mirror of
https://github.com/snipe/snipe-it.git
synced 2024-09-21 00:07:42 -07:00
e27065fe16
Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .all-contributorsrc # README.md # app/Console/Commands/ResetDemoSettings.php # app/Helpers/Helper.php # app/Http/Controllers/Api/AccessoriesController.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Api/CategoriesController.php # app/Http/Controllers/Api/ComponentsController.php # app/Http/Controllers/Api/ConsumablesController.php # app/Http/Controllers/Api/LocationsController.php # app/Http/Controllers/Api/StatuslabelsController.php # app/Http/Controllers/Api/SuppliersController.php # app/Http/Controllers/AssetMaintenancesController.php # app/Http/Controllers/Auth/ForgotPasswordController.php # app/Http/Controllers/DepreciationsController.php # app/Http/Controllers/ReportsController.php # app/Http/Controllers/SettingsController.php # app/Http/Requests/ImageUploadRequest.php # app/Http/Transformers/ActionlogsTransformer.php # app/Http/Transformers/DepreciationsTransformer.php # app/Listeners/CheckoutableListener.php # app/Models/Accessory.php # app/Models/Asset.php # app/Models/Company.php # app/Models/Ldap.php # app/Models/User.php # app/Presenters/AssetPresenter.php # app/Presenters/CategoryPresenter.php # composer.json # composer.lock # config/version.php # database/factories/AssetModelFactory.php # database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php # database/seeds/AssetModelSeeder.php # package-lock.json # public/css/build/AdminLTE.css # public/css/build/app.css # public/css/build/overrides.css # public/css/dist/all.css # public/css/dist/bootstrap-table.css # public/css/dist/skins/skin-black-dark.css # public/css/dist/skins/skin-black-dark.min.css # public/css/dist/skins/skin-black.css # public/css/dist/skins/skin-black.min.css # public/css/dist/skins/skin-blue-dark.css # public/css/dist/skins/skin-blue-dark.min.css # public/css/dist/skins/skin-blue.css # public/css/dist/skins/skin-blue.min.css # public/css/dist/skins/skin-contrast.css # public/css/dist/skins/skin-contrast.min.css # public/css/dist/skins/skin-green-dark.css # public/css/dist/skins/skin-green-dark.min.css # public/css/dist/skins/skin-green.css # public/css/dist/skins/skin-green.min.css # public/css/dist/skins/skin-orange-dark.css # public/css/dist/skins/skin-orange-dark.min.css # public/css/dist/skins/skin-orange.css # public/css/dist/skins/skin-orange.min.css # public/css/dist/skins/skin-purple-dark.css # public/css/dist/skins/skin-purple-dark.min.css # public/css/dist/skins/skin-purple.css # public/css/dist/skins/skin-purple.min.css # public/css/dist/skins/skin-red-dark.css # public/css/dist/skins/skin-red-dark.min.css # public/css/dist/skins/skin-red.css # public/css/dist/skins/skin-red.min.css # public/css/dist/skins/skin-yellow-dark.css # public/css/dist/skins/skin-yellow-dark.min.css # public/css/dist/skins/skin-yellow.css # public/css/dist/skins/skin-yellow.min.css # public/js/build/app.js # public/js/build/vendor.js # public/js/dist/all.js # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/assets/js/vue.js # resources/lang/af/validation.php # resources/lang/ar/admin/settings/general.php # resources/lang/ar/validation.php # resources/lang/bg/admin/settings/general.php # resources/lang/bg/validation.php # resources/lang/cs/admin/settings/general.php # resources/lang/cs/validation.php # resources/lang/cy/help.php # resources/lang/cy/validation.php # resources/lang/da/admin/settings/general.php # resources/lang/da/validation.php # resources/lang/de/admin/settings/general.php # resources/lang/de/validation.php # resources/lang/el/validation.php # resources/lang/en-GB/admin/settings/general.php # resources/lang/en-GB/validation.php # resources/lang/en-ID/admin/hardware/table.php # resources/lang/en-ID/admin/settings/general.php # resources/lang/en-ID/validation.php # resources/lang/es-CO/admin/settings/general.php # resources/lang/es-CO/auth/message.php # resources/lang/es-CO/button.php # resources/lang/es-CO/help.php # resources/lang/es-CO/validation.php # resources/lang/es-ES/admin/settings/general.php # resources/lang/es-ES/auth/message.php # resources/lang/es-ES/button.php # resources/lang/es-ES/help.php # resources/lang/es-ES/validation.php # resources/lang/es-MX/admin/settings/general.php # resources/lang/es-MX/validation.php # resources/lang/es-VE/admin/settings/general.php # resources/lang/es-VE/auth/message.php # resources/lang/es-VE/button.php # resources/lang/es-VE/help.php # resources/lang/es-VE/validation.php # resources/lang/et/validation.php # resources/lang/fa/validation.php # resources/lang/fi/admin/settings/general.php # resources/lang/fi/validation.php # resources/lang/fil/validation.php # resources/lang/fr/admin/settings/general.php # resources/lang/fr/validation.php # resources/lang/ga-IE/validation.php # resources/lang/he/admin/settings/general.php # resources/lang/he/general.php # resources/lang/he/validation.php # resources/lang/hr/validation.php # resources/lang/hu/validation.php # resources/lang/id/validation.php # resources/lang/is/admin/categories/general.php # resources/lang/is/admin/companies/message.php # resources/lang/is/admin/companies/table.php # resources/lang/is/admin/components/general.php # resources/lang/is/admin/components/table.php # resources/lang/is/admin/consumables/table.php # resources/lang/is/admin/depreciations/general.php # resources/lang/is/admin/depreciations/message.php # resources/lang/is/admin/hardware/form.php # resources/lang/is/admin/hardware/general.php # resources/lang/is/admin/hardware/message.php # resources/lang/is/admin/hardware/table.php # resources/lang/is/admin/kits/general.php # resources/lang/is/admin/licenses/form.php # resources/lang/is/admin/licenses/general.php # resources/lang/is/admin/locations/table.php # resources/lang/is/admin/manufacturers/table.php # resources/lang/is/admin/reports/message.php # resources/lang/is/admin/settings/general.php # resources/lang/is/admin/settings/message.php # resources/lang/is/admin/statuslabels/message.php # resources/lang/is/admin/suppliers/message.php # resources/lang/is/admin/suppliers/table.php # resources/lang/is/admin/users/table.php # resources/lang/is/mail.php # resources/lang/is/validation.php # resources/lang/it/admin/settings/general.php # resources/lang/it/validation.php # resources/lang/iu/validation.php # resources/lang/ja/mail.php # resources/lang/ja/validation.php # resources/lang/ko/validation.php # resources/lang/lt/validation.php # resources/lang/lv/validation.php # resources/lang/mi/validation.php # resources/lang/mk/validation.php # resources/lang/ml-IN/validation.php # resources/lang/mn/validation.php # resources/lang/ms/validation.php # resources/lang/nl/admin/settings/general.php # resources/lang/nl/validation.php # resources/lang/no/validation.php # resources/lang/pl/admin/settings/general.php # resources/lang/pl/validation.php # resources/lang/pt-BR/admin/settings/general.php # resources/lang/pt-BR/mail.php # resources/lang/pt-BR/validation.php # resources/lang/pt-PT/validation.php # resources/lang/ro/validation.php # resources/lang/ru/validation.php # resources/lang/sl/validation.php # resources/lang/sr-CS/admin/settings/general.php # resources/lang/sr-CS/validation.php # resources/lang/sv-SE/admin/settings/general.php # resources/lang/sv-SE/auth/message.php # resources/lang/sv-SE/button.php # resources/lang/sv-SE/mail.php # resources/lang/sv-SE/validation.php # resources/lang/ta/validation.php # resources/lang/th/validation.php # resources/lang/tl/validation.php # resources/lang/tr/mail.php # resources/lang/tr/validation.php # resources/lang/uk/admin/accessories/table.php # resources/lang/uk/admin/asset_maintenances/message.php # resources/lang/uk/admin/asset_maintenances/table.php # resources/lang/uk/validation.php # resources/lang/ur-PK/validation.php # resources/lang/vi/admin/settings/general.php # resources/lang/vi/validation.php # resources/lang/zh-CN/admin/settings/general.php # resources/lang/zh-CN/validation.php # resources/lang/zh-HK/validation.php # resources/lang/zh-TW/validation.php # resources/lang/zu/validation.php # resources/views/partials/bootstrap-table.blade.php # resources/views/partials/forms/edit/company-select.blade.php # routes/api.php
312 lines
8.8 KiB
PHP
312 lines
8.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Services;
|
|
|
|
use App\Models\Setting;
|
|
use Exception;
|
|
use Illuminate\Support\Collection;
|
|
|
|
/**
|
|
* LDAP configuration merge for Adldap2.
|
|
*
|
|
* @see https://github.com/Adldap2/Adldap2
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*/
|
|
class LdapAdConfiguration
|
|
{
|
|
const LDAP_PORT = 389;
|
|
const CONNECTION_TIMEOUT = 5;
|
|
const DEFAULT_LDAP_VERSION = 3;
|
|
const LDAP_BOOLEAN_SETTINGS = [
|
|
'ldap_enabled',
|
|
'ldap_server_cert_ignore',
|
|
'ldap_tls',
|
|
'ldap_tls',
|
|
'ldap_pw_sync',
|
|
'is_ad',
|
|
'ad_append_domain',
|
|
];
|
|
|
|
/**
|
|
* Ldap Settings.
|
|
*
|
|
* @var Collection
|
|
*/
|
|
public $ldapSettings;
|
|
|
|
/**
|
|
* LDAP Config.
|
|
*
|
|
* @var array
|
|
*/
|
|
public $ldapConfig;
|
|
|
|
/**
|
|
* Initialize LDAP from user settings
|
|
*
|
|
* @since 5.0.0
|
|
*/
|
|
public function init()
|
|
{
|
|
|
|
// This try/catch is dumb, but is necessary to run initial migrations, since
|
|
// this service provider is booted even during migrations. :( - snipe
|
|
try {
|
|
$this->ldapSettings = $this->getSnipeItLdapSettings();
|
|
if ($this->isLdapEnabled()) {
|
|
$this->setSnipeItConfig();
|
|
}
|
|
} catch (\Exception $e) {
|
|
\Log::debug($e);
|
|
$this->ldapSettings = null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Merge the default Adlap config with the SnipeIT config.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*/
|
|
private function setSnipeItConfig()
|
|
{
|
|
$this->ldapConfig = $this->setLdapConnectionConfiguration();
|
|
$this->certificateCheck();
|
|
}
|
|
|
|
/**
|
|
* Get the LDAP settings from the Settings model.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return \Illuminate\Support\Collection
|
|
*/
|
|
private function getSnipeItLdapSettings(): Collection
|
|
{
|
|
$ldapSettings = collect();
|
|
if (Setting::first()) { // during early migration steps, there may be no settings table entry to start with
|
|
$ldapSettings = Setting::getLdapSettings()
|
|
->map(function ($item, $key) {
|
|
// Trim the items
|
|
if (is_string($item)) {
|
|
$item = trim($item);
|
|
}
|
|
// Get the boolean value of the LDAP setting, makes it easier to work with them
|
|
if (in_array($key, self::LDAP_BOOLEAN_SETTINGS)) {
|
|
return boolval($item);
|
|
}
|
|
|
|
// Decrypt the admin password
|
|
if ('ldap_pword' === $key && ! empty($item)) {
|
|
try {
|
|
return decrypt($item);
|
|
} catch (Exception $e) {
|
|
throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.');
|
|
}
|
|
}
|
|
|
|
if ($item && 'ldap_server' === $key) {
|
|
return collect(parse_url($item));
|
|
}
|
|
|
|
return $item;
|
|
});
|
|
}
|
|
|
|
return $ldapSettings;
|
|
}
|
|
|
|
/**
|
|
* Set the server certificate environment variable.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*/
|
|
private function certificateCheck(): void
|
|
{
|
|
// If we are ignoring the SSL cert we need to setup the environment variable
|
|
// before we create the connection
|
|
if ($this->ldapSettings['ldap_server_cert_ignore']) {
|
|
putenv('LDAPTLS_REQCERT=never');
|
|
}
|
|
|
|
// If the user specifies where CA Certs are, make sure to use them
|
|
if (env('LDAPTLS_CACERT')) {
|
|
putenv('LDAPTLS_CACERT='.env('LDAPTLS_CACERT'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Set the Adlap2 connection configuration values based on SnipeIT settings.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return array
|
|
*/
|
|
private function setLdapConnectionConfiguration(): array
|
|
{
|
|
// Create the configuration array.
|
|
$ldap_settings = [
|
|
// Mandatory Configuration Options
|
|
'hosts' => $this->getServerUrlBase(),
|
|
'base_dn' => $this->ldapSettings['ldap_basedn'],
|
|
'username' => $this->ldapSettings['ldap_uname'],
|
|
'password' => $this->ldapSettings['ldap_pword'],
|
|
|
|
// Optional Configuration Options
|
|
'schema' => $this->getSchema(), // FIXME - we probably ought not to be using this, right?
|
|
'account_prefix' => '',
|
|
'account_suffix' => '',
|
|
'port' => $this->getPort(),
|
|
'follow_referrals' => false,
|
|
'use_ssl' => $this->isSsl(),
|
|
'use_tls' => $this->ldapSettings['ldap_tls'],
|
|
'version' => $this->ldapSettings['ldap_version'] ?? self::DEFAULT_LDAP_VERSION,
|
|
'timeout' => self::CONNECTION_TIMEOUT,
|
|
|
|
// Custom LDAP Options
|
|
'custom_options' => [
|
|
// See: http://php.net/ldap_set_option
|
|
// LDAP_OPT_X_TLS_REQUIRE_CERT => LDAP_OPT_X_TLS_HARD,
|
|
],
|
|
];
|
|
|
|
if($this->ldapSettings['ldap_client_tls_cert'] || $this->ldapSettings['ldap_client_tls_key']) {
|
|
$ldap_settings['custom_options'] = [
|
|
LDAP_OPT_X_TLS_CERTFILE => Setting::get_client_side_cert_path(),
|
|
LDAP_OPT_X_TLS_KEYFILE => Setting::get_client_side_key_path()
|
|
];
|
|
}
|
|
return $ldap_settings;
|
|
}
|
|
|
|
/**
|
|
* Get the schema to use for the connection.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return string
|
|
*/
|
|
private function getSchema(): string //wait, what? This is a little weird, since we have completely separate variables for this; we probably shoulnd't be using any 'schema' at all
|
|
{
|
|
$schema = \Adldap\Schemas\OpenLDAP::class;
|
|
if ($this->ldapSettings['is_ad']) {
|
|
$schema = \Adldap\Schemas\ActiveDirectory::class;
|
|
}
|
|
|
|
return $schema;
|
|
}
|
|
|
|
/**
|
|
* Get the port number from the connection url.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return int
|
|
*/
|
|
private function getPort(): int
|
|
{
|
|
$port = $this->getLdapServerData('port');
|
|
if ($port && is_int($port)) {
|
|
return $port;
|
|
}
|
|
|
|
return self::LDAP_PORT;
|
|
}
|
|
|
|
/**
|
|
* Get ldap scheme from url to determin ssl use.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function isSsl(): bool
|
|
{
|
|
$scheme = $this->getLdapServerData('scheme');
|
|
if ($scheme && 'ldaps' === strtolower($scheme)) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Return the base url to the LDAP server.
|
|
*
|
|
* @author Wes Hulette <jwhulette@gmail.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return array
|
|
*/
|
|
private function getServerUrlBase(): array
|
|
{
|
|
/* if ($this->ldapSettings['is_ad']) {
|
|
return collect(explode(',', $this->ldapSettings['ad_domain']))->map(function ($item) {
|
|
return trim($item);
|
|
})->toArray();
|
|
} */ // <- this was the *original* intent of the PR for AdLdap2, but we've been moving away from having
|
|
// two separate fields - one for "ldap_host" and one for "ad_domain" - towards just using "ldap_host"
|
|
// ad_domain for us just means "append this domain to your usernames for login, if you click that checkbox"
|
|
// that's all, nothing more (I hope).
|
|
|
|
$url = $this->getLdapServerData('host');
|
|
|
|
return $url ? [$url] : [];
|
|
}
|
|
|
|
/**
|
|
* Get ldap enabled setting
|
|
*
|
|
* @author Steffen Buehl <sb@sbuehl.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function isLdapEnabled(): bool
|
|
{
|
|
return $this->ldapSettings && $this->ldapSettings->get('ldap_enabled');
|
|
}
|
|
|
|
/**
|
|
* Get parsed ldap server information
|
|
*
|
|
* @author Steffen Buehl <sb@sbuehl.com>
|
|
*
|
|
* @since 5.0.0
|
|
*
|
|
* @param $key
|
|
* @return mixed|null
|
|
*/
|
|
protected function getLdapServerData($key)
|
|
{
|
|
if ($this->ldapSettings) {
|
|
$ldapServer = $this->ldapSettings->get('ldap_server');
|
|
if ($ldapServer && $ldapServer instanceof Collection) {
|
|
return $ldapServer->get($key);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|