BookStack Code Mirror - bookstack/blobdiff - app/Services/LdapService.php

diff --git a/app/Services/LdapService.php b/app/Services/LdapService.php

index 40b24f1419c06e60cc372dae0b57fd1e621fe70a..3eb2f2830e69bec68ea1a21630ad71ee0a4d0959 100644 (file)

--- a/app/Services/LdapService.php

+++ b/app/Services/LdapService.php

@@ -1,6 +1,5 @@

<?php namespace BookStack\Services;

-

use BookStack\Exceptions\LdapException;

use Illuminate\Contracts\Auth\Authenticatable;

@@ -41,15 +40,20 @@ class LdapService

// Find user

$userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]);

$baseDn = $this->config['base_dn'];

- $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', 'mail']);

- if ($users['count'] === 0) return null;

+ $emailAttr = $this->config['email_attribute'];

+ $followReferrals = $this->config['follow_referrals'] ? 1 : 0;

+ $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, $followReferrals);

+ $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', $emailAttr]);

+ if ($users['count'] === 0) {

+ return null;

+ }

$user = $users[0];

return [

'uid' => (isset($user['uid'])) ? $user['uid'][0] : $user['dn'],

'name' => $user['cn'][0],

'dn' => $user['dn'],

- 'email' => (isset($user['mail'])) ? $user['mail'][0] : null

+ 'email' => (isset($user[$emailAttr])) ? (is_array($user[$emailAttr]) ? $user[$emailAttr][0] : $user[$emailAttr]) : null

];

}

@@ -63,8 +67,12 @@ class LdapService

public function validateUserCredentials(Authenticatable $user, $username, $password)

{

$ldapUser = $this->getUserDetails($username);

- if ($ldapUser === null) return false;

- if ($ldapUser['uid'] !== $user->external_auth_id) return false;

+ if ($ldapUser === null) {

+ return false;

+ }

+ if ($ldapUser['uid'] !== $user->external_auth_id) {

+ return false;

+ }

$ldapConnection = $this->getConnection();

try {

@@ -94,7 +102,9 @@ class LdapService

$ldapBind = $this->ldap->bind($connection, $ldapDn, $ldapPass);

}

- if (!$ldapBind) throw new LdapException(($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed')));

+ if (!$ldapBind) {

+ throw new LdapException(($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed')));

+ }

}

/**

@@ -105,16 +115,24 @@ class LdapService

*/

protected function getConnection()

{

- if ($this->ldapConnection !== null) return $this->ldapConnection;

+ if ($this->ldapConnection !== null) {

+ return $this->ldapConnection;

+ }

// Check LDAP extension in installed

if (!function_exists('ldap_connect') && config('app.env') !== 'testing') {

throw new LdapException(trans('errors.ldap_extension_not_installed'));

}

- // Get port from server string if specified.

+ // Get port from server string and protocol if specified.

$ldapServer = explode(':', $this->config['server']);

- $ldapConnection = $this->ldap->connect($ldapServer[0], count($ldapServer) > 1 ? $ldapServer[1] : 389);

+ $hasProtocol = preg_match('/^ldaps{0,1}\:\/\//', $this->config['server']) === 1;

+ if (!$hasProtocol) {

+ array_unshift($ldapServer, '');

+ }

+ $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];

+ $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;

+ $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);

if ($ldapConnection === false) {

throw new LdapException(trans('errors.ldap_cannot_connect'));

@@ -144,5 +162,4 @@ class LdapService

}

return strtr($filterString, $newAttrs);

}

-

-}

\ No newline at end of file

+}