diff --git a/.gitignore b/.gitignore index b25c15b..9ad110c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *~ +/.DS_Store diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php index ca5e760..54d4a8f 100644 --- a/Controller/DefaultController.php +++ b/Controller/DefaultController.php @@ -12,6 +12,7 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller; +use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\SecurityContext; class DefaultController extends Controller @@ -21,7 +22,7 @@ public function loginAction() $error = $this->getAuthenticationError(); return $this->render('IMAGLdapBundle:Default:login.html.twig', array( - 'last_username' => $this->get('request')->getSession()->get(SecurityContext::LAST_USERNAME), + 'last_username' => $this->get('request_stack')->getCurrentRequest()->getSession()->get(Security::LAST_USERNAME), 'error' => $error, 'token' => $this->generateToken(), )); @@ -29,17 +30,17 @@ public function loginAction() protected function getAuthenticationError() { - if ($this->get('request')->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { - return $this->get('request')->attributes->get(SecurityContext::AUTHENTICATION_ERROR); + if ($this->get('request_stack')->getCurrentRequest()->attributes->has(Security::AUTHENTICATION_ERROR)) { + return $this->get('request_stack')->getCurrentRequest()->attributes->get(Security::AUTHENTICATION_ERROR); } - return $this->get('request')->getSession()->get(SecurityContext::AUTHENTICATION_ERROR); + return $this->get('request_stack')->getCurrentRequest()->getSession()->get(Security::AUTHENTICATION_ERROR); } protected function generateToken() { - $token = $this->get('form.csrf_provider') - ->generateCsrfToken('authenticate'); + $token = $this->get('security.csrf.token_manager') + ->getToken('authenticate'); return $token; } diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index bfe54a7..5a4ece5 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -42,6 +42,7 @@ private function addClientNode() ->scalarNode('referrals_enabled')->end() ->scalarNode('network_timeout')->end() ->booleanNode('skip_roles')->defaultFalse()->end() + ->booleanNode('active_directory')->defaultFalse()->end() ->end() ; diff --git a/EventListener/LdapListener.php b/EventListener/LdapListener.php index 41978b0..6698d4c 100644 --- a/EventListener/LdapListener.php +++ b/EventListener/LdapListener.php @@ -3,23 +3,25 @@ namespace IMAG\LdapBundle\EventListener; use Symfony\Component\EventDispatcher\EventDispatcherInterface, - Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface, Symfony\Component\HttpFoundation\Request, Psr\Log\LoggerInterface, Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface, Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken, Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException, - Symfony\Component\Security\Core\SecurityContextInterface, Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface, Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface, Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener, Symfony\Component\Security\Http\HttpUtils, Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface ; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; +use Symfony\Component\Security\Core\Security; +use Symfony\Component\Security\Csrf\CsrfToken; +use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; class LdapListener extends AbstractAuthenticationListener { - public function __construct(SecurityContextInterface $securityContext, + public function __construct(TokenStorageInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, @@ -29,7 +31,7 @@ public function __construct(SecurityContextInterface $securityContext, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, - CsrfProviderInterface $csrfProvider = null) + CsrfTokenManagerInterface $csrfProvider = null) { parent::__construct( $securityContext, @@ -76,17 +78,16 @@ public function attemptAuthentication(Request $request) } if (null !== $this->csrfProvider) { - $csrfToken = $request->get($this->options['csrf_parameter'], null, true); - - if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { + $csrfToken = $request->get($this->options['csrf_parameter']); + if (false === $this->csrfProvider->isTokenValid($csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + $username = trim($request->get($this->options['username_parameter'])); + $password = $request->get($this->options['password_parameter']); - $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username); + $request->getSession()->set(Security::LAST_USERNAME, $username); return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey)); } diff --git a/Factory/LdapFactory.php b/Factory/LdapFactory.php index 8eacecc..89c0816 100644 --- a/Factory/LdapFactory.php +++ b/Factory/LdapFactory.php @@ -48,19 +48,26 @@ protected function getListenerId() protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId) { $dao = 'security.authentication.provider.dao.'.$id; - $container + //$container + $definition=$container ->setDefinition($dao, new DefinitionDecorator('security.authentication.provider.dao')) ->replaceArgument(0, new Reference($userProviderId)) ->replaceArgument(2, $id) ; - + if(floatval(\Symfony\Component\HttpKernel\Kernel::VERSION) > 2.7){ + /* symfony 2.8 security fix */ + if ($container->hasDefinition('security.user_checker')) { + $definition->replaceArgument(1, new Reference('security.user_checker.'.$id)); + } + /* end of security fix */ + } $provider = 'imag_ldap.security.authentication.provider.'.$id; $container ->setDefinition($provider, new DefinitionDecorator('imag_ldap.security.authentication.provider')) ->replaceArgument(0, new Reference($userProviderId)) ->replaceArgument(1, new Reference($dao)) ->replaceArgument(4, $id) - ; + ; return $provider; } diff --git a/IMAGLdapBundle.php b/IMAGLdapBundle.php index 3429ad4..256da2f 100644 --- a/IMAGLdapBundle.php +++ b/IMAGLdapBundle.php @@ -26,9 +26,10 @@ class IMAGLdapBundle extends Bundle { public function boot() { - if (!function_exists('ldap_connect')) { - throw new \Exception("module php-ldap isn't install"); - } + // Commented by svajiraya to prevent app crashing in IIS environments like Azure. + // if (!function_exists('ldap_connect')) { + // throw new \Exception("module php-ldap isn't install"); + // } } /** diff --git a/Manager/LdapManagerUser.php b/Manager/LdapManagerUser.php index 6ba8953..4454073 100644 --- a/Manager/LdapManagerUser.php +++ b/Manager/LdapManagerUser.php @@ -130,7 +130,12 @@ public function getUsername() public function getRoles() { - return $this->ldapUser['roles']; + if(true === $this->params['client']['active_directory']){ + return $this->ldapUser['memberof']; + } + else{ + return $this->ldapUser['roles']; + } } public function setUsername($username) diff --git a/README.md b/README.md index f71852c..4512dc7 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,15 @@ +# Support + +Dropping support for symfony versions < 3.0. Recent patches might not be compatible with versions lower than 3.0 since some of the core methods were deprecated and removed from this package. + # LdapBundle LdapBundle provides LDAP authentication without using Apache's `mod_ldap`. The bundle instead relies on PHP's [LDAP extension](http://php.net/manual/en/book.ldap.php) along with a form to authenticate users. LdapBundle can also be used for authorization by retrieving the user's roles defined in LDAP. -## Contact - -Nick: aways -IRC: irc.freenode.net - #symfony-fr +## Credits +This Bundle was originally created by BorisMorel. Since this bundle is used frequently in almost all our projects, and since the original bundle was not being maintained by anyone we have tried to add +our own mods to the project. Anyone is free to use this bundle and modify it as they please. I will try to keep this bundle upto date, but with my busy schedule that may not the case all the time. +if you do manage to update the project, please submit a pull request and I would be happy to examine and merge it. ## Install @@ -26,11 +30,19 @@ Add LdapBundle in your project's `composer.json` ```json { "require": { - "imag/ldap-bundle": "dev-master" + "svajiraya/ldap-bundle": "dev-master" } } ``` +or + +``` shell + +composer require svajiraya/ldap-bundle + +``` + ### Enable the Bundle ``` php diff --git a/Resources/config/routing.yml b/Resources/config/routing.yml index cbc2ea8..32ec9d3 100644 --- a/Resources/config/routing.yml +++ b/Resources/config/routing.yml @@ -1,11 +1,10 @@ login: - pattern: /login + path: /login defaults: { _controller: IMAGLdapBundle:Default:login } - requirements: - _method: GET + methods: [GET] login_check: - pattern: /login_check + path: /login_check logout: - pattern: /logout + path: /logout diff --git a/Resources/config/security_ldap.xml b/Resources/config/security_ldap.xml index bf7cba1..5b9cdc0 100644 --- a/Resources/config/security_ldap.xml +++ b/Resources/config/security_ldap.xml @@ -45,7 +45,7 @@ - + diff --git a/composer.json b/composer.json index 4504db8..9109b20 100644 --- a/composer.json +++ b/composer.json @@ -1,40 +1,19 @@ { - "name": "imag/ldap-bundle", - "description": "LDAP Bundle for Symfony 2", - "homepage": "http://github.com/BorisMorel/LdapBundle", - "license": "CeCILL", + "name": "svajiraya/ldap-bundle", + "description": "LDAP Bundle for Symfony 3.0+", + "homepage": "http://github.com/svajiraya/LdapBundle", + "license": "MIT", "authors": [ { - "name": "Boris Morel", - "email": "boris.morel@imag.fr", + "name": "Subramanya Vajiraya", "role": "Developer", - "homepage" : "https://github.com/BorisMorel" - }, - { - "name": "Juti Noppornpitak", - "email": "jutin@nationalfibre.net", - "role": "Fork Maintainer", - "homepage": "https://github.com/instaclick" - }, - { - "name": "John Kary", - "email": "john@johnkary.net", - "role": "Fork Maintainer", - "homepage": "https://github.com/johnkary" - }, - { - "name": "Shiroyuki", - "role": "Fork Maintainer", - "homepage": "https://github.com/shiroyuki" + "homepage": "https://github.com/svajiraya" } ], - "support": { - "irc": "irc://irc.freenode.org/sf-grenoble" - }, "require": { "php": ">=5.3.3", "ext-ldap": "*", - "symfony/symfony": ">2.0" + "symfony/symfony": ">3.0" }, "autoload": { "psr-0": { "IMAG\\LdapBundle": "" }