From 97a0f7dcfdcf4a5263c1cc6c19160a0868abb5f2 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 12 Dec 2014 18:28:38 +0100
Subject: Rework config module class structure. Still some TODOs though....

---
 modules/sysconfig/addmodule_adauth.inc.php | 145 +++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 modules/sysconfig/addmodule_adauth.inc.php

(limited to 'modules/sysconfig/addmodule_adauth.inc.php')

diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php
new file mode 100644
index 00000000..4873d505
--- /dev/null
+++ b/modules/sysconfig/addmodule_adauth.inc.php
@@ -0,0 +1,145 @@
+<?php
+
+/*
+ * Wizard for setting up active directory integration for authentication.
+ */
+
+class AdAuth_Start extends AddModule_Base
+{
+
+	protected function renderInternal()
+	{
+		Session::set('ad_check', false);
+		Session::save();
+		Render::addDialog(Dictionary::translate('lang_adAuthentication'), false, 'sysconfig/ad-start', array(
+			'step' => 'AdAuth_CheckConnection',
+			'title' => Request::post('title'),
+			'server' => Request::post('server'),
+			'searchbase' => Request::post('searchbase'),
+			'binddn' => Request::post('binddn'),
+			'bindpw' => Request::post('bindpw'),
+			'home' => Request::post('home')
+		));
+	}
+
+}
+
+class AdAuth_CheckConnection extends AddModule_Base
+{
+
+	private $taskIds;
+	private $originalBindDn;
+
+	protected function preprocessInternal()
+	{
+		$server = Request::post('server');
+		$searchbase = Request::post('searchbase', '');
+		$binddn = Request::post('binddn');
+		$bindpw = Request::post('bindpw');
+		if (empty($server) || empty($binddn)) {
+			Message::addError('empty-field');
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		$parent = null;
+		$this->originalBindDn = '';
+		if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out)) {
+			$user = $out[1];
+			$this->originalBindDn = str_replace('/', '\\', $binddn);
+			$selfSearch = Taskmanager::submit('LdapSearch', array(
+					'server' => $server,
+					'searchbase' => $searchbase,
+					'binddn' => $this->originalBindDn,
+					'bindpw' => $bindpw,
+					'username' => $user
+			));
+			if (!isset($selfSearch['id'])) {
+				AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+				return;
+			}
+			$parent = $selfSearch['id'];
+		}
+		$ldapSearch = Taskmanager::submit('LdapSearch', array(
+				'parentTask' => $parent,
+				'server' => $server,
+				'searchbase' => $searchbase,
+				'binddn' => $binddn,
+				'bindpw' => $bindpw
+		));
+		if (!isset($ldapSearch['id'])) {
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		$this->taskIds = array(
+			'tm-search' => $ldapSearch['id']
+		);
+		if (isset($selfSearch['id']))
+			$this->taskIds['self-search'] = $selfSearch['id'];
+	}
+
+	protected function renderInternal()
+	{
+		Render::addDialog(Dictionary::translate('lang_adAuthentication'), false, 'sysconfig/ad-checkconnection', array_merge($this->taskIds, array(
+			'title' => Request::post('title'),
+			'server' => Request::post('server'),
+			'searchbase' => Request::post('searchbase'),
+			'binddn' => Request::post('binddn'),
+			'bindpw' => Request::post('bindpw'),
+			'home' => Request::post('home'),
+			'originalbinddn' => $this->originalBindDn,
+			'step' => 'AdAuth_Finish'
+			))
+		);
+	}
+
+}
+
+class AdAuth_Finish extends AddModule_Base
+{
+
+	private $taskIds;
+
+	protected function preprocessInternal()
+	{
+		$binddn = Request::post('binddn');
+		$searchbase = Request::post('searchbase');
+		if (empty($searchbase)) {
+			// If no search base was given, determine it from the dn
+			$originalBindDn = str_replace('\\', '/', trim(Request::post('originalbinddn')));
+			if (!preg_match('#^([^/]+)/[^/]+$#', $originalBindDn, $out)) {
+				Message::addError('value-invalid', 'binddn', $originalBindDn);
+				Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start');
+			} // $out[1] is the domain
+			// Find the domain in the dn
+			$i = mb_stripos($binddn, '=' . $out[1] . ',');
+			if ($i === false) {
+				Message::addError('value-invalid', 'binddn', $out[1]);
+				Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start');
+			}
+			// Now find ',' before it so we get the key
+			$i = mb_strrpos(mb_substr($binddn, 0, $i), ',');
+			if ($i === false)
+				$i = -1;
+			$searchbase = mb_substr($binddn, $i + 1);
+		}
+		$title = Request::post('title');
+		if (empty($title))
+			$title = 'AD: ' . Request::post('server');
+		$config = ConfigModule_AdAuth::insert($title, Request::post('server'), $searchbase, $binddn, Request::post('bindpw', ''), Request::post('home', ''));
+		$config['proxyip'] = Property::getServerIp();
+		$tgz = Taskmanager::submit('CreateAdConfig', $config);
+		if (!isset($tgz['id'])) {
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		$this->taskIds = array(
+			'tm-config' => $tgz['id'],
+		);
+	}
+
+	protected function renderInternal()
+	{
+		Render::addDialog(Dictionary::translate('lang_adAuthentication'), false, 'sysconfig/ad-finish', $this->taskIds);
+	}
+
+}
-- 
cgit v1.2.3-55-g7522