deon
/
phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

Fix for when user changes their own password, and thus the password in the cookie is no longer valid

This commit is contained in:
Deon George 2023-04-13 21:01:15 +10:00
parent 9207d4e698
commit 36a985554d
4 changed files with 116 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
app/Classes/LDAP/Server.php
View File

@ -4,11 +4,12 @@ namespace App\Classes\LDAP;
use Carbon\Carbon; use Carbon\Carbon;
use Exception; use Exception;
use Illuminate\Support\Arr;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Config; use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Session;
use LdapRecord\LdapRecordException; use LdapRecord\LdapRecordException;
use LdapRecord\Models\Model; use LdapRecord\Models\Model;
use LdapRecord\Query\Collection as LDAPCollection; use LdapRecord\Query\Collection as LDAPCollection;
@ -68,102 +69,112 @@ final class Server
try { try {
$base = self::rootDSE($connection,$cachetime); $base = self::rootDSE($connection,$cachetime);
/** /**
* LDAP Error Codes: * LDAP Error Codes:
* https://ldap.com/ldap-result-code-reference/ * https://ldap.com/ldap-result-code-reference/
* + success 0 * + success 0
* + operationsError 1 * + operationsError 1
* + protocolError 2 * + protocolError 2
* + timeLimitExceeded 3 * + timeLimitExceeded 3
* + sizeLimitExceeded 4 * + sizeLimitExceeded 4
* + compareFalse 5 * + compareFalse 5
* + compareTrue 6 * + compareTrue 6
* + authMethodNotSupported 7 * + authMethodNotSupported 7
* + strongerAuthRequired 8 * + strongerAuthRequired 8
* + referral 10 * + referral 10
* + adminLimitExceeded 11 * + adminLimitExceeded 11
* + unavailableCriticalExtension 12 * + unavailableCriticalExtension 12
* + confidentialityRequired 13 * + confidentialityRequired 13
* + saslBindInProgress 14 * + saslBindInProgress 14
* + noSuchAttribute 16 * + noSuchAttribute 16
* + undefinedAttributeType 17 * + undefinedAttributeType 17
* + inappropriateMatching 18 * + inappropriateMatching 18
* + constraintViolation 19 * + constraintViolation 19
* + attributeOrValueExists 20 * + attributeOrValueExists 20
* + invalidAttributeSyntax 21 * + invalidAttributeSyntax 21
* + noSuchObject 32 * + noSuchObject 32
* + aliasProblem 33 * + aliasProblem 33
* + invalidDNSyntax 34 * + invalidDNSyntax 34
* + isLeaf 35 * + isLeaf 35
* + aliasDereferencingProblem 36 * + aliasDereferencingProblem 36
* + inappropriateAuthentication 48 * + inappropriateAuthentication 48
* + invalidCredentials 49 * + invalidCredentials 49
* + insufficientAccessRights 50 * + insufficientAccessRights 50
* + busy 51 * + busy 51
* + unavailable 52 * + unavailable 52
* + unwillingToPerform 53 * + unwillingToPerform 53
* + loopDetect 54 * + loopDetect 54
* + sortControlMissing 60 * + sortControlMissing 60
* + offsetRangeError 61 * + offsetRangeError 61
* + namingViolation 64 * + namingViolation 64
* + objectClassViolation 65 * + objectClassViolation 65
* + notAllowedOnNonLeaf 66 * + notAllowedOnNonLeaf 66
* + notAllowedOnRDN 67 * + notAllowedOnRDN 67
* + entryAlreadyExists 68 * + entryAlreadyExists 68
* + objectClassModsProhibited 69 * + objectClassModsProhibited 69
* + resultsTooLarge 70 * + resultsTooLarge 70
* + affectsMultipleDSAs 71 * + affectsMultipleDSAs 71
* + virtualListViewError or controlError 76 * + virtualListViewError or controlError 76
* + other 80 * + other 80
* + serverDown 81 * + serverDown 81
* + localError 82 * + localError 82
* + encodingError 83 * + encodingError 83
* + decodingError 84 * + decodingError 84
* + timeout 85 * + timeout 85
* + authUnknown 86 * + authUnknown 86
* + filterError 87 * + filterError 87
* + userCanceled 88 * + userCanceled 88
* + paramError 89 * + paramError 89
* + noMemory 90 * + noMemory 90
* + connectError 91 * + connectError 91
* + notSupported 92 * + notSupported 92
* + controlNotFound 93 * + controlNotFound 93
* + noResultsReturned 94 * + noResultsReturned 94
* + moreResultsToReturn 95 * + moreResultsToReturn 95
* + clientLoop 96 * + clientLoop 96
* + referralLimitExceeded 97 * + referralLimitExceeded 97
* + invalidResponse 100 * + invalidResponse 100
* + ambiguousResponse 101 * + ambiguousResponse 101
* + tlsNotSupported 112 * + tlsNotSupported 112
* + intermediateResponse 113 * + intermediateResponse 113
* + unknownType 114 * + unknownType 114
* + canceled 118 * + canceled 118
* + noSuchOperation 119 * + noSuchOperation 119
* + tooLate 120 * + tooLate 120
* + cannotCancel 121 * + cannotCancel 121
* + assertionFailed 122 * + assertionFailed 122
* + authorizationDenied 123 * + authorizationDenied 123
* + e-syncRefreshRequired 4096 * + e-syncRefreshRequired 4096
* + noOperation 16654 * + noOperation 16654
* *
* LDAP Tag Codes: * LDAP Tag Codes:
* + A client bind operation 97 * + A client bind operation 97
* + The entry for which you were searching 100 * + The entry for which you were searching 100
* + The result from a search operation 101 * + The result from a search operation 101
* + The result from a modify operation 103 * + The result from a modify operation 103
* + The result from an add operation 105 * + The result from an add operation 105
* + The result from a delete operation 107 * + The result from a delete operation 107
* + The result from a modify DN operation 109 * + The result from a modify DN operation 109
* + The result from a compare operation 111 * + The result from a compare operation 111
* + A search reference when the entry you perform your search on holds a referral to the entry you require. * + A search reference when the entry you perform your search on holds a referral to the entry you require.
* + Search references are expressed in terms of a referral. * + Search references are expressed in terms of a referral.
* 115 * 115
* + A result from an extended operation 120 * + A result from an extended operation 120
*/ */
// If we cannot get to our LDAP server we'll head straight to the error page // If we cannot get to our LDAP server we'll head straight to the error page
} catch (LdapRecordException $e) { } catch (LdapRecordException $e) {
switch ($e->getDetailedError()->getErrorCode()) { switch ($e->getDetailedError()->getErrorCode()) {
case 49: case 49:
// Since we failed authentication, we should delete our auth cookie
if (Cookie::has('password_encrypt')) {
Log::alert('Clearing user credentials and logging out');
Cookie::queue(Cookie::forget('password_encrypt'));
Cookie::queue(Cookie::forget('username_encrypt'));
Session::invalidate();
}
abort(401,$e->getDetailedError()->getErrorMessage()); abort(401,$e->getDetailedError()->getErrorMessage());
default: default:

2
resources/themes/architect/views/layouts/error.blade.php
View File

@ -22,7 +22,7 @@
<div class="modal-body"> <div class="modal-body">
<div class="text-center"> <div class="text-center">
<span class="badge badge-danger fsize-2 mb-3 ">@yield('error')</span> <span class="badge text-danger fsize-2 mb-3">@yield('error')</span>
</div> </div>
<table class="table"> <table class="table">
<tr> <tr>

9
resources/views/errors/401.blade.php Normal file
View File

@ -0,0 +1,9 @@
@extends('architect::layouts.error')
@section('error')
401: @lang('LDAP Authentication Error')
@endsection
@section('content')
{{ $exception->getMessage() }}
@endsection

2
resources/views/errors/597.blade.php
View File

@ -1,7 +1,7 @@
@extends('architect::layouts.error') @extends('architect::layouts.error')
@section('error') @section('error')
@lang('LDAP Server Unavailable') 597: @lang('LDAP Server Unavailable')
@endsection @endsection
@section('content') @section('content')