ldap login

server/Application/Api/Controller/AdminSettingController.class.php

@@ -0,0 +1,117 @@
+<?php
+namespace Api\Controller;
+use Think\Controller;
+class AdminSettingController extends BaseController {
+
+    //保存配置
+    public function saveConfig(){
+        $login_user = $this->checkLogin();
+        $this->checkAdmin();
+        $register_open = intval(I("register_open")) ;
+        $ldap_open = intval(I("ldap_open")) ;
+        $ldap_form = I("ldap_form") ;
+        D("Options")->set("register_open" ,$register_open) ;
+        D("Options")->set("ldap_open" ,$ldap_open) ;
+
+        if ($ldap_open) {
+
+            if( !extension_loaded( 'ldap' ) ) {
+               $this->sendError(10011,"你尚未安装php-ldap扩展。如果是普通PHP环境，请手动安装之。如果是使用之前官方docker镜像，则需要重新安装镜像。方法是：备份 /showdoc_data 整个目录，然后全新安装showdoc，接着用备份覆盖/showdoc_data 。然后递归赋予777可写权限。");
+               return ;
+            }
+
+            $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']);//建立与 LDAP 服务器的连接
+            if (!$ldap_conn) {
+               $this->sendError(10011,"Can't connect to LDAP server");
+               return ;
+            }
+            ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']);
+            $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']);//与服务器绑定 用户登录验证 成功返回1 
+            if (!$rs) {
+               $this->sendError(10011,"Can't bind to LDAP server");
+               return ;
+            }
+
+            $result = ldap_search($ldap_conn,$ldap_form['base_dn'],"(cn=*)");
+            $data = ldap_get_entries($ldap_conn, $result);
+            for ($i=0; $i<$data["count"]; $i++) {
+                $ldap_user = $data[$i]["cn"][0] ;
+                //如果该用户不在数据库里，则帮助其注册
+                if(!D("User")->isExist($ldap_user)){
+                    D("User")->register($ldap_user,$ldap_user.time());
+                }
+            }
+            D("Options")->set("ldap_form" , json_encode( $ldap_form)) ;
+        }
+
+        $this->sendResult(array());
+
+    }
+
+    //加载配置
+    public function loadConfig(){
+        $login_user = $this->checkLogin();
+        $this->checkAdmin();
+        $ldap_open = D("Options")->get("ldap_open" ) ;
+        $register_open = D("Options")->get("register_open" ) ;
+        $ldap_form = D("Options")->get("ldap_form" ) ;
+        $ldap_form = json_decode($ldap_form,1);
+        //如果强等于false，那就是尚未有数据。关闭注册应该是有数据且数据为字符串0
+        if ($register_open === false) {
+            $this->sendResult(array());
+        }else{
+            $array = array(
+                "ldap_open"=>$ldap_open ,
+                "register_open"=>$register_open ,
+                "ldap_form"=>$ldap_form ,
+                );
+            $this->sendResult($array);
+        }
+
+    }
+
+    public function checkLdapLogin(){
+            $username = 'admin';
+            $password = '123456';
+
+            $ldap_open = D("Options")->get("ldap_open" ) ;
+            $ldap_form = D("Options")->get("ldap_form" ) ;
+            $ldap_form = json_decode($ldap_form,1);
+            if (!$ldap_open) {
+                return ;
+            }
+            $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']);//建立与 LDAP 服务器的连接
+            if (!$ldap_conn) {
+               $this->sendError(10011,"Can't connect to LDAP server");
+               return ;
+            }
+            ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']);
+            $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']);//与服务器绑定 用户登录验证 成功返回1 
+            if (!$rs) {
+               $this->sendError(10011,"Can't bind to LDAP server");
+               return ;
+            }
+
+            $result = ldap_search($ldap_conn,$ldap_form['base_dn'],"(cn=*)");
+            $data = ldap_get_entries($ldap_conn, $result);
+            for ($i=0; $i<$data["count"]; $i++) {
+                $ldap_user = $data[$i]["cn"][0] ;
+                $dn = $data[$i]["dn"] ;
+                if ($ldap_user == $username) {
+                    //如果该用户不在数据库里，则帮助其注册
+                    $userInfo = D("User")->isExist($username) ;
+                    if(!$userInfo){
+                        D("User")->register($ldap_user,$ldap_user.time());
+                    }
+                    $rs2=ldap_bind($ldap_conn, $dn , $password);
+                    if ($rs2) {
+                       D("User")->updatePwd($userInfo['uid'], $password);
+                       $this->sendResult(array());
+                       return ;
+                    }
+                }
+            }
+           $this->sendError(10011,"用户名或者密码错误");
+    }
+
+}

server/Application/Api/Controller/BaseController.class.php

@@ -25,6 +25,13 @@ class BaseController extends Controller {
 		//检测数据库文件是否有可写权限
 		$this->checkDbWhitable();
 
+		//为了兼容纯json请求
+		if (strstr($_SERVER['CONTENT_TYPE'],"json")) {
+			$json = file_get_contents('php://input');
+			$array = json_decode($json,1);
+			$_POST = array_merge($_POST,$array) ;
+		}
+		
     }
 
 

server/Application/Api/Controller/UserController.class.php

@@ -10,6 +10,11 @@ class UserController extends BaseController {
         $password = I("password");
         $confirm_password = I("confirm_password");
         $v_code = I("v_code");
+        $register_open = D("Options")->get("register_open" ) ;
+        if ($register_open === '0') {
+           $this->sendError(10101,"管理员已关闭注册");
+           return ;
+        }
         if (C('CloseVerify') || $v_code && $v_code == session('v_code') ) {
         session('v_code',null) ;
         if ( $password != '' && $password == $confirm_password) {
@@ -55,6 +60,10 @@ class UserController extends BaseController {
         }
         session('v_code',null) ;
         $ret = D("User")->checkLogin($username,$password);
+        //如果失败则尝试ldap登录
+        if (!$ret) {
+            $ret = D("User")->checkLdapLogin($username,$password);
+        }
         if ($ret) {
           unset($ret['password']);
           session("login_user" , $ret );

server/Application/Api/Model/OptionsModel.class.php

@@ -0,0 +1,22 @@
+<?php
+namespace Api\Model;
+use Api\Model\BaseModel;
+
+class OptionsModel extends BaseModel {
+
+    //
+    public function get($option_name){
+        $res = $this->where(" option_name = '%s' " ,array($option_name))->find();
+        if ($res) {
+            return $res['option_value'] ;
+        }
+        return false;
+    }
+
+    //
+    public function set($option_name,$option_value){
+        $sql = " replace into  options (option_name , option_value ) values ('$option_name' , '$option_value')";
+        return $this->execute($sql);;
+    }    
+    
+}

server/Application/Api/Model/UserModel.class.php

@@ -59,5 +59,45 @@ class UserModel extends BaseModel {
         $return = D("User")->where("uid = '$uid' ")->delete();
         return $return ;
     }
+    //检测ldap登录
+    public function checkLdapLogin($username ,$password ){
+            $ldap_open = D("Options")->get("ldap_open" ) ;
+            $ldap_form = D("Options")->get("ldap_form" ) ;
+            $ldap_form = json_decode($ldap_form,1);
+            if (!$ldap_open) {
+                return false;
+            }
+            $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']);//建立与 LDAP 服务器的连接
+            if (!$ldap_conn) {
+               return false;
+            }
+            ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']);
+            $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']);//与服务器绑定 用户登录验证 成功返回1 
+            if (!$rs) {
+               return false ;
+            }
+
+            $result = ldap_search($ldap_conn,$ldap_form['base_dn'],"(cn=*)");
+            $data = ldap_get_entries($ldap_conn, $result);
+            for ($i=0; $i<$data["count"]; $i++) {
+                $ldap_user = $data[$i]["cn"][0] ;
+                $dn = $data[$i]["dn"] ;
+                if ($ldap_user == $username) {
+                    //如果该用户不在数据库里，则帮助其注册
+                    $userInfo = D("User")->isExist($username) ;
+                    if(!$userInfo){
+                        D("User")->register($ldap_user,$ldap_user.time());
+                    }
+                    $rs2=ldap_bind($ldap_conn, $dn , $password);
+                    if ($rs2) {
+                       D("User")->updatePwd($userInfo['uid'], $password);
+                       return $this->checkLogin($username,$password);
+                    }
+                }
+            }
+
+            return false ;
+
+    }
 
 }

web_src/src/components/admin/Index.vue

@@ -20,11 +20,15 @@
           active-text-color="#ffd04b">
           <el-menu-item index="1">
             <i class="el-icon-info"></i>
-            <span slot="title">{{$t('user_management')}}</span>
+            <span slot="title">{{$t('user_manage')}}</span>
           </el-menu-item>
           <el-menu-item index="2">
             <i class="el-icon-tickets"></i>
-            <span slot="title">{{$t('item_management')}}</span>
+            <span slot="title">{{$t('item_manage')}}</span>
+          </el-menu-item>
+          <el-menu-item index="3">
+            <i class="el-icon-tickets"></i>
+            <span slot="title">{{$t('web_setting')}}</span>
           </el-menu-item>
         </el-menu>
 
@@ -34,7 +38,7 @@
 
             <User v-if="open_menu_index == 1 "> </User>
             <Item v-if="open_menu_index == 2 "> </Item> 
-            
+             <Setting v-if="open_menu_index == 3 "> </Setting> 
 
         </el-main>
           <el-footer>
@@ -122,6 +126,7 @@
 <script>
 import Item from '@/components/admin/item/Index'
 import User from '@/components/admin/user/Index'
+import Setting from '@/components/admin/setting/Index'
 
 export default {
   data() {
@@ -132,6 +137,7 @@ export default {
   components:{
     Item,
     User,
+     Setting,
   },
   methods:{
     select_menu(index,indexPath){

web_src/src/components/admin/setting/Index.vue

@@ -0,0 +1,147 @@
+<template>
+
+<div class="hello">
+      <el-form ref="form" :model="form" label-width="150px">
+
+      </el-form-item>
+
+      <el-form-item label="开放用户注册">
+        <el-switch v-model="form.register_open"></el-switch>
+      </el-form-item>
+      <!-- 待支持
+      <el-form-item label="所有人可以新建项目">
+        <el-switch v-model="form.register_open"></el-switch>
+      </el-form-item>
+
+      <el-form-item label="网站首页设置为">
+          <el-select v-model="form.home_page" placeholder="请选择">
+            <el-option label="全屏介绍页" value="1"></el-option>
+            <el-option label="展示全站项目" value="2"></el-option>
+          </el-select>
+      </el-form-item>
+      -->
+      <el-form-item :label="$t('ldap_open_label')">
+        <el-switch v-model="form.ldap_open"></el-switch>
+      </el-form-item>
+
+      <div v-if="form.ldap_open" style="margin-left:50px" >
+
+        <el-form-item label="ldap host">
+           <el-input v-model="form.ldap_form.host" placeholder=""  class="form-el"></el-input>
+        </el-form-item>
+
+        <el-form-item label="ldap port">
+          <el-input v-model="form.ldap_form.port" placeholder="" style="width:90px"></el-input>
+        </el-form-item>
+
+
+
+        <el-form-item label="ldap base dn ">
+          <el-input v-model="form.ldap_form.base_dn" placeholder="" class="form-el" placeholder="例如 dc=showdoc,dc=com"></el-input>
+        </el-form-item>
+
+        <el-form-item label="ldap bind dn ">
+          <el-input v-model="form.ldap_form.bind_dn" placeholder="" class="form-el" placeholder="cn=admin,dc=showdoc,dc=com"></el-input>
+        </el-form-item>
+
+        <el-form-item label="ldap bind password ">
+          <el-input v-model="form.ldap_form.bind_password" placeholder="" class="form-el" placeholder="例如 123456"></el-input>
+        </el-form-item>
+
+        <el-form-item label="ldap version">
+            <el-select v-model="form.ldap_form.version" placeholder="" class="form-el">
+              <el-option label="3" value="3"></el-option>
+              <el-option label="2" value="2"></el-option>
+            </el-select>
+        </el-form-item>
+
+        <!-- 
+        <el-form-item label="作为用户名的属性">
+          <el-input v-model="form.ldap_form.uid_field" placeholder=""class="form-el" placeholder="例如 sAMAccountName"></el-input>
+        </el-form-item>
+        -->
+      </div>
+
+
+
+      <el-form-item >
+        <el-button type="primary" @click="onSubmit">{{$t('save')}}</el-button>
+        <el-button>{{$t('cancel')}}</el-button>
+      </el-form-item>
+    </el-form>
+</div>
+
+</template>
+
+<style scoped>
+  .form-el{
+    width: 230px;
+  }
+
+
+</style>
+
+<script>
+
+export default {
+  data() {
+    return {
+      form:{
+        register_open:true,
+        ldap_open:false,
+        home_page:'1',
+        ldap_form:{
+          "host":'',
+          "port":'389',
+          "version":"3",
+          "base_dn":'',
+          "bind_dn":'',
+          "bind_password":'',
+          "uid_field":'sAMAccountName',
+        }
+      }
+    };
+  },
+  methods:{
+
+    onSubmit(){
+      var url = DocConfig.server+'/api/adminSetting/saveConfig';
+      this.axios.post(url, this.form)
+        .then( (response) =>{
+          if (response.data.error_code === 0 ) {
+              this.$alert(this.$t("success"));
+          }else{
+            this.$alert(response.data.error_message);
+          }
+          
+        });
+    },
+    loadConfig(){
+      var url = DocConfig.server+'/api/adminSetting/loadConfig';
+      this.axios.post(url, this.form)
+        .then( (response) =>{
+          if (response.data.error_code === 0 ) {
+            if (response.data.data.length === 0) {
+              return ;
+            };
+            this.form.register_open =   response.data.data.register_open > 0 ? true :false ;
+            this.form.ldap_open =   response.data.data.ldap_open > 0 ? true :false ;
+            this.form.ldap_form =   response.data.data.ldap_form  ;
+          }else{
+            this.$alert(response.data.error_message);
+          }
+          
+        });
+    }
+
+  },
+  mounted () {
+    this.loadConfig();
+  },
+  beforeDestroy(){
+    this.$message.closeAll();
+    /*去掉添加的背景色*/
+    document.body.removeAttribute("class","grey-bg");
+  }
+}
+</script>

web_src/static/lang/en.js

@@ -242,4 +242,10 @@ exports.default = {
 
     "copy_link":"copy link",
     "copy_success":"copy success",
+
+    "user_manage":"user manage",
+    "item_manage":"item manage",
+    "web_setting":"web setting",
+    "register_open_label":"register open",
+    "ldap_open_label":"ldap login",
 };

web_src/static/lang/zh-CN.js

@@ -249,4 +249,10 @@ exports.default = {
     "copy_link":"复制链接",
     "copy_success":"复制成功",
     
+    "user_manage":"用户管理",
+    "item_manage":"项目管理",
+    "web_setting":"站点设置",
+    "register_open_label":"开放用户注册",
+    "ldap_open_label":"启用ldap登录",
+
 };