LDAP fixes (#6533)

* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* Fix travis ci

* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* change LDAP implementation from model to (singleton) service

* Re-apply check for content in ldap_server variable before parsing

* Update LDAP implementation

* Switch iCheck to minimal as referenced in js

* Don't init on load but on first access via init (returns ldap enabled status)

* Re-Enable notifications

* Re-add missing test target php versions

* Only init() once (singleton class, so ldap variable is already set)
This commit is contained in:
Steffen 2019-01-10 22:20:43 +01:00 committed by snipe
parent c23cdb0e31
commit 1de9087427
12 changed files with 101 additions and 61 deletions

View file

@ -29,6 +29,7 @@ before_script:
- mysql -e 'CREATE USER "travis'@'localhost";' - mysql -e 'CREATE USER "travis'@'localhost";'
- mysql -e 'GRANT ALL PRIVILEGES ON * . * TO "travis'@'localhost";' - mysql -e 'GRANT ALL PRIVILEGES ON * . * TO "travis'@'localhost";'
- mysql -e 'FLUSH PRIVILEGES;' - mysql -e 'FLUSH PRIVILEGES;'
- cp .env.testing-ci .env
- composer self-update - composer self-update
- composer install -n --prefer-source - composer install -n --prefer-source
- chmod -R 777 storage - chmod -R 777 storage

View file

@ -4,10 +4,9 @@ declare(strict_types=1);
namespace App\Console\Commands; namespace App\Console\Commands;
use Log; use App\Services\LdapAd;
use Illuminate\Support\Facades\Log;
use Exception; use Exception;
use App\Models\User;
use App\Models\LdapAd;
use App\Models\Location; use App\Models\Location;
use Illuminate\Console\Command; use Illuminate\Console\Command;
use Adldap\Models\User as AdldapUser; use Adldap\Models\User as AdldapUser;
@ -48,13 +47,6 @@ class LdapSync extends Command
*/ */
private $ldap; private $ldap;
/**
* LDAP settings collection.
*
* @var \Illuminate\Support\Collection
*/
private $settings = null;
/** /**
* A default location collection. * A default location collection.
* *
@ -92,13 +84,16 @@ class LdapSync extends Command
/** /**
* Create a new command instance. * Create a new command instance.
*
* @param LdapAd $ldap
*/ */
public function __construct(LdapAd $ldap) public function __construct(LdapAd $ldap)
{ {
parent::__construct(); parent::__construct();
$this->ldap = $ldap;
$this->settings = $this->ldap->ldapSettings;
$this->summary = collect(); $this->summary = collect();
$this->ldap = $ldap;
} }
/** /**
@ -333,7 +328,7 @@ class LdapSync extends Command
*/ */
private function checkIfLdapIsEnabled(): void private function checkIfLdapIsEnabled(): void
{ {
if (false === $this->settings['ldap_enabled']) { if (!$this->ldap->init()) {
$msg = 'LDAP intergration is not enabled. Exiting sync process.'; $msg = 'LDAP intergration is not enabled. Exiting sync process.';
$this->info($msg); $this->info($msg);
Log::info($msg); Log::info($msg);

View file

@ -2,12 +2,9 @@
namespace App\Http\Controllers\Api; namespace App\Http\Controllers\Api;
use DB; use App\Services\LdapAd;
use Mail; use Illuminate\Support\Facades\DB;
use Validator; use Illuminate\Support\Facades\Notification;
use Notification;
use App\Models\Ldap;
use App\Models\LdapAd;
use App\Models\Setting; use App\Models\Setting;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Notifications\MailTest; use App\Notifications\MailTest;
@ -33,7 +30,7 @@ class SettingsController extends Controller
*/ */
public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse
{ {
if($ldap->ldapSettings['ldap_enabled'] === false) { if(!$ldap->init()) {
Log::info('LDAP is not enabled cannot test.'); Log::info('LDAP is not enabled cannot test.');
return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400); return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
} }

View file

@ -2,21 +2,19 @@
namespace App\Http\Controllers\Auth; namespace App\Http\Controllers\Auth;
use Validator; use App\Services\LdapAd;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\Validator;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Foundation\Auth\ThrottlesLogins;
use App\Models\Setting; use App\Models\Setting;
use App\Models\Ldap;
use App\Models\User; use App\Models\User;
use Auth; use Illuminate\Support\Facades\Auth;
use Config;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Input; use Illuminate\Support\Facades\Input;
use Redirect; use Redirect;
use Log; use Illuminate\Support\Facades\Log;
use View;
use PragmaRX\Google2FA\Google2FA;
use App\Models\LdapAd;
/** /**
* This controller handles authentication for the user, including local * This controller handles authentication for the user, including local
@ -41,23 +39,23 @@ class LoginController extends Controller
protected $redirectTo = '/'; protected $redirectTo = '/';
/** /**
* An LdapAd instance * @var LdapAd
*
* @var \App\Models\LdapAd
*/ */
protected $ldapAd; protected $ldap;
/** /**
* Create a new authentication controller instance. * Create a new authentication controller instance.
* *
* @param LdapAd $ldap
*
* @return void * @return void
*/ */
public function __construct(LdapAd $ldapAd) public function __construct(LdapAd $ldap)
{ {
parent::__construct();
$this->middleware('guest', ['except' => ['logout','postTwoFactorAuth','getTwoFactorAuth','getTwoFactorEnroll']]); $this->middleware('guest', ['except' => ['logout','postTwoFactorAuth','getTwoFactorAuth','getTwoFactorEnroll']]);
\Session::put('backUrl', \URL::previous()); Session::put('backUrl', \URL::previous());
$this->ldap = $ldap;
$this->ldapAd = $ldapAd;
} }
function showLoginForm(Request $request) function showLoginForm(Request $request)
@ -85,12 +83,12 @@ class LoginController extends Controller
* *
* @return User * @return User
* *
* @throws Exception * @throws \Exception
*/ */
private function loginViaLdap(Request $request): User private function loginViaLdap(Request $request): User
{ {
try { try {
return $this->ldapAd->ldapLogin($request->input('username'), $request->input('password')); return $this->ldap->ldapLogin($request->input('username'), $request->input('password'));
} catch (\Exception $ex) { } catch (\Exception $ex) {
LOG::debug("LDAP user login: " . $ex->getMessage()); LOG::debug("LDAP user login: " . $ex->getMessage());
throw new \Exception($ex->getMessage()); throw new \Exception($ex->getMessage());
@ -146,7 +144,7 @@ class LoginController extends Controller
$user = null; $user = null;
// Should we even check for LDAP users? // Should we even check for LDAP users?
if (Setting::getSettings()->ldap_enabled=='1') { if ($this->ldap->init()) {
LOG::debug("LDAP is enabled."); LOG::debug("LDAP is enabled.");
try { try {
LOG::debug("Attempting to log user in by LDAP authentication."); LOG::debug("Attempting to log user in by LDAP authentication.");
@ -179,8 +177,8 @@ class LoginController extends Controller
} }
if ($user = Auth::user()) { if ($user = Auth::user()) {
$user->last_login = \Carbon::now(); $user->last_login = Carbon::now();
\Log::debug('Last login:'.$user->last_login); Log::debug('Last login:'.$user->last_login);
$user->save(); $user->save();
} }
// Redirect to the users page // Redirect to the users page
@ -233,6 +231,8 @@ class LoginController extends Controller
/** /**
* Two factor code submission * Two factor code submission
* *
* @param Request $request
*
* @return Redirect * @return Redirect
*/ */
public function postTwoFactorAuth(Request $request) public function postTwoFactorAuth(Request $request)
@ -263,6 +263,8 @@ class LoginController extends Controller
/** /**
* Logout page. * Logout page.
* *
* @param Request $request
*
* @return Redirect * @return Redirect
*/ */
public function logout(Request $request) public function logout(Request $request)
@ -327,7 +329,7 @@ class LoginController extends Controller
* Override the lockout time and duration * Override the lockout time and duration
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse * @return bool
*/ */
protected function hasTooManyLoginAttempts(Request $request) protected function hasTooManyLoginAttempts(Request $request)
{ {

View file

@ -3,10 +3,10 @@
namespace App\Http\Controllers\Users; namespace App\Http\Controllers\Users;
use App\Models\Ldap; use App\Models\Ldap;
use App\Services\LdapAd;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Artisan; use Illuminate\Support\Facades\Artisan;
use App\Models\LdapAd;
class LDAPImportController extends Controller class LDAPImportController extends Controller
{ {
@ -24,6 +24,7 @@ class LDAPImportController extends Controller
*/ */
public function __construct(LdapAd $ldap) public function __construct(LdapAd $ldap)
{ {
parent::__construct();
$this->ldap = $ldap; $this->ldap = $ldap;
} }

View file

@ -63,7 +63,7 @@ class ViewAssetsController extends Controller
$assets = Asset::with('model', 'defaultLoc', 'location', 'assignedTo', 'requests')->Hardware()->RequestableAssets()->get(); $assets = Asset::with('model', 'defaultLoc', 'location', 'assignedTo', 'requests')->Hardware()->RequestableAssets()->get();
$models = AssetModel::with('category', 'requests', 'assets')->RequestableModels()->get(); $models = AssetModel::with('category', 'requests', 'assets')->RequestableModels()->get();
return view('account/requestable-assets', compact('user', 'assets', 'models')); return view('account/requestable-assets', compact('assets', 'models'));
} }

View file

@ -0,0 +1,29 @@
<?php namespace App\Providers;
use App\Services\LdapAd;
use Illuminate\Support\ServiceProvider;
class LdapServiceProvider extends ServiceProvider
{
/**
* Bootstrap the application services.
*
* @return void
*/
public function boot()
{
$this->app->singleton(LdapAd::class, LdapAd::class);
}
/**
* Register any application services.
*
* @return void
*/
public function register()
{
}
}

View file

@ -2,11 +2,11 @@
declare(strict_types=1); declare(strict_types=1);
namespace App\Models; namespace App\Services;
use App\Models\User;
use Exception; use Exception;
use Adldap\Adldap; use Adldap\Adldap;
use App\Traits\UserTrait;
use Adldap\Query\Paginator; use Adldap\Query\Paginator;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
@ -22,8 +22,6 @@ use Adldap\Models\ModelNotFoundException;
*/ */
class LdapAd extends LdapAdConfiguration class LdapAd extends LdapAdConfiguration
{ {
use UserTrait;
/** /**
* @see https://wdmsb.wordpress.com/2014/12/03/descriptions-of-active-directory-useraccountcontrol-value/ * @see https://wdmsb.wordpress.com/2014/12/03/descriptions-of-active-directory-useraccountcontrol-value/
*/ */
@ -49,18 +47,29 @@ class LdapAd extends LdapAdConfiguration
protected $ldap; protected $ldap;
/** /**
* __construct. * Initialize LDAP from user settings
*
* @since 5.0.0
*
* @return bool
*/ */
public function __construct() public function init() : bool
{ {
// Already initialized
if($this->ldap) {
return true;
}
parent::init();
if($this->isLdapEnabled()) { if($this->isLdapEnabled()) {
parent::__construct();
$this->ldap = new Adldap(); $this->ldap = new Adldap();
$this->ldap->addProvider($this->ldapConfig); $this->ldap->addProvider($this->ldapConfig);
return true;
} }
return false;
} }
/** /**
* Create a user if they successfully login to the LDAP server. * Create a user if they successfully login to the LDAP server.
* *
* @author Wes Hulette <jwhulette@gmail.com> * @author Wes Hulette <jwhulette@gmail.com>
@ -250,7 +259,7 @@ class LdapAd extends LdapAdConfiguration
* *
* @since 5.0.0 * @since 5.0.0
* *
* @param Adldap\Models\User $user * @param \Adldap\Models\User $user
* @param Collection|null $defaultLocation * @param Collection|null $defaultLocation
* @param Collection|null $mappedLocations * @param Collection|null $mappedLocations
* *

View file

@ -2,8 +2,9 @@
declare(strict_types=1); declare(strict_types=1);
namespace App\Models; namespace App\Services;
use App\Models\Setting;
use Exception; use Exception;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
@ -38,10 +39,11 @@ class LdapAdConfiguration
public $ldapConfig; public $ldapConfig;
/** /**
* __construct. * Initialize LDAP from user settings
*
* @since 5.0.0
*/ */
public function __construct() public function init() {
{
$this->ldapSettings = $this->getSnipeItLdapSettings(); $this->ldapSettings = $this->getSnipeItLdapSettings();
if ($this->isLdapEnabled()) { if ($this->isLdapEnabled()) {
$this->setSnipeItConfig(); $this->setSnipeItConfig();
@ -92,7 +94,7 @@ class LdapAdConfiguration
} }
} }
if (($item) && ('ldap_server' === $key)) { if ($item && 'ldap_server' === $key) {
return collect(parse_url($item)); return collect(parse_url($item));
} }
@ -246,7 +248,7 @@ class LdapAdConfiguration
* *
* @return bool * @return bool
*/ */
protected function isLdapEnabled(): bool public function isLdapEnabled(): bool
{ {
return $this->ldapSettings && $this->ldapSettings->get('ldap_enabled'); return $this->ldapSettings && $this->ldapSettings->get('ldap_enabled');
} }

View file

@ -277,6 +277,7 @@ return [
* Custom service provider * Custom service provider
*/ */
App\Providers\MacroServiceProvider::class, App\Providers\MacroServiceProvider::class,
App\Providers\LdapServiceProvider::class,
], ],

BIN
public/css/blue.png Executable file

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.1 KiB

View file

@ -29,6 +29,9 @@ mix
"./public/css/all.css" "./public/css/all.css"
); );
mix.copy(["./node_modules/icheck/skins/minimal/blue.png",
"./node_modules/icheck/skins/minimal/blue@2x.png"], "./public/css");
/** /**
* Copy, minify and version skins * Copy, minify and version skins
*/ */