Skip to content

Commit

Permalink
Merge pull request #3 from AdastralGroup/hotfix/ldap-1
Browse files Browse the repository at this point in the history 
Fix LDAP Authentication
  • Loading branch information
@ktwrd
ktwrd authored Oct 31, 2024
2 parents fb40712 + 74df8bf commit 8924426
Show file tree
Hide file tree
Showing 5 changed files with 272 additions and 124 deletions.
39 changes: 26 additions & 13 deletions Adastral.Cockatoo.Common/Settings/CockatooConfig.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -877,32 +877,28 @@ public class CockatooLdapConfig
[XmlElement(nameof(Secure))]
public bool Secure { get; set; } = false;

[InfisicalPath("LDAP")]
[InfisicalKey("UseSsl")]
[EnvironmentKeyName("LDAP_SSL")]
[DefaultValue(false)]
[XmlElement(nameof(UseSsl))]
public bool UseSsl {get;set;} = false;

[InfisicalPath("LDAP")]
[InfisicalKey("BaseDN")]
[EnvironmentKeyName("LDAP_BASEDN")]
[DefaultValue("")]
[XmlElement(nameof(BaseDN))]
public string BaseDN { get; set; } = "";

[InfisicalPath("LDAP")]
[InfisicalKey("SearchQuery")]
[EnvironmentKeyName("LDAP_SEARCH_QUERY")]
[DefaultValue("")]
[XmlElement(nameof(SearchQuery))]
public string SearchQuery { get; set; } = "";

[InfisicalPath("LDAP")]
[InfisicalKey("Attributes")]
[EnvironmentKeyName("LDAP_ATTRIBUTES")]
[XmlElement(nameof(Attributes))]
public string[] Attributes { get; set; } = [];

[InfisicalPath("LDAP")]
[InfisicalKey("SearchQuery")]
[EnvironmentKeyName("LDAP_REQUIRED_GROUP")]
[DefaultValue("")]
[XmlElement(nameof(RequiredGroup))]
public string RequiredGroup { get; set; } = "";
[XmlElement("SearchFilter")]
public CockatooLdapSearchFilter SearchFilter { get; set; } = new();

[XmlElement("Formatting")]
public CockatooLdapFormattingConfig Formatting { get; set; } = new();
Expand All @@ -911,6 +907,23 @@ public class CockatooLdapConfig
public CockatooLdapServiceAccountConfig ServiceAccount { get; set; } = new();
}

[Category("LDAP - Search Filter")]
public class CockatooLdapSearchFilter
{
[InfisicalPath("LDAP")]
[InfisicalKey("SearchFilter")]
[EnvironmentKeyName("LDAP_SEARCH_FILTER")]
[XmlAttribute(nameof(Value))]
[DefaultValue("")]
public string Value { get; set; } = "";

[InfisicalPath("LDAP")]
[InfisicalKey("SearchFilterAttributes")]
[EnvironmentKeyName("LDAP_SEARCH_FILTER_ATTRIBUTES")]
[XmlElement("AttributeItem")]
public string[] Attributes { get; set; } = [];
}

[Category("LDAP - Service Account")]
public class CockatooLdapServiceAccountConfig
{
Expand Down
2 changes: 1 addition & 1 deletion Adastral.Cockatoo.Services.WebApi/Adastral.Cockatoo.Services.WebApi.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

<ItemGroup>
<PackageReference Include="Sentry.AspNetCore" Version="4.12.0" />
<PackageReference Include="Microsoft.Windows.Compatibility" Version="8.0.10" />
<PackageReference Include="Novell.Directory.Ldap.NETStandard" Version="3.6.0" />
</ItemGroup>

</Project>
36 changes: 22 additions & 14 deletions Adastral.Cockatoo.Services.WebApi/Services/AuthWebService.cs
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
using System.Diagnostics;
using System.Security.Claims;
using Adastral.Cockatoo.Common;
using Adastral.Cockatoo.DataAccess.Models;
Expand Down Expand Up @@ -57,8 +58,9 @@ public async Task<bool> IsAuthenticated(HttpContext context)
{
continue;
}
var username = dec.Substring(0, dec.IndexOf(":") + 1);
var password = dec.Substring(dec.IndexOf(":") + 1, dec.Length + dec.IndexOf(":") + 1);
var sepIndex = dec.IndexOf(":") + 1;
var username = dec.Substring(0, Math.Max(sepIndex - 1, 0));
var password = dec.Substring(sepIndex, dec.Length - sepIndex);
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
continue;
var check = await HandleSignInDirect(context, username, password);
Expand Down Expand Up @@ -113,14 +115,14 @@ public bool TryGetTokenModel(HttpRequest request, out ServiceAccountTokenModel?
}
public async Task<UserModel?> GetCurrentUser(HttpContext context)
{
if (TryGetCurrentUserViaToken(context, out var tokenUser))
{
return tokenUser;
}
if (context.User.Identity?.IsAuthenticated ?? false)
{
return await GetOrCreateUser((ClaimsIdentity)context.User.Identity!);
}
else if (TryGetCurrentUserViaToken(context, out var tokenUser))
{
return tokenUser;
}
return null;
}

Expand Down Expand Up @@ -188,11 +190,12 @@ public bool TryGetTokenModel(HttpRequest request, out ServiceAccountTokenModel?
{
continue;
}
var username = dec.Substring(0, dec.IndexOf(":") + 1);
var password = dec.Substring(dec.IndexOf(":") + 1, dec.Length + dec.IndexOf(":") + 1);
var sepIndex = dec.IndexOf(":") + 1;
var username = dec.Substring(0, Math.Max(sepIndex - 1, 0));
var password = dec.Substring(sepIndex, dec.Length - sepIndex);
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
continue;
var check = await HandleSignInDirect(context, username, password);
await HandleSignInDirect(context, username, password);
if (context.User.Identity?.IsAuthenticated ?? false)
{
return await GetOrCreateUser((ClaimsIdentity)context.User.Identity!);
Expand Down Expand Up @@ -232,6 +235,7 @@ public async Task<bool> HandleSignInDirect(HttpContext httpContext, string usern
try
{
await httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal!);
httpContext.User = principal!;
}
catch (Exception ex)
{
Expand All @@ -241,11 +245,15 @@ public async Task<bool> HandleSignInDirect(HttpContext httpContext, string usern
try
{

var claimIdent = principal!.Identities.FirstOrDefault()!;
if (principal!.Identity?.IsAuthenticated ?? false && claimIdent != null)
{
await GetOrCreateUser(claimIdent);
}
var claimIdent = principal!.Identities.FirstOrDefault()!;
if (principal!.Identity?.IsAuthenticated ?? false && claimIdent != null)
{
await GetOrCreateUser(claimIdent);
}
else
{
_log.Warn($"name={item.GetName()}|Weird, user isn't authenticated, but they were successfully signed in?");
}
}
catch (Exception ex)
{
Expand Down
Loading

0 comments on commit 8924426

Please sign in to comment.