diff options
| -rw-r--r-- | phpBB/config/default/container/services_auth.yml | 4 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/ldap.php | 53 | ||||
| -rw-r--r-- | tests/auth/provider_ldap_test.php | 197 | ||||
| -rw-r--r-- | travis/ldap/base.ldif | 46 |
4 files changed, 272 insertions, 28 deletions
diff --git a/phpBB/config/default/container/services_auth.yml b/phpBB/config/default/container/services_auth.yml index 5d8820842f..f8270400a5 100644 --- a/phpBB/config/default/container/services_auth.yml +++ b/phpBB/config/default/container/services_auth.yml @@ -42,9 +42,9 @@ services: auth.provider.ldap: class: phpbb\auth\provider\ldap arguments: - - '@dbal.conn' - '@config' - - '@passwords.manager' + - '@dbal.conn' + - '@language' - '@user' tags: - { name: auth.provider } diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index 0789a6234d..6a78136e5f 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -1,4 +1,5 @@ <?php + /** * * This file is part of the phpBB Forum Software package. @@ -13,32 +14,42 @@ namespace phpbb\auth\provider; +use phpbb\config\config; +use phpbb\db\driver\driver_interface; +use phpbb\language\language; +use phpbb\user; + /** * Database authentication provider for phpBB3 * This is for authentication via the integrated user table */ -class ldap extends \phpbb\auth\provider\base +class ldap extends base { - /** - * phpBB passwords manager - * - * @var \phpbb\passwords\manager - */ - protected $passwords_manager; + /** @var config phpBB config */ + protected $config; + + /** @var driver_interface DBAL driver interface */ + protected $db; + + /** @var language phpBB language class */ + protected $language; + + /** @var user phpBB user */ + protected $user; /** * LDAP Authentication Constructor * - * @param \phpbb\db\driver\driver_interface $db Database object - * @param \phpbb\config\config $config Config object - * @param \phpbb\passwords\manager $passwords_manager Passwords manager object - * @param \phpbb\user $user User object + * @param driver_interface $db DBAL driver interface + * @param config $config Config object + * @param language $language Language object + * @param user $user User object */ - public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user) + public function __construct(config $config, driver_interface $db, language $language, user $user) { - $this->db = $db; $this->config = $config; - $this->passwords_manager = $passwords_manager; + $this->db = $db; + $this->language = $language; $this->user = $user; } @@ -49,7 +60,7 @@ class ldap extends \phpbb\auth\provider\base { if (!@extension_loaded('ldap')) { - return $this->user->lang['LDAP_NO_LDAP_EXTENSION']; + return $this->language->lang('LDAP_NO_LDAP_EXTENSION'); } $this->config['ldap_port'] = (int) $this->config['ldap_port']; @@ -64,7 +75,7 @@ class ldap extends \phpbb\auth\provider\base if (!$ldap) { - return $this->user->lang['LDAP_NO_SERVER_CONNECTION']; + return $this->language->lang('LDAP_NO_SERVER_CONNECTION'); } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @@ -74,7 +85,7 @@ class ldap extends \phpbb\auth\provider\base { if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) { - return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD']; + return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD'); } } @@ -92,7 +103,7 @@ class ldap extends \phpbb\auth\provider\base if ($search === false) { - return $this->user->lang['LDAP_SEARCH_FAILED']; + return $this->language->lang('LDAP_SEARCH_FAILED'); } $result = @ldap_get_entries($ldap, $search); @@ -101,12 +112,12 @@ class ldap extends \phpbb\auth\provider\base if (!is_array($result) || count($result) < 2) { - return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); + return $this->language->lang('LDAP_NO_IDENTITY', $this->user->data['username']); } if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])])) { - return $this->user->lang['LDAP_NO_EMAIL']; + return $this->language->lang('LDAP_NO_EMAIL'); } return false; @@ -245,7 +256,7 @@ class ldap extends \phpbb\auth\provider\base // generate user account data $ldap_user_row = array( 'username' => $username, - 'user_password' => $this->passwords_manager->hash($password), + 'user_password' => '', 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/tests/auth/provider_ldap_test.php b/tests/auth/provider_ldap_test.php new file mode 100644 index 0000000000..2c4b36ffd8 --- /dev/null +++ b/tests/auth/provider_ldap_test.php @@ -0,0 +1,197 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +class phpbb_auth_provider_ldap_test extends phpbb_database_test_case +{ + /** @var \phpbb\auth\provider\ldap */ + protected $provider; + + protected $user; + + protected function setup() + { + parent::setUp(); + + global $phpbb_root_path, $phpEx; + + $db = $this->new_dbal(); + $config = new \phpbb\config\config([ + 'ldap_server' => 'localhost', + 'ldap_port' => 3389, + 'ldap_dn' => 'dc=example,dc=com', + 'ldap_uid' => 'uid', + 'ldap_email' => 'mail', + ]); + $lang_loader = new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx); + $lang = new \phpbb\language\language($lang_loader); + $this->user = new \phpbb\user($lang, '\phpbb\datetime'); + + $this->provider = new \phpbb\auth\provider\ldap($config, $db, $lang, $this->user); + } + + public function getDataSet() + { + return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/user.xml'); + } + + /** + * Test to see if a user is identified to Apache. Expects false if they are. + */ + public function test_init() + { + $this->assertFalse($this->provider->init()); + } +/* + public function test_login() + { + $username = 'foobar'; + $password = 'example'; + + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + \phpbb\request\request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->at(1)) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); + $this->request->expects($this->at(2)) + ->method('server') + ->with('PHP_AUTH_PW') + ->will($this->returnValue('example')); + + $expected = array( + 'status' => LOGIN_SUCCESS, + 'error_msg' => false, + 'user_row' => array( + 'user_id' => '1', + 'username' => 'foobar', + 'user_password' => $this->password_hash, + 'user_passchg' => '0', + 'user_email' => 'example@example.com', + 'user_type' => '0', + ), + ); + + $this->assertEquals($expected, $this->provider->login($username, $password)); + } + + public function test_autologin() + { + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + \phpbb\request\request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->at(1)) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); + $this->request->expects($this->at(2)) + ->method('server') + ->with('PHP_AUTH_PW') + ->will($this->returnValue('example')); + + $expected = array( + 'user_id' => '1', + 'user_type' => '0', + 'group_id' => '3', + 'user_permissions' => '', + 'user_perm_from' => '0', + 'user_ip' => '', + 'user_regdate' => '0', + 'username' => 'foobar', + 'username_clean' => 'foobar', + 'user_password' => $this->password_hash, + 'user_passchg' => '0', + 'user_email' => 'example@example.com', + 'user_email_hash' => '0', + 'user_birthday' => '', + 'user_lastvisit' => '0', + 'user_lastmark' => '0', + 'user_lastpost_time' => '0', + 'user_lastpage' => '', + 'user_last_confirm_key' => '', + 'user_last_search' => '0', + 'user_warnings' => '0', + 'user_last_warning' => '0', + 'user_login_attempts' => '0', + 'user_inactive_reason' => '0', + 'user_inactive_time' => '0', + 'user_posts' => '0', + 'user_lang' => '', + 'user_timezone' => '', + 'user_dateformat' => 'd M Y H:i', + 'user_style' => '0', + 'user_rank' => '0', + 'user_colour' => '', + 'user_new_privmsg' => '0', + 'user_unread_privmsg' => '0', + 'user_last_privmsg' => '0', + 'user_message_rules' => '0', + 'user_full_folder' => '-3', + 'user_emailtime' => '0', + 'user_topic_show_days' => '0', + 'user_topic_sortby_type' => 't', + 'user_topic_sortby_dir' => 'd', + 'user_post_show_days' => '0', + 'user_post_sortby_type' => 't', + 'user_post_sortby_dir' => 'a', + 'user_notify' => '0', + 'user_notify_pm' => '1', + 'user_notify_type' => '0', + 'user_allow_pm' => '1', + 'user_allow_viewonline' => '1', + 'user_allow_viewemail' => '1', + 'user_allow_massemail' => '1', + 'user_options' => '230271', + 'user_avatar' => '', + 'user_avatar_type' => '', + 'user_avatar_width' => '0', + 'user_avatar_height' => '0', + 'user_sig' => '', + 'user_sig_bbcode_uid' => '', + 'user_sig_bbcode_bitfield' => '', + 'user_jabber' => '', + 'user_actkey' => '', + 'user_newpasswd' => '', + 'user_form_salt' => '', + 'user_new' => '1', + 'user_reminded' => '0', + 'user_reminded_time' => '0', + ); + + $this->assertEquals($expected, $this->provider->autologin()); + } + + public function test_validate_session() + { + $user = array( + 'username' => 'foobar', + 'user_type' + ); + $this->request->expects($this->once()) + ->method('is_set') + ->with('PHP_AUTH_USER', + \phpbb\request\request_interface::SERVER) + ->will($this->returnValue(true)); + $this->request->expects($this->once()) + ->method('server') + ->with('PHP_AUTH_USER') + ->will($this->returnValue('foobar')); + + $this->assertTrue($this->provider->validate_session($user)); + } +*/ +} diff --git a/travis/ldap/base.ldif b/travis/ldap/base.ldif index 26535b9e72..09fe7cecc6 100644 --- a/travis/ldap/base.ldif +++ b/travis/ldap/base.ldif @@ -1,5 +1,41 @@ -dn:dc=example,dc=com -objectClass:dcObject -objectClass:organizationalUnit -dc:example -ou:foo +dn: dc=example,dc=com +objectClass: top +objectClass: dcObject +objectClass: organization +o: example +dc: example + +dn: ou=foo,dc=example,dc=com +objectClass: organizationalUnit +ou: foo + +dn: cn=admin,dc=example,dc=com +objectClass: simpleSecurityObject +objectClass: organizationalRole +cn: admin +description: LDAP administrator +userPassword:: e1NTSEF9NytMR2gveUxTMzdsc3RRd1V1dENZSVA0TWdYdm9SdDY= + +dn: ou=group,dc=example,dc=com +objectClass: organizationalUnit +ou: group + +dn: cn=admin,ou=foo,dc=example,dc=com +objectClass: posixAccount +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +loginShell: /bin/bash +homeDirectory: /home/admin +uid: admin +cn: admin +uidNumber: 10000 +gidNumber: 10000 +sn: admin +mail: admin@example.com +userPassword:: e1NTSEF9WHpueGZURHZZc21JSkl6czdMVXBjdCtWYTA1dlMzVlQ= + +dn: cn=admin,ou=group,dc=example,dc=com +objectClass: posixGroup +gidNumber: 10000 +cn: admin |