2016-05-01 09:30:21 +02:00
|
|
|
package Lemonldap::NG::Portal::Auth::LDAP;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
2019-02-11 15:40:27 +01:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_OK
|
|
|
|
PE_DONE
|
|
|
|
PE_ERROR
|
|
|
|
PE_LDAPCONNECTFAILED
|
|
|
|
PE_PP_CHANGE_AFTER_RESET
|
|
|
|
PE_PP_PASSWORD_EXPIRED
|
|
|
|
);
|
2016-05-01 09:30:21 +02:00
|
|
|
|
2019-02-06 18:33:42 +01:00
|
|
|
our $VERSION = '2.0.2';
|
2016-05-01 09:30:21 +02:00
|
|
|
|
2016-05-02 12:30:23 +02:00
|
|
|
# Inheritance: UserDB::LDAP provides all needed ldap functions
|
2016-05-01 09:30:21 +02:00
|
|
|
extends
|
2017-01-15 14:18:01 +01:00
|
|
|
qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::Lib::LDAP);
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2017-01-27 23:40:17 +01:00
|
|
|
return ( $self->Lemonldap::NG::Portal::Auth::_WebForm::init
|
|
|
|
and $self->Lemonldap::NG::Portal::Lib::LDAP::init );
|
2017-01-15 14:18:01 +01:00
|
|
|
}
|
2016-05-01 09:30:21 +02:00
|
|
|
|
2019-02-11 11:55:51 +01:00
|
|
|
has authnLevel => (
|
|
|
|
is => 'rw',
|
|
|
|
lazy => 1,
|
|
|
|
default => sub {
|
|
|
|
$_[0]->conf->{ldapAuthnLevel};
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
2016-06-09 20:40:20 +02:00
|
|
|
# RUNNING METHODS
|
|
|
|
|
2016-05-01 09:30:21 +02:00
|
|
|
sub authenticate {
|
2016-05-04 13:38:49 +02:00
|
|
|
my ( $self, $req ) = @_;
|
2016-05-01 09:30:21 +02:00
|
|
|
unless ( $self->ldap ) {
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Set the dn unless done before
|
2018-07-05 22:56:16 +02:00
|
|
|
unless ( $req->data->{dn} ) {
|
2016-05-01 09:30:21 +02:00
|
|
|
if ( my $tmp = $self->getUser($req) ) {
|
2017-03-14 17:52:11 +01:00
|
|
|
$self->setSecurity($req);
|
2016-05-01 09:30:21 +02:00
|
|
|
return $tmp;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-11 15:40:27 +01:00
|
|
|
unless ( $req->data->{password} ) {
|
|
|
|
$self->p->{user} = $req->userData->{_dn} = $req->data->{dn};
|
2019-03-07 18:22:16 +01:00
|
|
|
unless ( $self->p->{_passwordDB} ) {
|
2019-02-11 15:40:27 +01:00
|
|
|
$self->logger->error('No password database configured, aborting');
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
|
|
|
my $res = $self->p->{_passwordDB}->_modifyPassword( $req, 1 );
|
|
|
|
|
|
|
|
# Security: never create session here
|
|
|
|
return $res || PE_DONE;
|
|
|
|
}
|
2016-05-01 09:30:21 +02:00
|
|
|
my $res =
|
2018-07-05 22:56:16 +02:00
|
|
|
$self->userBind( $req, $req->data->{dn},
|
|
|
|
password => $req->data->{password} );
|
2016-05-01 09:30:21 +02:00
|
|
|
|
|
|
|
# Remember password if password reset needed
|
2019-02-06 18:33:42 +01:00
|
|
|
if (
|
2016-05-11 15:04:40 +02:00
|
|
|
$res == PE_PP_CHANGE_AFTER_RESET
|
|
|
|
or ( $res == PE_PP_PASSWORD_EXPIRED
|
|
|
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
2019-02-06 18:33:42 +01:00
|
|
|
)
|
|
|
|
{
|
|
|
|
$req->data->{oldpassword} = $self->{password};
|
|
|
|
$req->data->{noerror} = 1;
|
2019-02-08 10:46:06 +01:00
|
|
|
$self->setSecurity($req);
|
2019-02-06 18:33:42 +01:00
|
|
|
}
|
2016-05-01 09:30:21 +02:00
|
|
|
|
|
|
|
return $res;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authLogout {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2016-05-11 13:42:37 +02:00
|
|
|
# Test LDAP connection before trying to bind
|
|
|
|
sub userBind {
|
|
|
|
my $self = shift;
|
|
|
|
unless ($self->ldap
|
|
|
|
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
|
|
|
|
{
|
|
|
|
$self->ldap( $self->newLdap );
|
|
|
|
}
|
|
|
|
return $self->ldap ? $self->ldap->userBind(@_) : undef;
|
|
|
|
}
|
|
|
|
|
2016-05-01 09:30:21 +02:00
|
|
|
1;
|