Initial attempt at adding LDAP login support

2019-10-13 02:06:36 +02:00 · 2019-10-13 02:06:36 +02:00 · 28646e1c5f
parent e707990e2d
commit 28646e1c5f
2 changed files with 42 additions and 3 deletions
--- a/src/lib/Hydra.pm
+++ b/src/lib/Hydra.pm
@ -20,7 +20,8 @@ use Catalyst qw/ConfigLoader
                Captcha/,
                '-Log=warn,fatal,error';
 use CatalystX::RoleApplicator;
-
+use YAML qw(LoadFile);
 use Path::Class 'file';
 our $VERSION = '0.01';
@ -44,6 +45,9 @@ __PACKAGE__->config(
                    role_field => "role",
                },
            },
            ldap => LoadFile(
 		file($ENV{'HYDRA_LDAP_CONFIG'})
 	    )
        },
    },
    'Plugin::Static::Simple' => {
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -12,6 +12,7 @@ use Hydra::Helper::Email;
 use LWP::UserAgent;
 use JSON;
 use HTML::Entities;
 use Encode qw(decode);
 __PACKAGE__->config->{namespace} = '';
@ -28,8 +29,12 @@ sub login_POST {
    error($c, "You must specify a user name.") if $username eq "";
    error($c, "You must specify a password.") if $password eq "";
-    accessDenied($c, "Bad username or password.")
+    if ($c->authenticate({username => $username, password => $password}, 'ldap')) {
-        if !$c->authenticate({username => $username, password => $password});
+        doLDAPLogin($self, $c, $username);
    } elsif ($c->authenticate({username => $username, password => $password})) {}
    else {
        accessDenied($c, "Bad username or password.")
    }
    currentUser_GET($self, $c);
 }
@ -44,6 +49,36 @@ sub logout_POST {
    $self->status_no_content($c);
 }
 sub doLDAPLogin {
    my ($self, $c, $username) = @_;
    my $user = $c->find_user({ username => $username });
    my $LDAPUser = $c->find_user({ username => $username }, 'ldap');
    my @LDAPRoles = grep { (substr $_, 0, 5) eq "hydra" } $LDAPUser->roles;
    if (!$user) {
        $c->model('DB::Users')->create(
            { username => $username
            , fullname => decode('UTF-8', $LDAPUser->cn)
            , password => "!"
            , emailaddress => $LDAPUser->mail
            , type => "LDAP"
        });
        $user = $c->find_user({ username => $username }) or die;
    } else {
        $user->update(
            { fullname => decode('UTF-8', $LDAPUser->cn)
            , password => "!"
            , emailaddress => $LDAPUser->mail
            , type => "LDAP"
        });
    }
    $user->userroles->delete;
    if (@LDAPRoles) {
        $user->userroles->create({ role => (substr $_, 6) }) for @LDAPRoles;
    }
    $c->set_authenticated($user);
 }
 sub doEmailLogin {
    my ($self, $c, $type, $email, $fullName) = @_;