Page MenuHomePhorge
Differential D2494 Diff 7546 src/app/Auth/LDAPUserProvider.php

Changeset View

Standalone View

View Options

src/app/Auth/LDAPUserProvider.php

Show First 20 LinesShow All 43 Lines▼ Show 20 Linesclass LDAPUserProvider extends EloquentUserProvider implements UserProvider
* *
* @param Authenticatable $user The user. * @param Authenticatable $user The user.
* @param array $credentials The credentials. * @param array $credentials The credentials.
* *
* @return bool * @return bool
*/ */
public function validateCredentials(Authenticatable $user, array $credentials): bool public function validateCredentials(Authenticatable $user, array $credentials): bool
{ {
$authenticated = false; return $user->validateCredentials($credentials['email'], $credentials['password']);
if ($user->email === \strtolower($credentials['email'])) {
if (!empty($user->password)) {
if (Hash::check($credentials['password'], $user->password)) {
$authenticated = true;
}
} elseif (!empty($user->password_ldap)) {
if (substr($user->password_ldap, 0, 6) == "{SSHA}") {
$salt = substr(base64_decode(substr($user->password_ldap, 6)), 20);
$hash = '{SSHA}' . base64_encode(
sha1($credentials['password'] . $salt, true) . $salt
);
if ($hash == $user->password_ldap) {
$authenticated = true;
}
} elseif (substr($user->password_ldap, 0, 9) == "{SSHA512}") {
$salt = substr(base64_decode(substr($user->password_ldap, 9)), 64);
$hash = '{SSHA512}' . base64_encode(
pack('H*', hash('sha512', $credentials['password'] . $salt)) . $salt
);
if ($hash == $user->password_ldap) {
$authenticated = true;
}
}
} else {
\Log::error("Incomplete credentials for {$user->email}");
}
}
if ($authenticated) {
\Log::info("Successful authentication for {$user->email}");
// TODO: update last login time
if (empty($user->password) || empty($user->password_ldap)) {
$user->password = $credentials['password'];
$user->save();
}
} else {
// TODO: Try actual LDAP?
\Log::info("Authentication failed for {$user->email}");
}
return $authenticated;
} }
} }