Use password_ldap_bind hook to provide LDAP user DN for password change. (Request #2217)
Requires ldap_simple driver to be enabled in password plugin config.
This commit is contained in:
Aleksander Machniak
parent
ca49cfe6ed
commit
657093d838
7 changed files with 17 additions and 194 deletions
|
|
@ -41,6 +41,9 @@ class kolab_auth extends rcube_plugin
|
||||||
$this->add_hook('startup', array($this, 'startup'));
|
$this->add_hook('startup', array($this, 'startup'));
|
||||||
$this->add_hook('user_create', array($this, 'user_create'));
|
$this->add_hook('user_create', array($this, 'user_create'));
|
||||||
|
|
||||||
|
// Hook for password change
|
||||||
|
$this->add_hook('password_ldap_bind', array($this, 'password_ldap_bind'));
|
||||||
|
|
||||||
// Hooks related to "Login As" feature
|
// Hooks related to "Login As" feature
|
||||||
$this->add_hook('template_object_loginform', array($this, 'login_form'));
|
$this->add_hook('template_object_loginform', array($this, 'login_form'));
|
||||||
$this->add_hook('storage_connect', array($this, 'imap_connect'));
|
$this->add_hook('storage_connect', array($this, 'imap_connect'));
|
||||||
|
|
@ -448,6 +451,20 @@ class kolab_auth extends rcube_plugin
|
||||||
return $args;
|
return $args;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set user DN for password change (password plugin with ldap_simple driver)
|
||||||
|
*/
|
||||||
|
public function password_ldap_bind($args)
|
||||||
|
{
|
||||||
|
$args['user_dn'] = $_SESSION['kolab_dn'];
|
||||||
|
|
||||||
|
$rcmail = rcube::get_instance();
|
||||||
|
|
||||||
|
$rcmail->config->set('password_ldap_method', 'user');
|
||||||
|
|
||||||
|
return $args;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets SASL Proxy login/password for IMAP and Managesieve auth
|
* Sets SASL Proxy login/password for IMAP and Managesieve auth
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
Requires the following options in ownCloud config:
|
|
||||||
|
|
||||||
'kolaburl' => 'https://<kolab-host>/<webclient-url>',
|
|
||||||
'kolabsecret' => '<a secret key, the same as in Roundcube owncloud plugin>',
|
|
||||||
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// check for kolab auth token
|
|
||||||
if (!OC_User::isLoggedIn() && !empty($_GET['kolab_auth'])) {
|
|
||||||
OCP\Util::writeLog('kolab_auth', 'got kolab auth token', OCP\Util::INFO);
|
|
||||||
|
|
||||||
// decode auth data from Roundcube
|
|
||||||
parse_str(oc_kolab_decode($_GET['kolab_auth']), $request);
|
|
||||||
|
|
||||||
// send back as POST request with session cookie
|
|
||||||
$postdata = http_build_query($request, '', '&');
|
|
||||||
|
|
||||||
// add request signature using secret key
|
|
||||||
$postdata .= '&hmac=' . hash_hmac('sha256', $postdata, OC_Config::getValue('kolabsecret', '<da-sso-secret-key>'));
|
|
||||||
|
|
||||||
$context = stream_context_create(array(
|
|
||||||
'http' => array(
|
|
||||||
'method' => 'POST',
|
|
||||||
'header'=> "Content-type: application/x-www-form-urlencoded\r\n"
|
|
||||||
. "Content-Length: " . strlen($postdata) . "\r\n"
|
|
||||||
. "Cookie: " . $request['cname'] . '=' . $request['session'] . "\r\n",
|
|
||||||
'content' => $postdata,
|
|
||||||
)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
$url = !empty($_SERVER['HTTP_REFERER']) ? dirname($_SERVER['HTTP_REFERER']) . '/' : OC_Config::getValue('kolaburl', '');
|
|
||||||
$auth = @json_decode(file_get_contents($url . '?_action=owncloudsso', false, $context), true);
|
|
||||||
|
|
||||||
// fake HTTP authentication with user credentials received from Roundcube
|
|
||||||
if ($auth['user'] && $auth['pass']) {
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = $auth['user'];
|
|
||||||
$_SERVER['PHP_AUTH_PW'] = $auth['pass'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function oc_kolab_decode($str)
|
|
||||||
{
|
|
||||||
// TODO: chose a more sophisticated encryption method
|
|
||||||
return base64_decode(str_pad(strrev($str), strlen($str) % 4, '=', STR_PAD_RIGHT));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
<?xml version="1.0"?>
|
|
||||||
<info>
|
|
||||||
<id>kolab_auth</id>
|
|
||||||
<name>Kolab user authentication</name>
|
|
||||||
<description>Allow to authenticate an existing Kolab web client session</description>
|
|
||||||
<licence>AGPL</licence>
|
|
||||||
<author>Thomas Bruederli</author>
|
|
||||||
<require>4.9</require>
|
|
||||||
<shipped>true</shipped>
|
|
||||||
<types>
|
|
||||||
<prelogin/>
|
|
||||||
</types>
|
|
||||||
</info>
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
0.1.0
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
||||||
|
|
||||||
#content,
|
|
||||||
#controls,
|
|
||||||
#navigation {
|
|
||||||
top: 0px;
|
|
||||||
}
|
|
||||||
|
|
||||||
#navigation #settings {
|
|
||||||
bottom: 0px;
|
|
||||||
}
|
|
||||||
|
|
||||||
#leftcontent, .leftcontent,
|
|
||||||
#rightcontent, .rightcontent {
|
|
||||||
top: 2.9em;
|
|
||||||
}
|
|
||||||
|
|
@ -1,58 +0,0 @@
|
||||||
|
|
||||||
function kolab_connector()
|
|
||||||
{
|
|
||||||
var remote;
|
|
||||||
|
|
||||||
// public members
|
|
||||||
this.window = window;
|
|
||||||
|
|
||||||
// export public methods
|
|
||||||
this.init = init;
|
|
||||||
this.init_picker = init_picker;
|
|
||||||
this.list_files = list_files;
|
|
||||||
|
|
||||||
function init(rcube)
|
|
||||||
{
|
|
||||||
remote = rcube;
|
|
||||||
}
|
|
||||||
|
|
||||||
function init_picker(rcube)
|
|
||||||
{
|
|
||||||
remote = rcube;
|
|
||||||
|
|
||||||
if (window.FileActions) {
|
|
||||||
// reset already registered actions
|
|
||||||
// FileActions.actions.file = {};
|
|
||||||
|
|
||||||
FileActions.register('file','Pick', OC.PERMISSION_READ, '', function(filename){
|
|
||||||
var dir = $('#dir').val();
|
|
||||||
remote.file_picked(dir, filename);
|
|
||||||
});
|
|
||||||
FileActions.setDefault('file', 'Pick');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function list_files()
|
|
||||||
{
|
|
||||||
var files = [];
|
|
||||||
$('#fileList tr').each(function(item){
|
|
||||||
var row = $(item),
|
|
||||||
type = row.attrib('data-type'),
|
|
||||||
file = row.attrib('data-file'),
|
|
||||||
mime = row.attrib('data-mime');
|
|
||||||
|
|
||||||
if (type == 'file') {
|
|
||||||
files.push(file);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
return files;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$(document).ready(function(){
|
|
||||||
// connect with Roundcube running in parent window
|
|
||||||
if (window.parent && parent.rcmail && parent.rcube_owncloud) {
|
|
||||||
parent.rcube_owncloud.connect(new kolab_connector());
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title><?php echo isset($_['application']) && !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud <?php echo OC_User::getUser()?' ('.OC_User::getUser().') ':'' ?></title>
|
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
||||||
<link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" /><link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
|
|
||||||
<?php foreach($_['cssfiles'] as $cssfile): ?>
|
|
||||||
<link rel="stylesheet" href="<?php echo $cssfile; ?>" type="text/css" media="screen" />
|
|
||||||
<?php endforeach; ?>
|
|
||||||
<script type="text/javascript">
|
|
||||||
var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
|
|
||||||
var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
|
|
||||||
var oc_current_user = '<?php echo OC_User::getUser() ?>';
|
|
||||||
var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
|
|
||||||
var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
|
|
||||||
</script>
|
|
||||||
<?php foreach($_['jsfiles'] as $jsfile): ?>
|
|
||||||
<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
|
|
||||||
<?php endforeach; ?>
|
|
||||||
<script type="text/javascript" src="<?php echo OC::$WEBROOT.'/themes/kolab/core/js/kolab.js'; ?>"></script>
|
|
||||||
<?php foreach($_['headers'] as $header): ?>
|
|
||||||
<?php
|
|
||||||
echo '<'.$header['tag'].' ';
|
|
||||||
foreach($header['attributes'] as $name=>$value) {
|
|
||||||
echo "$name='$value' ";
|
|
||||||
};
|
|
||||||
echo '/>';
|
|
||||||
?>
|
|
||||||
<?php endforeach; ?>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body id="<?php echo $_['bodyid'];?>">
|
|
||||||
<nav><div id="navigation">
|
|
||||||
<ul id="apps" class="svg">
|
|
||||||
<?php foreach($_['navigation'] as $entry): ?>
|
|
||||||
<li data-id="<?php echo $entry['id']; ?>"><a style="background-image:url(<?php echo $entry['icon']; ?>)" href="<?php echo $entry['href']; ?>" title="" <?php if( $entry['active'] ): ?> class="active"<?php endif; ?>><?php echo $entry['name']; ?></a>
|
|
||||||
</li>
|
|
||||||
<?php endforeach; ?>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
<ul id="settings" class="svg">
|
|
||||||
<img role=button tabindex=0 id="expand" class="svg" alt="<?php echo $l->t('Settings');?>" src="<?php echo image_path('', 'actions/settings.svg'); ?>" />
|
|
||||||
<span><?php echo $l->t('Settings');?></span>
|
|
||||||
<div id="expanddiv" <?php if($_['bodyid'] == 'body-user') echo 'style="display:none;"'; ?>>
|
|
||||||
<?php foreach($_['settingsnavigation'] as $entry):?>
|
|
||||||
<li><a style="background-image:url(<?php echo $entry['icon']; ?>)" href="<?php echo $entry['href']; ?>" title="" <?php if( $entry["active"] ): ?> class="active"<?php endif; ?>><?php echo $entry['name'] ?></a></li>
|
|
||||||
<?php endforeach; ?>
|
|
||||||
</div>
|
|
||||||
</ul>
|
|
||||||
</div></nav>
|
|
||||||
|
|
||||||
<div id="content">
|
|
||||||
<?php echo $_['content']; ?>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
Loading…
Add table
Reference in a new issue