Merge pull request #1673 from IrAlfred/fix-ldap-related-issues

fix(backend): fix LDAP address book and authentication issues

Author: kroky

.env.example

@@ -199,13 +199,14 @@ LDAP_USER=''
 LDAP_PASS=''
 LDAP_OBJECT_CLASS="top,person,organizationalperson,inetorgperson"
 LDAP_READ_WRITE=true
+LDAP_UID_ATTR="uid"
 
 #app.php
 LDAP_AUTH_PORT=389
 LDAP_AUTH_SERVER=localhost
 LDAP_AUTH_TLS=
 LDAP_AUTH_BASE_DN="example,dc=com"
-LDAP_UID_ATTR="cn"
+LDAP_AUTH_UID_ATTR="uid"
 
 #WordPress
 WORDPRESS_CLIENT_ID=

config/app.php

@@ -100,7 +100,7 @@
     /*
     | Attribute to use as the unique identifier for users
     */
-    'ldap_uid_attr' => env('LDAP_UID_ATTR', 'uid'),
+    'ldap_auth_uid_attr' => env('LDAP_AUTH_UID_ATTR', 'uid'),
 
     /*
     | -------------------

config/ldap.php

@@ -22,7 +22,7 @@
             /*
             | Flag to enable or disable TLS connections
             */
-            'enable_tls' => env('LDAP_ENABLE_TLS', true),
+            'enable_tls' => env('LDAP_ENABLE_TLS', false),
 
             /*
             | Port to connect to
@@ -44,6 +44,11 @@
             */
             'auth' => env('LDAP_AUTH', false),
 
+            /*
+            | Attribute to use for user identification
+            */
+            'ldap_uid_attr' => env('LDAP_UID_ATTR', 'uid'),
+
             /*
             | Global username and password to bind with if auth is set to true. If left
             | blank, users will have a setting on the Settings -> Site page for this

lib/auth.php

@@ -237,7 +237,11 @@ private function connect_details() {
         $prefix = 'ldaps://';
         $server = $this->apply_config_value('server', 'localhost');
         $port = $this->apply_config_value('port', 389);
-        if (empty($this->config['enable_tls'])) {
+        if (
+            empty($this->config['enable_tls']) ||
+            $this->config['enable_tls'] === false ||
+            strtolower($this->config['enable_tls']) === "false"
+        ) {
             $prefix = 'ldap://';
         }
         return $prefix.$server.':'.$port;
@@ -261,9 +265,9 @@ private function apply_config_value($name, $default) {
     public function check_credentials($user, $pass) {
         list($server, $port, $tls) = get_auth_config($this->site_config, 'ldap');
         $base_dn = $this->site_config->get('ldap_auth_base_dn', false);
-        $uid_attr = $this->site_config->get('ldap_uid_attr', false);
+        $uid_auth_attr = $this->site_config->get('ldap_auth_uid_attr', false);
         if ($server && $port && $base_dn) {
-            $user = sprintf('%s=%s,%s', $uid_attr, $user, $base_dn);
+            $user = sprintf('%s=%s,%s', $uid_auth_attr, $user, $base_dn);
             $this->config = [
                 'server' => $server,
                 'port' => $port,
@@ -302,7 +306,6 @@ public function connect() {
      */
     protected function auth() {
         $result = @ldap_bind($this->fh, $this->config['user'], $this->config['pass']);
-        ldap_unbind($this->fh);
         if (!$result) {
             Hm_Debug::add(sprintf('LDAP AUTH failed for %s', $this->config['user']));
         }

modules/contacts/js_modules/route_handlers.js

@@ -1,5 +1,5 @@
 function applyContactsPageHandlers() {
-    $('.delete_contact').on("click", function() {
+    $('.delete_contact:not([data-ldap-dn])').on("click", function() {
         delete_contact($(this).data('id'), $(this).data('source'), $(this).data('type'));
         return false;
     });

modules/contacts/modules.php

@@ -123,6 +123,7 @@ public function process() {
         if (array_key_exists('contact_id', $this->request->get)) {
             $contacts = $this->get('contact_store');
             $contact = $contacts->get($this->request->get['contact_id']);
+            
             if ($contact) {
                 $to = sprintf('%s <%s>', $contact->value('display_name'), $contact->value('email_address'));
                 $this->out('compose_draft', array('draft_to' => $to, 'draft_subject' => '', 'draft_body' => ''));
@@ -396,16 +397,34 @@ protected function output() {
                         $this->html_safe($c->value('phone_number')).'</a></td>'.
                         '<td class="text-end" style="width : 100px">';
                     if (in_array($c->value('type').':'.$c->value('source'), $editable, true)) {
-                        $res .= '<a data-id="'.$this->html_safe($c->value('id')).'" data-type="'.$this->html_safe($c->value('type')).'" data-source="'.$this->html_safe($c->value('source')).
-                            '" class="delete_contact cursor-pointer" title="'.$this->trans('Delete').'"><i class="bi bi-trash3 text-danger ms-2"></i></a>'.
-                            '<a href="?page=contacts&amp;contact_id='.$this->html_safe($c->value('id')).'&amp;contact_source='.
+                        $delete_attrs = 'data-id="'.$this->html_safe($c->value('id')).'" data-type="'.$this->html_safe($c->value('type')).'" data-source="'.$this->html_safe($c->value('source')).'"';
+                        
+                        if (class_exists('Hm_LDAP_Contact')) {
+                            $delete_attrs .= Hm_LDAP_Contact::generateDeleteAttributes($c, [$this, 'html_safe']);
+                        }
+                        
+                        $edit_url = '?page=contacts&amp;contact_id='.$this->html_safe($c->value('id')).'&amp;contact_source='.
                             $this->html_safe($c->value('source')).'&amp;contact_type='.
-                            $this->html_safe($c->value('type')).'&amp;contact_page='.$current_page.
-                            '" class="edit_contact cursor-pointer" title="'.$this->trans('Edit').'"><i class="bi bi-gear ms-2"></i></a>';
+                            $this->html_safe($c->value('type')).'&amp;contact_page='.$current_page;
+                        
+                        if (class_exists('Hm_LDAP_Contact')) {
+                            $edit_url = Hm_LDAP_Contact::addDNToUrl($c, $edit_url);
+                        }
+                        
+                        $res .= '<a '.$delete_attrs.' class="delete_contact cursor-pointer" title="'.$this->trans('Delete').'"><i class="bi bi-trash3 text-danger ms-2"></i></a>'.
+                            '<a href="'.$edit_url.'" class="edit_contact cursor-pointer" title="'.$this->trans('Edit').'"><i class="bi bi-pencil-square ms-2"></i></a>';
                     }
-                    $res .= '<a href="?page=compose&amp;contact_id='.$this->html_safe($c->value('id')).
-                        '" class="send_to_contact cursor-pointer" title="'.$this->trans('Send To').'">'.
-                        '<i class="bi bi-file-earmark-text ms-2"></i></a>';
+
+                    $send_to_url = '?page=compose&amp;contact_id='.$this->html_safe($c->value('id')).
+                        '&amp;contact_source='.$this->html_safe($c->value('source')).
+                        '&amp;contact_type='.$this->html_safe($c->value('type'));
+                    
+                    if (class_exists('Hm_LDAP_Contact')) {
+                        $send_to_url = Hm_LDAP_Contact::addDNToUrl($c, $send_to_url);
+                    }
+                    
+                    $res .= '<a href="'.$send_to_url.'" class="send_to_contact cursor-pointer" title="'.$this->trans('Send To').'">'.
+                        '<i class="bi bi-envelope-arrow-up ms-2"></i></a>';
 
                     $res .= '</td></tr>';
                     $res .= '<tr><td id="contact_'.$this->html_safe($c->value('id')).'_detail" class="contact_detail_row" colspan="6">';
@@ -607,6 +626,7 @@ function build_contact_detail($output_mod, $contact, $id) {
     $all_fields = false;
     $contacts = $contact->export();
     ksort($contacts);
+    
     foreach ($contacts as $name => $val) {
         if ($name == 'all_fields') {
             $all_fields = $val;
@@ -624,7 +644,7 @@ function build_contact_detail($output_mod, $contact, $id) {
     if ($all_fields) {
         ksort($all_fields);
         foreach ($all_fields as $name => $val) {
-            if (in_array($name, array(0, 'raw', 'objectclass', 'dn', 'ID', 'APP:EDITED', 'UPDATED'), true)) {
+            if (in_array($name, array(0, 'raw', 'objectclass', 'ID', 'APP:EDITED', 'UPDATED'), true)) {
                 continue;
             }
             $res .= '<tr><th>'.$output_mod->trans(name_map($name)).'</th>';
@@ -681,7 +701,8 @@ function name_map($val) {
         'fn' => 'Full Name',
         'uid' => 'Uid',
         'src_url' => 'URL',
-        'adr' => 'Address'
+        'adr' => 'Address',
+        'dn' => 'Distinguished Name'
     );
     if (array_key_exists($val, $names)) {
         return $names[$val];

modules/contacts/setup.php

@@ -79,14 +79,16 @@
         'contact_auto_collect' => FILTER_VALIDATE_BOOLEAN,
         'enable_warn_contacts_cc_not_exist_in_list_contact' => FILTER_VALIDATE_INT,
         'enable_collect_address_on_send' => FILTER_VALIDATE_INT,
-        'email_address' => FILTER_UNSAFE_RAW
+        'email_address' => FILTER_UNSAFE_RAW,
+        'ldap_dn' => FILTER_UNSAFE_RAW,
     ),
     'allowed_get' => array(
         'contact_id' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
         'contact_page' => FILTER_VALIDATE_INT,
         'contact_type' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
         'contact_source' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
         'import_contact' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
+        'dn' => FILTER_UNSAFE_RAW,
     ),
     'allowed_output' => array(
         'contact_deleted' => array(FILTER_VALIDATE_INT, false),

modules/contacts/site.js

@@ -4,11 +4,15 @@ var delete_contact = function(id, source, type) {
     if (!hm_delete_prompt()) {
         return false;
     }
-    Hm_Ajax.request(
-        [{'name': 'hm_ajax_hook', 'value': 'ajax_delete_contact'},
+    var request_data = [
+        {'name': 'hm_ajax_hook', 'value': 'ajax_delete_contact'},
         {'name': 'contact_id', 'value': id},
         {'name': 'contact_type', 'value': type},
-        {'name': 'contact_source', 'value': source}],
+        {'name': 'contact_source', 'value': source}
+    ];
+    
+    Hm_Ajax.request(
+        request_data,
         function(res) {
             if (res.contact_deleted && res.contact_deleted === 1) {
                 $('.contact_row_'+id).remove();

modules/ldap_contacts/hm-ldap-contacts.php

@@ -42,8 +42,9 @@ protected function auth() {
         if (array_key_exists('auth', $this->config) && $this->config['auth'] &&
             array_key_exists('user', $this->config) && $this->config['user'] &&
             array_key_exists('pass', $this->config) && $this->config['pass']) {
-
-            return @ldap_bind($this->fh, $this->config['user'], $this->config['pass']);
+            $uid_attr = $this->config['ldap_uid_attr'];
+            $user_dn = sprintf('%s=%s,%s', $uid_attr, $this->config['user'], $this->config['base_dn']);
+            return @ldap_bind($this->fh, $user_dn, $this->config['pass']);
         }
         else {
             return @ldap_bind($this->fh);
@@ -103,3 +104,83 @@ public function fetch() {
         return array();
     }
 }
+
+/**
+ * @subpackage ldap_contacts/lib
+ */
+class Hm_LDAP_Contact extends Hm_Contact {
+    
+    public function getDN() {
+        $all_fields = $this->value('all_fields');
+        if ($all_fields && isset($all_fields['dn'])) {
+            return $all_fields['dn'];
+        }
+        return null;
+    }
+    
+    public static function findByDN($contact_store, $target_dn, $contact_source) {
+        $all_contacts = $contact_store->dump();
+        
+        foreach ($all_contacts as $contact_id => $contact_obj) {
+            if ($contact_obj->value('source') == $contact_source && 
+                $contact_obj->value('type') == 'ldap') {
+                
+                $all_fields = $contact_obj->value('all_fields');
+                
+                if (isset($all_fields['dn']) && $all_fields['dn'] === $target_dn) {
+                    return $contact_obj;
+                }
+            }
+        }
+        return null;
+    }
+    
+    public static function isLdapContact($contact) {
+        return $contact instanceof self || $contact->value('type') === 'ldap';
+    }
+
+    public static function decodeDN($encoded_dn) {
+        return urldecode($encoded_dn);
+    }
+
+    public static function generateDeleteAttributes($contact, $html_safe) {
+        if (!self::isLdapContact($contact)) {
+            return '';
+        }
+        
+        $all_fields = $contact->value('all_fields');
+        if ($all_fields && isset($all_fields['dn'])) {
+            return ' data-ldap-dn="'.$html_safe($all_fields['dn']).'"';
+        }
+        
+        return '';
+    }
+
+    public static function addDNToUrl($contact, $base_url) {
+        if (!self::isLdapContact($contact)) {
+            return $base_url;
+        }
+        
+        $all_fields = $contact->value('all_fields');
+        if ($all_fields && isset($all_fields['dn'])) {
+            return $base_url . '&dn='.urlencode($all_fields['dn']);
+        }
+        
+        return $base_url;
+    }
+
+    public static function fromContact($contact) {
+        if ($contact->value('type') !== 'ldap') {
+            return null;
+        }
+
+        if ($contact instanceof self) {
+            return $contact;
+        }
+        
+        $contact_data = $contact->export();
+        $ldap_contact = new self($contact_data);
+        
+        return $ldap_contact;
+    }
+}