├── .gitignore
├── LICENSE
├── Plugin.php
├── README.md
├── assets
    └── js
    │   └── override-auth.js
├── composer.json
├── controllers
    └── LDAPAuth.php
├── facades
    └── LDAPBackendAuth.php
├── lang
    └── en
    │   └── lang.php
├── plugin.yaml
├── services
    └── LDAPAuthManager.php
└── updates
    ├── builder_table_update_backend_user.php
    └── version.yaml


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Khoa Tran
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Plugin.php:
--------------------------------------------------------------------------------
 1 | <?php namespace KhoaTD\LDAP;
 2 | 
 3 | use Adldap\Laravel\AdldapServiceProvider;
 4 | use Adldap\Laravel\Facades\Adldap;
 5 | use App;
 6 | use Backend\Controllers\Users;
 7 | use KhoaTD\LDAP\Facades\LDAPBackendAuth;
 8 | use KhoaTD\LDAP\Services\LDAPAuthManager;
 9 | use Illuminate\Foundation\AliasLoader;
10 | use October\Rain\Support\Facades\Flash;
11 | use System\Classes\PluginBase;
12 | use Event;
13 | use Session;
14 | class Plugin extends PluginBase
15 | {
16 |     public $elevated = true;
17 |     /**
18 |      * Boot method, called right before the request route.
19 |      *
20 |      * @return array
21 |      */
22 |     public function boot()
23 |     {
24 |         App::register(AdldapServiceProvider::class);
25 |         AliasLoader::getInstance()->alias('Adldap', Adldap::class);
26 |         AliasLoader::getInstance()->alias('LDAPBackendAuth', LDAPBackendAuth::class);
27 |         App::singleton('backend.ldap_auth', function () {
28 |             return LDAPAuthManager::instance();
29 |         });
30 | 
31 |         Event::listen('backend.auth.extendSigninView', function($controller) {
32 |             $this->hookSigninForm($controller);
33 |         });
34 | 
35 |         Event::listen('backend.form.extendFields', function($widget) {
36 |             $this->addFieldsToUserForm($widget);
37 |         });
38 | 
39 |         Event::listen('backend.list.extendColumns', function($widget) {
40 |             $this->addFieldsToUserList($widget);
41 |         });
42 | 
43 |     }
44 | 
45 | 
46 |     protected function hookSigninForm($controller) {
47 |         $controller->addJs('/plugins/khoatd/ldap/assets/js/override-auth.js');
48 |         $message = Session::get('message');
49 |         if(!empty($message)) {
50 |             Flash::error($message);
51 |         }
52 |     }
53 | 
54 |     protected function addFieldsToUserForm($widget) {
55 |         if (!$widget->getController() instanceof Users) {
56 |             return;
57 |         }
58 | 
59 |         $widget->addFields([
60 |             'khoatd_ldap_user_type' => [
61 |                 'label'   => 'User type',
62 |                 'comment' => '(LDAP user if you want to connect with LDAP, CMS user if you want the user is managed inside the CMS)',
63 |                 'type'    => 'dropdown',
64 |                 'options' => [
65 |                     'ldap' => 'LDAP user',
66 |                     'cms' => 'CMS user',
67 |                 ]
68 |             ]
69 |         ]);
70 |     }
71 | 
72 |     protected function addFieldsToUserList($widget) {
73 |         if (!$widget->getController() instanceof Users) {
74 |             return;
75 |         }
76 | 
77 |         $widget->addColumns([
78 |             'khoatd_ldap_user_type' => [
79 |                 'label' => 'User type'
80 |             ]
81 |         ]);
82 |     }
83 | 
84 | }
85 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # october-ldap
2 | LDAP backend authentication for OctoberCMS
3 | 


--------------------------------------------------------------------------------
/assets/js/override-auth.js:
--------------------------------------------------------------------------------
1 | $(function() {
2 |     var authPostURL = '/backend/khoatd/ldap/ldapauth/signin';
3 |     $('form').attr('action', authPostURL);
4 | });
5 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "KhoaTD/LDAP",
 3 |   "type": "october-plugin",
 4 |   "description": "LDAP backend authentication plugin",
 5 |   "keywords": ["backend", "octobercms", "ldap", "authentication"],
 6 |   "license": "MIT",
 7 |   "authors": [
 8 |     {
 9 |       "name": "Khoa Tran",
10 |       "email": "tran.dang.khoa.khtn@gmail.com"
11 |     }
12 |   ],
13 |   "require": {
14 |     "php": ">=5.5.9",
15 |     "adldap2/adldap2-laravel": "3.0.*"
16 |   },
17 |   "minimum-stability": "dev"
18 | }
19 | 


--------------------------------------------------------------------------------
/controllers/LDAPAuth.php:
--------------------------------------------------------------------------------
 1 | <?php namespace KhoaTD\LDAP\Controllers;
 2 | 
 3 | use ApplicationException;
 4 | use Backend;
 5 | use Backend\Models\AccessLog;
 6 | use BackendAuth;
 7 | use LDAPBackendAuth;
 8 | use Flash;
 9 | use Mail;
10 | use October\Rain\Auth\AuthException;
11 | use Redirect;
12 | use Session;
13 | use Adldap\Laravel\Facades\Adldap;
14 | use System\Classes\UpdateManager;
15 | use ValidationException;
16 | use Validator;
17 | 
18 | class LDAPAuth extends Backend\Classes\Controller
19 | {
20 | 
21 |     protected $publicActions = ['signin'];
22 |     /**
23 |      * Displays the log in page.
24 |      */
25 |     public function signin()
26 |     {
27 |         try {
28 |             return $this->authenticate();
29 |         }
30 |         catch (\Exception $ex) {
31 |             Session::flash('message', $ex->getMessage());
32 |             return Backend::redirect('backend/auth/signin');
33 |         }
34 |     }
35 | 
36 |     public function authenticate()
37 |     {
38 |         $rules = [
39 |             'login'    => 'required|between:2,255',
40 |             'password' => 'required|between:4,255'
41 |         ];
42 | 
43 |         $validation = Validator::make(post(), $rules);
44 |         if ($validation->fails()) {
45 |             throw new ValidationException($validation);
46 |         }
47 | 
48 |         $username = post('login');
49 |         $password = post('password');
50 |         $user = BackendAuth::findUserByLogin($username);
51 |         if(empty($user)) {
52 |             throw new AuthException(sprintf('User "%s" is not granted to access backend. Please contact your administrator', $username));
53 |         }
54 |         if($user->user_type === 'ldap') {
55 |             $user = LDAPBackendAuth::authenticate([
56 |                 'login' => $username,
57 |                 'password' => $password
58 |             ], true);
59 |         } else {
60 |             $user = BackendAuth::authenticate([
61 |                 'login' => $username,
62 |                 'password' => $password
63 |             ], true);
64 |         }
65 | 
66 |         UpdateManager::instance()->update();
67 |         AccessLog::add($user);
68 |         return Backend::redirectIntended('backend');
69 |     }
70 | 
71 | }


--------------------------------------------------------------------------------
/facades/LDAPBackendAuth.php:
--------------------------------------------------------------------------------
 1 | <?php namespace KhoaTD\LDAP\Facades;
 2 | use October\Rain\Support\Facade;
 3 | 
 4 | class LDAPBackendAuth extends Facade
 5 | {
 6 |     /**
 7 |      * Get the registered name of the component.
 8 |      *
 9 |      * Resolves to:
10 |      * - Backend\Classes\AuthManager
11 |      *
12 |      * @return string
13 |      */
14 |     protected static function getFacadeAccessor()
15 |     {
16 |         return 'backend.ldap_auth';
17 |     }
18 | }


--------------------------------------------------------------------------------
/lang/en/lang.php:
--------------------------------------------------------------------------------
1 | <?php return [
2 |     'plugin' => [
3 |         'name' => 'LDAP',
4 |         'description' => 'LDAP backend authentication plugin'
5 |     ]
6 | ];


--------------------------------------------------------------------------------
/plugin.yaml:
--------------------------------------------------------------------------------
1 | plugin:
2 |     name: 'LDAP'
3 |     description: 'OctoberCMS backend LDAP authentication plugin'
4 |     author: CmgDev
5 |     icon: oc-icon-adjust
6 |     homepage: ''
7 | 


--------------------------------------------------------------------------------
/services/LDAPAuthManager.php:
--------------------------------------------------------------------------------
 1 | <?php namespace KhoaTD\LDAP\Services;
 2 | 
 3 | use Backend\Classes\AuthManager;
 4 | use October\Rain\Auth\AuthException;
 5 | use Adldap\Laravel\Facades\Adldap;
 6 | 
 7 | class LDAPAuthManager extends AuthManager
 8 | {
 9 |     protected static $instance;
10 |     public function authenticate(array $credentials, $remember = true)
11 |     {
12 |         /*
13 |          * Default to the login name field or fallback to a hard-coded 'login' value
14 |          */
15 |         $loginName = $this->createUserModel()->getLoginName();
16 |         $loginCredentialKey = (isset($credentials[$loginName])) ? $loginName : 'login';
17 | 
18 |         if (empty($credentials[$loginCredentialKey])) {
19 |             throw new AuthException(sprintf('The "%s" attribute is required.', $loginCredentialKey));
20 |         }
21 | 
22 |         if (empty($credentials['password'])) {
23 |             throw new AuthException('The password attribute is required.');
24 |         }
25 | 
26 |         /*
27 |          * If the fallback 'login' was provided and did not match the necessary
28 |          * login name, swap it over
29 |          */
30 |         if ($loginCredentialKey !== $loginName) {
31 |             $credentials[$loginName] = $credentials[$loginCredentialKey];
32 |             unset($credentials[$loginCredentialKey]);
33 |         }
34 | 
35 |         /*
36 |          * If throttling is enabled, check they are not locked out first and foremost.
37 |          */
38 |         if ($this->useThrottle) {
39 |             $throttle = $this->findThrottleByLogin($credentials[$loginName], $this->ipAddress);
40 |             $throttle->check();
41 |         }
42 | 
43 |         /*
44 |          * Look up the user by authentication credentials.
45 |          */
46 |         try {
47 |             $username = $credentials[$loginName];
48 |             $password = $credentials['password'];
49 |             $user = $this->authenticateWithAD($username, $password);
50 | 
51 |         }
52 |         catch (AuthException $ex) {
53 |             if ($this->useThrottle) {
54 |                 $throttle->addLoginAttempt();
55 |             }
56 | 
57 |             throw $ex;
58 |         }
59 | 
60 |         if ($this->useThrottle) {
61 |             $throttle->clearLoginAttempts();
62 |         }
63 | 
64 |         $user->clearResetPassword();
65 |         $this->login($user, $remember);
66 | 
67 |         return $this->user;
68 |     }
69 | 
70 |     protected function authenticateWithAD($username, $password) {
71 |         try {
72 |             $loginSuccess = Adldap::auth()->attempt($username, $password);
73 |             if($loginSuccess) {
74 |                 return $this->findUserByLogin($username);
75 |             }
76 |         } catch (\Exception $ex) {
77 |             throw new AuthException('Invalid credential');
78 |         }
79 |     }
80 | 
81 | 
82 | }


--------------------------------------------------------------------------------
/updates/builder_table_update_backend_user.php:
--------------------------------------------------------------------------------
 1 | <?php namespace CmgDev\CmgBackend\Updates;
 2 | 
 3 | use Schema;
 4 | use October\Rain\Database\Updates\Migration;
 5 | 
 6 | class BuilderTableUpdateBackendUser extends Migration
 7 | {
 8 |     public function up()
 9 |     {
10 |         Schema::table('backend_users', function ($table) {
11 |             $table->enum('khoatd_ldap_user_type', ['cms', 'ldap'])->default('cms');
12 |         });
13 | 
14 |     }
15 |     
16 |     public function down()
17 |     {
18 |         Schema::table('backend_users', function ($table) {
19 |             $table->dropColumn('khoatd_ldap_user_type');
20 |         });
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/updates/version.yaml:
--------------------------------------------------------------------------------
1 | 1.0.1:
2 |     - Initialize plugin.
3 | 1.0.2:
4 |     - 'Add user_type field to existing backend user table'
5 |     - builder_table_update_backend_user.php
6 | 
7 | 


--------------------------------------------------------------------------------