Initial attempt at adding LDAP login support

2019-10-13 02:06:36 +02:00 · 2019-10-13 02:06:36 +02:00 · 28646e1c5f
parent e707990e2d
commit 28646e1c5f
2 changed files with 42 additions and 3 deletions
--- a/src/lib/Hydra.pm
+++ b/src/lib/Hydra.pm
@ -20,7 +20,8 @@ use Catalyst qw/ConfigLoader
                Captcha/,
                '-Log=warn,fatal,error';
 use CatalystX::RoleApplicator;
-
+use YAML qw(LoadFile);
+use Path::Class 'file';

 our $VERSION = '0.01';

@ -44,6 +45,9 @@ __PACKAGE__->config(
                    role_field => "role",
                },
            },
+            ldap => LoadFile(
+		file($ENV{'HYDRA_LDAP_CONFIG'})
+	    )
        },
    },
    'Plugin::Static::Simple' => {
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -12,6 +12,7 @@ use Hydra::Helper::Email;
 use LWP::UserAgent;
 use JSON;
 use HTML::Entities;
+use Encode qw(decode);


 __PACKAGE__->config->{namespace} = '';
@ -28,8 +29,12 @@ sub login_POST {
    error($c, "You must specify a user name.") if $username eq "";
    error($c, "You must specify a password.") if $password eq "";

-    accessDenied($c, "Bad username or password.")
-        if !$c->authenticate({username => $username, password => $password});
+    if ($c->authenticate({username => $username, password => $password}, 'ldap')) {
+        doLDAPLogin($self, $c, $username);
+    } elsif ($c->authenticate({username => $username, password => $password})) {}
+    else {
+        accessDenied($c, "Bad username or password.")
+    }

    currentUser_GET($self, $c);
 }
@ -44,6 +49,36 @@ sub logout_POST {
    $self->status_no_content($c);
 }

+sub doLDAPLogin {
+    my ($self, $c, $username) = @_;
+
+    my $user = $c->find_user({ username => $username });
+    my $LDAPUser = $c->find_user({ username => $username }, 'ldap');
+    my @LDAPRoles = grep { (substr $_, 0, 5) eq "hydra" } $LDAPUser->roles;
+
+    if (!$user) {
+        $c->model('DB::Users')->create(
+            { username => $username
+            , fullname => decode('UTF-8', $LDAPUser->cn)
+            , password => "!"
+            , emailaddress => $LDAPUser->mail
+            , type => "LDAP"
+        });
+        $user = $c->find_user({ username => $username }) or die;
+    } else {
+        $user->update(
+            { fullname => decode('UTF-8', $LDAPUser->cn)
+            , password => "!"
+            , emailaddress => $LDAPUser->mail
+            , type => "LDAP"
+        });
+    }
+    $user->userroles->delete;
+    if (@LDAPRoles) {
+        $user->userroles->create({ role => (substr $_, 6) }) for @LDAPRoles;
+    }
+    $c->set_authenticated($user);
+}

 sub doEmailLogin {
    my ($self, $c, $type, $email, $fullName) = @_;