mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
Provide bin/auth ldap
for LDAP diagnostics
Summary: Ref T1536. Test Plan: Ran `bin/auth ldap`. Reviewers: mbishopim3, chad Reviewed By: mbishopim3 CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6218
This commit is contained in:
parent
fded36cc21
commit
c0cc7bbfdf
4 changed files with 100 additions and 21 deletions
|
@ -15,7 +15,8 @@ EOSYNOPSIS
|
|||
$args->parseStandardArguments();
|
||||
|
||||
$workflows = array(
|
||||
new PhabricatorAuthManagementListWorkflow(),
|
||||
new PhabricatorAuthManagementRecoverWorkflow(),
|
||||
new PhabricatorAuthManagementLDAPWorkflow(),
|
||||
new PhutilHelpArgumentWorkflow(),
|
||||
);
|
||||
|
||||
|
|
|
@ -823,6 +823,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
||||
'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
|
||||
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
||||
'PhabricatorAuthManagementLDAPWorkflow' => 'applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php',
|
||||
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
|
||||
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
|
||||
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
|
||||
|
@ -2707,6 +2708,7 @@ phutil_register_library_map(array(
|
|||
1 => 'PhabricatorApplicationSearchResultsControllerInterface',
|
||||
),
|
||||
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
||||
'PhabricatorAuthManagementLDAPWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
|
||||
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
|
||||
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorAuthManagementLDAPWorkflow
|
||||
extends PhabricatorAuthManagementWorkflow {
|
||||
|
||||
protected function didConstruct() {
|
||||
$this
|
||||
->setName('ldap')
|
||||
->setExamples('**ldap**')
|
||||
->setSynopsis(
|
||||
pht('Analyze and diagnose issues with LDAP configuration.'));
|
||||
}
|
||||
|
||||
public function execute(PhutilArgumentParser $args) {
|
||||
$console = PhutilConsole::getConsole();
|
||||
$console->getServer()->setEnableLog(true);
|
||||
|
||||
$provider = new PhabricatorAuthProviderLDAP();
|
||||
if (!$provider->isEnabled()) {
|
||||
$console->writeOut(
|
||||
"%s\n",
|
||||
"The LDAP authentication provider is not enabled.");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!function_exists('ldap_connect')) {
|
||||
$console->writeOut(
|
||||
"%s\n",
|
||||
"The LDAP extension is not enabled.");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$adapter = $provider->getAdapter();
|
||||
$adapter->setConsole($console);
|
||||
|
||||
$console->writeOut("%s\n", pht('LDAP CONFIGURATION'));
|
||||
$adapter->printConfiguration();
|
||||
|
||||
$console->writeOut("%s\n", pht('Enter LDAP Credentials'));
|
||||
$username = phutil_console_prompt("LDAP Username: ");
|
||||
if (!strlen($username)) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht("You must enter an LDAP username."));
|
||||
}
|
||||
|
||||
phutil_passthru('stty -echo');
|
||||
$password = phutil_console_prompt("LDAP Password: ");
|
||||
phutil_passthru('stty echo');
|
||||
|
||||
if (!strlen($password)) {
|
||||
throw new PhutilArgumentUsageException(
|
||||
pht("You must enter an LDAP password."));
|
||||
}
|
||||
|
||||
$adapter->setLoginUsername($username);
|
||||
$adapter->setLoginPassword(new PhutilOpaqueEnvelope($password));
|
||||
|
||||
$console->writeOut("\n");
|
||||
$console->writeOut("%s\n", pht('Connecting to LDAP...'));
|
||||
|
||||
$account_id = $adapter->getAccountID();
|
||||
if ($account_id) {
|
||||
$console->writeOut("%s\n", pht('Found LDAP Account: %s', $account_id));
|
||||
} else {
|
||||
$console->writeOut("%s\n", pht('Unable to find LDAP account!'));
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
|
@ -180,6 +180,9 @@ abstract class PhabricatorAuthProvider {
|
|||
$account->setEmail($adapter->getAccountEmail());
|
||||
$account->setAccountURI($adapter->getAccountURI());
|
||||
|
||||
$account->setProfileImagePHID(null);
|
||||
$image_uri = $adapter->getAccountImageURI();
|
||||
if ($image_uri) {
|
||||
try {
|
||||
$name = PhabricatorSlug::normalize($this->getProviderName());
|
||||
$name = $name.'-profile.jpg';
|
||||
|
@ -188,9 +191,6 @@ abstract class PhabricatorAuthProvider {
|
|||
// file entry for it, but there's no convenient way to do this with
|
||||
// PhabricatorFile right now. The storage will get shared, so the impact
|
||||
// here is negligible.
|
||||
|
||||
$image_uri = $adapter->getAccountImageURI();
|
||||
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$image_file = PhabricatorFile::newFromFileDownload(
|
||||
$image_uri,
|
||||
|
@ -199,9 +199,14 @@ abstract class PhabricatorAuthProvider {
|
|||
));
|
||||
unset($unguarded);
|
||||
|
||||
if ($image_file) {
|
||||
$account->setProfileImagePHID($image_file->getPHID());
|
||||
}
|
||||
} catch (Exception $ex) {
|
||||
$account->setProfileImagePHID(null);
|
||||
// Log this but proceed, it's not especially important that we
|
||||
// be able to pull profile images.
|
||||
phlog($ex);
|
||||
}
|
||||
}
|
||||
|
||||
$this->willSaveAccount($account);
|
||||
|
|
Loading…
Reference in a new issue