DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Re-add LDAP "test login" feature to LDAP settings (helps with #8751) (#8757)

Browse source 
* Start work on re-adding back the "Test LDAP logins" feature to develop

* Add back-end method to allow LDAP test users to try to log in.
This commit is contained in:
Brady Wetherington 2020-11-16 21:23:08 -08:00 committed by GitHub
parent 8504c9e8b9
commit a97b15ec96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 150 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
app/Http/Controllers/Api/SettingsController.php
View file

@ -15,6 +15,7 @@ use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Notification;
use GuzzleHttp\Client;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Facades\Validator;
class SettingsController extends Controller
{
@ -93,6 +94,51 @@ class SettingsController extends Controller
return response()->json($message, 200);
}
public function ldaptestlogin(Request $request, LdapAd $ldap)
{
if (Setting::getSettings()->ldap_enabled!='1') {
\Log::debug('LDAP is not enabled. Cannot test.');
return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
}
$rules = array(
'ldaptest_user' => 'required',
'ldaptest_password' => 'required'
);
$validator = Validator::make($request->all(), $rules);
if ($validator->fails()) {
\Log::debug('LDAP Validation test failed.');
$validation_errors = implode(' ',$validator->errors()->all());
return response()->json(['message' => $validator->errors()->all()], 400);
}
\Log::debug('Preparing to test LDAP login');
try {
DB::beginTransaction(); //this was the easiest way to invoke a full test of an LDAP login without adding new users to the DB (which may not be desired)
// $results = $ldap->ldap->auth()->attempt($request->input('ldaptest_username'), $request->input('ldaptest_password'), true);
// can't do this because that's a protected property.
$results = $ldap->ldapLogin($request->input('ldaptest_user'), $request->input('ldaptest_password')); // this would normally create a user on success (if they didn't already exist), but for the transaction
if($results) {
return response()->json(['message' => 'It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.'], 200);
} else {
return response()->json(['message' => 'Login Failed. '. $request->input('ldaptest_user').' did not successfully bind to LDAP.'], 400);
}
} catch (\Exception $e) {
\Log::debug('Connection failed');
return response()->json(['message' => $e->getMessage()], 400);
} finally {
DB::rollBack(); // ALWAYS rollback, whether success or failure
}
}
public function slacktest(Request $request)
{

2
app/Services/LdapAd.php
View file

@ -446,7 +446,7 @@ class LdapAd extends LdapAdConfiguration
public function testLdapAdUserConnection(): void
{
try {
$this->ldap->connect(); //uh, this doesn't seem to exist :/
$this->ldap->connect();
} catch (\Adldap\Auth\BindException $e) {
Log::error($e);
throw new Exception('Unable to connect to LDAP directory!');

103
resources/views/settings/ldap.blade.php
View file

@ -379,6 +379,38 @@
</div>
<!-- LDAP Login test -->
<div class="form-group">
<div class="col-md-3">
{{ Form::label('test_ldap_login', 'Test LDAP Login') }}
</div>
<div class="col-md-9">
<div class="row">
<div class="col-md-4">
<input type="text" name="ldaptest_user" id="ldaptest_user" class="form-control" placeholder="LDAP username">
</div>
<div class="col-md-4">
<input type="password" name="ldaptest_password" id="ldaptest_password" class="form-control" placeholder="LDAP password">
</div>
<div class="col-md-3">
<a class="btn btn-default btn-sm" id="ldaptestlogin" style="margin-right: 10px;">Test LDAP</a>
</div>
</div>
</div>
<div class="col-md-9 col-md-offset-3">
<span id="ldaptestloginicon"></span>
<span id="ldaptestloginresult"></span>
<span id="ldaptestloginstatus"></span>
</div>
<div class="col-md-9 col-md-offset-3">
<p class="help-block">{{ trans('admin/settings/general.ldap_login_test_help') }}</p>
</div>
</div>
@endif
<!-- LDAP Forgotten password -->
@ -527,5 +559,76 @@
body += "</tbody>"
return body;
}
$("#ldaptestlogin").click(function(){
$("#ldaptestloginrow").removeClass('text-success');
$("#ldaptestloginrow").removeClass('text-danger');
$("#ldaptestloginstatus").removeClass('text-danger');
$("#ldaptestloginstatus").html('');
$("#ldaptestloginicon").html('<i class="fa fa-spinner spin"></i> Testing LDAP Authentication...');
$.ajax({
url: '{{ route('api.settings.ldaptestlogin') }}',
type: 'POST',
headers: {
"X-Requested-With": 'XMLHttpRequest',
"X-CSRF-TOKEN": $('meta[name="csrf-token"]').attr('content')
},
data: {
'ldaptest_user': $('#ldaptest_user').val(),
'ldaptest_password': $('#ldaptest_password').val()
},
dataType: 'json',
success: function (data) {
$("#ldaptestloginicon").html('');
$("#ldaptestloginrow").addClass('text-success');
$("#ldaptestloginstatus").addClass('text-success');
$("#ldaptestloginstatus").html('<i class="fa fa-check text-success"></i> User authenticated against LDAP successfully!');
},
error: function (data) {
if (data.responseJSON) {
var errors = data.responseJSON.message;
} else {
var errors;
}
var error_text = '';
$("#ldaptestloginicon").html('');
$("#ldaptestloginstatus").addClass('text-danger');
$("#ldaptestloginicon").html('<i class="fa fa-exclamation-triangle text-danger"></i>');
if (data.status == 500) {
$('#ldaptestloginstatus').html('500 Server Error');
} else if (data.status == 400) {
if (typeof errors !='string') {
for (i = 0; i < errors.length; i++) {
if (errors[i]) {
error_text += '<li>Error: ' + errors[i];
}
}
} else {
error_text = errors;
}
$('#ldaptestloginstatus').html(error_text);
} else {
$('#ldaptestloginstatus').html(data.responseText.message);
}
}
});
});
</script>
@endpush