mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-11 05:47:28 -08:00
LDAP fixes (#6533)
* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder * php 7.3 collect() fix (undefined variable) * Fix travis ci * Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder * php 7.3 collect() fix (undefined variable) * change LDAP implementation from model to (singleton) service * Re-apply check for content in ldap_server variable before parsing * Update LDAP implementation * Switch iCheck to minimal as referenced in js * Don't init on load but on first access via init (returns ldap enabled status) * Re-Enable notifications * Re-add missing test target php versions * Only init() once (singleton class, so ldap variable is already set)
This commit is contained in:
parent
c23cdb0e31
commit
1de9087427
|
@ -29,6 +29,7 @@ before_script:
|
||||||
- mysql -e 'CREATE USER "travis'@'localhost";'
|
- mysql -e 'CREATE USER "travis'@'localhost";'
|
||||||
- mysql -e 'GRANT ALL PRIVILEGES ON * . * TO "travis'@'localhost";'
|
- mysql -e 'GRANT ALL PRIVILEGES ON * . * TO "travis'@'localhost";'
|
||||||
- mysql -e 'FLUSH PRIVILEGES;'
|
- mysql -e 'FLUSH PRIVILEGES;'
|
||||||
|
- cp .env.testing-ci .env
|
||||||
- composer self-update
|
- composer self-update
|
||||||
- composer install -n --prefer-source
|
- composer install -n --prefer-source
|
||||||
- chmod -R 777 storage
|
- chmod -R 777 storage
|
||||||
|
|
|
@ -4,10 +4,9 @@ declare(strict_types=1);
|
||||||
|
|
||||||
namespace App\Console\Commands;
|
namespace App\Console\Commands;
|
||||||
|
|
||||||
use Log;
|
use App\Services\LdapAd;
|
||||||
|
use Illuminate\Support\Facades\Log;
|
||||||
use Exception;
|
use Exception;
|
||||||
use App\Models\User;
|
|
||||||
use App\Models\LdapAd;
|
|
||||||
use App\Models\Location;
|
use App\Models\Location;
|
||||||
use Illuminate\Console\Command;
|
use Illuminate\Console\Command;
|
||||||
use Adldap\Models\User as AdldapUser;
|
use Adldap\Models\User as AdldapUser;
|
||||||
|
@ -48,13 +47,6 @@ class LdapSync extends Command
|
||||||
*/
|
*/
|
||||||
private $ldap;
|
private $ldap;
|
||||||
|
|
||||||
/**
|
|
||||||
* LDAP settings collection.
|
|
||||||
*
|
|
||||||
* @var \Illuminate\Support\Collection
|
|
||||||
*/
|
|
||||||
private $settings = null;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A default location collection.
|
* A default location collection.
|
||||||
*
|
*
|
||||||
|
@ -92,13 +84,16 @@ class LdapSync extends Command
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new command instance.
|
* Create a new command instance.
|
||||||
|
*
|
||||||
|
* @param LdapAd $ldap
|
||||||
*/
|
*/
|
||||||
public function __construct(LdapAd $ldap)
|
public function __construct(LdapAd $ldap)
|
||||||
{
|
{
|
||||||
|
|
||||||
parent::__construct();
|
parent::__construct();
|
||||||
$this->ldap = $ldap;
|
|
||||||
$this->settings = $this->ldap->ldapSettings;
|
|
||||||
$this->summary = collect();
|
$this->summary = collect();
|
||||||
|
|
||||||
|
$this->ldap = $ldap;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -333,7 +328,7 @@ class LdapSync extends Command
|
||||||
*/
|
*/
|
||||||
private function checkIfLdapIsEnabled(): void
|
private function checkIfLdapIsEnabled(): void
|
||||||
{
|
{
|
||||||
if (false === $this->settings['ldap_enabled']) {
|
if (!$this->ldap->init()) {
|
||||||
$msg = 'LDAP intergration is not enabled. Exiting sync process.';
|
$msg = 'LDAP intergration is not enabled. Exiting sync process.';
|
||||||
$this->info($msg);
|
$this->info($msg);
|
||||||
Log::info($msg);
|
Log::info($msg);
|
||||||
|
|
|
@ -2,12 +2,9 @@
|
||||||
|
|
||||||
namespace App\Http\Controllers\Api;
|
namespace App\Http\Controllers\Api;
|
||||||
|
|
||||||
use DB;
|
use App\Services\LdapAd;
|
||||||
use Mail;
|
use Illuminate\Support\Facades\DB;
|
||||||
use Validator;
|
use Illuminate\Support\Facades\Notification;
|
||||||
use Notification;
|
|
||||||
use App\Models\Ldap;
|
|
||||||
use App\Models\LdapAd;
|
|
||||||
use App\Models\Setting;
|
use App\Models\Setting;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use App\Notifications\MailTest;
|
use App\Notifications\MailTest;
|
||||||
|
@ -32,8 +29,8 @@ class SettingsController extends Controller
|
||||||
* @return \Illuminate\Http\JsonResponse
|
* @return \Illuminate\Http\JsonResponse
|
||||||
*/
|
*/
|
||||||
public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse
|
public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse
|
||||||
{
|
{
|
||||||
if($ldap->ldapSettings['ldap_enabled'] === false) {
|
if(!$ldap->init()) {
|
||||||
Log::info('LDAP is not enabled cannot test.');
|
Log::info('LDAP is not enabled cannot test.');
|
||||||
return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
|
return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,21 +2,19 @@
|
||||||
|
|
||||||
namespace App\Http\Controllers\Auth;
|
namespace App\Http\Controllers\Auth;
|
||||||
|
|
||||||
use Validator;
|
use App\Services\LdapAd;
|
||||||
|
use Illuminate\Support\Carbon;
|
||||||
|
use Illuminate\Support\Facades\Session;
|
||||||
|
use Illuminate\Support\Facades\Validator;
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use Illuminate\Foundation\Auth\ThrottlesLogins;
|
use Illuminate\Foundation\Auth\ThrottlesLogins;
|
||||||
use App\Models\Setting;
|
use App\Models\Setting;
|
||||||
use App\Models\Ldap;
|
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Config;
|
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Input;
|
use Illuminate\Support\Facades\Input;
|
||||||
use Redirect;
|
use Redirect;
|
||||||
use Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
use View;
|
|
||||||
use PragmaRX\Google2FA\Google2FA;
|
|
||||||
use App\Models\LdapAd;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This controller handles authentication for the user, including local
|
* This controller handles authentication for the user, including local
|
||||||
|
@ -41,23 +39,23 @@ class LoginController extends Controller
|
||||||
protected $redirectTo = '/';
|
protected $redirectTo = '/';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An LdapAd instance
|
* @var LdapAd
|
||||||
*
|
|
||||||
* @var \App\Models\LdapAd
|
|
||||||
*/
|
*/
|
||||||
protected $ldapAd;
|
protected $ldap;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new authentication controller instance.
|
* Create a new authentication controller instance.
|
||||||
*
|
*
|
||||||
|
* @param LdapAd $ldap
|
||||||
|
*
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function __construct(LdapAd $ldapAd)
|
public function __construct(LdapAd $ldap)
|
||||||
{
|
{
|
||||||
|
parent::__construct();
|
||||||
$this->middleware('guest', ['except' => ['logout','postTwoFactorAuth','getTwoFactorAuth','getTwoFactorEnroll']]);
|
$this->middleware('guest', ['except' => ['logout','postTwoFactorAuth','getTwoFactorAuth','getTwoFactorEnroll']]);
|
||||||
\Session::put('backUrl', \URL::previous());
|
Session::put('backUrl', \URL::previous());
|
||||||
|
$this->ldap = $ldap;
|
||||||
$this->ldapAd = $ldapAd;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function showLoginForm(Request $request)
|
function showLoginForm(Request $request)
|
||||||
|
@ -85,12 +83,12 @@ class LoginController extends Controller
|
||||||
*
|
*
|
||||||
* @return User
|
* @return User
|
||||||
*
|
*
|
||||||
* @throws Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
private function loginViaLdap(Request $request): User
|
private function loginViaLdap(Request $request): User
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
return $this->ldapAd->ldapLogin($request->input('username'), $request->input('password'));
|
return $this->ldap->ldapLogin($request->input('username'), $request->input('password'));
|
||||||
} catch (\Exception $ex) {
|
} catch (\Exception $ex) {
|
||||||
LOG::debug("LDAP user login: " . $ex->getMessage());
|
LOG::debug("LDAP user login: " . $ex->getMessage());
|
||||||
throw new \Exception($ex->getMessage());
|
throw new \Exception($ex->getMessage());
|
||||||
|
@ -146,7 +144,7 @@ class LoginController extends Controller
|
||||||
$user = null;
|
$user = null;
|
||||||
|
|
||||||
// Should we even check for LDAP users?
|
// Should we even check for LDAP users?
|
||||||
if (Setting::getSettings()->ldap_enabled=='1') {
|
if ($this->ldap->init()) {
|
||||||
LOG::debug("LDAP is enabled.");
|
LOG::debug("LDAP is enabled.");
|
||||||
try {
|
try {
|
||||||
LOG::debug("Attempting to log user in by LDAP authentication.");
|
LOG::debug("Attempting to log user in by LDAP authentication.");
|
||||||
|
@ -179,8 +177,8 @@ class LoginController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user = Auth::user()) {
|
if ($user = Auth::user()) {
|
||||||
$user->last_login = \Carbon::now();
|
$user->last_login = Carbon::now();
|
||||||
\Log::debug('Last login:'.$user->last_login);
|
Log::debug('Last login:'.$user->last_login);
|
||||||
$user->save();
|
$user->save();
|
||||||
}
|
}
|
||||||
// Redirect to the users page
|
// Redirect to the users page
|
||||||
|
@ -233,6 +231,8 @@ class LoginController extends Controller
|
||||||
/**
|
/**
|
||||||
* Two factor code submission
|
* Two factor code submission
|
||||||
*
|
*
|
||||||
|
* @param Request $request
|
||||||
|
*
|
||||||
* @return Redirect
|
* @return Redirect
|
||||||
*/
|
*/
|
||||||
public function postTwoFactorAuth(Request $request)
|
public function postTwoFactorAuth(Request $request)
|
||||||
|
@ -263,6 +263,8 @@ class LoginController extends Controller
|
||||||
/**
|
/**
|
||||||
* Logout page.
|
* Logout page.
|
||||||
*
|
*
|
||||||
|
* @param Request $request
|
||||||
|
*
|
||||||
* @return Redirect
|
* @return Redirect
|
||||||
*/
|
*/
|
||||||
public function logout(Request $request)
|
public function logout(Request $request)
|
||||||
|
@ -327,7 +329,7 @@ class LoginController extends Controller
|
||||||
* Override the lockout time and duration
|
* Override the lockout time and duration
|
||||||
*
|
*
|
||||||
* @param \Illuminate\Http\Request $request
|
* @param \Illuminate\Http\Request $request
|
||||||
* @return \Illuminate\Http\RedirectResponse
|
* @return bool
|
||||||
*/
|
*/
|
||||||
protected function hasTooManyLoginAttempts(Request $request)
|
protected function hasTooManyLoginAttempts(Request $request)
|
||||||
{
|
{
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
namespace App\Http\Controllers\Users;
|
namespace App\Http\Controllers\Users;
|
||||||
|
|
||||||
use App\Models\Ldap;
|
use App\Models\Ldap;
|
||||||
|
use App\Services\LdapAd;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use Illuminate\Support\Facades\Artisan;
|
use Illuminate\Support\Facades\Artisan;
|
||||||
use App\Models\LdapAd;
|
|
||||||
|
|
||||||
class LDAPImportController extends Controller
|
class LDAPImportController extends Controller
|
||||||
{
|
{
|
||||||
|
@ -24,6 +24,7 @@ class LDAPImportController extends Controller
|
||||||
*/
|
*/
|
||||||
public function __construct(LdapAd $ldap)
|
public function __construct(LdapAd $ldap)
|
||||||
{
|
{
|
||||||
|
parent::__construct();
|
||||||
$this->ldap = $ldap;
|
$this->ldap = $ldap;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,7 @@ class ViewAssetsController extends Controller
|
||||||
$assets = Asset::with('model', 'defaultLoc', 'location', 'assignedTo', 'requests')->Hardware()->RequestableAssets()->get();
|
$assets = Asset::with('model', 'defaultLoc', 'location', 'assignedTo', 'requests')->Hardware()->RequestableAssets()->get();
|
||||||
$models = AssetModel::with('category', 'requests', 'assets')->RequestableModels()->get();
|
$models = AssetModel::with('category', 'requests', 'assets')->RequestableModels()->get();
|
||||||
|
|
||||||
return view('account/requestable-assets', compact('user', 'assets', 'models'));
|
return view('account/requestable-assets', compact('assets', 'models'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
29
app/Providers/LdapServiceProvider.php
Normal file
29
app/Providers/LdapServiceProvider.php
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
<?php namespace App\Providers;
|
||||||
|
|
||||||
|
use App\Services\LdapAd;
|
||||||
|
use Illuminate\Support\ServiceProvider;
|
||||||
|
|
||||||
|
class LdapServiceProvider extends ServiceProvider
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Bootstrap the application services.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function boot()
|
||||||
|
{
|
||||||
|
$this->app->singleton(LdapAd::class, LdapAd::class);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Register any application services.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function register()
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,11 +2,11 @@
|
||||||
|
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace App\Models;
|
namespace App\Services;
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Adldap\Adldap;
|
use Adldap\Adldap;
|
||||||
use App\Traits\UserTrait;
|
|
||||||
use Adldap\Query\Paginator;
|
use Adldap\Query\Paginator;
|
||||||
use Illuminate\Support\Collection;
|
use Illuminate\Support\Collection;
|
||||||
use Illuminate\Support\Facades\Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
|
@ -22,8 +22,6 @@ use Adldap\Models\ModelNotFoundException;
|
||||||
*/
|
*/
|
||||||
class LdapAd extends LdapAdConfiguration
|
class LdapAd extends LdapAdConfiguration
|
||||||
{
|
{
|
||||||
use UserTrait;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see https://wdmsb.wordpress.com/2014/12/03/descriptions-of-active-directory-useraccountcontrol-value/
|
* @see https://wdmsb.wordpress.com/2014/12/03/descriptions-of-active-directory-useraccountcontrol-value/
|
||||||
*/
|
*/
|
||||||
|
@ -49,18 +47,29 @@ class LdapAd extends LdapAdConfiguration
|
||||||
protected $ldap;
|
protected $ldap;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* __construct.
|
* Initialize LDAP from user settings
|
||||||
|
*
|
||||||
|
* @since 5.0.0
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function __construct()
|
public function init() : bool
|
||||||
{
|
{
|
||||||
|
// Already initialized
|
||||||
|
if($this->ldap) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
parent::init();
|
||||||
if($this->isLdapEnabled()) {
|
if($this->isLdapEnabled()) {
|
||||||
parent::__construct();
|
|
||||||
$this->ldap = new Adldap();
|
$this->ldap = new Adldap();
|
||||||
$this->ldap->addProvider($this->ldapConfig);
|
$this->ldap->addProvider($this->ldapConfig);
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a user if they successfully login to the LDAP server.
|
* Create a user if they successfully login to the LDAP server.
|
||||||
*
|
*
|
||||||
* @author Wes Hulette <jwhulette@gmail.com>
|
* @author Wes Hulette <jwhulette@gmail.com>
|
||||||
|
@ -250,7 +259,7 @@ class LdapAd extends LdapAdConfiguration
|
||||||
*
|
*
|
||||||
* @since 5.0.0
|
* @since 5.0.0
|
||||||
*
|
*
|
||||||
* @param Adldap\Models\User $user
|
* @param \Adldap\Models\User $user
|
||||||
* @param Collection|null $defaultLocation
|
* @param Collection|null $defaultLocation
|
||||||
* @param Collection|null $mappedLocations
|
* @param Collection|null $mappedLocations
|
||||||
*
|
*
|
|
@ -2,8 +2,9 @@
|
||||||
|
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace App\Models;
|
namespace App\Services;
|
||||||
|
|
||||||
|
use App\Models\Setting;
|
||||||
use Exception;
|
use Exception;
|
||||||
use Illuminate\Support\Collection;
|
use Illuminate\Support\Collection;
|
||||||
|
|
||||||
|
@ -38,10 +39,11 @@ class LdapAdConfiguration
|
||||||
public $ldapConfig;
|
public $ldapConfig;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* __construct.
|
* Initialize LDAP from user settings
|
||||||
|
*
|
||||||
|
* @since 5.0.0
|
||||||
*/
|
*/
|
||||||
public function __construct()
|
public function init() {
|
||||||
{
|
|
||||||
$this->ldapSettings = $this->getSnipeItLdapSettings();
|
$this->ldapSettings = $this->getSnipeItLdapSettings();
|
||||||
if ($this->isLdapEnabled()) {
|
if ($this->isLdapEnabled()) {
|
||||||
$this->setSnipeItConfig();
|
$this->setSnipeItConfig();
|
||||||
|
@ -92,7 +94,7 @@ class LdapAdConfiguration
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (($item) && ('ldap_server' === $key)) {
|
if ($item && 'ldap_server' === $key) {
|
||||||
return collect(parse_url($item));
|
return collect(parse_url($item));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -246,7 +248,7 @@ class LdapAdConfiguration
|
||||||
*
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
protected function isLdapEnabled(): bool
|
public function isLdapEnabled(): bool
|
||||||
{
|
{
|
||||||
return $this->ldapSettings && $this->ldapSettings->get('ldap_enabled');
|
return $this->ldapSettings && $this->ldapSettings->get('ldap_enabled');
|
||||||
}
|
}
|
|
@ -277,6 +277,7 @@ return [
|
||||||
* Custom service provider
|
* Custom service provider
|
||||||
*/
|
*/
|
||||||
App\Providers\MacroServiceProvider::class,
|
App\Providers\MacroServiceProvider::class,
|
||||||
|
App\Providers\LdapServiceProvider::class,
|
||||||
|
|
||||||
|
|
||||||
],
|
],
|
||||||
|
|
BIN
public/css/blue.png
Executable file
BIN
public/css/blue.png
Executable file
Binary file not shown.
After Width: | Height: | Size: 2.1 KiB |
|
@ -29,6 +29,9 @@ mix
|
||||||
"./public/css/all.css"
|
"./public/css/all.css"
|
||||||
);
|
);
|
||||||
|
|
||||||
|
mix.copy(["./node_modules/icheck/skins/minimal/blue.png",
|
||||||
|
"./node_modules/icheck/skins/minimal/blue@2x.png"], "./public/css");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Copy, minify and version skins
|
* Copy, minify and version skins
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue