From 489bd935ebdaf607e18f0befe2ad85ed905728ad Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 24 Feb 2010 23:20:34 -0500 Subject: Make LDAP connection error fatal - there really is no way to recover from that. --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins/LdapAuthentication/LdapAuthenticationPlugin.php') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 768f0fe7f..1b5dc92e3 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -199,8 +199,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { - common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); - return false; + throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); } if($config == null) $this->default_ldap=$ldap; -- cgit v1.2.3-54-g00ecf From 74bcc6929db15b18b761564232a1cb674ffbdce2 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 26 Feb 2010 15:50:51 -0500 Subject: Show messaging on the login and registration forms informing users that they may use their LDAP credentials --- .../LdapAuthenticationPlugin.php | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'plugins/LdapAuthentication/LdapAuthenticationPlugin.php') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 1b5dc92e3..d6a945f49 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -76,6 +76,32 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin return false; } } + + function onEndShowPageNotice($action) + { + $name = $action->trimmed('action'); + $instr = false; + + switch ($name) + { + case 'register': + if($this->autoregistration) { + $instr = 'Have an LDAP account? Use your standard username and password.'; + } + break; + case 'login': + $instr = 'Have an LDAP account? Use your standard username and password.'; + break; + default: + return true; + } + + if($instr) { + $output = common_markup_to_html($instr); + $action->raw($output); + } + return true; + } //---interface implementation---// -- cgit v1.2.3-54-g00ecf From 3bfe3345df1c2faf0288f1b18d205d793e740aae Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 1 Mar 2010 11:48:46 -0500 Subject: Use common_nicknamize() in better places. --- lib/authenticationplugin.php | 8 +++++--- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 9 ++++----- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'plugins/LdapAuthentication/LdapAuthenticationPlugin.php') diff --git a/lib/authenticationplugin.php b/lib/authenticationplugin.php index 97e9d52de..0a3763e2e 100644 --- a/lib/authenticationplugin.php +++ b/lib/authenticationplugin.php @@ -79,7 +79,7 @@ abstract class AuthenticationPlugin extends Plugin $nickname = $username; } $registration_data = array(); - $registration_data['nickname'] = common_nicknamize($nickname); + $registration_data['nickname'] = $nickname; return User::register($registration_data); } @@ -101,12 +101,14 @@ abstract class AuthenticationPlugin extends Plugin * Used during autoregistration * Useful if your usernames are ugly, and you want to suggest * nice looking nicknames when users initially sign on + * All nicknames returned by this function should be valid + * implementations may want to use common_nicknamize() to ensure validity * @param username * @return string nickname */ function suggestNicknameForUsername($username) { - return $username; + return common_nicknamize($username); } //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ @@ -129,7 +131,7 @@ abstract class AuthenticationPlugin extends Plugin $test_user = User::staticGet('nickname', $suggested_nickname); if($test_user) { //someone already exists with the suggested nickname, so used the passed nickname - $suggested_nickname = $nickname; + $suggested_nickname = common_nicknamize($nickname); } $test_user = User::staticGet('nickname', $suggested_nickname); if($test_user) { diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index d6a945f49..e0fd615dd 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -189,15 +189,14 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $entry = $this->ldap_get_user($username, $this->attributes); if(!$entry){ //this really shouldn't happen - return $username; + $nickname = $username; }else{ $nickname = $entry->getValue($this->attributes['nickname'],'single'); - if($nickname){ - return $nickname; - }else{ - return $username; + if(!$nickname){ + $nickname = $username; } } + return common_nicknamize($nickname); } //---utility functions---// -- cgit v1.2.3-54-g00ecf From 3f696ff0ed4be5791edd38cf7b2a98a364b95676 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 5 Mar 2010 17:54:53 +0800 Subject: ldap_get_connection() to return null when passed a config with bad user/pw. This mainly affects login; before if the user enters a valid username but invalid password, ldap_get_connection() throws an LDAP_INVALID_CREDENTIALS error. Now the user sees the regular "Incorrect username of password" error message. --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 5 +++++ plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'plugins/LdapAuthentication/LdapAuthenticationPlugin.php') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index e0fd615dd..483209676 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -224,6 +224,11 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + return null; + } throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); } if($config == null) $this->default_ldap=$ldap; diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 19aff42b8..2608025dd 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -167,6 +167,11 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + return null; + } throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); return false; } -- cgit v1.2.3-54-g00ecf