feature: LDAP auto credential fill for extensions

limanmys · Oct 27, 2023 · 3fd9dde · 3fd9dde
1 parent f73487a
commit 3fd9dde
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 4 deletions.
diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
@@ -6,6 +6,7 @@
 use App\Classes\LDAPSearchOptions;
 use App\Http\Controllers\Controller;
 use App\Models\AuthLog;
+use App\Models\Extension;
 use App\Models\LdapRestriction;
 use App\Models\Oauth2Token;
 use App\Models\Permission;
@@ -505,12 +506,24 @@ private function authWithLdap(Request $request, bool $create = false)
             ]);
         }
 
-        foreach (Server::where('ip_address', trim(env('LDAP_HOST')))->get() as $server) {
-            $encKey = env('APP_KEY').$user->id.$server->id;
+        $extensionWithLdap = Extension::where('ldap_support', true)->get();
+        $serverList = [];
+        foreach ($extensionWithLdap as $extension) {
+            $serverList = array_merge($serverList, $extension->servers()->get()->toArray());
+        }
+        $serverList = [
+            ...$serverList,
+            ...Server::where('ip_address', trim(env('LDAP_HOST')))->get(),
+        ];
+        // Check if server list is unique by id
+        $serverList = collect($serverList)->unique('id')->values();
+
+        foreach ($serverList as $server) {
+            $encKey = env('APP_KEY').$user->id.$server['id'];
             $encrypted = AES256::encrypt($request->email, $encKey);
             UserSettings::firstOrCreate([
                 'user_id' => $user->id,
-                'server_id' => $server->id,
+                'server_id' => $server['id'],
                 'name' => 'clientUsername',
             ], [
                 'value' => $encrypted,
@@ -520,7 +533,7 @@ private function authWithLdap(Request $request, bool $create = false)
 
             UserSettings::firstOrCreate([
                 'user_id' => $user->id,
-                'server_id' => $server->id,
+                'server_id' => $server['id'],
                 'name' => 'clientPassword',
             ], [
                 'value' => $encrypted,

diff --git a/app/Http/Controllers/API/ExtensionController.php b/app/Http/Controllers/API/ExtensionController.php
@@ -244,6 +244,13 @@ private function checkForMissingSettings($extension)
             $extra = ['clientUsername', 'clientPassword'];
         }
         foreach ($extension['database'] as $setting) {
+            if (
+                ($setting['variable'] == 'clientUsername') ||
+                ($setting['variable'] == 'clientPassword')
+            ) {
+                continue;            
+            }
+
             if (isset($setting['required']) && $setting['required'] === false) {
                 continue;
             }

diff --git a/app/Models/Extension.php b/app/Models/Extension.php
@@ -34,6 +34,7 @@ class Extension extends Model
         'require_key',
         'status',
         'license_type',
+        'ldap_support',
     ];
 
     protected $casts = [

diff --git a/database/migrations/2023_10_27_102750_add_ldap_support_column_to_extensions.php b/database/migrations/2023_10_27_102750_add_ldap_support_column_to_extensions.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('extensions', function (Blueprint $table) {
+            $table->boolean('ldap_support')->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('extensions', function (Blueprint $table) {
+            //
+        });
+    }
+};