forked from lix-project/hydra
Initial attempt at adding LDAP login support
This commit is contained in:
parent
e707990e2d
commit
28646e1c5f
2 changed files with 42 additions and 3 deletions
|
@ -20,7 +20,8 @@ use Catalyst qw/ConfigLoader
|
||||||
Captcha/,
|
Captcha/,
|
||||||
'-Log=warn,fatal,error';
|
'-Log=warn,fatal,error';
|
||||||
use CatalystX::RoleApplicator;
|
use CatalystX::RoleApplicator;
|
||||||
|
use YAML qw(LoadFile);
|
||||||
|
use Path::Class 'file';
|
||||||
|
|
||||||
our $VERSION = '0.01';
|
our $VERSION = '0.01';
|
||||||
|
|
||||||
|
@ -44,6 +45,9 @@ __PACKAGE__->config(
|
||||||
role_field => "role",
|
role_field => "role",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
ldap => LoadFile(
|
||||||
|
file($ENV{'HYDRA_LDAP_CONFIG'})
|
||||||
|
)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'Plugin::Static::Simple' => {
|
'Plugin::Static::Simple' => {
|
||||||
|
|
|
@ -12,6 +12,7 @@ use Hydra::Helper::Email;
|
||||||
use LWP::UserAgent;
|
use LWP::UserAgent;
|
||||||
use JSON;
|
use JSON;
|
||||||
use HTML::Entities;
|
use HTML::Entities;
|
||||||
|
use Encode qw(decode);
|
||||||
|
|
||||||
|
|
||||||
__PACKAGE__->config->{namespace} = '';
|
__PACKAGE__->config->{namespace} = '';
|
||||||
|
@ -28,8 +29,12 @@ sub login_POST {
|
||||||
error($c, "You must specify a user name.") if $username eq "";
|
error($c, "You must specify a user name.") if $username eq "";
|
||||||
error($c, "You must specify a password.") if $password eq "";
|
error($c, "You must specify a password.") if $password eq "";
|
||||||
|
|
||||||
|
if ($c->authenticate({username => $username, password => $password}, 'ldap')) {
|
||||||
|
doLDAPLogin($self, $c, $username);
|
||||||
|
} elsif ($c->authenticate({username => $username, password => $password})) {}
|
||||||
|
else {
|
||||||
accessDenied($c, "Bad username or password.")
|
accessDenied($c, "Bad username or password.")
|
||||||
if !$c->authenticate({username => $username, password => $password});
|
}
|
||||||
|
|
||||||
currentUser_GET($self, $c);
|
currentUser_GET($self, $c);
|
||||||
}
|
}
|
||||||
|
@ -44,6 +49,36 @@ sub logout_POST {
|
||||||
$self->status_no_content($c);
|
$self->status_no_content($c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub doLDAPLogin {
|
||||||
|
my ($self, $c, $username) = @_;
|
||||||
|
|
||||||
|
my $user = $c->find_user({ username => $username });
|
||||||
|
my $LDAPUser = $c->find_user({ username => $username }, 'ldap');
|
||||||
|
my @LDAPRoles = grep { (substr $_, 0, 5) eq "hydra" } $LDAPUser->roles;
|
||||||
|
|
||||||
|
if (!$user) {
|
||||||
|
$c->model('DB::Users')->create(
|
||||||
|
{ username => $username
|
||||||
|
, fullname => decode('UTF-8', $LDAPUser->cn)
|
||||||
|
, password => "!"
|
||||||
|
, emailaddress => $LDAPUser->mail
|
||||||
|
, type => "LDAP"
|
||||||
|
});
|
||||||
|
$user = $c->find_user({ username => $username }) or die;
|
||||||
|
} else {
|
||||||
|
$user->update(
|
||||||
|
{ fullname => decode('UTF-8', $LDAPUser->cn)
|
||||||
|
, password => "!"
|
||||||
|
, emailaddress => $LDAPUser->mail
|
||||||
|
, type => "LDAP"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
$user->userroles->delete;
|
||||||
|
if (@LDAPRoles) {
|
||||||
|
$user->userroles->create({ role => (substr $_, 6) }) for @LDAPRoles;
|
||||||
|
}
|
||||||
|
$c->set_authenticated($user);
|
||||||
|
}
|
||||||
|
|
||||||
sub doEmailLogin {
|
sub doEmailLogin {
|
||||||
my ($self, $c, $type, $email, $fullName) = @_;
|
my ($self, $c, $type, $email, $fullName) = @_;
|
||||||
|
|
Loading…
Reference in a new issue