diff --git a/application/Espo/Core/Utils/Auth.php b/application/Espo/Core/Utils/Auth.php index 0b8ed56487..736dc7320a 100644 --- a/application/Espo/Core/Utils/Auth.php +++ b/application/Espo/Core/Utils/Auth.php @@ -168,7 +168,7 @@ class Auth return; } - $user = $this->authentication->login($username, $password, $authToken); + $user = $this->authentication->login($username, $password, $authToken, $this->isPortal()); $authLogRecord = null; diff --git a/application/Espo/Core/Utils/Authentication/Espo.php b/application/Espo/Core/Utils/Authentication/Espo.php index e0bb97ab3b..0ea680dc2a 100644 --- a/application/Espo/Core/Utils/Authentication/Espo.php +++ b/application/Espo/Core/Utils/Authentication/Espo.php @@ -33,7 +33,7 @@ use \Espo\Core\Exceptions\Error; class Espo extends Base { - public function login($username, $password, \Espo\Entities\AuthToken $authToken = null) + public function login($username, $password, \Espo\Entities\AuthToken $authToken = null, $isPortal = null) { if ($authToken) { $hash = $authToken->get('hash'); @@ -51,4 +51,3 @@ class Espo extends Base return $user; } } - diff --git a/application/Espo/Core/Utils/Authentication/LDAP.php b/application/Espo/Core/Utils/Authentication/LDAP.php index 82594e2fc1..1a8333941f 100644 --- a/application/Espo/Core/Utils/Authentication/LDAP.php +++ b/application/Espo/Core/Utils/Authentication/LDAP.php @@ -34,7 +34,7 @@ use Espo\Core\Utils\Config; use Espo\Core\ORM\EntityManager; use Espo\Core\Utils\Auth; -class LDAP extends Base +class LDAP extends Espo { private $utils; @@ -100,12 +100,19 @@ class LDAP extends Base * * @return \Espo\Entities\User | null */ - public function login($username, $password, \Espo\Entities\AuthToken $authToken = null) + public function login($username, $password, \Espo\Entities\AuthToken $authToken = null, $isPortal = null) { if ($authToken) { return $this->loginByToken($username, $authToken); } + if ($isPortal) { + $useLdapAuthForPortalUser = $this->getUtils()->getOption('portalUserLdapAuth'); + if (!$useLdapAuthForPortalUser) { + return parent::login($username, $password, $authToken, $isPortal); + } + } + $ldapClient = $this->getLdapClient(); /* Login LDAP system user (ldapUsername, ldapPassword) */ @@ -184,7 +191,7 @@ class LDAP extends Base $user = $this->getEntityManager()->getEntity('User', $userId); $tokenUsername = $user->get('userName'); - if ($username != $tokenUsername) { + if (strtolower($username) != strtolower($tokenUsername)) { $GLOBALS['log']->alert('Unauthorized access attempt for user ['.$username.'] from IP ['.$_SERVER['REMOTE_ADDR'].']'); return null; } @@ -328,4 +335,4 @@ class LDAP extends Base return $fields; } -} \ No newline at end of file +} diff --git a/application/Espo/Core/Utils/Authentication/LDAP/Utils.php b/application/Espo/Core/Utils/Authentication/LDAP/Utils.php index 99cf33424a..8c21b7903f 100644 --- a/application/Espo/Core/Utils/Authentication/LDAP/Utils.php +++ b/application/Espo/Core/Utils/Authentication/LDAP/Utils.php @@ -67,6 +67,7 @@ class Utils 'userTeamsIds' => 'ldapUserTeamsIds', 'userDefaultTeamId' => 'ldapUserDefaultTeamId', 'userObjectClass' => 'ldapUserObjectClass', + 'portalUserLdapAuth' => 'ldapPortalUserLdapAuth', ); /** @@ -86,6 +87,7 @@ class Utils 'userLoginFilter', 'userTeamsIds', 'userDefaultTeamId', + 'portalUserLdapAuth', ); /** @@ -163,7 +165,7 @@ class Utils */ public function getOption($name, $returns = null) { - if (isset($this->options)) { + if (!isset($this->options)) { $this->getOptions(); } @@ -187,4 +189,4 @@ class Utils return $zendOptions; } -} \ No newline at end of file +} diff --git a/application/Espo/Core/defaults/systemConfig.php b/application/Espo/Core/defaults/systemConfig.php index 78c012619d..00b6d2195e 100644 --- a/application/Espo/Core/defaults/systemConfig.php +++ b/application/Espo/Core/defaults/systemConfig.php @@ -134,6 +134,7 @@ return array ( 'ldapAccountFilterFormat', 'ldapTryUsernameSplit', 'ldapOptReferrals', + 'ldapPortalUserLdapAuth', 'ldapCreateEspoUser', 'ldapAccountDomainName', 'ldapAccountDomainNameShort', @@ -206,5 +207,5 @@ return array ( ], 'requiredMysqlVersion' => '5.5.3', 'recommendedMysqlParams' => [], - + 'ldapPortalUserLdapAuth' => false, ); diff --git a/application/Espo/Resources/i18n/en_US/Settings.json b/application/Espo/Resources/i18n/en_US/Settings.json index b9b95a2935..4f7b8cd9e1 100644 --- a/application/Espo/Resources/i18n/en_US/Settings.json +++ b/application/Espo/Resources/i18n/en_US/Settings.json @@ -40,6 +40,7 @@ "ldapAccountCanonicalForm": "Account Canonical Form", "ldapAccountDomainName": "Account Domain Name", "ldapTryUsernameSplit": "Try Username Split", + "ldapPortalUserLdapAuth": "Use LDAP Authentication for Portal Users", "ldapCreateEspoUser": "Create User in EspoCRM", "ldapSecurity": "Security", "ldapUserLoginFilter": "User Login Filter", @@ -137,6 +138,7 @@ "ldapBaseDn": "The default base DN used for searching users. E.g. \"OU=users,OU=espocrm,DC=test, DC=lan\".", "ldapTryUsernameSplit": "The option to split a username with the domain.", "ldapOptReferrals": "if referrals should be followed to the LDAP client.", + "ldapPortalUserLdapAuth": "Allow portal users to use LDAP authentication instead of Espo authentication.", "ldapCreateEspoUser": "This option allows EspoCRM to create a user from the LDAP.", "ldapUserFirstNameAttribute": "LDAP attribute which is used to determine the user first name. E.g. \"givenname\".", "ldapUserLastNameAttribute": "LDAP attribute which is used to determine the user last name. E.g. \"sn\".", diff --git a/application/Espo/Resources/layouts/Settings/authentication.json b/application/Espo/Resources/layouts/Settings/authentication.json index 138652784a..576ac3ddac 100644 --- a/application/Espo/Resources/layouts/Settings/authentication.json +++ b/application/Espo/Resources/layouts/Settings/authentication.json @@ -20,6 +20,7 @@ [{"name": "ldapUserLoginFilter", "fullWidth": true}], [{"name": "ldapAccountDomainName"}, {"name": "ldapAccountDomainNameShort"}], [{"name": "ldapTryUsernameSplit"}, {"name": "ldapOptReferrals"}], + [{"name": "ldapPortalUserLdapAuth"}, false], [{"name": "ldapCreateEspoUser"}, false], [{"name": "ldapUserFirstNameAttribute"}, {"name": "ldapUserLastNameAttribute"}], [{"name": "ldapUserTitleAttribute"}, false], diff --git a/application/Espo/Resources/metadata/entityDefs/Settings.json b/application/Espo/Resources/metadata/entityDefs/Settings.json index 3f12a7b5d4..02a787f5fe 100644 --- a/application/Espo/Resources/metadata/entityDefs/Settings.json +++ b/application/Espo/Resources/metadata/entityDefs/Settings.json @@ -209,6 +209,11 @@ "type": "bool", "tooltip": true }, + "ldapPortalUserLdapAuth": { + "type": "bool", + "default": false, + "tooltip": true + }, "ldapCreateEspoUser": { "type": "bool", "default": true, diff --git a/application/Espo/Services/EmailAddress.php b/application/Espo/Services/EmailAddress.php index 2d2853af40..0c36e2dc2d 100644 --- a/application/Espo/Services/EmailAddress.php +++ b/application/Espo/Services/EmailAddress.php @@ -35,6 +35,7 @@ use \Espo\Core\Exceptions\Error; class EmailAddress extends Record { + const ERASED_PREFIX = 'ERASED:'; protected function findInAddressBookByEntityType($query, $limit, $entityType, &$result) { @@ -67,24 +68,31 @@ class EmailAddress extends Record foreach ($collection as $entity) { $emailAddress = $entity->get('emailAddress'); - $result[] = array( + if ($emailAddress) { + if (strpos($emailAddress, self::ERASED_PREFIX) === 0) { + continue; + } + } + + $result[] = [ 'emailAddress' => $emailAddress, 'entityName' => $entity->get('name'), 'entityType' => $entityType, 'entityId' => $entity->id - ); + ]; $emailAddressData = $this->getEntityManager()->getRepository('EmailAddress')->getEmailAddressData($entity); foreach ($emailAddressData as $d) { if ($emailAddress != $d->emailAddress) { $emailAddress = $d->emailAddress; - $result[] = array( - 'emailAddress' => $emailAddress, - 'entityName' => $entity->get('name'), - 'entityType' => $entityType, - 'entityId' => $entity->id - ); - break; + if (strpos($emailAddress, $query) === 0 && strpos($emailAddress, self::ERASED_PREFIX) !== 0) { + $result[] = [ + 'emailAddress' => $emailAddress, + 'entityName' => $entity->get('name'), + 'entityType' => $entityType, + 'entityId' => $entity->id + ]; + } } } } @@ -125,24 +133,31 @@ class EmailAddress extends Record foreach ($collection as $entity) { $emailAddress = $entity->get('emailAddress'); - $result[] = array( + if ($emailAddress) { + if (strpos($emailAddress, self::ERASED_PREFIX) === 0) { + continue; + } + } + + $result[] = [ 'emailAddress' => $emailAddress, 'entityName' => $entity->get('name'), 'entityType' => 'User', 'entityId' => $entity->id - ); + ]; $emailAddressData = $this->getEntityManager()->getRepository('EmailAddress')->getEmailAddressData($entity); foreach ($emailAddressData as $d) { if ($emailAddress != $d->emailAddress) { $emailAddress = $d->emailAddress; - $result[] = array( - 'emailAddress' => $emailAddress, - 'entityName' => $entity->get('name'), - 'entityType' => 'User', - 'entityId' => $entity->id - ); - break; + if (strpos($emailAddress, $query) === 0 && strpos($emailAddress, self::ERASED_PREFIX) !== 0) { + $result[] = [ + 'emailAddress' => $emailAddress, + 'entityName' => $entity->get('name'), + 'entityType' => 'User', + 'entityId' => $entity->id + ]; + } } } }