diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index 840d1ff2bbd02b1b2ed52ba27ebbe2b0065e3fd5..774cb56f793754894cb3f8fba7d2f2874bb5c0f7 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -270,12 +270,14 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
DESC 'FusionDirectory - HTTP Basic Auth activation'
+ OBSOLETE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated'
DESC 'FusionDirectory - HTTP Header Auth activation'
+ OBSOLETE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
@@ -287,6 +289,13 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.38414.8.15.9 NAME 'fdLoginMethod'
+ DESC 'FusionDirectory - Active login method'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
# Debugging
attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
@@ -421,6 +430,7 @@ attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath'
attributetype ( 1.3.6.1.4.1.38414.8.21.1 NAME 'fdCasActivated'
DESC 'FusionDirectory - CASÂ activation'
+ OBSOLETE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
@@ -563,7 +573,8 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdPluginsMenuBlacklist $
fdAclTabOnObjects $ fdDepartmentCategories $
fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
- fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext
+ fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $
+ fdLoginMethod
) )
objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf'
diff --git a/html/index.php b/html/index.php
index ab412cda49abc870bedeb760002a2feb8629f4ef..af3f5e378c37896fb088d56d0647bff9a72a12c1 100644
--- a/html/index.php
+++ b/html/index.php
@@ -220,12 +220,7 @@ if (isset($_REQUEST['message'])) {
}
}
-$loginMethods = LoginMethod::getMethods();
-foreach ($loginMethods as $method) {
- if ($method::active()) {
- $method::loginProcess();
- }
-}
+LoginMethod::loginProcess();
/* Translation of cookie-warning. Whether to display it, is determined by JavaScript */
$smarty->assign ('cookies', '<b>'._('Warning').':</b> '._('Your browser has cookies disabled. Please enable cookies and reload this page before logging in!'));
diff --git a/include/login/class_LoginCAS.inc b/include/login/class_LoginCAS.inc
index 5925565db3c56ac01f1af78e50e8398d17c470bd..439c139ee52840c0c815ddba6260346bfac77bb2 100644
--- a/include/login/class_LoginCAS.inc
+++ b/include/login/class_LoginCAS.inc
@@ -23,6 +23,12 @@
*/
class LoginCAS extends LoginMethod
{
+ /*! \brief Displayed name */
+ static function getLabel()
+ {
+ return _('CAS');
+ }
+
/*! \brief All login steps in the right order for CAS login */
static function loginProcess()
{
@@ -89,12 +95,20 @@ class LoginCAS extends LoginMethod
if ($success) {
/* Everything went well, redirect to main.php */
static::redirect();
+ } else {
+ echo msg_dialog::get_dialogs();
+ if (!empty($message)) {
+ msg_dialog::display(
+ _('Error'),
+ sprintf(
+ _('Login with user "%s" triggered error: %s'),
+ static::$username,
+ $message
+ ),
+ FATAL_ERROR_DIALOG
+ );
+ }
+ exit();
}
}
-
- static function active()
- {
- global $config;
- return ($config->get_cfg_value('casActivated') == 'TRUE');
- }
}
diff --git a/include/login/class_LoginHTTPAuth.inc b/include/login/class_LoginHTTPAuth.inc
index 9c71a2333f68604cb544ae67cef78f9e2d9516c0..3fe017faa78df159de870eda43cb729d976b671f 100644
--- a/include/login/class_LoginHTTPAuth.inc
+++ b/include/login/class_LoginHTTPAuth.inc
@@ -23,6 +23,12 @@
*/
class LoginHTTPAuth extends LoginMethod
{
+ /*! \brief Displayed name */
+ static function getLabel()
+ {
+ return _('HTTP Basic Auth');
+ }
+
/*! \brief All login steps in the right order for HTTP auth login */
static function loginProcess()
{
@@ -61,10 +67,4 @@ class LoginHTTPAuth extends LoginMethod
echo "$message\n";
exit;
}
-
- static function active()
- {
- global $config;
- return ($config->get_cfg_value('httpAuthActivated') == 'TRUE');
- }
}
diff --git a/include/login/class_LoginHTTPHeader.inc b/include/login/class_LoginHTTPHeader.inc
index 4abf197dfffd92a12a5595e0066bfcd80fc4a739..4028f3c2e7dadc42b44e6438d14a64f201e9dc2d 100644
--- a/include/login/class_LoginHTTPHeader.inc
+++ b/include/login/class_LoginHTTPHeader.inc
@@ -23,6 +23,12 @@
*/
class LoginHTTPHeader extends LoginMethod
{
+ /*! \brief Displayed name */
+ static function getLabel()
+ {
+ return _('HTTP Header');
+ }
+
/*! \brief All login steps in the right order for HTTP Header login */
static function loginProcess()
{
@@ -85,12 +91,20 @@ class LoginHTTPHeader extends LoginMethod
if ($success) {
/* Everything went well, redirect to main.php */
static::redirect();
+ } else {
+ echo msg_dialog::get_dialogs();
+ if (!empty($message)) {
+ msg_dialog::display(
+ _('Error'),
+ sprintf(
+ _('Login with user "%s" triggered error: %s'),
+ static::$username,
+ $message
+ ),
+ FATAL_ERROR_DIALOG
+ );
+ }
+ exit();
}
}
-
- static function active()
- {
- global $config;
- return ($config->get_cfg_value('httpHeaderAuthActivated') == 'TRUE');
- }
}
diff --git a/include/login/class_LoginMethod.inc b/include/login/class_LoginMethod.inc
index 360fbe5b0c2a23cafd2e0236ebf775e70f535dfe..58944e12bcf6d9bb67b39f4483ca7c300a13830b 100644
--- a/include/login/class_LoginMethod.inc
+++ b/include/login/class_LoginMethod.inc
@@ -175,20 +175,44 @@ class LoginMethod
/*! \brief All login steps in the right order */
static function loginProcess()
{
+ global $config;
+ $method = $config->get_cfg_value('LoginMethod', '');
+ if (empty($method)) {
+ // Try to detect configurations from FD<1.4
+ if ($config->get_cfg_value('httpAuthActivated') == 'TRUE') {
+ $method = 'LoginHTTPAuth';
+ } elseif ($config->get_cfg_value('casActivated') == 'TRUE') {
+ $method = 'LoginCAS';
+ } elseif ($config->get_cfg_value('httpHeaderAuthActivated') == 'TRUE') {
+ $method = 'LoginHTTPHeader';
+ } else {
+ $method = 'LoginPost';
+ }
+ }
+ $method::loginProcess();
}
- static function active()
+ /*! \brief Displayed name for each login method. Returning FALSE disables a method */
+ static function getLabel()
{
return FALSE;
}
static function getMethods()
{
- return array(
- 'LoginHTTPAuth',
+ $methods = array(
+ 'LoginPost',
'LoginCAS',
+ 'LoginHTTPAuth',
'LoginHTTPHeader',
- 'LoginPost',
);
+ $return = array();
+ foreach ($methods as $method) {
+ $label = $method::getLabel();
+ if ($label) {
+ $return[$method] = $label;
+ }
+ }
+ return $return;
}
}
diff --git a/include/login/class_LoginPost.inc b/include/login/class_LoginPost.inc
index 04cdfc08d5e5144b11fcebe467a4534df4007995..cbe3e8085de7d9a673ffd750d31e0ccd462cf64b 100644
--- a/include/login/class_LoginPost.inc
+++ b/include/login/class_LoginPost.inc
@@ -23,6 +23,12 @@
*/
class LoginPost extends LoginMethod
{
+ /*! \brief Displayed name */
+ static function getLabel()
+ {
+ return _('HTML form');
+ }
+
/*! \brief All login steps in the right order for standard POST login */
static function loginProcess()
{
@@ -33,25 +39,23 @@ class LoginPost extends LoginMethod
/* Reset error messages */
$message = '';
- static::$username = $_POST['username'];
- static::$password = $_POST['password'];
+ if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['login']) && isset($_POST['username']) && isset($_POST['password'])) {
- $success = static::runSteps(array(
- 'validateUserInput',
- 'ldapLoginUser',
- 'checkForLockingBranch',
- 'loginAndCheckExpired',
- 'runSchemaCheck',
- ));
+ static::$username = $_POST['username'];
+ static::$password = $_POST['password'];
- if ($success) {
- /* Everything went well, redirect to main.php */
- static::redirect();
- }
- }
+ $success = static::runSteps(array(
+ 'validateUserInput',
+ 'ldapLoginUser',
+ 'checkForLockingBranch',
+ 'loginAndCheckExpired',
+ 'runSchemaCheck',
+ ));
- static function active()
- {
- return (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['login']));
+ if ($success) {
+ /* Everything went well, redirect to main.php */
+ static::redirect();
+ }
+ }
}
}
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index 77d44516dfaf8057254838d2e86e8dd8fcc35c70..c526f32c7850a56dab77838dd74ae01ae69b86cf 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -211,15 +211,10 @@ class configInLdap extends simplePlugin
'fdSessionLifeTime', TRUE,
0 /*min*/, FALSE /*no max*/, 1800
),
- new BooleanAttribute (
- _('HTTP Basic authentication'), _('Use HTTP Basic authentication protocol instead of the login form.'),
- 'fdHttpAuthActivated', FALSE,
- FALSE
- ),
- new BooleanAttribute (
- _('HTTP Header authentication'), _('Use HTTP Header authentication instead of the login form.'),
- 'fdHttpHeaderAuthActivated', FALSE,
- FALSE
+ new SelectAttribute (
+ _('Login method'),
+ _('Which login method should be used for connecting to FusionDirectory'),
+ 'fdLoginMethod', TRUE
),
new StringAttribute (
_('Header name'), _('Name of the header containing user identifier.'),
@@ -251,11 +246,6 @@ class configInLdap extends simplePlugin
'cas' => array(
'name' => _('CAS'),
'attrs' => array(
- new BooleanAttribute (
- _('Enable CAS'), _('CAS login will be used instead of LDAP bind'),
- 'fdCasActivated', FALSE,
- FALSE
- ),
new TrimmedStringAttribute (
_('CA certificate path'), _('Path to the CA certificate of the CAS server'),
'fdCasServerCaCertPath', FALSE,
@@ -463,6 +453,10 @@ class configInLdap extends simplePlugin
$methods[] = 'sasl';
}
$attributesInfo['password']['attrs'][0]->setChoices($methods);
+ /* Login methods */
+ $methods = LoginMethod::getMethods();
+ $attributesInfo['login']['attrs'][4]->setChoices(array_keys($methods), array_values($methods));
+ //TODO Support previous settings
$groupsAndRoles = array_merge(
array_map(
@@ -509,15 +503,6 @@ class configInLdap extends simplePlugin
$this->fusionConfigMd5 = md5_file(CACHE_DIR."/".CLASS_CACHE);
- $this->attributesAccess['fdHttpAuthActivated']->setManagedAttributes(
- array(
- 'erase' => array (
- TRUE => array (
- 'fdCasActivated',
- )
- )
- )
- );
$this->attributesAccess['fdEnableSnapshots']->setManagedAttributes(
array(
'disable' => array (
@@ -539,36 +524,52 @@ class configInLdap extends simplePlugin
)
)
);
- $this->attributesAccess['fdCasActivated']->setManagedAttributes(
+ $this->attributesAccess['fdSplitPostalAddress']->setManagedAttributes(
array(
'disable' => array (
FALSE => array (
- 'fdCasServerCaCertPath',
- 'fdCasHost',
- 'fdCasPort',
- 'fdCasContext',
+ 'fdPostalAddressPattern',
)
)
)
);
- $this->attributesAccess['fdHttpHeaderAuthActivated']->setManagedAttributes(
+ $this->attributesAccess['fdLoginMethod']->setManagedAttributes(
array(
- 'disable' => array (
- FALSE => array (
+ 'multiplevalues' => array(
+ 'noncas' => array(
+ 'LoginPost',
+ 'LoginHTTPAuth',
+ 'LoginHTTPHeader',
+ ),
+ 'nonheader' => array(
+ 'LoginPost',
+ 'LoginCAS',
+ 'LoginHTTPAuth'
+ ),
+ ),
+ 'disable' => array(
+ 'noncas' => array (
+ 'fdCasServerCaCertPath',
+ 'fdCasHost',
+ 'fdCasPort',
+ 'fdCasContext',
+ ),
+ 'nonheader' => array (
'fdHttpHeaderAuthHeaderName',
)
)
)
);
- $this->attributesAccess['fdSplitPostalAddress']->setManagedAttributes(
- array(
- 'disable' => array (
- FALSE => array (
- 'fdPostalAddressPattern',
- )
- )
- )
- );
+ if (empty($this->attrs['fdLoginMethod'][0])) {
+ // Reading OBSOLETEÂ attributes from FD<1.4 to ease migration
+ if (isset($this->attrs['fdHttpAuthActivated'][0]) && ($this->attrs['fdHttpAuthActivated'][0] == 'TRUE')) {
+ $this->fdLoginMethod = 'LoginHTTPAuth';
+ } elseif (isset($this->attrs['fdCasActivated'][0]) && ($this->attrs['fdCasActivated'][0] == 'TRUE')) {
+ $this->fdLoginMethod = 'LoginCAS';
+ } elseif (isset($this->attrs['fdHttpHeaderAuthActivated'][0]) && ($this->attrs['fdHttpHeaderAuthActivated'][0] == 'TRUE')) {
+ $this->fdLoginMethod = 'LoginHTTPHeader';
+ }
+ }
}
function compute_dn()