Commit 6601b013 authored by Thomas Löffler's avatar Thomas Löffler
Browse files

Add 'extensions/t3o_ldap/' from commit 'dbaaae85'

git-subtree-dir: extensions/t3o_ldap
git-subtree-mainline: c37ac5ef
git-subtree-split: dbaaae85
parents c37ac5ef dbaaae85
This diff is collapsed.
<?php
namespace T3o\T3oLdap\Hooks;
/***************************************************************
* Copyright notice
*
* (c) 2016 Andreas Beutel, mehrwert intermediale kommunikation GmbH <typo3@mehrwert.de>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
* A copy is found in the textfile GPL.txt and important notices to the license
* from the author is found in LICENSE.txt distributed with these scripts.
*
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Hook Functions for \TYPO3\CMS\Core\DataHandling\DataHandler
*/
class DataHandlerHook
{
/**
* Use DataHandler "afterAllOperations" hook to update or create FE Users
* in LDAP.
*
* @return void
*/
public function processDatamap_afterAllOperations(\TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler)
{
$extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['t3o_ldap']);
$enableLdapPasswordUpdates = (int)$extensionConfiguration['enableLdapPasswordUpdates'];
if ($enableLdapPasswordUpdates === 1) {
try {
foreach ($dataHandler->datamap as $tableName => $configuration) {
if ($tableName === 'fe_users') {
foreach ($configuration as $feUserUid => $changedFields) {
$objectManager = GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\Object\ObjectManager::class);
$userRepository = $objectManager->get(\T3o\T3omy\Domain\Repository\MyProfileRepository::class);
$user = $userRepository->findByUid($feUserUid);
/** @var \T3o\T3oLdap\Utility\UserCreateUpdateDelete $userUtility */
$userUtility = GeneralUtility::makeInstance(\T3o\T3oLdap\Utility\UserCreateUpdateDelete::class);
$userUtility->updateUser($user);
}
}
}
} catch (\Exception $e) {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(
\TYPO3\CMS\Core\Messaging\FlashMessage::class,
'Failed to update users in LDAP: ' . $e->getMessage(),
'Error in processDatamap_afterAllOperations',
\TYPO3\CMS\Core\Messaging\FlashMessage::ERROR
);
\TYPO3\CMS\Core\Messaging\FlashMessageQueue::addMessage($flashMessage);
}
}
}
}
<?php
namespace T3o\T3oLdap\Utility;
/*
* (c) 2016 by mehrwert intermediale kommunikation GmbH
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*/
/**
* Password hashing facility. Mechanisms defined are CRYPT,
* SHA1 and MD5.
*/
class PasswordHashing
{
/**
* Hash a given string with the mechanism defined. Return the hash.
*
* @param string $clearText Cleartext representation of the password
* @param string $algorithm The hashing mechanism
* @param string $salt Optional salt
* @return bool|string False on failure or the hashed password as string
*/
public function getPasswordHash($clearText, $algorithm = 'crypt', $salt = 'xy')
{
$ret = false;
if (trim($clearText) !== '') {
switch ($algorithm) {
case 'sha1':
$passwordHash = sha1($clearText, true);
$ret = '{SHA}' . base64_encode($passwordHash);
break;
case 'md5':
$passwordHash = md5($clearText, true);
$ret = '{MD5}' . base64_encode($passwordHash);
break;
case 'crypt':
$passwordHash = crypt($clearText, $salt);
$ret = '{CRYPT}' . $passwordHash;
default:
}
}
return $ret;
}
}
<?php
namespace T3o\T3oLdap\Utility;
/*
* (c) 2016 by mehrwert intermediale kommunikation GmbH
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Password updating facility.
*/
class PasswordUpdate
{
const PASSWORD_METHODS = ['md5', 'sha1', 'crypt'];
/**
* Update a password in various places (LDAP, TYPO3)
*
* @param string $username The username to update the password for
* @param string $clearTextPassword Cleartext password to hash and update
* @return void
*/
public function updatePassword(string $username, string $clearTextPassword)
{
$extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['t3o_ldap']);
// Check if LDAP updates are enabled in extension configuration
if ((int)$extensionConfiguration['enableLdapPasswordUpdates'] === 1) {
/** @var \T3o\T3oLdap\Connectors\Ldap $ldap */
$ldap = GeneralUtility::makeInstance(\T3o\T3oLdap\Connectors\Ldap::class);
if ($ldap->setLdapPasswords($username, $this->getHashedPasswords($clearTextPassword))) {
GeneralUtility::sysLog(
'Password successfully updated (Mechanisms: ' . strtoupper(implode(', ', self::PASSWORD_METHODS)) . ')',
't3o_ldap',
GeneralUtility::SYSLOG_SEVERITY_INFO
);
}
}
}
public function getHashedPasswords(string $clearTextPassword): array
{
$passwords = [];
$passwordHashing = GeneralUtility::makeInstance(PasswordHashing::class);
foreach (self::PASSWORD_METHODS as $passwordAlgorithm) {
$hash = $passwordHashing->getPasswordHash($clearTextPassword, $passwordAlgorithm);
if ($hash) {
$passwords[$passwordAlgorithm] = $hash;
}
}
return $passwords;
}
}
<?php
namespace T3o\T3oLdap\Utility;
/*
* (c) 2016 by mehrwert intermediale kommunikation GmbH
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*/
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Messaging\FlashMessage;
use TYPO3\CMS\Core\Messaging\FlashMessageQueue;
/**
* Class to create, update or delete accounts in LDAP
*
* @since 1.0.0
*/
class UserCreateUpdateDelete
{
/**
* Update a LDAP User. If the user does not exist, it will be created.
*
* @param \In2code\Femanager\Domain\Model\User $user The frontend user
* @param boolean $createIfNotExists Create the user if it does not exist
* @param string $updatePassword
* @return boolean
*/
public function updateUser(\In2code\Femanager\Domain\Model\User $user, $createIfNotExists = true, $updatePassword = '')
{
$ret = false;
/** @var \T3o\T3oLdap\Connectors\Ldap $ldap */
$ldap = GeneralUtility::makeInstance(\T3o\T3oLdap\Connectors\Ldap::class);
$feUserUid = $user->getUid();
if ($ldap->userExists($user->getUsername())) {
$ret = $ldap->updateUser($user);
if ($ret === true) {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
'Frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') has been updated in LDAP.',
'LDAP Update User Status', FlashMessage::OK);
} else {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
'Failed to update frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') in LDAP. ' . 'The server responded with: ' . $ldap->getLastLdapError(),
'LDAP Update User Status', FlashMessage::ERROR);
}
// TODO Delete User in LDAP (notify consumer systems)
// $ret = $ldap->deleteUser($userData);
} elseif ($createIfNotExists === true) {
$ret = $ldap->createUser($user);
if ($ret === true) {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
'Frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') has been created in LDAP.',
'LDAP Create User Status', FlashMessage::OK);
} else {
/** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */
$flashMessage = GeneralUtility::makeInstance(FlashMessage::class,
'Failed to update frontend user ' . $user->getUsername() . ' (UID ' . $feUserUid . ') in LDAP. ' . 'The server responded with: ' . $ldap->getLastLdapError(),
'LDAP Create User Status', FlashMessage::ERROR);
}
}
// if a user was created or updated $ret is true and if a new password is requested, the password will be set
if ($ret === true && $updatePassword !== '') {
$passwordUpdate = GeneralUtility::makeInstance(PasswordUpdate::class);
$passwordUpdate->updatePassword($user->getUsername(), $updatePassword);
}
if (isset($flashMessage)) {
$flashMessageQueue = GeneralUtility::makeInstance(FlashMessageQueue::class, 'core.template.flashMessages');
$flashMessageQueue->addMessage($flashMessage);
}
return $ret;
}
}
# TYPO3 LDAP Utilities
_EXT:t3o\_ldap_
Extension providing utilities for LDAP user and group updates written on the TYPO3 Server
Admin Team Sprint in Berlin, October 2016.
## Concept / Summary
TYPO3 needs a central LDAP server for plain user management. In upcoming releases
this could be changed to an ID management for TYPO3 infrastructure. For a shorter
»time to market« we decided to ship an extension, that hooks into all known user
management processes on T3O (Create account, update password, reset password, delete
account, double opt in, TYPO3 Backend) instead of providing a full featured stand-alone
ID or user management solution.
## Prerequisites
* PHP5 >= 7.0
* TYPO3 >= 8.7
* PHP-LDAP w/ TLS
## Todo
* Hooks in to EXT:ajaxlogin on create, save or update
* Hooks into image update
* Hook in Password change
* TCE Hooks in Backend for BE Updates of FE User
* Delete User in LDAP (notify consumer systems)
* Groups!
* make LDAP Server configuration TypoScript Objects
{
"name": "t3o/t3o_ldap",
"type": "typo3-cms-extension",
"description": "TYPO3.org LDAP Utilities",
"homepage": "https://www.typo3.org",
"authors": [
{
"name": "t3o maintenance team",
"email": "maintenance@typo3.org"
}
],
"license": [
"GPL-2.0+"
],
"keywords": [
"TYPO3 CMS"
],
"autoload": {
"psr-4": {
"T3o\\T3oLdap\\": "Classes"
}
}
}
# cat=basic/enable; type=boolean; label=Password updates: Enable new Password update mechanism
enableExternalPasswordUpdates = 0
# cat=basic/enable; type=boolean; label=LDAP Password updates: Enable new Password update mechanism in LDAP
enableLdapPasswordUpdates = 0
# cat=LDAP/enable/a; type=string; label=IP-Address or Hostname: LDAP Server name or IP-Address
ldapServer = 127.0.0.1
# cat=LDAP/enable/10; type=int+; label=LDAP Port: The Port of the LDAP Server (389 or 636)
ldapServerPort = 389
# cat=LDAP/enable/10; type=int+; label=LDAP protocol: The protocol version of LDAP
ldapProtocolVersion = 3
# cat=LDAP/enable/a; type=string; label=Admin Bind-DN: LDAP admin Bind-DN to modify users
ldapBindDn =
# cat=LDAP/enable/a; type=string; label=Admin Password: LDAP admin password to modify users
ldapBindPassword =
# cat=LDAP/enable/a; type=string; label=Base-DN: The Base-DN to use when updating LDAP entries
ldapBaseDnForPasswordChanges =
\ No newline at end of file
<?php
########################################################################
# Extension Manager/Repository config file for ext "t3org_base".
#
# Auto generated 15-04-2011 14:09
#
# Manual updates:
# Only the data in the array - everything else is removed by next
# writing. "version" and "dependencies" must not be touched!
########################################################################
$EM_CONF[$_EXTKEY] = array(
'title' => 'TYPO3.org LDAP Utilities',
'description' => 'Classes for TYPO3 LDAP Accounts. Hooks into Backend, to update passwords',
'category' => 'fe',
'shy' => 0,
'version' => '1.1.0',
'dependencies' => '',
'conflicts' => '',
'priority' => '',
'loadOrder' => '',
'module' => '',
'state' => 'stable',
'uploadfolder' => 0,
'createDirs' => '',
'modify_tables' => '',
'clearcacheonload' => 1,
'lockType' => '',
'author' => 'Andreas Beutel, Thomas Löffler',
'author_email' => 'andreas.beutel@mehrwert.de',
'author_company' => 'mehrwert intermediale kommunikation GmbH',
'CGLcompliance' => '',
'CGLcompliance_note' => '',
'constraints' => array(
'depends' => array(
'php' => '7.0.0-0.0.0',
'typo3' => '8.7.0-8.9.99',
'femanager' => '4.1.0-0.0.0'
),
'conflicts' => array(
),
'suggests' => array(
),
),
'suggests' => array(
),
);
<?php
// Define TCE Main Hook for FE User Updates
$GLOBALS ['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = \T3o\T3oLdap\Hooks\DataHandlerHook::class;
# @author mehrwert <typo3@mehrwert.de>
# @package TYPO3
# @subpackage tx_t3oldap
# @license GPL
#
# Table structure for table 'fe_users'
#
CREATE TABLE fe_users (
tx_t3oldap_pwd_lastupdate_ts int(11) unsigned DEFAULT '0' NOT NULL,
tx_t3oldap_lastupdate_ts int(11) unsigned DEFAULT '0' NOT NULL,
tx_t3oldap_pwd_change_required tinyint(3) unsigned DEFAULT '0' NOT NULL,
);
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment