djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Corrected static exception message to dynamic message

Browse Source
This commit is contained in:
djpbessems 2019-01-17 15:06:16 +01:00
parent 95980727af
commit afd134659b
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
include/lucidAuth.functions.php
View File

@ -1,10 +1,10 @@
<?php <?php
$confFile = '../lucidAuth.config.php'; $configurationFile = '../lucidAuth.config.php';
if (!file_exists($confFile)) { if (!file_exists($configurationFile)) {
throw 'Missing config file. Please rename lucidAuth.config.php.example to lucidAuth.config.php and edit it to reflect your setup.' . PHP_EOL; throw new Exception(sprintf('Missing config file. Please rename \'%1$s.example\' to \'%1$s\' and edit it to reflect your setup.', explode('../', $configurationFile)[1]));
} }
$settings = include_once('../lucidAuth.config.php'); $settings = include_once($configurationFile);
function authenticateLDAP (string $username, string $password) { function authenticateLDAP (string $username, string $password) {
global $settings; global $settings;
@ -15,19 +15,19 @@ function authenticateLDAP (string $username, string $password) {
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']); $ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
// Strict namingconvention: only allow alphabetic characters // Strict namingconvention: only allow alphabetic characters
$strGivenname = preg_replace('([^a-zA-Z]*)', '', $_POST['username']); $sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
$strUsername = $settings->LDAP['Domain'] . '\\' . $strGivenname; $qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername;
if (@ldap_bind($ds, $strUsername, utf8_encode($_POST['password']))) { if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful auth; get additional userdetails from Active Directory // Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$strGivenname"); $ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$strFullname = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0]; $commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload // Create JWT-payload
$jwtPayload = [ $jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated 'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer 'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $strGivenname, // Subject (ie. username) 'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $strFullname // Full name (as retrieved from AD) 'name' => $commonName // Common name (as retrieved from AD)
]; ];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64'])); $secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));