updated plugin AuthLDAP version 2.5.2

This commit is contained in:
KawaiiPunk 2022-03-21 13:34:57 +00:00 committed by Gitium
parent 713de650a5
commit 350836f064
5 changed files with 59 additions and 30 deletions

View File

@ -3,7 +3,7 @@
Plugin Name: AuthLDAP
Plugin URI: https://github.com/heiglandreas/authLdap
Description: This plugin allows you to use your existing LDAP as authentication base for WordPress
Version: 2.4.10
Version: 2.5.2
Author: Andreas Heigl <andreas@heigl.org>
Author URI: http://andreas.heigl.org
License: MIT
@ -82,6 +82,7 @@ function authLdap_options_panel()
'GroupEnable' => authLdap_get_post('authLDAPGroupEnable', false),
'GroupOverUser' => authLdap_get_post('authLDAPGroupOverUser', false),
'DoNotOverwriteNonLdapUsers' => authLdap_get_post('authLDAPDoNotOverwriteNonLdapUsers', false),
'UserRead' => authLdap_get_post('authLDAPUseUserAccount', false),
);
if (authLdap_set_options($new_options)) {
echo "<div class='updated'><p>Saved Options!</p></div>";
@ -112,6 +113,7 @@ function authLdap_options_panel()
$authLDAPGroupEnable = authLdap_get_option('GroupEnable');
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
$authLDAPDoNotOverwriteNonLdapUsers = authLdap_get_option('DoNotOverwriteNonLdapUsers');
$authLDAPUseUserAccount= authLdap_get_option('UserRead');
$tChecked = ($authLDAP) ? ' checked="checked"' : '';
$tDebugChecked = ($authLDAPDebug) ? ' checked="checked"' : '';
@ -120,6 +122,7 @@ function authLdap_options_panel()
$tGroupOverUserChecked = ($authLDAPGroupOverUser) ? ' checked="checked"' : '';
$tStartTLSChecked = ($authLDAPStartTLS) ? ' checked="checked"' : '';
$tDoNotOverwriteNonLdapUsers = ($authLDAPDoNotOverwriteNonLdapUsers) ? ' checked="checked"' : '';
$tUserRead = ($authLDAPUseUserAccount) ? ' checked="checked"' : '';
$roles = new WP_Roles();
@ -233,6 +236,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
$authLDAPDefaultRole = authLdap_get_option('DefaultRole');
$authLDAPGroupEnable = authLdap_get_option('GroupEnable');
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
$authLDAPUseUserAccount = authLdap_get_option('UserRead');
if (! $username) {
authLdap_debug('Username not supplied: return false');
@ -281,10 +285,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
return false;
}
// Make optional querying from the admin account #213
if (! authLdap_get_option('UserRead')) {
// Rebind with the default credentials after the user has been loged in
// Otherwise the credentials of the user trying to login will be used
// This fixes #55
authLdap_get_server()->bind();
}
if (true !== $result) {
authLdap_debug('LDAP authentication failed');
@ -293,7 +300,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
return;
}
authLdap_debug('LDAP authentication successfull');
authLdap_debug('LDAP authentication successful');
$attributes = array_values(
array_filter(
apply_filters(
@ -440,6 +447,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
$userid = wp_insert_user($user_info);
}
// if the user exists, wp_insert_user will update the existing user record
if (is_wp_error($userid)) {
authLdap_debug('Error creating user : ' . $userid->get_error_message());
trigger_error('Error creating user: ' . $userid->get_error_message());
return $userid;
}
/**
* Add hook for custom updates
*
@ -448,13 +462,6 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
*/
do_action('authLdap_login_successful', $userid, $attribs[0]);
// if the user exists, wp_insert_user will update the existing user record
if (is_wp_error($userid)) {
authLdap_debug('Error creating user : ' . $userid->get_error_message());
trigger_error('Error creating user: ' . $userid->get_error_message());
return $userid;
}
authLdap_debug('user id = ' . $userid);
// flag the user as an ldap user so we can hide the password fields in the user profile
@ -505,23 +512,25 @@ function authLdap_get_uid($username)
*/
function authLdap_user_role($uid)
{
global $wpdb;
global $wpdb, $wp_roles;
if (!$uid) {
return '';
}
$meta_value = $wpdb->get_var(
"SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$wpdb->prefix}capabilities' AND user_id = {$uid}"
);
if (!$meta_value) {
/** @var array<string, bool> $usercapabilities */
$usercapabilities = get_user_meta( $uid, "{$wpdb->prefix}capabilities", true);
if ( ! is_array( $usercapabilities ) ) {
return '';
}
$capabilities = unserialize($meta_value);
$roles = is_array($capabilities) ? array_keys($capabilities) : array('');
$role = $roles[0];
/** @var array<string, array{name: string, capabilities: array<mixed>} $editable_roles */
$editable_roles = $wp_roles->roles;
// By using this approach we are now using the order of the roles from the WP_Roles object
// and not from the capabilities any more.
$userroles = array_keys(array_intersect_key($editable_roles, $usercapabilities));
$role = $userroles[0];
authLdap_debug("Existing user's role: {$role}");
return $role;

View File

@ -1,6 +1,6 @@
<?php
/**
* $Id: ldap.php 2450394 2021-01-05 07:38:43Z heiglandreas $
* $Id: ldap.php 2676679 2022-02-10 18:26:37Z heiglandreas $
*
* authLdap - Authenticate Wordpress against an LDAP-Backend.
* Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
@ -46,7 +46,7 @@ class LDAP
/**
* This property contains the connection handle to the ldap-server
*
* @var Ressource
* @var Ressource|Connection|null
*/
private $ch = null;
@ -117,7 +117,8 @@ class LDAP
}
$this->ch = @ldap_connect($this->scheme . '://' . $this->server . ':' . $this -> port);
if (! $this->ch) {
if (false === $this->ch) {
$this->ch = null;
throw new Error('Could not connect to the server');
}
ldap_set_option($this->ch, LDAP_OPT_PROTOCOL_VERSION, 3);
@ -136,7 +137,7 @@ class LDAP
*/
public function disconnect()
{
if (is_resource($this->ch)) {
if (null !== $this->ch ) {
@ldap_unbind($this->ch);
}
$this->ch = null;
@ -154,8 +155,8 @@ class LDAP
if (! $this->ch) {
$this->connect();
}
if (! is_resource($this->ch)) {
throw new Error('No Resource-handle given');
if (null === $this->ch) {
throw new Error('No valid LDAP connection available');
}
$bind = false;
if (( ( $this->username )
@ -195,7 +196,7 @@ class LDAP
*/
public function search($filter, $attributes = array('uid'), $base = '')
{
if (! is_Resource($this->ch)) {
if (null === $this->ch) {
throw new Error('No resource handle avbailable');
}
if (! $base) {

View File

@ -2,7 +2,7 @@
Contributors: heiglandreas
Tags: ldap, auth, authentication, active directory, AD, openLDAP, Open Directory
Requires at least: 2.5.0
Tested up to: 5.6.0
Tested up to: 5.9.0
Requires PHP: 7.2
Stable tag: trunk
License: MIT
@ -41,6 +41,12 @@ Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
== Changelog ==
= 2.5.0 =
* Ignore the order of capabilities to tell the role. In addition the filter `editable_roles` can be used to limit the roles
= 2.4.11 =
* Fix issue with running on PHP8.1
= 2.4.9 =
* Improve group-assignement UI

View File

@ -42,6 +42,7 @@ class LdapList
public function authenticate($username, $password, $filter = '(uid=%s)')
{
/** @var LDAP $item */
foreach ($this->items as $key => $item) {
if (! $item->authenticate($username, $password, $filter)) {
unset($this->items[$key]);

View File

@ -185,6 +185,18 @@
<fieldset class="options">
<table class="form-table">
<tr>
<th scope="row">
<label for="authLDAPUseUserAccount">User-Read</label>
</th>
<td>
<input type="checkbox" name="authLDAPUseUserAccount" id="authLDAPUseUserAccount" value="1"<?php echo $tUserRead; ?>/><br />
<p class="description">
If checked the plugin will use the user's account to query their own information. If not it will use the admin account.
</p>
</td>
</tr>
<tr>
<th scope="row">
<label for="authLDAPNameAttr">Name-Attribute</label>
</th>