diff --git a/include/lucidAuth.functions.php b/include/lucidAuth.functions.php index f187dae..0b3f5ec 100644 --- a/include/lucidAuth.functions.php +++ b/include/lucidAuth.functions.php @@ -1,10 +1,10 @@ LDAP['Server'], $settings->LDAP['Port']); // Strict namingconvention: only allow alphabetic characters - $strGivenname = preg_replace('([^a-zA-Z]*)', '', $_POST['username']); - $strUsername = $settings->LDAP['Domain'] . '\\' . $strGivenname; + $sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']); + $qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername; - if (@ldap_bind($ds, $strUsername, utf8_encode($_POST['password']))) { - // Successful auth; get additional userdetails from Active Directory - $ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$strGivenname"); - $strFullname = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0]; + if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) { + // Successful authentication; get additional userdetails from authenticationsource + $ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername"); + $commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0]; // Create JWT-payload $jwtPayload = [ - 'iat' => time(), // Issued at: time when the token was generated - 'iss' => $_SERVER['SERVER_NAME'], // Issuer - 'sub' => $strGivenname, // Subject (ie. username) - 'name' => $strFullname // Full name (as retrieved from AD) + 'iat' => time(), // Issued at: time when the token was generated + 'iss' => $_SERVER['SERVER_NAME'], // Issuer + 'sub' => $qualifiedUsername, // Subject (ie. username) + 'name' => $commonName // Common name (as retrieved from AD) ]; $secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));