Skip to content

L
Liman MYS - Çekirdek
Kaydet (Commit) ff1e4a4f authored tarafından Baran Sekin's avatar Baran Sekin
Dosyalara gözat
Seçenekler

Added ldap login

üst 2bcd15ed
Expand all Show whitespace changes
Inline Side-by-side
Showing with 527 additions and 38 deletions
app/Http/Controllers/Auth/LoginController.php
Dosyayı görüntüle @ ff1e4a4f
......@@ -2,10 +2,13 @@
namespace App\Http\Controllers\Auth;
use Adldap\Laravel\Facades\Adldap;
use App\Http\Controllers\Controller;
use Carbon\Carbon;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use App\User;
use Illuminate\Support\Facades\Hash;
/**
* Class LoginController
......@@ -42,12 +45,55 @@ class LoginController extends Controller
$flag = $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
if(!$flag){
if(!$flag && env('LDAP_HOSTS', false)){
$this->setBaseDn();
$locateUsers = config('ldap_auth.identifiers.ldap.locate_users_by', 'samaccountname');
$guidColumn = config('ldap_auth.identifiers.database.guid_column', 'objectguid');
$domain = config('app.domain');
$credientials = (object) $this->credentials($request);
$flag = Adldap::auth()->attempt($credientials->email."@".$domain, $credientials->password, true);
if($flag){
$ldapUser = Adldap::search()
->select(['objectguid', '*'])
->where($locateUsers, '=', $credientials->email)
->first();
$user = \App\User::where($guidColumn, $ldapUser->getConvertedGuid())->first();
if(!$user){
$user = User::create([
"name" => $ldapUser->cn[0],
"email" => $ldapUser->userprincipalname[0] ? $ldapUser->userprincipalname[0] : $ldapUser->cn[0],
"password" => Hash::make(str_random("16")),
$guidColumn => $ldapUser->getConvertedGuid()
]);
}else{
$user->update([
"name" => $ldapUser->cn[0],
"email" => $ldapUser->userprincipalname[0] ? $ldapUser->userprincipalname[0] : $ldapUser->cn[0]
]);
}
$this->guard()->login($user, true);
return true;
}else{
system_log(5,"LOGIN_FAILED");
}
}
return $flag;
}
private function setBaseDn()
{
$connection = ldap_connect(config('ldap.connections.default.settings.hosts')[0],389);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($connection);
$outputs = ldap_read($connection,'','objectclass=*');
$entries = ldap_get_entries($connection,$outputs)[0];
config(['ldap.connections.default.settings.base_dn' => $entries["rootdomainnamingcontext"][0]]);
$domain = str_replace("dc=","",strtolower($entries["rootdomainnamingcontext"][0]));
$domain = str_replace(",", ".", $domain);
config(['app.domain' => $domain]);
}
protected function validateLogin(Request $request)
{
$request->request->add([
......@@ -56,7 +102,7 @@ class LoginController extends Controller
]);
$request->validate([
$this->username() => 'required|string',
'password' => 'required|string|min:10|max:32|regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{10,}$/',
'password' => 'required|string',
]);
}
}
app/User.php
Dosyayı görüntüle @ ff1e4a4f
......@@ -26,7 +26,7 @@ class User extends Authenticatable
* @var array
*/
protected $fillable = [
'name', 'email', 'password', 'status', 'forceChange'
'name', 'email', 'password', 'status', 'forceChange', 'objectguid'
];
/**
......
bootstrap/cache/packages.php
Dosyayı görüntüle @ ff1e4a4f
<?php return array (
'adldap2/adldap2-laravel' =>
array (
'providers' =>
array (
0 => 'Adldap\\Laravel\\AdldapServiceProvider',
1 => 'Adldap\\Laravel\\AdldapAuthServiceProvider',
),
'aliases' =>
array (
'Adldap' => 'Adldap\\Laravel\\Facades\\Adldap',
),
),
'beyondcode/laravel-websockets' =>
array (
'providers' =>
......
bootstrap/cache/services.php
Dosyayı görüntüle @ ff1e4a4f
......@@ -23,17 +23,19 @@
19 => 'Illuminate\\Translation\\TranslationServiceProvider',
20 => 'Illuminate\\Validation\\ValidationServiceProvider',
21 => 'Illuminate\\View\\ViewServiceProvider',
22 => 'BeyondCode\\LaravelWebSockets\\WebSocketsServiceProvider',
23 => 'Facade\\Ignition\\IgnitionServiceProvider',
24 => 'Laravel\\Tinker\\TinkerServiceProvider',
25 => 'Carbon\\Laravel\\ServiceProvider',
26 => 'NunoMaduro\\Collision\\Adapters\\Laravel\\CollisionServiceProvider',
27 => 'App\\Providers\\AppServiceProvider',
28 => 'App\\Providers\\AuthServiceProvider',
29 => 'App\\Providers\\BroadcastServiceProvider',
30 => 'App\\Providers\\EventServiceProvider',
31 => 'App\\Providers\\RouteServiceProvider',
32 => 'App\\Providers\\TusServiceProvider',
22 => 'Adldap\\Laravel\\AdldapServiceProvider',
23 => 'Adldap\\Laravel\\AdldapAuthServiceProvider',
24 => 'BeyondCode\\LaravelWebSockets\\WebSocketsServiceProvider',
25 => 'Facade\\Ignition\\IgnitionServiceProvider',
26 => 'Laravel\\Tinker\\TinkerServiceProvider',
27 => 'Carbon\\Laravel\\ServiceProvider',
28 => 'NunoMaduro\\Collision\\Adapters\\Laravel\\CollisionServiceProvider',
29 => 'App\\Providers\\AppServiceProvider',
30 => 'App\\Providers\\AuthServiceProvider',
31 => 'App\\Providers\\BroadcastServiceProvider',
32 => 'App\\Providers\\EventServiceProvider',
33 => 'App\\Providers\\RouteServiceProvider',
34 => 'App\\Providers\\TusServiceProvider',
),
'eager' =>
array (
......@@ -47,17 +49,19 @@
7 => 'Illuminate\\Pagination\\PaginationServiceProvider',
8 => 'Illuminate\\Session\\SessionServiceProvider',
9 => 'Illuminate\\View\\ViewServiceProvider',
10 => 'BeyondCode\\LaravelWebSockets\\WebSocketsServiceProvider',
11 => 'Facade\\Ignition\\IgnitionServiceProvider',
12 => 'Laravel\\Tinker\\TinkerServiceProvider',
13 => 'Carbon\\Laravel\\ServiceProvider',
14 => 'NunoMaduro\\Collision\\Adapters\\Laravel\\CollisionServiceProvider',
15 => 'App\\Providers\\AppServiceProvider',
16 => 'App\\Providers\\AuthServiceProvider',
17 => 'App\\Providers\\BroadcastServiceProvider',
18 => 'App\\Providers\\EventServiceProvider',
19 => 'App\\Providers\\RouteServiceProvider',
20 => 'App\\Providers\\TusServiceProvider',
10 => 'Adldap\\Laravel\\AdldapServiceProvider',
11 => 'Adldap\\Laravel\\AdldapAuthServiceProvider',
12 => 'BeyondCode\\LaravelWebSockets\\WebSocketsServiceProvider',
13 => 'Facade\\Ignition\\IgnitionServiceProvider',
14 => 'Laravel\\Tinker\\TinkerServiceProvider',
15 => 'Carbon\\Laravel\\ServiceProvider',
16 => 'NunoMaduro\\Collision\\Adapters\\Laravel\\CollisionServiceProvider',
17 => 'App\\Providers\\AppServiceProvider',
18 => 'App\\Providers\\AuthServiceProvider',
19 => 'App\\Providers\\BroadcastServiceProvider',
20 => 'App\\Providers\\EventServiceProvider',
21 => 'App\\Providers\\RouteServiceProvider',
22 => 'App\\Providers\\TusServiceProvider',
),
'deferred' =>
array (
......
composer.json
Dosyayı görüntüle @ ff1e4a4f
......@@ -13,6 +13,7 @@
"ext-ssh2": "*",
"ext-xml": "*",
"ext-zip": "*",
"adldap2/adldap2-laravel": "^6.0",
"ankitpokhrel/tus-php": "^1.0",
"beyondcode/laravel-websockets": "^1.3",
"guzzlehttp/guzzle": "^6.3",
......
composer.lock
Dosyayı görüntüle @ ff1e4a4f
......@@ -4,8 +4,121 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "f8f0891cede4c1af21476b05ede73c4b",
"content-hash": "ca9209f0e6bc2603b822e6ae55e5b2e0",
"packages": [
{
"name": "adldap2/adldap2",
"version": "v10.2.1",
"source": {
"type": "git",
"url": "https://github.com/Adldap2/Adldap2.git",
"reference": "c229325583e93d051f0d343ee356e4836cce8f74"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Adldap2/Adldap2/zipball/c229325583e93d051f0d343ee356e4836cce8f74",
"reference": "c229325583e93d051f0d343ee356e4836cce8f74",
"shasum": ""
},
"require": {
"ext-json": "*",
"ext-ldap": "*",
"illuminate/contracts": "~5.0|~6.0",
"php": ">=7.0",
"psr/log": "~1.0",
"psr/simple-cache": "~1.0",
"tightenco/collect": "~5.0|~6.0"
},
"require-dev": {
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},
"suggest": {
"ext-fileinfo": "fileinfo is required when retrieving user encoded thumbnails"
},
"type": "library",
"autoload": {
"psr-4": {
"Adldap\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Bauman",
"email": "steven_bauman@outlook.com",
"role": "Developer"
}
],
"description": "A PHP LDAP Package for humans.",
"keywords": [
"active directory",
"ad",
"adLDAP",
"adldap2",
"directory",
"ldap",
"windows"
],
"time": "2019-11-06T15:50:29+00:00"
},
{
"name": "adldap2/adldap2-laravel",
"version": "v6.0.8",
"source": {
"type": "git",
"url": "https://github.com/Adldap2/Adldap2-Laravel.git",
"reference": "c2809bcca39bd51fe3fbe426c5dc32e89a868a42"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Adldap2/Adldap2-Laravel/zipball/c2809bcca39bd51fe3fbe426c5dc32e89a868a42",
"reference": "c2809bcca39bd51fe3fbe426c5dc32e89a868a42",
"shasum": ""
},
"require": {
"adldap2/adldap2": "^10.1",
"illuminate/support": "~5.5|~6.0",
"php": ">=7.1"
},
"require-dev": {
"mockery/mockery": "~1.0",
"orchestra/testbench": "~3.7",
"phpunit/phpunit": "~7.0"
},
"type": "project",
"extra": {
"laravel": {
"providers": [
"Adldap\\Laravel\\AdldapServiceProvider",
"Adldap\\Laravel\\AdldapAuthServiceProvider"
],
"aliases": {
"Adldap": "Adldap\\Laravel\\Facades\\Adldap"
}
}
},
"autoload": {
"psr-4": {
"Adldap\\Laravel\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "LDAP Authentication & Management for Laravel.",
"keywords": [
"adLDAP",
"adldap2",
"laravel",
"ldap"
],
"time": "2019-09-03T16:03:04+00:00"
},
{
"name": "ankitpokhrel/tus-php",
"version": "v1.0.12",
......@@ -4040,6 +4153,56 @@
],
"time": "2019-10-13T12:02:04+00:00"
},
{
"name": "tightenco/collect",
"version": "v6.6.2",
"source": {
"type": "git",
"url": "https://github.com/tightenco/collect.git",
"reference": "67525fa5ebaab40acb69f0507fa91e6bce212d5c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tightenco/collect/zipball/67525fa5ebaab40acb69f0507fa91e6bce212d5c",
"reference": "67525fa5ebaab40acb69f0507fa91e6bce212d5c",
"shasum": ""
},
"require": {
"php": "^7.1.3",
"symfony/var-dumper": "^3.4 || ^4.0 || ^5.0"
},
"require-dev": {
"mockery/mockery": "^1.0",
"nesbot/carbon": "^2.23.0",
"phpunit/phpunit": "^7.0"
},
"type": "library",
"autoload": {
"files": [
"src/Collect/Support/helpers.php",
"src/Collect/Support/alias.php"
],
"psr-4": {
"Tightenco\\Collect\\": "src/Collect"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Taylor Otwell",
"email": "taylorotwell@gmail.com"
}
],
"description": "Collect - Illuminate Collections as a separate package.",
"keywords": [
"collection",
"laravel"
],
"time": "2019-12-06T22:56:34+00:00"
},
{
"name": "tijsverkoyen/css-to-inline-styles",
"version": "2.2.2",
......
config/ldap.php 0 → 100644
Dosyayı görüntüle @ ff1e4a4f
<?php
return [
/*
|--------------------------------------------------------------------------
| Logging
|--------------------------------------------------------------------------
|
| This option enables logging all LDAP operations on all configured
| connections such as bind requests and CRUD operations.
|
| Log entries will be created in your default logging stack.
|
| This option is extremely helpful for debugging connectivity issues.
|
*/
'logging' => env('LDAP_LOGGING', true),
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you **must** connect manually before running
| LDAP operations. Otherwise, you will receive exceptions.
|
*/
'auto_connect' => env('LDAP_AUTO_CONNECT', true),
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
|
| Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| For OpenLDAP, you must use the schema:
|
| Adldap\Schemas\OpenLDAP::class
|
| For FreeIPA, you must use the schema:
|
| Adldap\Schemas\FreeIPA::class
|
| Custom schema classes must implement Adldap\Schemas\SchemaInterface
|
*/
'schema' => Adldap\Schemas\ActiveDirectory::class,
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in LDAP directory.
|
| This string is prepended to all authenticating users usernames.
|
*/
'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in your LDAP directory.
|
| This string is appended to all authenticating users usernames.
|
*/
'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your LDAP server.
|
*/
'port' => env('LDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('LDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
/*
|--------------------------------------------------------------------------
| LDAP Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your LDAP server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'username' => env('LDAP_USERNAME', ''),
'password' => env('LDAP_PASSWORD', ''),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => env('LDAP_USE_SSL', false),
'use_tls' => env('LDAP_USE_TLS', false),
],
],
],
];
config/ldap_auth.php 0 → 100644
Dosyayı görüntüle @ ff1e4a4f
This diff is collapsed.
database/migrations/2019_12_10_195805_add_objectguid_column.php 0 → 100644
Dosyayı görüntüle @ ff1e4a4f
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class AddObjectguidColumn extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function (Blueprint $table) {
$table->string('objectguid')->nullable()->after('id');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
//
}
}
resources/views/auth/login.blade.php
Dosyayı görüntüle @ ff1e4a4f
......@@ -22,30 +22,20 @@
<form action="{{ route('login')}}" method="post">
@csrf
<div class="input-group mb-3">
<input type="email" name="liman_email_mert" class="form-control {{ $errors->has('liman_email_mert') ? 'is-invalid' : '' }}" placeholder="{{__("Email Adresi")}}" value="{{ old('liman_email_mert') }}" required>
<input type="text" name="liman_email_mert" class="form-control {{ $errors->has('email') ? 'is-invalid' : '' }}" placeholder="{{__("Email Adresi ve Ldap Kullanıcı Adı")}}" value="{{ old('liman_email_mert') }}" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-envelope"></span>
</div>
</div>
@if ($errors->has('liman_email_mert'))
<span class="help-block">
<strong>{{__("Giriş Yapılamadı.")}}</strong>
</span>
@endif
</div>
<div class="input-group mb-3">
<input type="password" name="liman_password_baran" class="form-control {{ $errors->has('liman_password_baran') ? 'is-invalid' : '' }}" placeholder="Password">
<input type="password" name="liman_password_baran" class="form-control {{ $errors->has('password') ? 'is-invalid' : '' }}" placeholder="Password">
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
@if ($errors->has('liman_password_baran'))
<span class="help-block">
<strong>{{__("Giriş Yapılamadı.")}}</strong>
</span>
@endif
</div>
<div class="row">
<div class="col-8">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment