258 lines
11 KiB
PHP
258 lines
11 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Authentication Sources Proxy
|
|
*
|
|
* This script serves as a proxy handler for authentication source operations.
|
|
* It processes various AJAX requests related to LDAP/Active Directory authentication
|
|
* sources management including listing, creating, updating, deleting, testing
|
|
* connections, and importing users/groups/departments.
|
|
*
|
|
* @author Lurana System
|
|
* @version 1.0
|
|
* @package Workflow Engine
|
|
* @subpackage Authentication Sources
|
|
*/
|
|
|
|
try {
|
|
// Validate that an action parameter was provided in the request
|
|
if (isset($_REQUEST['action']) === false) {
|
|
throw new Exception('No action was sent');
|
|
}
|
|
|
|
// Ensure user is authenticated before processing any requests
|
|
if (isset($_SESSION['USER_LOGGED']) === false) {
|
|
throw new Exception('There is no logged in user');
|
|
}
|
|
|
|
// Extract request parameters and initialize response structure
|
|
$action = $_REQUEST['action'];
|
|
$userUid = $_SESSION['USER_LOGGED'];
|
|
$responseProxy = ['success' => true];
|
|
|
|
// Process the requested action using a switch statement
|
|
switch ($action) {
|
|
/**
|
|
* Retrieve a paginated list of authentication sources
|
|
* Parameters: start, limit, textFilter, orderBy, ascending
|
|
*/
|
|
case 'authSourcesList':
|
|
$start = $_REQUEST['start'] ?? 0;
|
|
$limit = $_REQUEST['limit'] ?? 25;
|
|
$filter = $_REQUEST['textFilter'] ?? '';
|
|
$orderBy = $_REQUEST['orderBy'] ?? '';
|
|
$ascending = $_REQUEST['ascending'] ?? 'asc';
|
|
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->getListAuthSources($userUid, $start, $limit, $orderBy, $ascending, $filter);
|
|
break;
|
|
/**
|
|
* Delete an authentication source by its UID
|
|
* Required parameter: auth_uid
|
|
*/
|
|
case 'authSourcesDelete':
|
|
if (!isset($_REQUEST['auth_uid'])) {
|
|
throw new Exception('No auth source UID was sent');
|
|
}
|
|
$authSourceUid = $_REQUEST['auth_uid'];
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->removeAuthSource($authSourceUid);
|
|
break;
|
|
/**
|
|
* Verify if an authentication source name is unique/available
|
|
* Required parameter: AUTH_SOURCE_NAME
|
|
*/
|
|
case 'authSourcesVerifyName':
|
|
if (empty($_REQUEST['AUTH_SOURCE_NAME'])) {
|
|
throw new Exception('No auth source name was sent');
|
|
}
|
|
|
|
$authSourceName = $_REQUEST['AUTH_SOURCE_NAME'];
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->verifyAuthSourceName($authSourceName);
|
|
break;
|
|
/**
|
|
* Test connection to an authentication source (LDAP/AD)
|
|
* Required parameter: AUTH_ANONYMOUS
|
|
* If anonymous auth is enabled, clears username and password
|
|
*/
|
|
case 'authSourcesTestConnection':
|
|
if (isset($_REQUEST['AUTH_ANONYMOUS']) === false) {
|
|
throw new Exception('No auth anonymous was sent');
|
|
}
|
|
|
|
// Clear credentials if anonymous authentication is enabled
|
|
if ($_REQUEST['AUTH_ANONYMOUS'] == '1') {
|
|
$_REQUEST['AUTH_SOURCE_SEARCH_USER'] = '';
|
|
$_REQUEST['AUTH_SOURCE_PASSWORD'] = '';
|
|
}
|
|
|
|
$authSourceData = $_REQUEST;
|
|
$authSourceData['AUTH_SOURCE_VERSION'] = 3;
|
|
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->testConnection($authSourceData);
|
|
break;
|
|
/**
|
|
* Save (create or update) an authentication source configuration
|
|
* Processes form data, separates common fields from extra data,
|
|
* and handles grid attributes if enabled
|
|
*/
|
|
case 'authSourcesSave':
|
|
$temporalData = $_REQUEST;
|
|
|
|
// Process grid attributes if the show grid checkbox is enabled
|
|
if (isset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'])) {
|
|
if ($temporalData['AUTH_SOURCE_SHOWGRID-checkbox'] == 'on') {
|
|
$temporalData['AUTH_SOURCE_SHOWGRID'] = 'on';
|
|
// Parse JSON grid attributes and convert to array format
|
|
$attributes = G::json_decode($temporalData['AUTH_SOURCE_GRID_TEXT']);
|
|
$con = 1;
|
|
foreach ($attributes as $value) {
|
|
$temporalData['AUTH_SOURCE_GRID_ATTRIBUTE'][$con] = (array)$value;
|
|
$con++;
|
|
}
|
|
}
|
|
unset($temporalData['AUTH_SOURCE_SHOWGRID-checkbox']);
|
|
}
|
|
|
|
// Clear credentials for anonymous authentication
|
|
if ($temporalData['AUTH_ANONYMOUS'] == '1') {
|
|
$temporalData['AUTH_SOURCE_SEARCH_USER'] = '';
|
|
$temporalData['AUTH_SOURCE_PASSWORD'] = '';
|
|
}
|
|
|
|
unset($temporalData['AUTH_SOURCE_GRID_TEXT']);
|
|
unset($temporalData['AUTH_SOURCE_ATTRIBUTE_IDS']);
|
|
|
|
// Define core authentication source fields
|
|
$commonFields = array('AUTH_SOURCE_UID', 'AUTH_SOURCE_NAME', 'AUTH_SOURCE_PROVIDER', 'AUTH_SOURCE_SERVER_NAME', 'AUTH_SOURCE_PORT', 'AUTH_SOURCE_ENABLED_TLS', 'AUTH_ANONYMOUS', 'AUTH_SOURCE_SEARCH_USER', 'AUTH_SOURCE_PASSWORD', 'AUTH_SOURCE_VERSION', 'AUTH_SOURCE_BASE_DN', 'AUTH_SOURCE_OBJECT_CLASSES', 'AUTH_SOURCE_ATTRIBUTES');
|
|
|
|
// Separate common fields from extra configuration data
|
|
$authSourceData = $authSourceExtraData = array();
|
|
foreach ($temporalData as $sField => $sValue) {
|
|
if (in_array($sField, $commonFields)) {
|
|
$authSourceData[$sField] = $sValue;
|
|
} else {
|
|
$authSourceExtraData[$sField] = $sValue;
|
|
}
|
|
}
|
|
|
|
// Remove grid attributes if grid display is disabled
|
|
if (!isset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']) || $authSourceExtraData['AUTH_SOURCE_SHOWGRID'] == 'off') {
|
|
unset($authSourceExtraData['AUTH_SOURCE_GRID_ATTRIBUTE']);
|
|
unset($authSourceExtraData['AUTH_SOURCE_SHOWGRID']);
|
|
}
|
|
|
|
$authSourceData['AUTH_SOURCE_DATA'] = $authSourceExtraData;
|
|
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->saveAuthSource($authSourceData);
|
|
break;
|
|
/**
|
|
* Search for users in an authentication source for import
|
|
* Required parameter: sUID (auth source UID)
|
|
* Optional parameters: start, limit/pageSize, sKeyword
|
|
*/
|
|
case 'authSourcesImportSearchUsers':
|
|
if (!isset($_POST['sUID'])) {
|
|
throw new Exception('No auth source UID was sent');
|
|
}
|
|
|
|
$authSourceUid = $_POST['sUID'];
|
|
// Set up search filters with default values
|
|
$filters = [
|
|
'start'=> $_POST['start'] ?? 0,
|
|
'limit'=> $_POST['limit'] ?? ($_POST['pageSize'] ?? 10),
|
|
'text'=> $_POST['sKeyword'] ?? ''
|
|
];
|
|
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->searchUsers($authSourceUid, $filters);
|
|
break;
|
|
/**
|
|
* Import selected users from an authentication source
|
|
* Required parameters: UsersImport (JSON), AUTH_SOURCE_UID
|
|
*/
|
|
case 'authSourcesImportUsers':
|
|
if (!isset($_REQUEST['UsersImport'])) {
|
|
throw new Exception('There are no users to import');
|
|
}
|
|
|
|
if (!isset($_REQUEST['AUTH_SOURCE_UID'])) {
|
|
throw new Exception('The auth source UID was not sent');
|
|
}
|
|
|
|
$authSourceUid = $_REQUEST['AUTH_SOURCE_UID'];
|
|
$usersImport = $_REQUEST['UsersImport'];
|
|
// Decode JSON list of users to import
|
|
$usersImport = json_decode($usersImport, true);
|
|
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->importUsers($authSourceUid, $usersImport);
|
|
break;
|
|
/**
|
|
* Load/search departments from an authentication source
|
|
* Required parameter: authUid (auth source UID)
|
|
*/
|
|
case 'authSourcesImportLoadDepartment':
|
|
if (!isset($_REQUEST['authUid'])) {
|
|
throw new Exception('No auth source UID was sent');
|
|
}
|
|
|
|
$authSourceUid = $_REQUEST['authUid'];
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->searchDepartments($authSourceUid);
|
|
break;
|
|
/**
|
|
* Save/import selected departments from an authentication source
|
|
* Required parameters: departmentsDN, authUid
|
|
*/
|
|
case 'authSourcesImportSaveDepartment':
|
|
$authSources = new AuthSources();
|
|
$departmentsDN = $_REQUEST['departmentsDN'];
|
|
$authSourceUid = $_REQUEST['authUid'];
|
|
$responseProxy = $authSources->saveDepartments($departmentsDN, $authSourceUid);
|
|
break;
|
|
/**
|
|
* Load/search groups from an authentication source
|
|
* Required parameter: authUid (auth source UID)
|
|
*/
|
|
case 'authSourcesImportLoadGroup':
|
|
if (!isset($_REQUEST['authUid'])) {
|
|
throw new Exception('No auth source UID was sent');
|
|
}
|
|
|
|
$authSourceUid = $_REQUEST['authUid'];
|
|
$authSources = new AuthSources();
|
|
$responseProxy = $authSources->searchGroups($authSourceUid);
|
|
break;
|
|
/**
|
|
* Save/import selected groups from an authentication source
|
|
* Required parameters: groupsDN, authUid
|
|
*/
|
|
case 'authSourcesImportSaveGroup':
|
|
$authSources = new AuthSources();
|
|
$groupsDN = $_REQUEST['groupsDN'];
|
|
$authSourceUid = $_REQUEST['authUid'];
|
|
$responseProxy = $authSources->saveGroups($groupsDN, $authSourceUid);
|
|
break;
|
|
/**
|
|
* Handle invalid/unknown actions
|
|
*/
|
|
default:
|
|
throw new Exception('The action "' . $action . '" is not allowed');
|
|
}
|
|
|
|
// Return successful response as JSON
|
|
header('Content-Type: application/json');
|
|
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
|
} catch (Exception $exception) {
|
|
// Handle any exceptions and return error response
|
|
$responseProxy['success'] = false;
|
|
$responseProxy['message'] = 'An error occurred while processing your request: ';
|
|
$responseProxy['message'] .= htmlentities($exception->getMessage(), ENT_QUOTES, 'UTF-8');
|
|
header('Content-Type: application/json');
|
|
echo json_encode($responseProxy, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
|
}
|