Initial attempt at adding LDAP login support

This commit is contained in:
ajs124 2019-10-13 02:06:36 +02:00 committed by Andreas Rammhold
parent e707990e2d
commit 28646e1c5f
2 changed files with 42 additions and 3 deletions

View file

@ -20,7 +20,8 @@ use Catalyst qw/ConfigLoader
Captcha/, Captcha/,
'-Log=warn,fatal,error'; '-Log=warn,fatal,error';
use CatalystX::RoleApplicator; use CatalystX::RoleApplicator;
use YAML qw(LoadFile);
use Path::Class 'file';
our $VERSION = '0.01'; our $VERSION = '0.01';
@ -44,6 +45,9 @@ __PACKAGE__->config(
role_field => "role", role_field => "role",
}, },
}, },
ldap => LoadFile(
file($ENV{'HYDRA_LDAP_CONFIG'})
)
}, },
}, },
'Plugin::Static::Simple' => { 'Plugin::Static::Simple' => {

View file

@ -12,6 +12,7 @@ use Hydra::Helper::Email;
use LWP::UserAgent; use LWP::UserAgent;
use JSON; use JSON;
use HTML::Entities; use HTML::Entities;
use Encode qw(decode);
__PACKAGE__->config->{namespace} = ''; __PACKAGE__->config->{namespace} = '';
@ -28,8 +29,12 @@ sub login_POST {
error($c, "You must specify a user name.") if $username eq ""; error($c, "You must specify a user name.") if $username eq "";
error($c, "You must specify a password.") if $password eq ""; error($c, "You must specify a password.") if $password eq "";
if ($c->authenticate({username => $username, password => $password}, 'ldap')) {
doLDAPLogin($self, $c, $username);
} elsif ($c->authenticate({username => $username, password => $password})) {}
else {
accessDenied($c, "Bad username or password.") accessDenied($c, "Bad username or password.")
if !$c->authenticate({username => $username, password => $password}); }
currentUser_GET($self, $c); currentUser_GET($self, $c);
} }
@ -44,6 +49,36 @@ sub logout_POST {
$self->status_no_content($c); $self->status_no_content($c);
} }
sub doLDAPLogin {
my ($self, $c, $username) = @_;
my $user = $c->find_user({ username => $username });
my $LDAPUser = $c->find_user({ username => $username }, 'ldap');
my @LDAPRoles = grep { (substr $_, 0, 5) eq "hydra" } $LDAPUser->roles;
if (!$user) {
$c->model('DB::Users')->create(
{ username => $username
, fullname => decode('UTF-8', $LDAPUser->cn)
, password => "!"
, emailaddress => $LDAPUser->mail
, type => "LDAP"
});
$user = $c->find_user({ username => $username }) or die;
} else {
$user->update(
{ fullname => decode('UTF-8', $LDAPUser->cn)
, password => "!"
, emailaddress => $LDAPUser->mail
, type => "LDAP"
});
}
$user->userroles->delete;
if (@LDAPRoles) {
$user->userroles->create({ role => (substr $_, 6) }) for @LDAPRoles;
}
$c->set_authenticated($user);
}
sub doEmailLogin { sub doEmailLogin {
my ($self, $c, $type, $email, $fullName) = @_; my ($self, $c, $type, $email, $fullName) = @_;