kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin AuthLDAP version 2.5.2

Browse Source
This commit is contained in:
KawaiiPunk 2022-03-21 13:34:57 +00:00 committed by Gitium
parent 713de650a5
commit 350836f064
5 changed files with 59 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
wp-content/plugins/authldap/authLdap.php
View File

@ -3,7 +3,7 @@
Plugin Name: AuthLDAP Plugin Name: AuthLDAP
Plugin URI: https://github.com/heiglandreas/authLdap Plugin URI: https://github.com/heiglandreas/authLdap
Description: This plugin allows you to use your existing LDAP as authentication base for WordPress Description: This plugin allows you to use your existing LDAP as authentication base for WordPress
Version: 2.4.10 Version: 2.5.2
Author: Andreas Heigl <andreas@heigl.org> Author: Andreas Heigl <andreas@heigl.org>
Author URI: http://andreas.heigl.org Author URI: http://andreas.heigl.org
License: MIT License: MIT
@ -82,6 +82,7 @@ function authLdap_options_panel()
'GroupEnable' => authLdap_get_post('authLDAPGroupEnable', false), 'GroupEnable' => authLdap_get_post('authLDAPGroupEnable', false),
'GroupOverUser' => authLdap_get_post('authLDAPGroupOverUser', false), 'GroupOverUser' => authLdap_get_post('authLDAPGroupOverUser', false),
'DoNotOverwriteNonLdapUsers' => authLdap_get_post('authLDAPDoNotOverwriteNonLdapUsers', false), 'DoNotOverwriteNonLdapUsers' => authLdap_get_post('authLDAPDoNotOverwriteNonLdapUsers', false),
'UserRead' => authLdap_get_post('authLDAPUseUserAccount', false),
); );
if (authLdap_set_options($new_options)) { if (authLdap_set_options($new_options)) {
echo "<div class='updated'><p>Saved Options!</p></div>"; echo "<div class='updated'><p>Saved Options!</p></div>";
@ -112,6 +113,7 @@ function authLdap_options_panel()
$authLDAPGroupEnable = authLdap_get_option('GroupEnable'); $authLDAPGroupEnable = authLdap_get_option('GroupEnable');
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser'); $authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
$authLDAPDoNotOverwriteNonLdapUsers = authLdap_get_option('DoNotOverwriteNonLdapUsers'); $authLDAPDoNotOverwriteNonLdapUsers = authLdap_get_option('DoNotOverwriteNonLdapUsers');
$authLDAPUseUserAccount= authLdap_get_option('UserRead');
$tChecked = ($authLDAP) ? ' checked="checked"' : ''; $tChecked = ($authLDAP) ? ' checked="checked"' : '';
$tDebugChecked = ($authLDAPDebug) ? ' checked="checked"' : ''; $tDebugChecked = ($authLDAPDebug) ? ' checked="checked"' : '';
@ -120,6 +122,7 @@ function authLdap_options_panel()
$tGroupOverUserChecked = ($authLDAPGroupOverUser) ? ' checked="checked"' : ''; $tGroupOverUserChecked = ($authLDAPGroupOverUser) ? ' checked="checked"' : '';
$tStartTLSChecked = ($authLDAPStartTLS) ? ' checked="checked"' : ''; $tStartTLSChecked = ($authLDAPStartTLS) ? ' checked="checked"' : '';
$tDoNotOverwriteNonLdapUsers = ($authLDAPDoNotOverwriteNonLdapUsers) ? ' checked="checked"' : ''; $tDoNotOverwriteNonLdapUsers = ($authLDAPDoNotOverwriteNonLdapUsers) ? ' checked="checked"' : '';
$tUserRead = ($authLDAPUseUserAccount) ? ' checked="checked"' : '';
$roles = new WP_Roles(); $roles = new WP_Roles();
@ -233,6 +236,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
$authLDAPDefaultRole = authLdap_get_option('DefaultRole'); $authLDAPDefaultRole = authLdap_get_option('DefaultRole');
$authLDAPGroupEnable = authLdap_get_option('GroupEnable'); $authLDAPGroupEnable = authLdap_get_option('GroupEnable');
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser'); $authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
$authLDAPUseUserAccount = authLdap_get_option('UserRead');
if (! $username) { if (! $username) {
authLdap_debug('Username not supplied: return false'); authLdap_debug('Username not supplied: return false');
@ -281,10 +285,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
return false; return false;
} }
// Rebind with the default credentials after the user has been loged in // Make optional querying from the admin account #213
// Otherwise the credentials of the user trying to login will be used if (! authLdap_get_option('UserRead')) {
// This fixes #55 // Rebind with the default credentials after the user has been loged in
authLdap_get_server()->bind(); // Otherwise the credentials of the user trying to login will be used
// This fixes #55
authLdap_get_server()->bind();
}
if (true !== $result) { if (true !== $result) {
authLdap_debug('LDAP authentication failed'); authLdap_debug('LDAP authentication failed');
@ -293,7 +300,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
return; return;
} }
authLdap_debug('LDAP authentication successfull'); authLdap_debug('LDAP authentication successful');
$attributes = array_values( $attributes = array_values(
array_filter( array_filter(
apply_filters( apply_filters(
@ -440,6 +447,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
$userid = wp_insert_user($user_info); $userid = wp_insert_user($user_info);
} }
// if the user exists, wp_insert_user will update the existing user record
if (is_wp_error($userid)) {
authLdap_debug('Error creating user : ' . $userid->get_error_message());
trigger_error('Error creating user: ' . $userid->get_error_message());
return $userid;
}
/** /**
* Add hook for custom updates * Add hook for custom updates
* *
@ -448,13 +462,6 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
*/ */
do_action('authLdap_login_successful', $userid, $attribs[0]); do_action('authLdap_login_successful', $userid, $attribs[0]);
// if the user exists, wp_insert_user will update the existing user record
if (is_wp_error($userid)) {
authLdap_debug('Error creating user : ' . $userid->get_error_message());
trigger_error('Error creating user: ' . $userid->get_error_message());
return $userid;
}
authLdap_debug('user id = ' . $userid); authLdap_debug('user id = ' . $userid);
// flag the user as an ldap user so we can hide the password fields in the user profile // flag the user as an ldap user so we can hide the password fields in the user profile
@ -505,23 +512,25 @@ function authLdap_get_uid($username)
*/ */
function authLdap_user_role($uid) function authLdap_user_role($uid)
{ {
global $wpdb; global $wpdb, $wp_roles;
if (!$uid) { if (!$uid) {
return ''; return '';
} }
$meta_value = $wpdb->get_var( /** @var array<string, bool> $usercapabilities */
"SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$wpdb->prefix}capabilities' AND user_id = {$uid}" $usercapabilities = get_user_meta( $uid, "{$wpdb->prefix}capabilities", true);
); if ( ! is_array( $usercapabilities ) ) {
if (!$meta_value) {
return ''; return '';
} }
$capabilities = unserialize($meta_value); /** @var array<string, array{name: string, capabilities: array<mixed>} $editable_roles */
$roles = is_array($capabilities) ? array_keys($capabilities) : array(''); $editable_roles = $wp_roles->roles;
$role = $roles[0];
// By using this approach we are now using the order of the roles from the WP_Roles object
// and not from the capabilities any more.
$userroles = array_keys(array_intersect_key($editable_roles, $usercapabilities));
$role = $userroles[0];
authLdap_debug("Existing user's role: {$role}"); authLdap_debug("Existing user's role: {$role}");
return $role; return $role;

15
wp-content/plugins/authldap/ldap.php
View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* $Id: ldap.php 2450394 2021-01-05 07:38:43Z heiglandreas $ * $Id: ldap.php 2676679 2022-02-10 18:26:37Z heiglandreas $
* *
* authLdap - Authenticate Wordpress against an LDAP-Backend. * authLdap - Authenticate Wordpress against an LDAP-Backend.
* Copyright (c) 2008 Andreas Heigl<andreas@heigl.org> * Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
@ -46,7 +46,7 @@ class LDAP
/** /**
* This property contains the connection handle to the ldap-server * This property contains the connection handle to the ldap-server
* *
* @var Ressource * @var Ressource|Connection|null
*/ */
private $ch = null; private $ch = null;
@ -117,7 +117,8 @@ class LDAP
} }
$this->ch = @ldap_connect($this->scheme . '://' . $this->server . ':' . $this -> port); $this->ch = @ldap_connect($this->scheme . '://' . $this->server . ':' . $this -> port);
if (! $this->ch) { if (false === $this->ch) {
$this->ch = null;
throw new Error('Could not connect to the server'); throw new Error('Could not connect to the server');
} }
ldap_set_option($this->ch, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->ch, LDAP_OPT_PROTOCOL_VERSION, 3);
@ -136,7 +137,7 @@ class LDAP
*/ */
public function disconnect() public function disconnect()
{ {
if (is_resource($this->ch)) { if (null !== $this->ch ) {
@ldap_unbind($this->ch); @ldap_unbind($this->ch);
} }
$this->ch = null; $this->ch = null;
@ -154,8 +155,8 @@ class LDAP
if (! $this->ch) { if (! $this->ch) {
$this->connect(); $this->connect();
} }
if (! is_resource($this->ch)) { if (null === $this->ch) {
throw new Error('No Resource-handle given'); throw new Error('No valid LDAP connection available');
} }
$bind = false; $bind = false;
if (( ( $this->username ) if (( ( $this->username )
@ -195,7 +196,7 @@ class LDAP
*/ */
public function search($filter, $attributes = array('uid'), $base = '') public function search($filter, $attributes = array('uid'), $base = '')
{ {
if (! is_Resource($this->ch)) { if (null === $this->ch) {
throw new Error('No resource handle avbailable'); throw new Error('No resource handle avbailable');
} }
if (! $base) { if (! $base) {

8
wp-content/plugins/authldap/readme.txt
View File

@ -2,7 +2,7 @@
Contributors: heiglandreas Contributors: heiglandreas
Tags: ldap, auth, authentication, active directory, AD, openLDAP, Open Directory Tags: ldap, auth, authentication, active directory, AD, openLDAP, Open Directory
Requires at least: 2.5.0 Requires at least: 2.5.0
Tested up to: 5.6.0 Tested up to: 5.9.0
Requires PHP: 7.2 Requires PHP: 7.2
Stable tag: trunk Stable tag: trunk
License: MIT License: MIT
@ -41,6 +41,12 @@ Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
== Changelog == == Changelog ==
= 2.5.0 =
* Ignore the order of capabilities to tell the role. In addition the filter `editable_roles` can be used to limit the roles
= 2.4.11 =
* Fix issue with running on PHP8.1
= 2.4.9 = = 2.4.9 =
* Improve group-assignement UI * Improve group-assignement UI

1
wp-content/plugins/authldap/src/LdapList.php
View File

@ -42,6 +42,7 @@ class LdapList
public function authenticate($username, $password, $filter = '(uid=%s)') public function authenticate($username, $password, $filter = '(uid=%s)')
{ {
/** @var LDAP $item */
foreach ($this->items as $key => $item) { foreach ($this->items as $key => $item) {
if (! $item->authenticate($username, $password, $filter)) { if (! $item->authenticate($username, $password, $filter)) {
unset($this->items[$key]); unset($this->items[$key]);

12
wp-content/plugins/authldap/view/admin.phtml
View File

@ -185,6 +185,18 @@
<fieldset class="options"> <fieldset class="options">
<table class="form-table"> <table class="form-table">
<tr> <tr>
<th scope="row">
<label for="authLDAPUseUserAccount">User-Read</label>
</th>
<td>
<input type="checkbox" name="authLDAPUseUserAccount" id="authLDAPUseUserAccount" value="1"<?php echo $tUserRead; ?>/><br />
<p class="description">
If checked the plugin will use the user's account to query their own information. If not it will use the admin account.
</p>
</td>
</tr>
<tr>
<th scope="row"> <th scope="row">
<label for="authLDAPNameAttr">Name-Attribute</label> <label for="authLDAPNameAttr">Name-Attribute</label>
</th> </th>