DEP_UID' => $departmentUid]
);
$allDepartments = $department->show($filters);
$data = $allDepartments['data'][0] ?? [];
$data['DEP_LDAP_DN'] = '';
$department->saveData($data);
if (!isset($authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'])) {
$authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'] = [];
}
if (!in_array($departmentUid, $authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'])) {
$authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'][] = $departmentUid;
}
}
}
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_encode($authenticationSourceData['AUTH_SOURCE_DATA']);
$rbacAuthenticationSource->saveData($authenticationSourceData);
}
$responseSaveGroups = [
'status' => 'OK',
'success' => true
];
return $responseSaveGroups;
if ($ldapAdvanced->checkDuplicateDepartmentTitles()) {
$response->warning = G::LoadTranslation('ID_IT_WAS_IDENTIFIED_DUPLICATED_DEPARTMENTS_PLEASE_REMOVE_THESE_DEPARTMENTS');
}
}
private function getDepartments($departments, $parent, $terminatedOu)
{
$parentDepartments = $departments;
$childDepartments = $departments;
$currentDepartments = array();
foreach ($parentDepartments as $key => $val) {
if (strtolower($val['dn']) != strtolower($parent)) {
if ((strtolower($val['parent']) == strtolower($parent)) && (strtolower($val['ou']) != strtolower($terminatedOu))) {
$node = array();
$node['DEP_UID'] = $val['ou'];
$node['DEP_TITLE'] = $val['ou'];
$node['DEP_USERS'] = $val['users'];
$node['DEP_DN'] = $val['dn'];
$node['HAS_CHILDREN'] = false;
$departments[$key]['hasChildren'] = false;
foreach ($childDepartments as $key2 => $val2) {
if (strtolower($val2['parent']) == strtolower($val['dn'])) {
$node['HAS_CHILDREN'] = true;
$departments[$key]['hasChildren'] = true;
break;
}
}
$node['DEP_LAST'] = false;
$currentDepartments[] = $node;
}
}
}
if (isset($currentDepartments[count($currentDepartments) - 1])) {
$currentDepartments[count($currentDepartments) - 1]['DEP_LAST'] = true;
}
return $currentDepartments;
}
private function getChildrenDepartments($departments, $parent, $listDepartmentsNumberUsers, $terminatedOu) {
$allDepartments = $this->getDepartments($departments, $parent, $terminatedOu);
$department = new Department();
foreach ($allDepartments as $departmentData) {
$departmentObject = new TreeNodeAuthSource();
$departmentObject->text = htmlentities($departmentData['DEP_TITLE'], ENT_QUOTES, 'UTF-8');
$departmentDNData = $department->getDepUidIfExistsDN($departmentData['DEP_DN']);
$departmentUid = $departmentDNData['data'][0]['DEP_UID'] ?? '';
if ($departmentUid != '') {
$departmentObject->text .= ' (' . ($listDepartmentsNumberUsers[$departmentUid] ?? '') . ')';
$departmentObject->checked = true;
} else {
$departmentObject->checked = false;
}
if ($departmentData['HAS_CHILDREN'] == 1) {
$departmentObject->children = $this->getChildrenDepartments($departments, $departmentData['DEP_DN'], $listDepartmentsNumberUsers, $terminatedOu);
}
$departmentObject->id = urlencode($departmentData['DEP_DN']);
$departmentsObjects[] = $departmentObject;
}
return $departmentsObjects;
}
private function getDepartmentsToUncheck($depsToCheck)
{
$departament = new Department();
$departmentsWithDN = $departament->getDepartmentsWithDN();
$departmentsWithDN = $departmentsWithDN['data'];
$depsToUncheck = [];
foreach ($departmentsWithDN as $departmentWithDN) {
$found = false;
foreach ($depsToCheck as $depToCheck) {
if ($departmentWithDN['DEP_LDAP_DN'] == $depToCheck) {
$found = true;
}
}
if (!$found) {
$depsToUncheck[] = $departmentWithDN['DEP_LDAP_DN'];
}
}
return $depsToUncheck;
}
private function getGroupsToUncheck($groupsToCheck)
{
$groupsWithDN = $this->getGroupsWithDN();
$groupsToUncheck = array();
foreach ($groupsWithDN as $groupWithDN) {
$found = false;
foreach ($groupsToCheck as $groupToCheck) {
if ($groupWithDN['GRP_LDAP_DN'] == $groupToCheck) {
$found = true;
}
}
if (!$found) {
$groupsToUncheck[] = $groupWithDN['GRP_LDAP_DN'];
}
}
return $groupsToUncheck;
}
private function getGroupsWithDN()
{
$groupwf = new Groupwf();
$filters = array('start' => 0, 'limit' => 1000);
$allGroups = $groupwf->show($filters);
$allGroups = $allGroups['data'];
$groupsWithDN = array();
foreach ($allGroups as $group) {
if ($group['GRP_LDAP_DN'] != '') {
$groupsWithDN[] = $group;
}
}
return $groupsWithDN;
}
private static function encrypt($plaintext, $key) {
$cipher = 'AES-256-CBC';
$ivlen = openssl_cipher_iv_length($cipher);
@@ -299,7 +705,7 @@ class AuthSources
}
private static function decrypt($ciphertext_b64, $key) {
$cipher = "AES-256-CBC";
$cipher = 'AES-256-CBC';
$ivlen = openssl_cipher_iv_length($cipher);
$ciphertext = base64_decode($ciphertext_b64);
@@ -310,3 +716,14 @@ class AuthSources
return $plaintext;
}
}
class TreeNodeAuthSource extends stdclass
{
public $text = '';
public $cls = '';
public $leaf = false;
public $checked = false;
public $children = array();
public $id = '';
}

264
workflow/engine/classes/LdapSource.php
View File

@@ -1,6 +1,6 @@
<?php
use ProcessMaker\Model\RbacAuthenticationSource;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
@@ -15,6 +15,8 @@ use ProcessMaker\Model\Groupwf;
class LdapSource
{
public $authSourceUid;
public $ldapcnn = null;
public $terminatedOu;
private $arrayObjectClassFilter = [
"user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
@@ -76,6 +78,225 @@ class LdapSource
return ['connection' =>$ldapcnn, 'startTLS' => $resultLDAPStartTLS];
}
public function searchGroups() {
try {
$arrayGroup = [];
$rbac = RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->authSourceUid);
if (is_null($this->ldapcnn)) {
$ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
$this->ldapcnn = $ldapcnn['connection'];
}
$ldapcnn = $this->ldapcnn;
// Get Groups
$limit = $this->getPageSizeLimitByData($arrayAuthenticationSourceData);
$flagError = false;
$filter = '(' . $this->arrayObjectClassFilter['group'] . ')';
$this->log($ldapcnn, 'search groups with Filter: ' . $filter);
$cookie = '';
do {
$searchResult = @ldap_search(
$ldapcnn,
$arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
$filter,
['dn', 'cn'],
0,
-1,
-1,
LDAP_DEREF_NEVER,
[['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => $limit, 'cookie' => $cookie]]]
);
ldap_parse_result($ldapcnn, $searchResult, $errcode, $matcheddn, $errmsg, $referrals, $controls);
$this->stdLog($ldapcnn, "ldap_search", ["filter" => $filter, "attributes" => ['dn', 'cn']]);
$context = [
"baseDN" => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
"filter" => $filter,
"attributes" => ['dn', 'cn']
];
$this->stdLog($ldapcnn, "ldap_search", $context);
if ($error = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, 'Error in Search');
$flagError = true;
} else {
if ($searchResult) {
//Get groups from the ldap entries
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
$this->stdLog($ldapcnn, "ldap_count_entries");
if ($countEntries > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
$this->stdLog($ldapcnn, "ldap_first_entry");
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
if (isset($arrayEntryData['cn']) && !is_array($arrayEntryData['cn'])) {
$arrayGroup[] = [
'dn' => $arrayEntryData['dn'],
'cn' => trim($arrayEntryData['cn']),
'users' => 0,
];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
}
}
if (!$flagError) {
if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
// You need to pass the cookie from the last call to the next one
$cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
} else {
$cookie = '';
}
}
// Empty cookie means last page
} while (!empty($cookie) && !$flagError);
$str = '';
foreach ($arrayGroup as $group) {
$str .= ' ' . $group['cn'];
}
$this->log($ldapcnn, 'found ' . count($arrayGroup) . ' groups: ' . $str);
return $arrayGroup;
} catch (Exception $e) {
throw $e;
}
}
public function searchDepartments() {
try {
$arrayDepartment = [];
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $this->authSourceUid]];
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceReturn = $rbacAuthenticationSource->show($filters);
$authenticationSourceData = $authSourceReturn['data'][0];
if (is_null($this->ldapcnn)) {
$ldapcnn = $this->ldapConnection($authenticationSourceData);
$this->ldapcnn = $ldapcnn['connection'];
}
$this->terminatedOu = $attributes['AUTH_SOURCE_RETIRED_OU'] ?? '';
$ldapcnn = $this->ldapcnn;
//Get Departments
$limit = $this->getPageSizeLimitByData($authenticationSourceData);
$flagError = false;
$filter = '(' . $this->arrayObjectClassFilter['department'] . ')';
$this->log($ldapcnn, 'search Departments with Filter: ' . $filter);
$unitsBase = $this->custom_ldap_explode_dn($authenticationSourceData['AUTH_SOURCE_BASE_DN']);
$cookie = '';
do {
$searchResult = @ldap_search(
$ldapcnn,
$authenticationSourceData['AUTH_SOURCE_BASE_DN'],
$filter,
['dn', 'ou'],
0,
-1,
-1,
LDAP_DEREF_NEVER,
[['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => $limit, 'cookie' => $cookie]]]
);
ldap_parse_result($ldapcnn, $searchResult, $errcode, $matcheddn, $errmsg, $referrals, $controls);
$this->stdLog($ldapcnn, "ldap_search", ["filter" => $filter, "attributes" => ['dn', 'ou']]);
$context = [
"baseDN" => $authenticationSourceData['AUTH_SOURCE_BASE_DN'],
"filter" => $filter,
"attributes" => ['dn', 'ou']
];
$this->stdLog($ldapcnn, "ldap_search", $context);
if ($error = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, 'Error in Search');
$flagError = true;
} else {
if ($searchResult) {
//The first node is root
if (empty($arrayDepartment)) {
$arrayDepartment[] = [
'dn' => $authenticationSourceData['AUTH_SOURCE_BASE_DN'],
'parent' => '',
'ou' => 'ROOT',
'users' => 0
];
}
//Get departments from the ldap entries
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
$this->stdLog($ldapcnn, "ldap_count_entries");
$entry = ldap_first_entry($ldapcnn, $searchResult);
$this->stdLog($ldapcnn, "ldap_first_entry", $context);
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
$unitsEqual = $this->custom_ldap_explode_dn($arrayEntryData['dn']);
if (count($unitsEqual) == 1 && $unitsEqual[0] == '') {
continue;
}
if (count($unitsEqual) > count($unitsBase)) {
unset($unitsEqual[0]);
}
if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
$arrayDepartment[] = [
'dn' => $arrayEntryData['dn'],
'parent' => (isset($unitsEqual[1])) ? implode(',', $unitsEqual) : '',
'ou' => trim($arrayEntryData['ou']),
'users' => 0
];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
}
}
if (!$flagError) {
if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
// You need to pass the cookie from the last call to the next one
$cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
} else {
$cookie = '';
}
}
// Empty cookie means last page
} while (!empty($cookie) && !$flagError);
$str = '';
foreach ($arrayDepartment as $dep) {
$str .= ' ' . $dep['ou'];
}
$this->log($ldapcnn, 'found ' . count($arrayDepartment) . ' departments: ' . $str);
return $arrayDepartment;
} catch (Exception $e) {
throw $e;
}
}
public function getPageSizeLimit($ldapcnn, $baseDn = '')
{
try {
@@ -231,13 +452,14 @@ class LdapSource
$paged = !is_null($start) && !is_null($limit);
$rbac = RBAC::getSingleton();
$filters = [
'conditions' => ['AUTH_SOURCE_UID' => $this->authSourceUid],
];
$rbacAuthenticationSource = new RbacAuthenticationSource();
$authSourceReturn = $rbacAuthenticationSource->show($filters);
$arrayAuthenticationSourceData = $authSourceReturn['data'][0];
$arrayAuthenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($arrayAuthenticationSourceData['AUTH_SOURCE_DATA'], true);
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->authSourceUid);
$attributeUserSet = [];
$attributeSetAdd = [];
@@ -400,6 +622,15 @@ class LdapSource
}
}
private function getPageSizeLimitByData(array $arrayAuthSourceData)
{
if (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'])) {
return $arrayAuthSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
} else {
return $this->getPageSizeLimit(false);
}
}
private function ldapGetAttributes($ldapcnn, $entry)
{
try {
@@ -438,4 +669,23 @@ class LdapSource
throw $e;
}
}
public function custom_ldap_explode_dn($dn)
{
$dn = trim($dn, ',');
$result = ldap_explode_dn($dn, 0);
$this->stdLog(null, "ldap_explode_dn", ["dn" => $dn]);
if (is_array($result)) {
unset($result['count']);
foreach ($result as $key => $value) {
$result[$key] = addcslashes(preg_replace_callback("/\\\([0-9A-Fa-f]{2})/", function ($m) {
return chr(hexdec($m[1]));
}, $value), '<>,"');
}
}
return $result;
}
}

34
workflow/engine/methods/authSources/authSourcesProxy.php
View File

@@ -1,7 +1,5 @@
<?php
require_once 'classes/AuthSources.php';
try {
if (isset($_REQUEST['action']) === false) {
throw new Exception('No action was sent');
@@ -18,7 +16,7 @@ try {
switch ($action) {
case 'authSourcesList':
$start = $_REQUEST['start'] ?? 0;
$limit = $_REQUEST['limit'] ?? $limit_size;
$limit = $_REQUEST['limit'] ?? 25;
$filter = $_REQUEST['textFilter'] ?? '';
$orderBy = $_REQUEST['orderBy'] ?? '';
$ascending = $_REQUEST['ascending'] ?? 'asc';
@@ -112,7 +110,7 @@ try {
$authSourceUid = $_POST['sUID'];
$filters = [
'start'=> $_POST['start'] ?? 0,
'limit'=> $_POST['limit'] ?? ($_POST["pageSize"] ?? 10),
'limit'=> $_POST['limit'] ?? ($_POST['pageSize'] ?? 10),
'text'=> $_POST['sKeyword'] ?? ''
];
@@ -136,16 +134,34 @@ try {
$responseProxy = $authSources->importUsers($authSourceUid, $usersImport);
break;
case 'authSourcesImportLoadDepartment':
$responseProxy['success'] = true;
if (!isset($_REQUEST['authUid'])) {
throw new Exception('No auth source UID was sent');
}
$authSourceUid = $_REQUEST['authUid'];
$authSources = new AuthSources();
$responseProxy = $authSources->searchDepartaments($authSourceUid);
break;
case 'authSourcesImportSaveDepartment':
$responseProxy['success'] = true;
$authSources = new AuthSources();
$departmentsDN = $_REQUEST['departmentsDN'];
$authSourceUid = $_REQUEST['authUid'];
$responseProxy = $authSources->saveDepartments($departmentsDN, $authSourceUid);
break;
case 'authSourcesImportLoadGroup':
$responseProxy['success'] = true;
if (!isset($_REQUEST['authUid'])) {
throw new Exception('No auth source UID was sent');
}
$authSourceUid = $_REQUEST['authUid'];
$authSources = new AuthSources();
$responseProxy = $authSources->searchGroups($authSourceUid);
break;
case 'authSourcesImportSaveGroup':
$responseProxy['success'] = true;
$authSources = new AuthSources();
$groupsDN = $_REQUEST['groupsDN'];
$authSourceUid = $_REQUEST['authUid'];
$responseProxy = $authSources->saveGroups($groupsDN, $authSourceUid);
break;
default:
throw new Exception('The action "' . $action . '" is not allowed');
@@ -156,7 +172,7 @@ try {
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
} catch (Exception $exception) {
$responseProxy['success'] = false;
$responseProxy['message'] = $exception->getMessage();
$responseProxy['message'] = htmlentities($exception->getMessage(), ENT_QUOTES, 'UTF-8');
header('Content-Type: application/json');
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);

6
workflow/engine/methods/authenticationSources/src/components/formAuthenticationSources.vue
View File

@@ -306,7 +306,7 @@
gridText: "[]",
signInPolicyForLDAP: "1",
inactiveUsers: "",
role: "PROCESSMAKER_OPERATOR",
role: "LURANA_OPERATOR",
groupIdentifier: "member",
userClassIdentifier: "",
groupClassIdentifier: "(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
@@ -356,7 +356,7 @@
gridText: "[]",
signInPolicyForLDAP: "1",
inactiveUsers: "",
role: "PROCESSMAKER_OPERATOR",
role: "LURANA_OPERATOR",
groupIdentifier: "member",
userClassIdentifier: "",
groupClassIdentifier: "(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
@@ -381,7 +381,7 @@
let formDataForName = new FormData();
formDataForName.append("AUTH_SOURCE_NAME", form.name);
//axios.post(this.$root.baseUrl() + "authSources/ldapAdvancedProxy.php?functionAccion=ldapVerifyName", formDataForName)
axios.post(this.$root.baseUrl() + "authSources/authSourcesProxy.php?action=authSourcesVerifyName", formDataForName)
axios.post(this.$root.baseUrl() + "authSources/authSourcesProxy?action=authSourcesVerifyName", formDataForName)
.then(response => {
//the name is valid
if (response.data.row === false || (this.form.uid !== "" && typeof this.form.uid === "string")) {

2
workflow/engine/methods/authenticationSources/src/components/formUploadSource.vue
View File

@@ -142,7 +142,7 @@
let formData = new FormData();
formData.append("AUTH_SOURCE_NAME", this.fileContent.AUTH_SOURCE_NAME);
//axios.post(this.$root.baseUrl() + "authSources/ldapAdvancedProxy.php?functionAccion=ldapVerifyName", formData)
axios.post(this.$root.baseUrl() + "authSources/authSourcesProxy.php?action=authSourcesVerifyName", formData)
axios.post(this.$root.baseUrl() + "authSources/authSourcesProxy?action=authSourcesVerifyName", formData)
.then(response => {
this.newName = response.data.row === false;
this.validationResult = response.data;

98
workflow/engine/src/ProcessMaker/Model/Department.php
View File

@@ -4,6 +4,8 @@ namespace ProcessMaker\Model;
use App\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use \Exception;
use \G;
/**
* Class Department
@@ -15,6 +17,100 @@ class Department extends Model
// Set our table name
protected $table = 'DEPARTMENT';
// We do not store timestamps
protected $fillable = [
'DEP_UID',
'DEP_TITLE',
'DEP_PARENT',
'DEP_MANAGER',
'DEP_LOCATION',
'DEP_STATUS',
'DEP_REF_CODE',
'DEP_LDAP_DN'
];
public $timestamps = false;
public function show($filters = array())
{
try {
$query = static::query();
if (is_array($filters['fields'])) {
$query->select($filters['fields']);
}
if (is_array($filters['conditions'])) {
if (!empty($filters['conditions']['text'])) {
$query->where('DEP_TITLE', 'like', '%' . $filters['conditions']['text'] . '%');
unset($filters['conditions']['text']);
}
$query->where($filters['conditions']);
}
$total = $query->count();
if (is_array($filters['start']) || is_array($filters['limit'])) {
$start = $filters['start'] ?? 0;
$limit = $filters['limit'] ?? 25;
$query->offset($start)->limit($limit);
}
if (is_array($filters['orderBy'])) {
$query->orderBy($filters['orderBy'][0], $filters['orderBy'][1] ?? 'asc');
}
$data = $query->get()->toArray();
$result = [
'total' => $total,
'data' => $data
];
return $result;
} catch (Exception $exception) {
return $exception->getMessage();
}
}
public static function saveData($departmentData)
{
try {
if (empty($departmentData['DEP_UID'])) {
$departmentData['DEP_UID'] = G::generateUniqueID();
$responseSave = self::create($departmentData);
} else {
$responseSave = self::where('DEP_UID', $departmentData['DEP_UID'])
->update($departmentData);
}
return $responseSave;
} catch (Exception $exception) {
return $exception->getMessage();
}
}
public static function getDepUidIfExistsDN($currentDN)
{
$query = Department::select(['DEP_UID'])
->where('DEP_STATUS', '=', 'ACTIVE')
->where('DEP_LDAP_DN', $currentDN);
$data =$query->get()->toArray();
$result = [
'total' => count($data),
'data' => $data
];
return $result;
}
public static function getDepartmentsWithDN()
{
$query = Department::select(['DEP_LDAP_DN'])
->where('DEP_LDAP_DN', '!=', '')
->whereNotNull('DEP_LDAP_DN');
$data =$query->get()->toArray();
$result = [
'total' => count($data),
'data' => $data
];
return $result;
}
}

16
workflow/engine/src/ProcessMaker/Model/GroupUser.php
View File

@@ -8,6 +8,7 @@ use G;
use Illuminate\Database\Eloquent\Model;
use ProcessMaker\Model\Groupwf;
use ProcessMaker\Model\RbacUsers;
use Illuminate\Support\Facades\DB;
class GroupUser extends Model
{
@@ -117,4 +118,19 @@ class GroupUser extends Model
throw new Exception("Error: {$e->getMessage()}.");
}
}
public static function getNumberOfUsersByGroups()
{
$query = GroupUser::select(['GROUP_USER.GRP_UID', DB::raw('COUNT(GROUP_USER.GRP_UID) AS NUM_REC')])
->leftJoin('USERS','USERS.USR_UID','=','GROUP_USER.USR_UID')
->where('USERS.USR_STATUS', '!=', 'CLOSED')
->groupBy('GROUP_USER.GRP_UID');
$data =$query->get()->toArray();
$result = [
'total' => count($data),
'data' => $data
];
return $result;
}
}

80
workflow/engine/src/ProcessMaker/Model/Groupwf.php
View File

@@ -4,6 +4,8 @@ namespace ProcessMaker\Model;
use App\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use \Exception;
use \G;
class Groupwf extends Model
{
@@ -11,9 +13,74 @@ class Groupwf extends Model
protected $table = 'GROUPWF';
protected $primaryKey = 'GRP_ID';
protected $fillable = [
'GRP_UID',
'GRP_ID',
'GRP_TITLE',
'GRP_STATUS',
'GRP_STATUS_ID',
'GRP_LDAP_DN',
'GRP_UX'
];
// We do not have create/update timestamps for this table
public $timestamps = false;
public function show($filters = array())
{
try {
$query = static::query();
if (is_array($filters['fields'])) {
$query->select($filters['fields']);
}
if (is_array($filters['conditions'])) {
if (!empty($filters['conditions']['text'])) {
$query->where('GRP_TITLE', 'like', '%' . $filters['conditions']['text'] . '%');
unset($filters['conditions']['text']);
}
$query->where($filters['conditions']);
}
$total = $query->count();
if (is_array($filters['start']) || is_array($filters['limit'])) {
$start = $filters['start'] ?? 0;
$limit = $filters['limit'] ?? 25;
$query->offset($start)->limit($limit);
}
if (is_array($filters['orderBy'])) {
$query->orderBy($filters['orderBy'][0], $filters['orderBy'][1] ?? 'asc');
}
$data =$query->get()->toArray();
$result = [
'total' => $total,
'data' => $data
];
return $result;
} catch (Exception $exception) {
return $exception->getMessage();
}
}
public static function saveData($groupwfData)
{
try {
if (empty($groupwfData['GRP_UID'])) {
$groupwfData['GRP_UID'] = G::generateUniqueID();
$responseSave = self::create($groupwfData);
} else {
$responseSave = self::where('GRP_UID', $groupwfData['GRP_UID'])
->update($groupwfData);
}
return $responseSave;
} catch (Exception $exception) {
return $exception->getMessage();
}
}
/**
* Scope a query to active groups
*
@@ -72,4 +139,17 @@ class Groupwf extends Model
$query = Groupwf::select('GRP_ID')->where('GRP_UID', $grpUid);
return $query->first()->toArray();
}
public static function getGroupWithDN($dn)
{
try {
$query = Groupwf::select('GRP_UID')
->where('GRP_STATUS', 'ACTIVE')
->where('GRP_LDAP_DN', $dn);
$response = $query->get()->toArray();
return $response;
} catch (\Exception $e) {
return false;
}
}
}

17
workflow/engine/src/ProcessMaker/Model/User.php
View File

@@ -5,6 +5,7 @@ namespace ProcessMaker\Model;
use App\Factories\HasFactory;
use Configurations;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\DB;
use Exception;
use RBAC;
@@ -300,4 +301,20 @@ class User extends Model
return $result;
}
public static function getNumberOfUsersByDepartments()
{
$query = User::select(['DEP_UID', DB::raw('COUNT(DEP_UID) AS NUM_REC')])
->where('USR_STATUS', '!=', 'CLOSED')
->where('DEP_UID', '!=', '')
->whereNotNull('DEP_UID')
->groupBy('DEP_UID');
$data =$query->get()->toArray();
$result = [
'total' => count($data),
'data' => $data
];
return $result;
}
}

12
workflow/engine/templates/authSources/authSourcesSynchronize.js
View File

@@ -62,7 +62,7 @@ Ext.onReady(function() {
nodeType: 'async'
},
maskDisabled: false,
dataUrl: 'authSourcesSynchronizeAjax?m=loadDepartments&authUid=' + AUTHENTICATION_SOURCE.AUTH_SOURCE_UID,
dataUrl: 'authSourcesProxy?action=authSourcesImportLoadDepartment&authUid=' + AUTHENTICATION_SOURCE.AUTH_SOURCE_UID,
requestMethod: 'POST',
buttons: [{
text: 'Save Changes',
@@ -75,8 +75,8 @@ Ext.onReady(function() {
departments.push(node.id);
});
Ext.Ajax.request({
url: 'authSourcesSynchronizeAjax',
params: {m: 'saveDepartments', authUid: AUTHENTICATION_SOURCE.AUTH_SOURCE_UID, departmentsDN: departments.join('|')},
url: 'authSourcesProxy',
params: {action: 'authSourcesImportSaveDepartment', authUid: AUTHENTICATION_SOURCE.AUTH_SOURCE_UID, departmentsDN: departments.join('|')},
success: function(r) {
var response = Ext.util.JSON.decode(r.responseText);
if (response.status == 'OK') {
@@ -123,7 +123,7 @@ Ext.onReady(function() {
root: {
nodeType: 'async'
},
dataUrl: 'authSourcesSynchronizeAjax?m=loadGroups&authUid=' + AUTHENTICATION_SOURCE.AUTH_SOURCE_UID,
dataUrl: "authSourcesProxy?action=authSourcesImportLoadGroup&authUid=" + AUTHENTICATION_SOURCE.AUTH_SOURCE_UID,
requestMethod: 'POST',
buttons: [{
text: 'Save Changes',
@@ -137,8 +137,8 @@ Ext.onReady(function() {
Groups.push(node.id);
});
Ext.Ajax.request({
url: 'authSourcesSynchronizeAjax',
params: {m: 'saveGroups', authUid: AUTHENTICATION_SOURCE.AUTH_SOURCE_UID, groupsDN: Groups.join('|')},
url: 'authSourcesProxy',
params: {action: 'authSourcesImportSaveGroup', authUid: AUTHENTICATION_SOURCE.AUTH_SOURCE_UID, groupsDN: Groups.join('|')},
success: function(r) {
var response = Ext.util.JSON.decode(r.responseText);
if (response.status == 'OK') {