From a27aef92060277120f8889136ed6972f5915709f Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 14 Jan 2010 19:43:03 -0500 Subject: Add nickname suggestion capability for use during autoregistration. --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'plugins/LdapAuthentication') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index eb3a05117..1755033f1 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -153,6 +153,22 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin return false; } + + function suggestNicknameForUsername($username) + { + $entry = $this->ldap_get_user($username, $this->attributes); + if(!$entry){ + //this really shouldn't happen + return $username; + }else{ + $nickname = $entry->getValue($this->attributes['nickname'],'single'); + if($nickname){ + return $nickname; + }else{ + return $username; + } + } + } //---utility functions---// function ldap_get_config(){ -- cgit v1.2.3-54-g00ecf From 61d4709eb855827e8d15a3e873760e4ad797b45b Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 29 Jan 2010 20:43:16 -0500 Subject: Pass username and nickname to autoregister so auth plugins can set the nickname correct when creating a new user. Continues fixing what Eric Helgeson pointed out in 01eb4e8f003bf62575ec16dfb6127d7534be9c88 --- lib/authenticationplugin.php | 12 ++++++++---- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 6 +++++- .../ReverseUsernameAuthenticationPlugin.php | 7 +++++-- 3 files changed, 18 insertions(+), 7 deletions(-) (limited to 'plugins/LdapAuthentication') diff --git a/lib/authenticationplugin.php b/lib/authenticationplugin.php index f7f8f8655..5be3ea5b9 100644 --- a/lib/authenticationplugin.php +++ b/lib/authenticationplugin.php @@ -69,13 +69,17 @@ abstract class AuthenticationPlugin extends Plugin /** * Automatically register a user when they attempt to login with valid credentials. * User::register($data) is a very useful method for this implementation - * @param username + * @param username username (that is used to login and find the user in the authentication provider) of the user to be registered + * @param nickname nickname of the user in the SN system. If nickname is null, then set nickname = username * @return mixed instance of User, or false (if user couldn't be created) */ - function autoRegister($username) + function autoRegister($username, $nickname = null) { + if(is_null($nickname)){ + $nickname = $username; + } $registration_data = array(); - $registration_data['nickname'] = $username ; + $registration_data['nickname'] = $nickname ; return User::register($registration_data); } @@ -132,7 +136,7 @@ abstract class AuthenticationPlugin extends Plugin //someone already exists with the suggested nickname //not much else we can do }else{ - $user = $this->autoRegister($nickname); + $user = $this->autoRegister($nickname, $suggested_nickname); if($user){ User_username::register($user,$nickname,$this->provider_name); return false; diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 1755033f1..768f0fe7f 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -96,8 +96,11 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin } } - function autoRegister($username) + function autoRegister($username, $nickname) { + if(is_null($nickname)){ + $nickname = $username; + } $entry = $this->ldap_get_user($username,$this->attributes); if($entry){ $registration_data = array(); @@ -107,6 +110,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin if(isset($registration_data['email']) && !empty($registration_data['email'])){ $registration_data['email_confirmed']=true; } + $registration_data['nickname'] = $nickname; //set the database saved password to a random string. $registration_data['password']=common_good_rand(16); return User::register($registration_data); diff --git a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php index d9d2137f8..dac5a1588 100644 --- a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php +++ b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php @@ -47,10 +47,13 @@ class ReverseUsernameAuthenticationPlugin extends AuthenticationPlugin return $username == strrev($password); } - function autoRegister($username) + function autoRegister($username, $nickname) { + if(is_null($nickname)){ + $nickname = $username; + } $registration_data = array(); - $registration_data['nickname'] = $username ; + $registration_data['nickname'] = $nickname ; return User::register($registration_data); } -- cgit v1.2.3-54-g00ecf From bdf0dfc30d3c44ee6117e55c1c8faef59654e596 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 24 Feb 2010 22:29:46 -0500 Subject: Improve description of what the provide_name parameter means --- plugins/LdapAuthentication/README | 5 ++++- plugins/LdapAuthorization/README | 5 ++++- plugins/ReverseUsernameAuthentication/README | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'plugins/LdapAuthentication') diff --git a/plugins/LdapAuthentication/README b/plugins/LdapAuthentication/README index 0460fb639..c188f2dbc 100644 --- a/plugins/LdapAuthentication/README +++ b/plugins/LdapAuthentication/README @@ -9,7 +9,10 @@ to the bottom of your config.php Settings ======== -provider_name*: a unique name for this authentication provider. +provider_name*: This is a identifier designated to the connection. + It's how StatusNet will refer to the authentication source. + For the most part, any name can be used, so long as each authentication source has a different identifier. + In most cases there will be only one authentication source used. authoritative (false): Set to true if LDAP's responses are authoritative (if authorative and LDAP fails, no other password checking will be done). autoregistration (false): Set to true if users should be automatically created diff --git a/plugins/LdapAuthorization/README b/plugins/LdapAuthorization/README index 44239d8e0..3a6d8d25e 100644 --- a/plugins/LdapAuthorization/README +++ b/plugins/LdapAuthorization/README @@ -11,7 +11,10 @@ You *cannot* use this plugin without the LDAP Authentication plugin Settings ======== -provider_name*: name of the LDAP authentication provider that this plugin works with. +provider_name*: This is a identifier designated to the connection. + It's how StatusNet will refer to the authentication source. + For the most part, any name can be used, so long as each authentication source has a different identifier. + In most cases there will be only one authentication source used. authoritative (false): should this plugin be authoritative for authorization? uniqueMember_attribute ('uniqueMember')*: the attribute of a group diff --git a/plugins/ReverseUsernameAuthentication/README b/plugins/ReverseUsernameAuthentication/README index e9160ed9b..57b53219e 100644 --- a/plugins/ReverseUsernameAuthentication/README +++ b/plugins/ReverseUsernameAuthentication/README @@ -8,7 +8,10 @@ add "addPlugin('reverseUsernameAuthentication', array('setting'=>'value', 'setti Settings ======== -provider_name*: a unique name for this authentication provider. +provider_name*: This is a identifier designated to the connection. + It's how StatusNet will refer to the authentication source. + For the most part, any name can be used, so long as each authentication source has a different identifier. + In most cases there will be only one authentication source used. password_changeable*: must be set to false. This plugin does not support changing passwords. authoritative (false): Set to true if this plugin's responses are authoritative (meaning if this fails, do check any other plugins or the internal password database). autoregistration (false): Set to true if users should be automatically created when they attempt to login. -- cgit v1.2.3-54-g00ecf From 489bd935ebdaf607e18f0befe2ad85ed905728ad Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 24 Feb 2010 23:20:34 -0500 Subject: Make LDAP connection error fatal - there really is no way to recover from that. --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 3 +-- plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 5 ++++- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'plugins/LdapAuthentication') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 768f0fe7f..1b5dc92e3 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -199,8 +199,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { - common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); - return false; + throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); } if($config == null) $this->default_ldap=$ldap; diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 7f48ce5e1..19aff42b8 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -167,7 +167,7 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { - common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); + throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); return false; } if($config == null) $this->default_ldap=$ldap; @@ -185,6 +185,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if($ldap==null) { $ldap = $this->ldap_get_connection(); } + if(! $ldap) { + throw new Exception("Could not connect to LDAP"); + } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( 'attributes' => $attributes -- cgit v1.2.3-54-g00ecf From 74bcc6929db15b18b761564232a1cb674ffbdce2 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 26 Feb 2010 15:50:51 -0500 Subject: Show messaging on the login and registration forms informing users that they may use their LDAP credentials --- .../LdapAuthenticationPlugin.php | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'plugins/LdapAuthentication') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 1b5dc92e3..d6a945f49 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -76,6 +76,32 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin return false; } } + + function onEndShowPageNotice($action) + { + $name = $action->trimmed('action'); + $instr = false; + + switch ($name) + { + case 'register': + if($this->autoregistration) { + $instr = 'Have an LDAP account? Use your standard username and password.'; + } + break; + case 'login': + $instr = 'Have an LDAP account? Use your standard username and password.'; + break; + default: + return true; + } + + if($instr) { + $output = common_markup_to_html($instr); + $action->raw($output); + } + return true; + } //---interface implementation---// -- cgit v1.2.3-54-g00ecf From 3bfe3345df1c2faf0288f1b18d205d793e740aae Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 1 Mar 2010 11:48:46 -0500 Subject: Use common_nicknamize() in better places. --- lib/authenticationplugin.php | 8 +++++--- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 9 ++++----- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'plugins/LdapAuthentication') diff --git a/lib/authenticationplugin.php b/lib/authenticationplugin.php index 97e9d52de..0a3763e2e 100644 --- a/lib/authenticationplugin.php +++ b/lib/authenticationplugin.php @@ -79,7 +79,7 @@ abstract class AuthenticationPlugin extends Plugin $nickname = $username; } $registration_data = array(); - $registration_data['nickname'] = common_nicknamize($nickname); + $registration_data['nickname'] = $nickname; return User::register($registration_data); } @@ -101,12 +101,14 @@ abstract class AuthenticationPlugin extends Plugin * Used during autoregistration * Useful if your usernames are ugly, and you want to suggest * nice looking nicknames when users initially sign on + * All nicknames returned by this function should be valid + * implementations may want to use common_nicknamize() to ensure validity * @param username * @return string nickname */ function suggestNicknameForUsername($username) { - return $username; + return common_nicknamize($username); } //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ @@ -129,7 +131,7 @@ abstract class AuthenticationPlugin extends Plugin $test_user = User::staticGet('nickname', $suggested_nickname); if($test_user) { //someone already exists with the suggested nickname, so used the passed nickname - $suggested_nickname = $nickname; + $suggested_nickname = common_nicknamize($nickname); } $test_user = User::staticGet('nickname', $suggested_nickname); if($test_user) { diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index d6a945f49..e0fd615dd 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -189,15 +189,14 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $entry = $this->ldap_get_user($username, $this->attributes); if(!$entry){ //this really shouldn't happen - return $username; + $nickname = $username; }else{ $nickname = $entry->getValue($this->attributes['nickname'],'single'); - if($nickname){ - return $nickname; - }else{ - return $username; + if(!$nickname){ + $nickname = $username; } } + return common_nicknamize($nickname); } //---utility functions---// -- cgit v1.2.3-54-g00ecf From 3f696ff0ed4be5791edd38cf7b2a98a364b95676 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 5 Mar 2010 17:54:53 +0800 Subject: ldap_get_connection() to return null when passed a config with bad user/pw. This mainly affects login; before if the user enters a valid username but invalid password, ldap_get_connection() throws an LDAP_INVALID_CREDENTIALS error. Now the user sees the regular "Incorrect username of password" error message. --- plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 5 +++++ plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'plugins/LdapAuthentication') diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index e0fd615dd..483209676 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -224,6 +224,11 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + return null; + } throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); } if($config == null) $this->default_ldap=$ldap; diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 19aff42b8..2608025dd 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -167,6 +167,11 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + return null; + } throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); return false; } -- cgit v1.2.3-54-g00ecf