oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adding pluggable authentication

Browse source
This commit is contained in:
Martin Kamerbeek 2002-11-18 17:44:14 +00:00
parent d843d50c5f
commit 7af36f0c03
8 changed files with 421 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

144
lib/WebGUI/Operation/Account.pm
View file

@ -13,7 +13,9 @@ package WebGUI::Operation::Account;
use Digest::MD5 qw(md5_base64);
use Exporter;
use Net::LDAP;
use strict;
use strict qw(vars subs);
#use warnings;
#use strict;
use URI;
use WebGUI::DateTime;
use WebGUI::ErrorHandler;
@ -29,24 +31,10 @@ use WebGUI::SQL;
use WebGUI::URL;
use WebGUI::User;
use WebGUI::Utility;
use WebGUI::Authentication;
our @ISA = qw(Exporter);
our @EXPORT = qw(&www_viewMessageLogMessage &www_viewMessageLog &www_viewProfile &www_editProfile &www_editProfileSave &www_createAccount &www_deactivateAccount &www_deactivateAccountConfirm &www_displayAccount &www_displayLogin &www_login &www_logout &www_recoverPassword &www_recoverPasswordFinish &www_createAccountSave &www_updateAccount);
our %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)',
3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)',
6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)',
9=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)',
13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)',
15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)',
18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)',
20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'No Such Object (32)',
33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)',
48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)',
50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)',
53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)',
65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)',
68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',
71=>'Affects Multiple DSAs (71)', 80=>'other (80)');
#-------------------------------------------------------------------
sub _accountOptions {
@ -135,7 +123,7 @@ sub _validateProfileData {
#-------------------------------------------------------------------
sub www_createAccount {
my ($output, %language, @array,
my ($output, %language, @array, $cmd, $return,
$previousCategory, $category, $f, $a, %data, $default, $label, $values, $method);
tie %data, 'Tie::CPHash';
if ($session{user}{userId} != 1) {
@ -144,20 +132,21 @@ sub www_createAccount {
$output .= www_displayLogin();
} else {
$output .= '<h1>'.WebGUI::International::get(54).'</h1>';
$f = WebGUI::HTMLForm->new();
$f->hidden("op","createAccountSave");
unless ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
unless ($session{setting}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) {
$f->text("username",WebGUI::International::get(50),$session{form}{username});
}
if ($session{setting}{authMethod} eq "LDAP") {
$f->hidden("identifier1","ldap-password");
$f->hidden("identifier2","ldap-password");
$f->text("ldapId",$session{setting}{ldapIdName});
$f->password("ldapPassword",$session{setting}{ldapPasswordName});
} else {
$f->password("identifier1",WebGUI::International::get(51));
$f->password("identifier2",WebGUI::International::get(55));
unless ($session{setting}{authMethod} eq 'WebGUI') {
$f->text("loginId", 'loginName');
}
$cmd = $session{authentication}{$session{setting}{authMethod}} . "::formCreateAccount";
$return = eval {&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method formCreateAccount on Authentication module: $session{setting}{authMethod}. ".$@) if($@);
$f->raw($return);
$a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory
where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
@ -196,10 +185,12 @@ sub www_createAccount {
$output .= '<div class="accountOptions"><ul>';
$output .= '<li><a href="'.WebGUI::URL::page('op=displayLogin').'">'.
WebGUI::International::get(58).'</a>';
if ($session{setting}{authMethod} eq "WebGUI") {
$output .= '<li><a href="'.WebGUI::URL::page('op=recoverPassword').'">'.
WebGUI::International::get(59).'</a>';
}
$output .= '</ul></div>';
}
return $output;
@ -207,54 +198,30 @@ sub www_createAccount {
#-------------------------------------------------------------------
sub www_createAccountSave {
my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search,
my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, $cmd,
$connectDN, $auth, $output, $error, $uid, $encryptedPassword, $fieldName);
if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
$username = $session{form}{ldapId};
if ($session{setting}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) {
$username = $session{form}{loginId};
} else {
$username = $session{form}{username};
}
$error = _hasBadUsername($username);
$error .= _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
if ($session{setting}{authMethod} eq "LDAP") {
$uri = URI->new($session{setting}{ldapURL});
if ($uri->port < 1) {
$port = 389;
} else {
$port = $uri->port;
}
%args = (port => $port);
$ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79);
$ldap->bind;
$search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{ldapId});
if (defined $search->entry(0)) {
$connectDN = "cn=".$search->entry(0)->get_value("cn");
$ldap->unbind;
$ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79);
$auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword});
if ($auth->code == 48 || $auth->code == 49) {
$error .= '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
} elsif ($auth->code > 0) {
$error .= '<li>LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '.WebGUI::International::get(69);
WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
}
$ldap->unbind;
} else {
$error .= '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
}
}
$cmd = $session{authentication}{$session{setting}{authMethod}} . '::hasBadUserData';
$error .= eval {&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method hasBadUserData on Authentication module: $session{setting}{authMethod}. ".$@) if($@);
($profile, $temp) = _validateProfileData();
$error .= $temp;
if ($error eq "") {
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
$u = WebGUI::User->new("new");
$u->username($username);
$u->identifier($encryptedPassword);
$u->authMethod($session{setting}{authMethod});
$u->ldapURL($session{setting}{ldapURL});
$u->connectDN($connectDN);
$cmd = $session{authentication}{$session{setting}{authMethod}} . '::saveCreateAccount';
eval {&$cmd($u->userId)};
WebGUI::ErrorHandler::fatalError("Unable to load method saveCreateAccount on Authentication module: $session{setting}{authMethod}. ".$@) if($@);
$u->karma($session{setting}{karmaPerLogin},"Login","Just for logging in.") if ($session{setting}{useKarma});
foreach $fieldName (keys %{$profile}) {
$u->profileField($fieldName,${$profile}{$fieldName});
@ -307,13 +274,15 @@ sub www_displayAccount {
$f = WebGUI::HTMLForm->new;
$f->hidden("op","updateAccount");
$f->readOnly($session{user}{karma},WebGUI::International::get(537)) if ($session{setting}{useKarma});
if ($session{user}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
if ($session{user}{authMethod} ne "WebGUI" && $session{setting}{usernameBinding}) {
$f->hidden("username",$session{user}{username});
$f->readOnly($session{user}{username},WebGUI::International::get(50));
} else {
$f->text("username",WebGUI::International::get(50),$session{user}{username});
}
if ($session{user}{authMethod} eq "LDAP") {
if ($session{user}{authMethod} ne "WebGUI") {
$f->hidden("identifier1","password");
$f->hidden("identifier2","password");
} else {
@ -432,48 +401,23 @@ sub www_editProfileSave {
#-------------------------------------------------------------------
sub www_login {
my ($uri, $port, $ldap, %args, $auth, $error, $uid, $success, $u);
my ($cmd, $uid, $success, $u);
($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
$u = WebGUI::User->new($uid);
if ($u->authMethod eq "LDAP") {
$uri = URI->new($u->ldapURL);
if ($uri->port < 1) {
$port = 389;
} else {
$port = $uri->port;
}
%args = (port => $port);
$ldap = Net::LDAP->new($uri->host, %args) or $error = WebGUI::International::get(79);
$auth = $ldap->bind(dn=>$u->connectDN, password=>$session{form}{identifier});
if ($auth->code == 48 || $auth->code == 49) {
$error = WebGUI::International::get(68);
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
_logLogin($uid,"invalid username/password");
} elsif ($auth->code > 0) {
$error .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured.';
$error .= WebGUI::International::get(69);
WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
_logLogin($uid,"LDAP error: ".$ldapStatusCode{$auth->code});
} else {
$success = 1;
}
$ldap->unbind;
} else {
if (Digest::MD5::md5_base64($session{form}{identifier}) eq $u->identifier && $session{form}{identifier} ne "") {
$success = 1;
} else {
$error = WebGUI::International::get(68);
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
_logLogin($uid,"invalid username/password");
}
}
if ($success) {
$cmd = $session{authentication}{$u->authMethod}."::validateUser";
$success = eval{&$cmd($uid, $session{form}{identifier})};
WebGUI::ErrorHandler::fatalError("Unable to load method validateUser on Authentication module: $_. ".$@) if($@);
if ($success == 1) {
WebGUI::Session::start($uid);
$u->karma($session{setting}{karmaPerLogin},"Login","Just for logging in.") if ($session{setting}{useKarma});
_logLogin($uid,"success");
return "";
} else {
return "<h1>".WebGUI::International::get(70)."</h1>".$error.www_displayLogin();
_logLogin($uid, $success);
return "<h1>".WebGUI::International::get(70)."</h1>".$success.www_displayLogin();
}
}

20
lib/WebGUI/Operation/Settings.pm
View file

@ -11,7 +11,7 @@ package WebGUI::Operation::Settings;
#-------------------------------------------------------------------
use Exporter;
use strict;
use strict qw(Vars Subs);
use WebGUI::DateTime;
use WebGUI::HTMLForm;
use WebGUI::Icon;
@ -38,8 +38,10 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_editUserSettings {
WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
my ($output, %authMethod, $f);
%authMethod = ('WebGUI'=>'WebGUI', 'LDAP'=>'LDAP');
my ($output, %authMethod, $f, $cmd, $html);
%authMethod = map {$_ => $_} @{$session{authentication}{available}};
$output .= helpIcon(2);
$output .= '<h1>'.WebGUI::International::get(117).'</h1>';
$f = WebGUI::HTMLForm->new;
@ -53,10 +55,14 @@ sub www_editUserSettings {
$f->interval("sessionTimeout",WebGUI::International::get(142),WebGUI::DateTime::secondsToInterval($session{setting}{sessionTimeout}));
$f->select("authMethod",\%authMethod,WebGUI::International::get(119),[$session{setting}{authMethod}]);
$f->yesNo("usernameBinding",WebGUI::International::get(306),$session{setting}{usernameBinding});
$f->url("ldapURL",WebGUI::International::get(120),$session{setting}{ldapURL});
$f->text("ldapId",WebGUI::International::get(121),$session{setting}{ldapId});
$f->text("ldapIdName",WebGUI::International::get(122),$session{setting}{ldapIdName});
$f->text("ldapPasswordName",WebGUI::International::get(123),$session{setting}{ldapPasswordName});
foreach (@{$session{authentication}{available}}) {
$cmd = "WebGUI::Authentication::".$_."::formEditUserSettings";
$html = eval{&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method formEditUserSettings on Authentication module: $_. ".$@) if($@);
$f->raw($html);
}
$f->submit;
$output .= $f->print;
return _submenu($output);

69
lib/WebGUI/Operation/User.pm
View file

@ -12,7 +12,7 @@ package WebGUI::Operation::User;
use Digest::MD5 qw(md5_base64);
use Exporter;
use strict;
use strict qw(vars subs);
use Tie::CPHash;
use WebGUI::DateTime;
use WebGUI::HTMLForm;
@ -55,7 +55,7 @@ sub _submenu {
#-------------------------------------------------------------------
sub www_addUser {
my (@array, $output, $groups, %hash, $f);
my (@array, $output, $groups, %hash, $f, $cmd, $html);
tie %hash, 'Tie::IxHash';
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
$output .= helpIcon(5);
@ -68,10 +68,17 @@ sub www_addUser {
$f->text("username",WebGUI::International::get(50),$session{form}{username});
$f->password("identifier",WebGUI::International::get(51));
$f->email("email",WebGUI::International::get(56));
%hash = ('WebGUI'=>'WebGUI', 'LDAP'=>'LDAP');
$f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]);
$f->url("ldapURL",WebGUI::International::get(165),$session{setting}{ldapURL});
$f->text("connectDN",WebGUI::International::get(166),$session{form}{connectDN});
%hash = map {$_ => $_} @{$session{authentication}{available}};
$f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]);
foreach (@{$session{authentication}{available}}) {
$cmd = "WebGUI::Authentication::".$_."::formAddUser";
$html = eval{&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method formAddUser on Authentication module: $_. ".$@) if($@);
$f->raw($html);
}
push(@array,1); #visitors
push(@array,2); #registered users
push(@array,7); #everyone
@ -84,16 +91,20 @@ sub www_addUser {
#-------------------------------------------------------------------
sub www_addUserSave {
my (@groups, $uid, $u, $gid, $encryptedPassword, $expireAfter);
my (@groups, $uid, $u, $gid, $encryptedPassword, $expireAfter, $cmd);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
unless ($uid) {
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
$u = WebGUI::User->new("new");
$u->username($session{form}{username});
$u->identifier($encryptedPassword);
$u->connectDN($session{form}{connectDN});
$u->ldapURL($session{form}{ldapURL});
foreach (@{$session{authentication}{available}}) {
$cmd = "WebGUI::Authentication::".$_."::saveAddUser";
eval{&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method saveAddUser on Authentication module: $_. ".$@) if($@);
}
$u->authMethod($session{form}{authMethod});
@groups = $session{cgi}->param('groups');
$u->addToGroups(\@groups);
@ -198,7 +209,7 @@ sub www_editGroupingSave {
#-------------------------------------------------------------------
sub www_editUser {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
my ($output, $f, $u);
my ($output, $f, $u, $cmd, $html, %hash);
$u = WebGUI::User->new($session{form}{uid});
$output .= helpIcon(5);
$output .= '<h1>'.WebGUI::International::get(168).'</h1>';
@ -210,18 +221,17 @@ sub www_editUser {
$f->readOnly(epochToHuman($u->dateCreated,"%z"),WebGUI::International::get(453));
$f->readOnly(epochToHuman($u->lastUpdated,"%z"),WebGUI::International::get(454));
$f->text("username",WebGUI::International::get(50),$u->username);
$f->password("identifier",WebGUI::International::get(51),"password");
$f->select(
-name=>"authMethod",
-options=>{
'WebGUI'=>'WebGUI',
'LDAP'=>'LDAP'
},
-label=>WebGUI::International::get(164),
-value=>[$u->authMethod]
);
$f->url("ldapURL",WebGUI::International::get(165),$u->ldapURL);
$f->text("connectDN",WebGUI::International::get(166),$u->connectDN);
%hash = map {$_ => $_} @{$session{authentication}{available}};
$f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]);
foreach (@{$session{authentication}{available}}) {
$cmd = "WebGUI::Authentication::".$_."::formEditUser";
$html = eval{&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method formEditUser on Authentication module: $_. ".$@) if($@);
$f->raw($html);
}
$f->submit;
$output .= $f->print;
return _submenu($output);
@ -230,18 +240,17 @@ sub www_editUser {
#-------------------------------------------------------------------
sub www_editUserSave {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3));
my ($error, $uid, $u, $encryptedPassword, $passwordStatement);
my ($error, $uid, $u, $encryptedPassword, $passwordStatement, $cmd);
($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
if ($uid == $session{form}{uid} || $uid < 1) {
$u = WebGUI::User->new($session{form}{uid});
if ($session{form}{identifier} ne "password") {
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
$u->identifier($encryptedPassword);
}
$u->username($session{form}{username});
$u->authMethod($session{form}{authMethod});
$u->connectDN($session{form}{connectDN});
$u->ldapURL($session{form}{ldapURL});
foreach (@{$session{authentication}{available}}) {
$cmd = "WebGUI::Authentication::".$_."::saveEditUser";
eval{&$cmd};
WebGUI::ErrorHandler::fatalError("Unable to load method saveEditUser on Authentication module: $_. ".$@) if($@);
}
} else {
$error = '<ul><li>'.WebGUI::International::get(77).' '.$session{form}{username}.'Too or '.$session{form}{username}.'02</ul>';
}