kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

First attempt

Browse Source
This commit is contained in:
James Cole
2021-04-30 19:51:50 +02:00
parent c8c4507d4b
commit aac3027480
5 changed files with 541 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -84,6 +84,7 @@
"ext-xml": "*",
"bacon/bacon-qr-code": "2.*",
"diglactic/laravel-breadcrumbs": "^6.0",
"directorytree/ldaprecord-laravel": "^2.2",
"doctrine/dbal": "3.*",
"fideloper/proxy": "4.*",
"gdbots/query-parser": "^2.0",

191
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "bd033cd41088c7c19fba9031a13c2286",
"content-hash": "28d6c78fd071d01b11d366d5595195fd",
"packages": [
{
"name": "bacon/bacon-qr-code",
@@ -375,6 +375,141 @@
},
"time": "2021-04-12T18:06:07+00:00"
},
{
"name": "directorytree/ldaprecord",
"version": "v2.4.3",
"source": {
"type": "git",
"url": "https://github.com/DirectoryTree/LdapRecord.git",
"reference": "d384f2fa8926ffbef01e00e67068afdffcc9a781"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/d384f2fa8926ffbef01e00e67068afdffcc9a781",
"reference": "d384f2fa8926ffbef01e00e67068afdffcc9a781",
"shasum": ""
},
"require": {
"ext-json": "*",
"ext-ldap": "*",
"illuminate/contracts": "^5.0|^6.0|^7.0|^8.0",
"nesbot/carbon": "^1.0|^2.0",
"php": ">=7.2",
"psr/log": "^1.0",
"psr/simple-cache": "^1.0",
"tightenco/collect": "^5.6|^6.0|^7.0|^8.0"
},
"require-dev": {
"mockery/mockery": "^1.0",
"phpunit/phpunit": "^8.0"
},
"type": "library",
"autoload": {
"psr-4": {
"LdapRecord\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Bauman",
"email": "steven_bauman@outlook.com",
"role": "Developer"
}
],
"description": "A fully-featured LDAP ORM.",
"homepage": "https://www.ldaprecord.com",
"keywords": [
"active directory",
"ad",
"adLDAP",
"adldap2",
"directory",
"ldap",
"ldaprecord",
"orm",
"windows"
],
"support": {
"docs": "https://ldaprecord.com",
"email": "steven_bauman@outlook.com",
"issues": "https://github.com/DirectoryTree/LdapRecord/issues",
"source": "https://github.com/DirectoryTree/LdapRecord"
},
"funding": [
{
"url": "https://github.com/stevebauman",
"type": "github"
}
],
"time": "2021-04-25T02:35:23+00:00"
},
{
"name": "directorytree/ldaprecord-laravel",
"version": "v2.2.3",
"source": {
"type": "git",
"url": "https://github.com/DirectoryTree/LdapRecord-Laravel.git",
"reference": "c84b7a1528f4bd0f98476a2591f80421625148cc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/DirectoryTree/LdapRecord-Laravel/zipball/c84b7a1528f4bd0f98476a2591f80421625148cc",
"reference": "c84b7a1528f4bd0f98476a2591f80421625148cc",
"shasum": ""
},
"require": {
"directorytree/ldaprecord": "^2.3",
"ext-ldap": "*",
"illuminate/support": "^5.6|^6.0|^7.0|^8.0",
"php": ">=7.2",
"ramsey/uuid": "*"
},
"require-dev": {
"mockery/mockery": "~1.0",
"orchestra/testbench": "~3.7|~4.0|~5.0|~6.0",
"phpunit/phpunit": "~7.0|~8.0|~9.0"
},
"type": "project",
"extra": {
"laravel": {
"providers": [
"LdapRecord\\Laravel\\LdapServiceProvider",
"LdapRecord\\Laravel\\LdapAuthServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"LdapRecord\\Laravel\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "LDAP Authentication & Management for Laravel.",
"keywords": [
"adldap2",
"laravel",
"ldap",
"ldaprecord"
],
"support": {
"issues": "https://github.com/DirectoryTree/LdapRecord-Laravel/issues",
"source": "https://github.com/DirectoryTree/LdapRecord-Laravel/tree/v2.2.3"
},
"funding": [
{
"url": "https://github.com/stevebauman",
"type": "github"
}
],
"time": "2021-04-18T21:19:55+00:00"
},
{
"name": "doctrine/cache",
"version": "1.11.0",
@@ -6707,6 +6842,60 @@
],
"time": "2021-03-28T09:42:18+00:00"
},
{
"name": "tightenco/collect",
"version": "v8.34.0",
"source": {
"type": "git",
"url": "https://github.com/tighten/collect.git",
"reference": "b069783ab0c547bb894ebcf8e7f6024bb401f9d2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tighten/collect/zipball/b069783ab0c547bb894ebcf8e7f6024bb401f9d2",
"reference": "b069783ab0c547bb894ebcf8e7f6024bb401f9d2",
"shasum": ""
},
"require": {
"php": "^7.2|^8.0",
"symfony/var-dumper": "^3.4 || ^4.0 || ^5.0"
},
"require-dev": {
"mockery/mockery": "^1.0",
"nesbot/carbon": "^2.23.0",
"phpunit/phpunit": "^8.3"
},
"type": "library",
"autoload": {
"files": [
"src/Collect/Support/helpers.php",
"src/Collect/Support/alias.php"
],
"psr-4": {
"Tightenco\\Collect\\": "src/Collect"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Taylor Otwell",
"email": "taylorotwell@gmail.com"
}
],
"description": "Collect - Illuminate Collections as a separate package.",
"keywords": [
"collection",
"laravel"
],
"support": {
"issues": "https://github.com/tighten/collect/issues",
"source": "https://github.com/tighten/collect/tree/v8.34.0"
},
"time": "2021-03-29T21:29:00+00:00"
},
{
"name": "tijsverkoyen/css-to-inline-styles",
"version": "2.2.3",

333
config/ldap.php
View File

@@ -1,294 +1,73 @@
<?php
/**
* ldap.php
* Copyright (c) 2019 james@firefly-iii.org.
*
* This file is part of Firefly III (https://github.com/firefly-iii).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
use Adldap\Schemas\ActiveDirectory;
use Adldap\Schemas\FreeIPA;
use Adldap\Schemas\OpenLDAP;
/*
* Get schema from .env file.
*/
$schema = OpenLDAP::class;
if ('FreeIPA' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
$schema = FreeIPA::class;
}
if ('ActiveDirectory' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
$schema = ActiveDirectory::class;
}
/*
* Get SSL parameters from .env file.
*/
$ssl_ca_dir = envNonEmpty('ADLDAP_SSL_CACERTDIR', null);
$ssl_ca_file = envNonEmpty('ADLDAP_SSL_CACERTFILE', null);
$ssl_cert = envNonEmpty('ADLDAP_SSL_CERTFILE', null);
$ssl_key = envNonEmpty('ADLDAP_SSL_KEYFILE', null);
$ssl_ciphers = envNonEmpty('ADLDAP_SSL_CIPHER_SUITE', null);
$ssl_require = envNonEmpty('ADLDAP_SSL_REQUIRE_CERT', null);
$sslOptions = [];
if (null !== $ssl_ca_dir) {
$sslOptions[LDAP_OPT_X_TLS_CACERTDIR] = $ssl_ca_dir;
}
if (null !== $ssl_ca_file) {
$sslOptions[LDAP_OPT_X_TLS_CACERTFILE] = $ssl_ca_file;
}
if (null !== $ssl_cert) {
$sslOptions[LDAP_OPT_X_TLS_CERTFILE] = $ssl_cert;
}
if (null !== $ssl_key) {
$sslOptions[LDAP_OPT_X_TLS_KEYFILE] = $ssl_key;
}
if (null !== $ssl_ciphers) {
$sslOptions[LDAP_OPT_X_TLS_CIPHER_SUITE] = $ssl_ciphers;
}
if (null !== $ssl_require) {
$sslOptions[LDAP_OPT_X_TLS_REQUIRE_CERT] = $ssl_require;
}
return [
/*
|--------------------------------------------------------------------------
| Connections
| Default LDAP Connection Name
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
| Here you may specify which of the LDAP connections below you wish
| to use as your default connection for all LDAP operations. Of
| course you may add as many connections you'd like below.
|
*/
'default' => env('LDAP_CONNECTION', 'default'),
/*
|--------------------------------------------------------------------------
| LDAP Connections
|--------------------------------------------------------------------------
|
| Below you may configure each LDAP connection your application requires
| access to. Be sure to include a valid base DN - otherwise you may
| not receive any results when performing LDAP search operations.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you **must** connect manually before running
| LDAP operations.
|
*/
'auto_connect' => env('ADLDAP_AUTO_CONNECT', true),
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
|
| Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| For OpenLDAP, you must use the schema:
|
| Adldap\Schemas\OpenLDAP::class
|
| For FreeIPA, you must use the schema:
|
| Adldap\Schemas\FreeIPA::class
|
| Custom schema classes must implement Adldap\Schemas\SchemaInterface
|
*/
'schema' => $schema,
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in LDAP directory.
|
| This string is prepended to authenticating users usernames.
|
*/
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in your LDAP directory.
|
| This string is appended to authenticating users usernames.
|
*/
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'hosts' => explode(' ', env('ADLDAP_CONTROLLERS', '127.0.0.1')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your LDAP server.
|
*/
'port' => env('ADLDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('ADLDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('ADLDAP_BASEDN', 'dc=temp'),
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your LDAP server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'username' => env('ADLDAP_ADMIN_USERNAME', ''),
'password' => env('ADLDAP_ADMIN_PASSWORD', ''),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => env('ADLDAP_FOLLOW_REFFERALS', false),
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => env('ADLDAP_USE_SSL', false),
'use_tls' => env('ADLDAP_USE_TLS', false),
'custom_options' => $sslOptions,
],
'hosts' => [env('LDAP_HOST', '127.0.0.1')],
'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
'password' => env('LDAP_PASSWORD', 'secret'),
'port' => env('LDAP_PORT', 389),
'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
'timeout' => env('LDAP_TIMEOUT', 5),
'use_ssl' => env('LDAP_SSL', false),
'use_tls' => env('LDAP_TLS', false),
],
],
/*
|--------------------------------------------------------------------------
| LDAP Logging
|--------------------------------------------------------------------------
|
| When LDAP logging is enabled, all LDAP search and authentication
| operations are logged using the default application logging
| driver. This can assist in debugging issues and more.
|
*/
'logging' => env('LDAP_LOGGING', true),
/*
|--------------------------------------------------------------------------
| LDAP Cache
|--------------------------------------------------------------------------
|
| LDAP caching enables the ability of caching search results using the
| query builder. This is great for running expensive operations that
| may take many seconds to complete, such as a pagination request.
|
*/
'cache' => [
'enabled' => env('LDAP_CACHE', false),
'driver' => env('CACHE_DRIVER', 'file'),
],
];

294
config/xldap.php Normal file
View File

@@ -0,0 +1,294 @@
<?php
/**
* ldap.php
* Copyright (c) 2019 james@firefly-iii.org.
*
* This file is part of Firefly III (https://github.com/firefly-iii).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
use Adldap\Schemas\ActiveDirectory;
use Adldap\Schemas\FreeIPA;
use Adldap\Schemas\OpenLDAP;
/*
* Get schema from .env file.
*/
$schema = OpenLDAP::class;
if ('FreeIPA' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
$schema = FreeIPA::class;
}
if ('ActiveDirectory' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
$schema = ActiveDirectory::class;
}
/*
* Get SSL parameters from .env file.
*/
$ssl_ca_dir = envNonEmpty('ADLDAP_SSL_CACERTDIR', null);
$ssl_ca_file = envNonEmpty('ADLDAP_SSL_CACERTFILE', null);
$ssl_cert = envNonEmpty('ADLDAP_SSL_CERTFILE', null);
$ssl_key = envNonEmpty('ADLDAP_SSL_KEYFILE', null);
$ssl_ciphers = envNonEmpty('ADLDAP_SSL_CIPHER_SUITE', null);
$ssl_require = envNonEmpty('ADLDAP_SSL_REQUIRE_CERT', null);
$sslOptions = [];
if (null !== $ssl_ca_dir) {
$sslOptions[LDAP_OPT_X_TLS_CACERTDIR] = $ssl_ca_dir;
}
if (null !== $ssl_ca_file) {
$sslOptions[LDAP_OPT_X_TLS_CACERTFILE] = $ssl_ca_file;
}
if (null !== $ssl_cert) {
$sslOptions[LDAP_OPT_X_TLS_CERTFILE] = $ssl_cert;
}
if (null !== $ssl_key) {
$sslOptions[LDAP_OPT_X_TLS_KEYFILE] = $ssl_key;
}
if (null !== $ssl_ciphers) {
$sslOptions[LDAP_OPT_X_TLS_CIPHER_SUITE] = $ssl_ciphers;
}
if (null !== $ssl_require) {
$sslOptions[LDAP_OPT_X_TLS_REQUIRE_CERT] = $ssl_require;
}
return [
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you **must** connect manually before running
| LDAP operations.
|
*/
'auto_connect' => env('ADLDAP_AUTO_CONNECT', true),
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
|
| Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| For OpenLDAP, you must use the schema:
|
| Adldap\Schemas\OpenLDAP::class
|
| For FreeIPA, you must use the schema:
|
| Adldap\Schemas\FreeIPA::class
|
| Custom schema classes must implement Adldap\Schemas\SchemaInterface
|
*/
'schema' => $schema,
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in LDAP directory.
|
| This string is prepended to authenticating users usernames.
|
*/
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in your LDAP directory.
|
| This string is appended to authenticating users usernames.
|
*/
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'hosts' => explode(' ', env('ADLDAP_CONTROLLERS', '127.0.0.1')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your LDAP server.
|
*/
'port' => env('ADLDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('ADLDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('ADLDAP_BASEDN', 'dc=temp'),
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your LDAP server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'username' => env('ADLDAP_ADMIN_USERNAME', ''),
'password' => env('ADLDAP_ADMIN_PASSWORD', ''),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => env('ADLDAP_FOLLOW_REFFERALS', false),
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => env('ADLDAP_USE_SSL', false),
'use_tls' => env('ADLDAP_USE_TLS', false),
'custom_options' => $sslOptions,
],
],
],
];

0
config/ldap_auth.php → config/xldap_auth.php
View File