viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 15:06:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

manual marge

Browse Source
This commit is contained in:
yuri
2018-09-26 16:17:01 +03:00
parent 43c0299c25 0e3b3c4193
commit 219a77f121
9 changed files with 60 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/Espo/Core/Utils/Auth.php
View File

@@ -168,7 +168,7 @@ class Auth
return;
}
$user = $this->authentication->login($username, $password, $authToken);
$user = $this->authentication->login($username, $password, $authToken, $this->isPortal());
$authLogRecord = null;

3
application/Espo/Core/Utils/Authentication/Espo.php
View File

@@ -33,7 +33,7 @@ use \Espo\Core\Exceptions\Error;
class Espo extends Base
{
public function login($username, $password, \Espo\Entities\AuthToken $authToken = null)
public function login($username, $password, \Espo\Entities\AuthToken $authToken = null, $isPortal = null)
{
if ($authToken) {
$hash = $authToken->get('hash');
@@ -51,4 +51,3 @@ class Espo extends Base
return $user;
}
}

15
application/Espo/Core/Utils/Authentication/LDAP.php
View File

@@ -34,7 +34,7 @@ use Espo\Core\Utils\Config;
use Espo\Core\ORM\EntityManager;
use Espo\Core\Utils\Auth;
class LDAP extends Base
class LDAP extends Espo
{
private $utils;
@@ -100,12 +100,19 @@ class LDAP extends Base
*
* @return \Espo\Entities\User | null
*/
public function login($username, $password, \Espo\Entities\AuthToken $authToken = null)
public function login($username, $password, \Espo\Entities\AuthToken $authToken = null, $isPortal = null)
{
if ($authToken) {
return $this->loginByToken($username, $authToken);
}
if ($isPortal) {
$useLdapAuthForPortalUser = $this->getUtils()->getOption('portalUserLdapAuth');
if (!$useLdapAuthForPortalUser) {
return parent::login($username, $password, $authToken, $isPortal);
}
}
$ldapClient = $this->getLdapClient();
/* Login LDAP system user (ldapUsername, ldapPassword) */
@@ -184,7 +191,7 @@ class LDAP extends Base
$user = $this->getEntityManager()->getEntity('User', $userId);
$tokenUsername = $user->get('userName');
if ($username != $tokenUsername) {
if (strtolower($username) != strtolower($tokenUsername)) {
$GLOBALS['log']->alert('Unauthorized access attempt for user ['.$username.'] from IP ['.$_SERVER['REMOTE_ADDR'].']');
return null;
}
@@ -328,4 +335,4 @@ class LDAP extends Base
return $fields;
}
}
}

6
application/Espo/Core/Utils/Authentication/LDAP/Utils.php
View File

@@ -67,6 +67,7 @@ class Utils
'userTeamsIds' => 'ldapUserTeamsIds',
'userDefaultTeamId' => 'ldapUserDefaultTeamId',
'userObjectClass' => 'ldapUserObjectClass',
'portalUserLdapAuth' => 'ldapPortalUserLdapAuth',
);
/**
@@ -86,6 +87,7 @@ class Utils
'userLoginFilter',
'userTeamsIds',
'userDefaultTeamId',
'portalUserLdapAuth',
);
/**
@@ -163,7 +165,7 @@ class Utils
*/
public function getOption($name, $returns = null)
{
if (isset($this->options)) {
if (!isset($this->options)) {
$this->getOptions();
}
@@ -187,4 +189,4 @@ class Utils
return $zendOptions;
}
}
}

3
application/Espo/Core/defaults/systemConfig.php
View File

@@ -134,6 +134,7 @@ return array (
'ldapAccountFilterFormat',
'ldapTryUsernameSplit',
'ldapOptReferrals',
'ldapPortalUserLdapAuth',
'ldapCreateEspoUser',
'ldapAccountDomainName',
'ldapAccountDomainNameShort',
@@ -206,5 +207,5 @@ return array (
],
'requiredMysqlVersion' => '5.5.3',
'recommendedMysqlParams' => [],
'ldapPortalUserLdapAuth' => false,
);

2
application/Espo/Resources/i18n/en_US/Settings.json
View File

@@ -40,6 +40,7 @@
"ldapAccountCanonicalForm": "Account Canonical Form",
"ldapAccountDomainName": "Account Domain Name",
"ldapTryUsernameSplit": "Try Username Split",
"ldapPortalUserLdapAuth": "Use LDAP Authentication for Portal Users",
"ldapCreateEspoUser": "Create User in EspoCRM",
"ldapSecurity": "Security",
"ldapUserLoginFilter": "User Login Filter",
@@ -137,6 +138,7 @@
"ldapBaseDn": "The default base DN used for searching users. E.g. \"OU=users,OU=espocrm,DC=test, DC=lan\".",
"ldapTryUsernameSplit": "The option to split a username with the domain.",
"ldapOptReferrals": "if referrals should be followed to the LDAP client.",
"ldapPortalUserLdapAuth": "Allow portal users to use LDAP authentication instead of Espo authentication.",
"ldapCreateEspoUser": "This option allows EspoCRM to create a user from the LDAP.",
"ldapUserFirstNameAttribute": "LDAP attribute which is used to determine the user first name. E.g. \"givenname\".",
"ldapUserLastNameAttribute": "LDAP attribute which is used to determine the user last name. E.g. \"sn\".",

1
application/Espo/Resources/layouts/Settings/authentication.json
View File

@@ -20,6 +20,7 @@
[{"name": "ldapUserLoginFilter", "fullWidth": true}],
[{"name": "ldapAccountDomainName"}, {"name": "ldapAccountDomainNameShort"}],
[{"name": "ldapTryUsernameSplit"}, {"name": "ldapOptReferrals"}],
[{"name": "ldapPortalUserLdapAuth"}, false],
[{"name": "ldapCreateEspoUser"}, false],
[{"name": "ldapUserFirstNameAttribute"}, {"name": "ldapUserLastNameAttribute"}],
[{"name": "ldapUserTitleAttribute"}, false],

5
application/Espo/Resources/metadata/entityDefs/Settings.json
View File

@@ -209,6 +209,11 @@
"type": "bool",
"tooltip": true
},
"ldapPortalUserLdapAuth": {
"type": "bool",
"default": false,
"tooltip": true
},
"ldapCreateEspoUser": {
"type": "bool",
"default": true,

51
application/Espo/Services/EmailAddress.php
View File

@@ -35,6 +35,7 @@ use \Espo\Core\Exceptions\Error;
class EmailAddress extends Record
{
const ERASED_PREFIX = 'ERASED:';
protected function findInAddressBookByEntityType($query, $limit, $entityType, &$result)
{
@@ -67,24 +68,31 @@ class EmailAddress extends Record
foreach ($collection as $entity) {
$emailAddress = $entity->get('emailAddress');
$result[] = array(
if ($emailAddress) {
if (strpos($emailAddress, self::ERASED_PREFIX) === 0) {
continue;
}
}
$result[] = [
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => $entityType,
'entityId' => $entity->id
);
];
$emailAddressData = $this->getEntityManager()->getRepository('EmailAddress')->getEmailAddressData($entity);
foreach ($emailAddressData as $d) {
if ($emailAddress != $d->emailAddress) {
$emailAddress = $d->emailAddress;
$result[] = array(
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => $entityType,
'entityId' => $entity->id
);
break;
if (strpos($emailAddress, $query) === 0 && strpos($emailAddress, self::ERASED_PREFIX) !== 0) {
$result[] = [
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => $entityType,
'entityId' => $entity->id
];
}
}
}
}
@@ -125,24 +133,31 @@ class EmailAddress extends Record
foreach ($collection as $entity) {
$emailAddress = $entity->get('emailAddress');
$result[] = array(
if ($emailAddress) {
if (strpos($emailAddress, self::ERASED_PREFIX) === 0) {
continue;
}
}
$result[] = [
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => 'User',
'entityId' => $entity->id
);
];
$emailAddressData = $this->getEntityManager()->getRepository('EmailAddress')->getEmailAddressData($entity);
foreach ($emailAddressData as $d) {
if ($emailAddress != $d->emailAddress) {
$emailAddress = $d->emailAddress;
$result[] = array(
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => 'User',
'entityId' => $entity->id
);
break;
if (strpos($emailAddress, $query) === 0 && strpos($emailAddress, self::ERASED_PREFIX) !== 0) {
$result[] = [
'emailAddress' => $emailAddress,
'entityName' => $entity->get('name'),
'entityType' => 'User',
'entityId' => $entity->id
];
}
}
}
}