user/wallabag: add experimental LDAP support
This commit is contained in:
parent
1fc4159ed2
commit
a7484652df
2 changed files with 708 additions and 4 deletions
700
user/wallabag/0001-Add-LDAP-support.patch
Normal file
700
user/wallabag/0001-Add-LDAP-support.patch
Normal file
|
@ -0,0 +1,700 @@
|
||||||
|
From b878e8dd9446802a26643f74fc956cde5f562034 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Antoine Martin <dev@ayakael.net>
|
||||||
|
Date: Mon, 26 Jun 2023 15:09:42 -0400
|
||||||
|
Subject: [PATCH 1/1] Add experimental LDAP support
|
||||||
|
|
||||||
|
---
|
||||||
|
app/AppKernel.php | 4 +
|
||||||
|
.../Version20170710113900.php | 54 ++++++++
|
||||||
|
app/config/parameters.yml.dist | 20 +++
|
||||||
|
app/config/security.yml | 2 +
|
||||||
|
composer.json | 6 +-
|
||||||
|
composer.lock | 126 +++++++++++++++++-
|
||||||
|
scripts/install.sh | 3 +
|
||||||
|
scripts/update.sh | 3 +
|
||||||
|
.../WallabagUserExtension.php | 30 ++++-
|
||||||
|
src/Wallabag/UserBundle/Entity/User.php | 49 ++++++-
|
||||||
|
src/Wallabag/UserBundle/LdapHydrator.php | 103 ++++++++++++++
|
||||||
|
.../UserBundle/OAuthStorageLdapWrapper.php | 43 ++++++
|
||||||
|
.../UserBundle/Resources/config/ldap.yml | 28 ++++
|
||||||
|
.../Resources/config/ldap_services.yml | 22 +++
|
||||||
|
14 files changed, 489 insertions(+), 4 deletions(-)
|
||||||
|
create mode 100644 app/DoctrineMigrations/Version20170710113900.php
|
||||||
|
create mode 100644 src/Wallabag/UserBundle/LdapHydrator.php
|
||||||
|
create mode 100644 src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php
|
||||||
|
create mode 100644 src/Wallabag/UserBundle/Resources/config/ldap.yml
|
||||||
|
create mode 100644 src/Wallabag/UserBundle/Resources/config/ldap_services.yml
|
||||||
|
|
||||||
|
diff --git a/app/AppKernel.php b/app/AppKernel.php
|
||||||
|
index 812f778fa..68eac130b 100644
|
||||||
|
--- a/app/AppKernel.php
|
||||||
|
+++ b/app/AppKernel.php
|
||||||
|
@@ -44,6 +44,10 @@ class AppKernel extends Kernel
|
||||||
|
new Wallabag\AnnotationBundle\WallabagAnnotationBundle(),
|
||||||
|
];
|
||||||
|
|
||||||
|
+ if (class_exists('FR3D\\LdapBundle\\FR3DLdapBundle')) {
|
||||||
|
+ $bundles[] = new FR3D\LdapBundle\FR3DLdapBundle();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (in_array($this->getEnvironment(), ['dev', 'test'], true)) {
|
||||||
|
$bundles[] = new Symfony\Bundle\DebugBundle\DebugBundle();
|
||||||
|
$bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle();
|
||||||
|
diff --git a/app/DoctrineMigrations/Version20170710113900.php b/app/DoctrineMigrations/Version20170710113900.php
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..7be831100
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/app/DoctrineMigrations/Version20170710113900.php
|
||||||
|
@@ -0,0 +1,54 @@
|
||||||
|
+<?php
|
||||||
|
+
|
||||||
|
+namespace Application\Migrations;
|
||||||
|
+
|
||||||
|
+use Doctrine\DBAL\Migrations\AbstractMigration;
|
||||||
|
+use Doctrine\DBAL\Schema\Schema;
|
||||||
|
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
|
||||||
|
+use Symfony\Component\DependencyInjection\ContainerInterface;
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * Added dn field on wallabag_users
|
||||||
|
+ */
|
||||||
|
+class Version20170710113900 extends AbstractMigration implements ContainerAwareInterface
|
||||||
|
+{
|
||||||
|
+ /**
|
||||||
|
+ * @var ContainerInterface
|
||||||
|
+ */
|
||||||
|
+ private $container;
|
||||||
|
+
|
||||||
|
+ public function setContainer(ContainerInterface $container = null)
|
||||||
|
+ {
|
||||||
|
+ $this->container = $container;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private function getTable($tableName)
|
||||||
|
+ {
|
||||||
|
+ return $this->container->getParameter('database_table_prefix').$tableName;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * @param Schema $schema
|
||||||
|
+ */
|
||||||
|
+ public function up(Schema $schema)
|
||||||
|
+ {
|
||||||
|
+ $usersTable = $schema->getTable($this->getTable('user'));
|
||||||
|
+
|
||||||
|
+ $this->skipIf($usersTable->hasColumn('dn'), 'It seems that you already played this migration.');
|
||||||
|
+
|
||||||
|
+ $usersTable->addColumn('dn', 'text', [
|
||||||
|
+ 'default' => null,
|
||||||
|
+ 'notnull' => false,
|
||||||
|
+ ]);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * @param Schema $schema
|
||||||
|
+ */
|
||||||
|
+ public function down(Schema $schema)
|
||||||
|
+ {
|
||||||
|
+ $usersTable = $schema->getTable($this->getTable('user'));
|
||||||
|
+ $usersTable->dropColumn('dn');
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
|
||||||
|
index 94074d942..edf62a825 100644
|
||||||
|
--- a/app/config/parameters.yml.dist
|
||||||
|
+++ b/app/config/parameters.yml.dist
|
||||||
|
@@ -66,3 +66,23 @@ parameters:
|
||||||
|
|
||||||
|
# sentry logging
|
||||||
|
sentry_dsn: ~
|
||||||
|
+
|
||||||
|
+ # ldap configuration
|
||||||
|
+ # To enable, you need to require fr3d/ldap-bundle
|
||||||
|
+ ldap_enabled: false
|
||||||
|
+ ldap_host: localhost
|
||||||
|
+ ldap_port: 389
|
||||||
|
+ ldap_tls: false
|
||||||
|
+ ldap_ssl: false
|
||||||
|
+ ldap_bind_requires_dn: true
|
||||||
|
+ ldap_base: dc=example,dc=com
|
||||||
|
+ ldap_manager_dn: ou=Manager,dc=example,dc=com
|
||||||
|
+ ldap_manager_pw: password
|
||||||
|
+ ldap_filter: (&(ObjectClass=Person))
|
||||||
|
+ # optional (if null: no ldap user is admin)
|
||||||
|
+ ldap_admin_filter: (&(memberOf=ou=admins,dc=example,dc=com)(uid=%s))
|
||||||
|
+ ldap_username_attribute: uid
|
||||||
|
+ ldap_email_attribute: mail
|
||||||
|
+ ldap_name_attribute: cn
|
||||||
|
+ # optional (default sets user as enabled unconditionally)
|
||||||
|
+ ldap_enabled_attribute:
|
||||||
|
diff --git a/app/config/security.yml b/app/config/security.yml
|
||||||
|
index 9ab516215..545f72fc6 100644
|
||||||
|
--- a/app/config/security.yml
|
||||||
|
+++ b/app/config/security.yml
|
||||||
|
@@ -6,6 +6,7 @@ security:
|
||||||
|
ROLE_ADMIN: ROLE_USER
|
||||||
|
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
|
||||||
|
|
||||||
|
+ # /!\ This list is modified in WallabagUserBundle when LDAP is enabled
|
||||||
|
providers:
|
||||||
|
administrators:
|
||||||
|
entity:
|
||||||
|
@@ -37,6 +38,7 @@ security:
|
||||||
|
pattern: ^/login$
|
||||||
|
anonymous: ~
|
||||||
|
|
||||||
|
+ # /!\ This section is modified in WallabagUserBundle when LDAP is enabled
|
||||||
|
secured_area:
|
||||||
|
pattern: ^/
|
||||||
|
form_login:
|
||||||
|
diff --git a/composer.json b/composer.json
|
||||||
|
index 1992923bb..9bb73fc00 100644
|
||||||
|
--- a/composer.json
|
||||||
|
+++ b/composer.json
|
||||||
|
@@ -125,7 +125,11 @@
|
||||||
|
"wallabag/php-mobi": "~1.0",
|
||||||
|
"wallabag/phpepub": "^4.0.10",
|
||||||
|
"willdurand/hateoas": "^3.8",
|
||||||
|
- "willdurand/hateoas-bundle": "~2.1"
|
||||||
|
+ "willdurand/hateoas-bundle": "~2.1",
|
||||||
|
+ "fr3d/ldap-bundle": "^4.0"
|
||||||
|
+ },
|
||||||
|
+ "suggest": {
|
||||||
|
+ "fr3d/ldap-bundle": "If you want to authenticate via LDAP"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"dama/doctrine-test-bundle": "^7.1",
|
||||||
|
diff --git a/composer.lock b/composer.lock
|
||||||
|
index 972e8d257..6ba2d8c4f 100644
|
||||||
|
--- a/composer.lock
|
||||||
|
+++ b/composer.lock
|
||||||
|
@@ -4,7 +4,7 @@
|
||||||
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
|
"This file is @generated automatically"
|
||||||
|
],
|
||||||
|
- "content-hash": "6967f3b2aed578d054ad0cbf0f2e80da",
|
||||||
|
+ "content-hash": "add1c016695ab79ee66fd6963170db8c",
|
||||||
|
"packages": [
|
||||||
|
{
|
||||||
|
"name": "babdev/pagerfanta-bundle",
|
||||||
|
@@ -2192,6 +2192,68 @@
|
||||||
|
},
|
||||||
|
"time": "2023-05-22T07:47:31+00:00"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ "name": "fr3d/ldap-bundle",
|
||||||
|
+ "version": "v4.0.0",
|
||||||
|
+ "source": {
|
||||||
|
+ "type": "git",
|
||||||
|
+ "url": "https://github.com/Maks3w/FR3DLdapBundle.git",
|
||||||
|
+ "reference": "735b3e5fbc2ed743ec6e5866d4771e0f0b5d075f"
|
||||||
|
+ },
|
||||||
|
+ "dist": {
|
||||||
|
+ "type": "zip",
|
||||||
|
+ "url": "https://api.github.com/repos/Maks3w/FR3DLdapBundle/zipball/735b3e5fbc2ed743ec6e5866d4771e0f0b5d075f",
|
||||||
|
+ "reference": "735b3e5fbc2ed743ec6e5866d4771e0f0b5d075f",
|
||||||
|
+ "shasum": ""
|
||||||
|
+ },
|
||||||
|
+ "require": {
|
||||||
|
+ "php": ">=7.1",
|
||||||
|
+ "psr/log": "~1.0",
|
||||||
|
+ "symfony/config": "3.4 - 4",
|
||||||
|
+ "symfony/dependency-injection": "3.4 - 4",
|
||||||
|
+ "symfony/security": "3.4 - 4",
|
||||||
|
+ "symfony/security-bundle": "3.4 - 4",
|
||||||
|
+ "zendframework/zend-ldap": "2.5 - 3"
|
||||||
|
+ },
|
||||||
|
+ "require-dev": {
|
||||||
|
+ "fr3d/psr3-message-assertions": "^0.3",
|
||||||
|
+ "friendsofphp/php-cs-fixer": "^2",
|
||||||
|
+ "friendsofsymfony/user-bundle": "^1.3||^2",
|
||||||
|
+ "phpunit/phpunit": "^7",
|
||||||
|
+ "symfony/validator": "3.4 - 4"
|
||||||
|
+ },
|
||||||
|
+ "suggest": {
|
||||||
|
+ "friendsofsymfony/user-bundle": "Integrate authentication and management for DB users, useful for unmanned LDAP servers",
|
||||||
|
+ "symfony/validator": "Allow pre-validate for existing users before register new ones"
|
||||||
|
+ },
|
||||||
|
+ "type": "symfony-bundle",
|
||||||
|
+ "autoload": {
|
||||||
|
+ "psr-4": {
|
||||||
|
+ "FR3D\\LdapBundle\\": ""
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "notification-url": "https://packagist.org/downloads/",
|
||||||
|
+ "license": [
|
||||||
|
+ "MIT"
|
||||||
|
+ ],
|
||||||
|
+ "authors": [
|
||||||
|
+ {
|
||||||
|
+ "name": "Maks3w"
|
||||||
|
+ }
|
||||||
|
+ ],
|
||||||
|
+ "description": "This package provide users and authentication services based on LDAP directories for Symfony2 framework",
|
||||||
|
+ "homepage": "https://github.com/Maks3w/FR3DLdapBundle",
|
||||||
|
+ "keywords": [
|
||||||
|
+ "Authentication",
|
||||||
|
+ "ldap"
|
||||||
|
+ ],
|
||||||
|
+ "support": {
|
||||||
|
+ "issues": "https://github.com/Maks3w/FR3DLdapBundle/issues",
|
||||||
|
+ "source": "https://github.com/Maks3w/FR3DLdapBundle"
|
||||||
|
+ },
|
||||||
|
+ "abandoned": true,
|
||||||
|
+ "time": "2019-05-23T09:19:40+00:00"
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
"name": "friendsofphp/proxy-manager-lts",
|
||||||
|
"version": "v1.0.16",
|
||||||
|
@@ -11706,6 +11768,68 @@
|
||||||
|
},
|
||||||
|
"time": "2022-01-30T20:08:53+00:00"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ "name": "zendframework/zend-ldap",
|
||||||
|
+ "version": "2.10.1",
|
||||||
|
+ "source": {
|
||||||
|
+ "type": "git",
|
||||||
|
+ "url": "https://github.com/zendframework/zend-ldap.git",
|
||||||
|
+ "reference": "525ec97cd18a42a953c6a78c1019f967d2539b88"
|
||||||
|
+ },
|
||||||
|
+ "dist": {
|
||||||
|
+ "type": "zip",
|
||||||
|
+ "url": "https://api.github.com/repos/zendframework/zend-ldap/zipball/525ec97cd18a42a953c6a78c1019f967d2539b88",
|
||||||
|
+ "reference": "525ec97cd18a42a953c6a78c1019f967d2539b88",
|
||||||
|
+ "shasum": ""
|
||||||
|
+ },
|
||||||
|
+ "require": {
|
||||||
|
+ "ext-ldap": "*",
|
||||||
|
+ "php": "^5.6 || ^7.0"
|
||||||
|
+ },
|
||||||
|
+ "require-dev": {
|
||||||
|
+ "php-mock/php-mock-phpunit": "^1.1.2 || ^2.1.1",
|
||||||
|
+ "phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.2",
|
||||||
|
+ "zendframework/zend-coding-standard": "~1.0.0",
|
||||||
|
+ "zendframework/zend-config": "^2.5",
|
||||||
|
+ "zendframework/zend-eventmanager": "^2.6.3 || ^3.0.1",
|
||||||
|
+ "zendframework/zend-stdlib": "^2.7 || ^3.0"
|
||||||
|
+ },
|
||||||
|
+ "suggest": {
|
||||||
|
+ "zendframework/zend-eventmanager": "Zend\\EventManager component"
|
||||||
|
+ },
|
||||||
|
+ "type": "library",
|
||||||
|
+ "extra": {
|
||||||
|
+ "branch-alias": {
|
||||||
|
+ "dev-master": "2.10.x-dev",
|
||||||
|
+ "dev-develop": "2.11.x-dev"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "autoload": {
|
||||||
|
+ "psr-4": {
|
||||||
|
+ "Zend\\Ldap\\": "src/"
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ "notification-url": "https://packagist.org/downloads/",
|
||||||
|
+ "license": [
|
||||||
|
+ "BSD-3-Clause"
|
||||||
|
+ ],
|
||||||
|
+ "description": "Provides support for LDAP operations including but not limited to binding, searching and modifying entries in an LDAP directory",
|
||||||
|
+ "keywords": [
|
||||||
|
+ "ZendFramework",
|
||||||
|
+ "ldap",
|
||||||
|
+ "zf"
|
||||||
|
+ ],
|
||||||
|
+ "support": {
|
||||||
|
+ "chat": "https://zendframework-slack.herokuapp.com",
|
||||||
|
+ "docs": "https://docs.zendframework.com/zend-ldap/",
|
||||||
|
+ "forum": "https://discourse.zendframework.com/c/questions/components",
|
||||||
|
+ "issues": "https://github.com/zendframework/zend-ldap/issues",
|
||||||
|
+ "rss": "https://github.com/zendframework/zend-ldap/releases.atom",
|
||||||
|
+ "source": "https://github.com/zendframework/zend-ldap"
|
||||||
|
+ },
|
||||||
|
+ "abandoned": "laminas/laminas-ldap",
|
||||||
|
+ "time": "2019-10-17T16:26:26+00:00"
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
"name": "zircote/swagger-php",
|
||||||
|
"version": "4.7.10",
|
||||||
|
diff --git a/scripts/install.sh b/scripts/install.sh
|
||||||
|
index affa715ff..452542121 100755
|
||||||
|
--- a/scripts/install.sh
|
||||||
|
+++ b/scripts/install.sh
|
||||||
|
@@ -37,5 +37,8 @@ fi
|
||||||
|
TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
|
||||||
|
|
||||||
|
git checkout $TAG
|
||||||
|
+if [ -n "$LDAP_ENABLED" ]; then
|
||||||
|
+ SYMFONY_ENV=$ENV $COMPOSER_COMMAND require --no-update fr3d/ldap-bundle
|
||||||
|
+fi
|
||||||
|
SYMFONY_ENV=$ENV $COMPOSER_COMMAND install --no-dev -o --prefer-dist
|
||||||
|
php bin/console wallabag:install --env=$ENV
|
||||||
|
diff --git a/scripts/update.sh b/scripts/update.sh
|
||||||
|
index 1f31d429c..5cb6394f1 100755
|
||||||
|
--- a/scripts/update.sh
|
||||||
|
+++ b/scripts/update.sh
|
||||||
|
@@ -48,6 +48,9 @@ git fetch origin
|
||||||
|
git fetch --tags
|
||||||
|
TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
|
||||||
|
git checkout $TAG --force
|
||||||
|
+if [ -n "$LDAP_ENABLED" ]; then
|
||||||
|
+ SYMFONY_ENV=$ENV $COMPOSER_COMMAND require --no-update fr3d/ldap-bundle
|
||||||
|
+fi
|
||||||
|
SYMFONY_ENV=$ENV $COMPOSER_COMMAND install --no-dev -o --prefer-dist
|
||||||
|
php bin/console doctrine:migrations:migrate --no-interaction --env=$ENV
|
||||||
|
php bin/console cache:clear --env=$ENV
|
||||||
|
diff --git a/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php b/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php
|
||||||
|
index 569ad6012..c1e47e43c 100644
|
||||||
|
--- a/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php
|
||||||
|
+++ b/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php
|
||||||
|
@@ -4,13 +4,41 @@ namespace Wallabag\UserBundle\DependencyInjection;
|
||||||
|
|
||||||
|
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||||
|
use Symfony\Component\HttpKernel\DependencyInjection\Extension;
|
||||||
|
+use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface;
|
||||||
|
|
||||||
|
-class WallabagUserExtension extends Extension
|
||||||
|
+class WallabagUserExtension extends Extension implements PrependExtensionInterface
|
||||||
|
{
|
||||||
|
+ public function prepend(ContainerBuilder $container)
|
||||||
|
+ {
|
||||||
|
+ $ldap = $container->getParameter('ldap_enabled');
|
||||||
|
+
|
||||||
|
+ if ($ldap) {
|
||||||
|
+ $container->prependExtensionConfig('security', array(
|
||||||
|
+ 'providers' => array(
|
||||||
|
+ 'chain_provider' => array(),
|
||||||
|
+ ),
|
||||||
|
+ ));
|
||||||
|
+ $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
|
||||||
|
+ $loader->load('ldap.yml');
|
||||||
|
+ } elseif ($container->hasExtension('fr3d_ldap')) {
|
||||||
|
+ $container->prependExtensionConfig('fr3_d_ldap', array(
|
||||||
|
+ 'driver' => array(
|
||||||
|
+ 'host' => 'localhost',
|
||||||
|
+ ),
|
||||||
|
+ 'user' => array(
|
||||||
|
+ 'baseDn' => 'dc=example,dc=com',
|
||||||
|
+ ),
|
||||||
|
+ ));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
public function load(array $configs, ContainerBuilder $container)
|
||||||
|
{
|
||||||
|
$configuration = new Configuration();
|
||||||
|
$config = $this->processConfiguration($configuration, $configs);
|
||||||
|
+ if ($container->getParameter('ldap_enabled')) {
|
||||||
|
+ $loader->load('ldap_services.yml');
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getAlias()
|
||||||
|
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
|
||||||
|
index ab8115e73..695d338ac 100644
|
||||||
|
--- a/src/Wallabag/UserBundle/Entity/User.php
|
||||||
|
+++ b/src/Wallabag/UserBundle/Entity/User.php
|
||||||
|
@@ -1,5 +1,15 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
+// This permits to have the LdapUserInterface even when fr3d/ldap-bundle is not
|
||||||
|
+// in the packages
|
||||||
|
+namespace FR3D\LdapBundle\Model;
|
||||||
|
+
|
||||||
|
+interface LdapUserInterface
|
||||||
|
+{
|
||||||
|
+ public function setDn($dn);
|
||||||
|
+ public function getDn();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
namespace Wallabag\UserBundle\Entity;
|
||||||
|
|
||||||
|
use Doctrine\Common\Collections\ArrayCollection;
|
||||||
|
@@ -16,6 +26,7 @@ use Wallabag\ApiBundle\Entity\Client;
|
||||||
|
use Wallabag\CoreBundle\Entity\Config;
|
||||||
|
use Wallabag\CoreBundle\Entity\Entry;
|
||||||
|
use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
|
||||||
|
+use FR3D\LdapBundle\Model\LdapUserInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* User.
|
||||||
|
@@ -28,7 +39,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
|
||||||
|
* @UniqueEntity("email")
|
||||||
|
* @UniqueEntity("username")
|
||||||
|
*/
|
||||||
|
-class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
|
||||||
|
+class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface, LdapUserInterface
|
||||||
|
{
|
||||||
|
use EntityTimestampsTrait;
|
||||||
|
|
||||||
|
@@ -67,6 +78,13 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
|
||||||
|
*/
|
||||||
|
protected $email;
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * @var string
|
||||||
|
+ *
|
||||||
|
+ * @ORM\Column(name="dn", type="text", nullable=true)
|
||||||
|
+ */
|
||||||
|
+ protected $dn;
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* @var \DateTime
|
||||||
|
*
|
||||||
|
@@ -399,4 +417,33 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Set dn.
|
||||||
|
+ *
|
||||||
|
+ * @param string $dn
|
||||||
|
+ *
|
||||||
|
+ * @return User
|
||||||
|
+ */
|
||||||
|
+ public function setDn($dn)
|
||||||
|
+ {
|
||||||
|
+ $this->dn = $dn;
|
||||||
|
+
|
||||||
|
+ return $this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Get dn.
|
||||||
|
+ *
|
||||||
|
+ * @return string
|
||||||
|
+ */
|
||||||
|
+ public function getDn()
|
||||||
|
+ {
|
||||||
|
+ return $this->dn;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public function isLdapUser()
|
||||||
|
+ {
|
||||||
|
+ return $this->dn !== null;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
diff --git a/src/Wallabag/UserBundle/LdapHydrator.php b/src/Wallabag/UserBundle/LdapHydrator.php
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..cea2450ff
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/Wallabag/UserBundle/LdapHydrator.php
|
||||||
|
@@ -0,0 +1,103 @@
|
||||||
|
+<?php
|
||||||
|
+
|
||||||
|
+namespace Wallabag\UserBundle;
|
||||||
|
+
|
||||||
|
+use FR3D\LdapBundle\Hydrator\HydratorInterface;
|
||||||
|
+use FOS\UserBundle\FOSUserEvents;
|
||||||
|
+use FOS\UserBundle\Event\UserEvent;
|
||||||
|
+
|
||||||
|
+class LdapHydrator implements HydratorInterface
|
||||||
|
+{
|
||||||
|
+ private $userManager;
|
||||||
|
+ private $eventDispatcher;
|
||||||
|
+ private $attributesMap;
|
||||||
|
+ private $enabledAttribute;
|
||||||
|
+ private $ldapBaseDn;
|
||||||
|
+ private $ldapAdminFilter;
|
||||||
|
+ private $ldapDriver;
|
||||||
|
+
|
||||||
|
+ public function __construct(
|
||||||
|
+ $user_manager,
|
||||||
|
+ $event_dispatcher,
|
||||||
|
+ array $attributes_map,
|
||||||
|
+ $ldap_base_dn,
|
||||||
|
+ $ldap_admin_filter,
|
||||||
|
+ $ldap_driver
|
||||||
|
+ ) {
|
||||||
|
+ $this->userManager = $user_manager;
|
||||||
|
+ $this->eventDispatcher = $event_dispatcher;
|
||||||
|
+
|
||||||
|
+ $this->attributesMap = array(
|
||||||
|
+ 'setUsername' => $attributes_map[0],
|
||||||
|
+ 'setEmail' => $attributes_map[1],
|
||||||
|
+ 'setName' => $attributes_map[2],
|
||||||
|
+ );
|
||||||
|
+ $this->enabledAttribute = $attributes_map[3];
|
||||||
|
+
|
||||||
|
+ $this->ldapBaseDn = $ldap_base_dn;
|
||||||
|
+ $this->ldapAdminFilter = $ldap_admin_filter;
|
||||||
|
+ $this->ldapDriver = $ldap_driver;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public function hydrate(array $ldapEntry)
|
||||||
|
+ {
|
||||||
|
+ $user = $this->userManager->findUserBy(array('dn' => $ldapEntry['dn']));
|
||||||
|
+
|
||||||
|
+ if (!$user) {
|
||||||
|
+ $user = $this->userManager->createUser();
|
||||||
|
+ $user->setDn($ldapEntry['dn']);
|
||||||
|
+ $user->setPassword('');
|
||||||
|
+ $user->setSalt('');
|
||||||
|
+ $this->updateUserFields($user, $ldapEntry);
|
||||||
|
+
|
||||||
|
+ $event = new UserEvent($user);
|
||||||
|
+ $this->eventDispatcher->dispatch(FOSUserEvents::USER_CREATED, $event);
|
||||||
|
+
|
||||||
|
+ $this->userManager->reloadUser($user);
|
||||||
|
+ } else {
|
||||||
|
+ $this->updateUserFields($user, $ldapEntry);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return $user;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private function updateUserFields($user, $ldapEntry)
|
||||||
|
+ {
|
||||||
|
+ foreach ($this->attributesMap as $key => $value) {
|
||||||
|
+ if (is_array($ldapEntry[$value])) {
|
||||||
|
+ $ldap_value = $ldapEntry[$value][0];
|
||||||
|
+ } else {
|
||||||
|
+ $ldap_value = $ldapEntry[$value];
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ call_user_func([$user, $key], $ldap_value);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ($this->enabledAttribute !== null) {
|
||||||
|
+ $user->setEnabled($ldapEntry[$this->enabledAttribute]);
|
||||||
|
+ } else {
|
||||||
|
+ $user->setEnabled(true);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ($this->isAdmin($user)) {
|
||||||
|
+ $user->addRole('ROLE_SUPER_ADMIN');
|
||||||
|
+ } else {
|
||||||
|
+ $user->removeRole('ROLE_SUPER_ADMIN');
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $this->userManager->updateUser($user, true);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private function isAdmin($user)
|
||||||
|
+ {
|
||||||
|
+ if ($this->ldapAdminFilter === null) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $escaped_username = ldap_escape($user->getUsername(), '', LDAP_ESCAPE_FILTER);
|
||||||
|
+ $filter = sprintf($this->ldapAdminFilter, $escaped_username);
|
||||||
|
+ $entries = $this->ldapDriver->search($this->ldapBaseDn, $filter);
|
||||||
|
+
|
||||||
|
+ return $entries['count'] == 1;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
diff --git a/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php b/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..8a851f120
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php
|
||||||
|
@@ -0,0 +1,43 @@
|
||||||
|
+<?php
|
||||||
|
+
|
||||||
|
+namespace Wallabag\UserBundle;
|
||||||
|
+
|
||||||
|
+use FOS\OAuthServerBundle\Storage\OAuthStorage;
|
||||||
|
+use OAuth2\Model\IOAuth2Client;
|
||||||
|
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
|
+
|
||||||
|
+class OAuthStorageLdapWrapper extends OAuthStorage
|
||||||
|
+{
|
||||||
|
+ private $ldapManager;
|
||||||
|
+
|
||||||
|
+ public function setLdapManager($ldap_manager)
|
||||||
|
+ {
|
||||||
|
+ $this->ldapManager = $ldap_manager;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public function checkUserCredentials(IOAuth2Client $client, $username, $password)
|
||||||
|
+ {
|
||||||
|
+ try {
|
||||||
|
+ $user = $this->userProvider->loadUserByUsername($username);
|
||||||
|
+ } catch (AuthenticationException $e) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ($user->isLdapUser()) {
|
||||||
|
+ return $this->checkLdapUserCredentials($user, $password);
|
||||||
|
+ } else {
|
||||||
|
+ return parent::checkUserCredentials($client, $username, $password);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private function checkLdapUserCredentials($user, $password)
|
||||||
|
+ {
|
||||||
|
+ if ($this->ldapManager->bind($user, $password)) {
|
||||||
|
+ return array(
|
||||||
|
+ 'data' => $user,
|
||||||
|
+ );
|
||||||
|
+ } else {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
diff --git a/src/Wallabag/UserBundle/Resources/config/ldap.yml b/src/Wallabag/UserBundle/Resources/config/ldap.yml
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..5ec160889
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/Wallabag/UserBundle/Resources/config/ldap.yml
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+fr3d_ldap:
|
||||||
|
+ service:
|
||||||
|
+ user_hydrator: ldap_user_hydrator
|
||||||
|
+ driver:
|
||||||
|
+ host: "%ldap_host%"
|
||||||
|
+ port: "%ldap_port%"
|
||||||
|
+ useSsl: "%ldap_ssl%"
|
||||||
|
+ useStartTls: "%ldap_tls%"
|
||||||
|
+ bindRequiresDn: "%ldap_bind_requires_dn%"
|
||||||
|
+ username: "%ldap_manager_dn%"
|
||||||
|
+ password: "%ldap_manager_pw%"
|
||||||
|
+ user:
|
||||||
|
+ baseDn: "%ldap_base%"
|
||||||
|
+ filter: "%ldap_filter%"
|
||||||
|
+ usernameAttribute: "%ldap_username_attribute%"
|
||||||
|
+security:
|
||||||
|
+ providers:
|
||||||
|
+ chain_provider:
|
||||||
|
+ chain:
|
||||||
|
+ providers: [ fr3d_ldapbundle, fos_userbundle ]
|
||||||
|
+ fr3d_ldapbundle:
|
||||||
|
+ id: fr3d_ldap.security.user.provider
|
||||||
|
+ firewalls:
|
||||||
|
+ secured_area:
|
||||||
|
+ fr3d_ldap: ~
|
||||||
|
+ form_login:
|
||||||
|
+ provider: chain_provider
|
||||||
|
+
|
||||||
|
diff --git a/src/Wallabag/UserBundle/Resources/config/ldap_services.yml b/src/Wallabag/UserBundle/Resources/config/ldap_services.yml
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..b3e3fd8ae
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/Wallabag/UserBundle/Resources/config/ldap_services.yml
|
||||||
|
@@ -0,0 +1,22 @@
|
||||||
|
+services:
|
||||||
|
+ fos_oauth_server.server:
|
||||||
|
+ class: OAuth2\OAuth2
|
||||||
|
+ arguments:
|
||||||
|
+ - "@oauth_storage_ldap_wrapper"
|
||||||
|
+ - "%fos_oauth_server.server.options%"
|
||||||
|
+ oauth_storage_ldap_wrapper:
|
||||||
|
+ class: Wallabag\UserBundle\OAuthStorageLdapWrapper
|
||||||
|
+ parent: fos_oauth_server.storage
|
||||||
|
+ calls:
|
||||||
|
+ - [setLdapManager, ["@fr3d_ldap.ldap_manager"]]
|
||||||
|
+
|
||||||
|
+ ldap_user_hydrator:
|
||||||
|
+ class: Wallabag\UserBundle\LdapHydrator
|
||||||
|
+ arguments:
|
||||||
|
+ - "@fos_user.user_manager"
|
||||||
|
+ - "@event_dispatcher"
|
||||||
|
+ - [ "%ldap_username_attribute%", "%ldap_email_attribute%", "%ldap_name_attribute%", "%ldap_enabled_attribute%" ]
|
||||||
|
+ - "%ldap_base%"
|
||||||
|
+ - "%ldap_admin_filter%"
|
||||||
|
+ - "@fr3d_ldap.ldap_driver"
|
||||||
|
+
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||||
|
|
||||||
pkgname=wallabag
|
pkgname=wallabag
|
||||||
pkgver=2.5.4
|
pkgver=2.6.1
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
pkgdesc="Self hostable application for saving web pages"
|
pkgdesc="Self hostable application for saving web pages"
|
||||||
arch="noarch"
|
arch="noarch"
|
||||||
|
@ -10,10 +10,13 @@ url="http://www.wallabag.org/"
|
||||||
license="MIT"
|
license="MIT"
|
||||||
_php=php81
|
_php=php81
|
||||||
_php_mods="-gd -tidy -tokenizer -bcmath -dom -curl -session -ctype -simplexml
|
_php_mods="-gd -tidy -tokenizer -bcmath -dom -curl -session -ctype -simplexml
|
||||||
-xml -sockets -xmlreader -intl"
|
-xml -sockets -xmlreader -intl -pdo -ldap -sodium"
|
||||||
depends="$_php ${_php_mods//-/$_php-} pcre composer"
|
depends="$_php ${_php_mods//-/$_php-} pcre composer"
|
||||||
options='!strip'
|
options='!strip'
|
||||||
source="https://static.wallabag.org/releases/wallabag-release-$pkgver.tar.gz"
|
source="
|
||||||
|
https://github.com/wallabag/wallabag/releases/download/$pkgver/wallabag-$pkgver.tar.gz
|
||||||
|
0001-Add-LDAP-support.patch
|
||||||
|
"
|
||||||
options="!check" # No testsuote
|
options="!check" # No testsuote
|
||||||
pkgusers="wallabag"
|
pkgusers="wallabag"
|
||||||
pkggroups="www-data"
|
pkggroups="www-data"
|
||||||
|
@ -40,5 +43,6 @@ package() {
|
||||||
sed -i "$pkgdir"/$datadir/var/bootstrap.php.cache -e "s@__DIR__.'/../@'/usr/share/webapps/$pkgname/@"
|
sed -i "$pkgdir"/$datadir/var/bootstrap.php.cache -e "s@__DIR__.'/../@'/usr/share/webapps/$pkgname/@"
|
||||||
}
|
}
|
||||||
sha512sums="
|
sha512sums="
|
||||||
eacf91b2cafb2c517b20686d6c66b2f97b8a9e4c296036319c885c9b0344b85b1c1c861dbbd2ac54f021065480bda78873e8da04dbd4a576db0c3527d47571f3 wallabag-release-2.5.4.tar.gz
|
e1808da08dced320c36817b03e0f93f863151417fe06bd5b24f2d91e09a25009501437f68ec9f7505577019ce2d2c505f8f3ac3d6c8fbe245ae350620adb47af wallabag-2.6.1.tar.gz
|
||||||
|
daf808d1314160e7786cf42f7ec93241a9f72a2151f84e6c73511efab5a7a605356ea35e88c15bef9eead4b934fb9ed31cb00cbdec45adf28218738884b053d4 0001-Add-LDAP-support.patch
|
||||||
"
|
"
|
||||||
|
|
Loading…
Reference in a new issue