Skip to content

Commit

Permalink
hotfix: LDAP group users cannot login to Liman
Browse files Browse the repository at this point in the history
  • Loading branch information
@dogukanoksuz
dogukanoksuz committed Mar 11, 2024
1 parent aa4c029 commit c09de6a
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions app/Http/Controllers/API/AuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,13 @@ private function authWithLdap(Request $request, bool $create = false)
$objectguid = bin2hex($ldapUser[$guidColumn]);

$userGroups = $ldapUser['memberof'] ?? [];
if (is_string($userGroups)) {
$userGroups = [$userGroups];
}
$userGroups = array_map(function ($item) {
// Convert CN=a,OU=b,DC=A,DC=B format to a
return explode(',', explode('=', $item)[1])[0];
}, $userGroups);

$user = User::where('objectguid', $objectguid)->first();

Expand Down Expand Up @@ -490,8 +497,8 @@ private function authWithLdap(Request $request, bool $create = false)
}

RoleUser::where('user_id', $user->id)->where('type', 'ldap')->delete();
if (isset($ldapUser['memberof'])) {
foreach ($ldapUser['memberof'] as $row) {
if (isset($userGroups) && is_array($userGroups) && count($userGroups) > 0) {
foreach ($userGroups as $row) {
RoleMapping::where('group_id', md5($row))->get()->map(function ($item) use ($user) {
RoleUser::firstOrCreate([
'user_id' => $user->id,
Expand All @@ -516,7 +523,9 @@ private function authWithLdap(Request $request, bool $create = false)
$keys = [];
foreach ($extensionWithLdap as $extension) {
$extensionJson = getExtensionJson($extension->name);
$extensionServers = $extension->servers()->get()->toArray();
$extensionServers = $extension->servers()->get()->filter(function ($server) use ($user) {
return Permission::can($user->id, 'server', 'id', $server->id);
})->toArray();
foreach ($extensionServers as $server) {
if (! isset($extensionJson['ldap_support_fields'])) {
$keys[$server['id']] = [
Expand All @@ -534,7 +543,9 @@ private function authWithLdap(Request $request, bool $create = false)
...Server::where('ip_address', trim(env('LDAP_HOST')))->get(),
];
// Check if server list is unique by id
$serverList = collect($serverList)->unique('id')->values();
$serverList = collect($serverList)->filter(function ($server) use ($user) {
return Permission::can($user->id, 'server', 'id', $server['id']);
})->unique('id')->values();

foreach ($serverList as $server) {
$encKey = env('APP_KEY').$user->id.$server['id'];
Expand Down

0 comments on commit c09de6a

Please sign in to comment.