Commit 691785ff authored by Thomas Löffler's avatar Thomas Löffler
Browse files

Fix CGL in t3o_ldap extension

parent b66f3bb6
Pipeline #5825 failed with stages
in 3 minutes and 2 seconds
......@@ -22,7 +22,6 @@ use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
* mechanisms defined in the PasswordHashing class. Currently CRYPT,
* SHA1 and MD5 are used.
*
* @package Typo3\Ldap\Connectors
* @since 1.0.0
*/
class Ldap
......@@ -130,9 +129,11 @@ class Ldap
$ret = true;
}
} else {
GeneralUtility::sysLog('Keine LDAP-Bind mit Nutzerdaten moeglich: ' . ldap_error($this->ldapConnection),
GeneralUtility::sysLog(
'Keine LDAP-Bind mit Nutzerdaten moeglich: ' . ldap_error($this->ldapConnection),
't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR);
GeneralUtility::SYSLOG_SEVERITY_ERROR
);
}
return $ret;
......@@ -149,14 +150,12 @@ class Ldap
*/
public function setLdapPasswords($username, $values)
{
$ret = false;
// Create LDAP connection
if ($this->createLdapConnection() === true) {
// Try to bind as admin
if ($this->ldapBind($this->ldapConnection, $this->ldapBindDn, $this->ldapBindPassword) === true) {
$dn = $this->getDnForUserName($username);
// TODO Check if user exists and create if not exists?
......@@ -164,16 +163,25 @@ class Ldap
// Finally try to update passwords
$result = $this->updateLdapAttribute($dn, 'userPassword', $values, true);
if ($result === false) {
GeneralUtility::sysLog(ldap_error($this->ldapConnection), 't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR);
GeneralUtility::sysLog(
ldap_error($this->ldapConnection),
't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR
);
}
} else {
GeneralUtility::sysLog('Unable to bind to LDAP using: ' . ldap_error($this->ldapConnection), 't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR);
GeneralUtility::sysLog(
'Unable to bind to LDAP using: ' . ldap_error($this->ldapConnection),
't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR
);
}
} else {
GeneralUtility::sysLog('No active LDAP connection available', 't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR);
GeneralUtility::sysLog(
'No active LDAP connection available',
't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_ERROR
);
}
return $ret;
......@@ -183,8 +191,8 @@ class Ldap
* Bind to the LDAP directory with the given credentials. Errors are logged to syslog.
*
* @param resource $ldapConnection
* @param String $dn Complete bind DN for LDAP entry to bind with
* @param String $password The password to use for bind
* @param string $dn Complete bind DN for LDAP entry to bind with
* @param string $password The password to use for bind
* @return bool
*/
private function ldapBind($ldapConnection, $dn, $password)
......@@ -197,8 +205,10 @@ class Ldap
if ($ldapBind) {
$ret = true;
} else {
throw new \RuntimeException('Could not bind to LDAP connection: ' . ldap_error($ldapConnection),
1453993540);
throw new \RuntimeException(
'Could not bind to LDAP connection: ' . ldap_error($ldapConnection),
1453993540
);
}
} catch (\RuntimeException $e) {
GeneralUtility::sysLog($e->getMessage(), 't3o_ldap', GeneralUtility::SYSLOG_SEVERITY_ERROR);
......@@ -210,7 +220,7 @@ class Ldap
/**
* Update an attribute for the given DN. Errors are logged to syslog.
*
* @param String $dn Complete DN for LDAP entry to update attributes for
* @param string $dn Complete DN for LDAP entry to update attributes for
* @param string $attribute The name of the attribute
* @param string|array $attributeValues String or array (for multivalue attributes)
* @param bool $multiValue Whether or not the attribute should be treated as single or multivalue
......@@ -222,7 +232,7 @@ class Ldap
if (trim($dn) !== '') {
$attributes = [];
if (is_array($attributeValues)) {
foreach ($attributeValues AS $attributeValue) {
foreach ($attributeValues as $attributeValue) {
$attributes[$attribute][] = $attributeValue;
}
} else {
......@@ -254,8 +264,10 @@ class Ldap
}
}
} else {
throw new \RuntimeException('Could not create LDAP connection: ' . ldap_error($this->ldapConnection),
1453993539);
throw new \RuntimeException(
'Could not create LDAP connection: ' . ldap_error($this->ldapConnection),
1453993539
);
}
} catch (\RuntimeException $e) {
GeneralUtility::sysLog($e->getMessage(), 't3o_ldap', GeneralUtility::SYSLOG_SEVERITY_ERROR);
......@@ -281,12 +293,11 @@ class Ldap
/**
* Check if a user exists in LDAP
*
* @param String $username The username
* @param string $username The username
* @return bool
*/
public function userExists($username)
{
$ret = false;
$dn = $this->getDnForUserName($username);
......@@ -311,7 +322,6 @@ class Ldap
*/
public function updateUser(\In2code\Femanager\Domain\Model\User $user)
{
$ret = false;
$dn = $this->getDnForUserName($user->getUsername());
......@@ -338,7 +348,6 @@ class Ldap
*/
public function enableUser($username)
{
$ret = false;
$dn = $this->getDnForUserName($username);
$ldapUserObject = [
......@@ -378,7 +387,6 @@ class Ldap
*/
public function createUser(\In2code\Femanager\Domain\Model\User $user, $password = '')
{
$ret = false;
$dn = $this->getDnForUserName($user->getUsername());
......@@ -404,7 +412,6 @@ class Ldap
*/
private function buildLdapUserArray(\In2code\Femanager\Domain\Model\User $user)
{
$ldapUserArray = [
'objectclass' => [
0 => 'top',
......@@ -523,7 +530,7 @@ class Ldap
/**
* Check a given String for salting.
*
* @param String $passwordString The password string
* @param string $passwordString The password string
* @return bool
*/
private function isSaltedPassword($passwordString)
......@@ -571,7 +578,6 @@ class Ldap
/**
* @param string $lastLdapError
* @return void
*/
public function setLastLdapError($lastLdapError)
{
......@@ -594,8 +600,14 @@ class Ldap
$orderBy = '';
$limit = '1';
$result = $GLOBALS['TYPO3_DB']->exec_SELECTquery($selectFields, $fromTable, $whereClause, $groupBy, $orderBy,
$limit);
$result = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
$selectFields,
$fromTable,
$whereClause,
$groupBy,
$orderBy,
$limit
);
if ($result) {
if ($GLOBALS['TYPO3_DB']->sql_num_rows($result) == 1) {
$ret = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($result);
......@@ -604,7 +616,6 @@ class Ldap
}
return $ret;
}
/**
......@@ -616,5 +627,4 @@ class Ldap
ldap_close($this->ldapConnection);
}
}
}
......@@ -39,12 +39,9 @@ class DataHandlerHook
/**
* Use DataHandler "afterAllOperations" hook to update or create FE Users
* in LDAP.
*
* @return void
*/
public function processDatamap_afterAllOperations(\TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler)
{
$extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['t3o_ldap']);
$enableLdapPasswordUpdates = (int)$extensionConfiguration['enableLdapPasswordUpdates'];
......@@ -73,7 +70,5 @@ class DataHandlerHook
\TYPO3\CMS\Core\Messaging\FlashMessageQueue::addMessage($flashMessage);
}
}
}
}
......@@ -44,6 +44,7 @@ class PasswordHashing
case 'crypt':
$passwordHash = crypt($clearText, $salt);
$ret = '{CRYPT}' . $passwordHash;
// no break
default:
}
}
......
......@@ -26,11 +26,9 @@ class PasswordUpdate
*
* @param string $username The username to update the password for
* @param string $clearTextPassword Cleartext password to hash and update
* @return void
*/
public function updatePassword(string $username, string $clearTextPassword)
{
$extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['t3o_ldap']);
// Check if LDAP updates are enabled in extension configuration
......
......@@ -13,9 +13,9 @@ namespace T3o\T3oLdap\Utility;
* LICENSE.txt file that was distributed with this source code.
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Messaging\FlashMessage;
use TYPO3\CMS\Core\Messaging\FlashMessageQueue;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Class to create, update or delete accounts in LDAP
......@@ -29,13 +29,12 @@ class UserCreateUpdateDelete
* Update a LDAP User. If the user does not exist, it will be created.
*
* @param \In2code\Femanager\Domain\Model\User $user The frontend user
* @param boolean $createIfNotExists Create the user if it does not exist
* @param bool $createIfNotExists Create the user if it does not exist
* @param string $updatePassword
* @return boolean
* @return bool
*/
public function updateUser(\In2code\Femanager\Domain\Model\User $user, $createIfNotExists = true, $updatePassword = '')
{
$ret = false;
/** @var \T3o\T3oLdap\Connectors\Ldap $ldap */
......@@ -43,38 +42,47 @@ class UserCreateUpdateDelete
$feUserUid = $user->getUid();
if ($ldap->userExists($user->getUsername())) {
$ret = $ldap->updateUser($user);
if ($ret === true) {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
'Frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') has been updated in LDAP.',
'LDAP Update User Status', FlashMessage::OK);
'LDAP Update User Status',
FlashMessage::OK
);
} else {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
'Failed to update frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') in LDAP. ' . 'The server responded with: ' . $ldap->getLastLdapError(),
'LDAP Update User Status', FlashMessage::ERROR);
'LDAP Update User Status',
FlashMessage::ERROR
);
}
// TODO Delete User in LDAP (notify consumer systems)
// $ret = $ldap->deleteUser($userData);
} elseif ($createIfNotExists === true) {
$ret = $ldap->createUser($user);
if ($ret === true) {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
'Frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') has been created in LDAP.',
'LDAP Create User Status', FlashMessage::OK);
'LDAP Create User Status',
FlashMessage::OK
);
} else {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
'Failed to update frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') in LDAP. ' . 'The server responded with: ' . $ldap->getLastLdapError(),
'LDAP Create User Status', FlashMessage::ERROR);
'LDAP Create User Status',
FlashMessage::ERROR
);
}
}
......@@ -90,7 +98,5 @@ class UserCreateUpdateDelete
}
return $ret;
}
}
<?php
########################################################################
# Extension Manager/Repository config file for ext "t3org_base".
#
# Auto generated 15-04-2011 14:09
#
# Manual updates:
# Only the data in the array - everything else is removed by next
# writing. "version" and "dependencies" must not be touched!
########################################################################
//#######################################################################
// Extension Manager/Repository config file for ext "t3org_base".
//
// Auto generated 15-04-2011 14:09
//
// Manual updates:
// Only the data in the array - everything else is removed by next
// writing. "version" and "dependencies" must not be touched!
//#######################################################################
$EM_CONF[$_EXTKEY] = array(
'title' => 'TYPO3.org LDAP Utilities',
'description' => 'Classes for TYPO3 LDAP Accounts. Hooks into Backend, to update passwords',
'category' => 'fe',
'shy' => 0,
'version' => '1.1.0',
'dependencies' => '',
'conflicts' => '',
'priority' => '',
'loadOrder' => '',
'module' => '',
'state' => 'stable',
'uploadfolder' => 0,
'createDirs' => '',
'modify_tables' => '',
'clearcacheonload' => 1,
'lockType' => '',
'author' => 'Andreas Beutel, Thomas Löffler',
'author_email' => 'andreas.beutel@mehrwert.de',
'author_company' => 'mehrwert intermediale kommunikation GmbH',
'CGLcompliance' => '',
'CGLcompliance_note' => '',
'constraints' => array(
'depends' => array(
'php' => '7.0.0-0.0.0',
'typo3' => '8.7.0-8.9.99',
$EM_CONF[$_EXTKEY] = [
'title' => 'TYPO3.org LDAP Utilities',
'description' => 'Classes for TYPO3 LDAP Accounts. Hooks into Backend, to update passwords',
'category' => 'fe',
'shy' => 0,
'version' => '1.1.0',
'dependencies' => '',
'conflicts' => '',
'priority' => '',
'loadOrder' => '',
'module' => '',
'state' => 'stable',
'uploadfolder' => 0,
'createDirs' => '',
'modify_tables' => '',
'clearcacheonload' => 1,
'lockType' => '',
'author' => 'Andreas Beutel, Thomas Löffler',
'author_email' => 'andreas.beutel@mehrwert.de',
'author_company' => 'mehrwert intermediale kommunikation GmbH',
'CGLcompliance' => '',
'CGLcompliance_note' => '',
'constraints' => [
'depends' => [
'php' => '7.0.0-0.0.0',
'typo3' => '8.7.0-8.9.99',
'femanager' => '4.1.0-0.0.0'
),
'conflicts' => array(
),
'suggests' => array(
),
),
'suggests' => array(
),
);
],
'conflicts' => [
],
'suggests' => [
],
],
'suggests' => [
],
];
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment