65 lines
2.0 KiB
PHP
65 lines
2.0 KiB
PHP
<?php
|
|
|
|
$confFile = '../lucidAuth.config.php';
|
|
if (!file_exists($confFile)) {
|
|
throw 'Missing config file. Please rename lucidAuth.config.php.example to lucidAuth.config.php and edit it to reflect your setup.' . PHP_EOL;
|
|
}
|
|
$settings = include_once('../lucidAuth.config.php');
|
|
|
|
function authenticateLDAP (string $username, string $password) {
|
|
global $settings;
|
|
|
|
if (!empty($username) && !empty($password)) {
|
|
// Handle login requests
|
|
|
|
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
|
|
|
|
// Strict namingconvention: only allow alphabetic characters
|
|
$strGivenname = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
|
|
$strUsername = $settings->LDAP['Domain'] . '\\' . $strGivenname;
|
|
|
|
if (@ldap_bind($ds, $strUsername, utf8_encode($_POST['password']))) {
|
|
// Successful auth; get additional userdetails from Active Directory
|
|
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$strGivenname");
|
|
$strFullname = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
|
|
// Create JWT-payload
|
|
$jwtPayload = [
|
|
'iat' => time(), // Issued at: time when the token was generated
|
|
'iss' => $_SERVER['SERVER_NAME'], // Issuer
|
|
'sub' => $strGivenname, // Subject (ie. username)
|
|
'name' => $strFullname // Full name (as retrieved from AD)
|
|
];
|
|
|
|
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
|
return ['status' => 'Success', 'token' => $secureToken];
|
|
} else {
|
|
// LDAP authentication failed!
|
|
return ['status' => 'Fail', 'reason' => '1'];
|
|
}
|
|
} else {
|
|
// Empty username or passwords not allowed!
|
|
return ['status' => 'Fail', 'reason' => '1'];
|
|
}
|
|
}
|
|
|
|
function storeToken (string $username, string $password, object $cookie) {
|
|
global $settings;
|
|
|
|
|
|
}
|
|
|
|
function retrieveToken (string $username, string $foo) {
|
|
global $settings;
|
|
|
|
}
|
|
|
|
function validateCookie (int $expiration, string $username, string $securetoken) {
|
|
# $_COOKIE['Exp'], $_COOKIE['Sub'], $_COOKIE['JWT']
|
|
global $settings;
|
|
|
|
If ($expiration > time()) {
|
|
#moo
|
|
}
|
|
}
|
|
|
|
?>
|