mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 02:02:41 +01:00
Provide bin/auth ldap
for LDAP diagnostics
Summary: Ref T1536. Test Plan: Ran `bin/auth ldap`. Reviewers: mbishopim3, chad Reviewed By: mbishopim3 CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6218
This commit is contained in:
parent
fded36cc21
commit
c0cc7bbfdf
4 changed files with 100 additions and 21 deletions
|
@ -15,7 +15,8 @@ EOSYNOPSIS
|
||||||
$args->parseStandardArguments();
|
$args->parseStandardArguments();
|
||||||
|
|
||||||
$workflows = array(
|
$workflows = array(
|
||||||
new PhabricatorAuthManagementListWorkflow(),
|
new PhabricatorAuthManagementRecoverWorkflow(),
|
||||||
|
new PhabricatorAuthManagementLDAPWorkflow(),
|
||||||
new PhutilHelpArgumentWorkflow(),
|
new PhutilHelpArgumentWorkflow(),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -823,6 +823,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
||||||
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
||||||
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
||||||
|
'PhabricatorAuthManagementLDAPWorkflow' => 'applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php',
|
||||||
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
|
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
|
||||||
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
|
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
|
||||||
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
||||||
|
@ -2707,6 +2708,7 @@ phutil_register_library_map(array(
|
||||||
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
||||||
),
|
),
|
||||||
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
||||||
|
'PhabricatorAuthManagementLDAPWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||||
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||||
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
|
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
|
||||||
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
||||||
|
|
|
@ -0,0 +1,71 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthManagementLDAPWorkflow
|
||||||
|
extends PhabricatorAuthManagementWorkflow {
|
||||||
|
|
||||||
|
protected function didConstruct() {
|
||||||
|
$this
|
||||||
|
->setName('ldap')
|
||||||
|
->setExamples('**ldap**')
|
||||||
|
->setSynopsis(
|
||||||
|
pht('Analyze and diagnose issues with LDAP configuration.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute(PhutilArgumentParser $args) {
|
||||||
|
$console = PhutilConsole::getConsole();
|
||||||
|
$console->getServer()->setEnableLog(true);
|
||||||
|
|
||||||
|
$provider = new PhabricatorAuthProviderLDAP();
|
||||||
|
if (!$provider->isEnabled()) {
|
||||||
|
$console->writeOut(
|
||||||
|
"%s\n",
|
||||||
|
"The LDAP authentication provider is not enabled.");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!function_exists('ldap_connect')) {
|
||||||
|
$console->writeOut(
|
||||||
|
"%s\n",
|
||||||
|
"The LDAP extension is not enabled.");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
$adapter = $provider->getAdapter();
|
||||||
|
$adapter->setConsole($console);
|
||||||
|
|
||||||
|
$console->writeOut("%s\n", pht('LDAP CONFIGURATION'));
|
||||||
|
$adapter->printConfiguration();
|
||||||
|
|
||||||
|
$console->writeOut("%s\n", pht('Enter LDAP Credentials'));
|
||||||
|
$username = phutil_console_prompt("LDAP Username: ");
|
||||||
|
if (!strlen($username)) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht("You must enter an LDAP username."));
|
||||||
|
}
|
||||||
|
|
||||||
|
phutil_passthru('stty -echo');
|
||||||
|
$password = phutil_console_prompt("LDAP Password: ");
|
||||||
|
phutil_passthru('stty echo');
|
||||||
|
|
||||||
|
if (!strlen($password)) {
|
||||||
|
throw new PhutilArgumentUsageException(
|
||||||
|
pht("You must enter an LDAP password."));
|
||||||
|
}
|
||||||
|
|
||||||
|
$adapter->setLoginUsername($username);
|
||||||
|
$adapter->setLoginPassword(new PhutilOpaqueEnvelope($password));
|
||||||
|
|
||||||
|
$console->writeOut("\n");
|
||||||
|
$console->writeOut("%s\n", pht('Connecting to LDAP...'));
|
||||||
|
|
||||||
|
$account_id = $adapter->getAccountID();
|
||||||
|
if ($account_id) {
|
||||||
|
$console->writeOut("%s\n", pht('Found LDAP Account: %s', $account_id));
|
||||||
|
} else {
|
||||||
|
$console->writeOut("%s\n", pht('Unable to find LDAP account!'));
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -180,6 +180,9 @@ abstract class PhabricatorAuthProvider {
|
||||||
$account->setEmail($adapter->getAccountEmail());
|
$account->setEmail($adapter->getAccountEmail());
|
||||||
$account->setAccountURI($adapter->getAccountURI());
|
$account->setAccountURI($adapter->getAccountURI());
|
||||||
|
|
||||||
|
$account->setProfileImagePHID(null);
|
||||||
|
$image_uri = $adapter->getAccountImageURI();
|
||||||
|
if ($image_uri) {
|
||||||
try {
|
try {
|
||||||
$name = PhabricatorSlug::normalize($this->getProviderName());
|
$name = PhabricatorSlug::normalize($this->getProviderName());
|
||||||
$name = $name.'-profile.jpg';
|
$name = $name.'-profile.jpg';
|
||||||
|
@ -188,9 +191,6 @@ abstract class PhabricatorAuthProvider {
|
||||||
// file entry for it, but there's no convenient way to do this with
|
// file entry for it, but there's no convenient way to do this with
|
||||||
// PhabricatorFile right now. The storage will get shared, so the impact
|
// PhabricatorFile right now. The storage will get shared, so the impact
|
||||||
// here is negligible.
|
// here is negligible.
|
||||||
|
|
||||||
$image_uri = $adapter->getAccountImageURI();
|
|
||||||
|
|
||||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||||
$image_file = PhabricatorFile::newFromFileDownload(
|
$image_file = PhabricatorFile::newFromFileDownload(
|
||||||
$image_uri,
|
$image_uri,
|
||||||
|
@ -199,9 +199,14 @@ abstract class PhabricatorAuthProvider {
|
||||||
));
|
));
|
||||||
unset($unguarded);
|
unset($unguarded);
|
||||||
|
|
||||||
|
if ($image_file) {
|
||||||
$account->setProfileImagePHID($image_file->getPHID());
|
$account->setProfileImagePHID($image_file->getPHID());
|
||||||
|
}
|
||||||
} catch (Exception $ex) {
|
} catch (Exception $ex) {
|
||||||
$account->setProfileImagePHID(null);
|
// Log this but proceed, it's not especially important that we
|
||||||
|
// be able to pull profile images.
|
||||||
|
phlog($ex);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->willSaveAccount($account);
|
$this->willSaveAccount($account);
|
||||||
|
|
Loading…
Reference in a new issue