From daf7d79a21d8ffe45f65b7357dbed8478ec0387c Mon Sep 17 00:00:00 2001 From: James Cole Date: Sun, 9 May 2021 06:40:21 +0200 Subject: [PATCH] Remove old files. --- app/Scopes/LdapFilterScope.php | 47 ---- config/xldap.php | 294 ------------------------ config/xldap_auth.php | 394 --------------------------------- 3 files changed, 735 deletions(-) delete mode 100644 app/Scopes/LdapFilterScope.php delete mode 100644 config/xldap.php delete mode 100644 config/xldap_auth.php diff --git a/app/Scopes/LdapFilterScope.php b/app/Scopes/LdapFilterScope.php deleted file mode 100644 index 0def667abe..0000000000 --- a/app/Scopes/LdapFilterScope.php +++ /dev/null @@ -1,47 +0,0 @@ -. - */ - -declare(strict_types=1); - -namespace FireflyIII\Scopes; - -use Adldap\Laravel\Scopes\ScopeInterface; -use Adldap\Query\Builder; - -// @phpstan-ignore-next-line -class LdapFilterScope implements ScopeInterface // @phpstan-ignore-line -{ - /** - * If the ADLDAP_AUTH_FILTER is provided, apply the filter to the LDAP query. - * - * @param Builder $query - * - * @return void - */ - public function apply(Builder $query) - { - $filter = (string)config('ldap_auth.custom_filter'); - if ('' !== $filter) { - $query->rawFilter($filter); - } - } -} diff --git a/config/xldap.php b/config/xldap.php deleted file mode 100644 index 1c2d1b52be..0000000000 --- a/config/xldap.php +++ /dev/null @@ -1,294 +0,0 @@ -. - */ - -declare(strict_types=1); - -use Adldap\Schemas\ActiveDirectory; -use Adldap\Schemas\FreeIPA; -use Adldap\Schemas\OpenLDAP; - -/* - * Get schema from .env file. - */ -$schema = OpenLDAP::class; - -if ('FreeIPA' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) { - $schema = FreeIPA::class; -} -if ('ActiveDirectory' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) { - $schema = ActiveDirectory::class; -} - -/* - * Get SSL parameters from .env file. - */ -$ssl_ca_dir = envNonEmpty('ADLDAP_SSL_CACERTDIR', null); -$ssl_ca_file = envNonEmpty('ADLDAP_SSL_CACERTFILE', null); -$ssl_cert = envNonEmpty('ADLDAP_SSL_CERTFILE', null); -$ssl_key = envNonEmpty('ADLDAP_SSL_KEYFILE', null); -$ssl_ciphers = envNonEmpty('ADLDAP_SSL_CIPHER_SUITE', null); -$ssl_require = envNonEmpty('ADLDAP_SSL_REQUIRE_CERT', null); - -$sslOptions = []; -if (null !== $ssl_ca_dir) { - $sslOptions[LDAP_OPT_X_TLS_CACERTDIR] = $ssl_ca_dir; -} -if (null !== $ssl_ca_file) { - $sslOptions[LDAP_OPT_X_TLS_CACERTFILE] = $ssl_ca_file; -} -if (null !== $ssl_cert) { - $sslOptions[LDAP_OPT_X_TLS_CERTFILE] = $ssl_cert; -} -if (null !== $ssl_key) { - $sslOptions[LDAP_OPT_X_TLS_KEYFILE] = $ssl_key; -} -if (null !== $ssl_ciphers) { - $sslOptions[LDAP_OPT_X_TLS_CIPHER_SUITE] = $ssl_ciphers; -} -if (null !== $ssl_require) { - $sslOptions[LDAP_OPT_X_TLS_REQUIRE_CERT] = $ssl_require; -} - -return [ - /* - |-------------------------------------------------------------------------- - | Connections - |-------------------------------------------------------------------------- - | - | This array stores the connections that are added to Adldap. You can add - | as many connections as you like. - | - | The key is the name of the connection you wish to use and the value is - | an array of configuration settings. - | - */ - 'connections' => [ - - 'default' => [ - - /* - |-------------------------------------------------------------------------- - | Auto Connect - |-------------------------------------------------------------------------- - | - | If auto connect is true, Adldap will try to automatically connect to - | your LDAP server in your configuration. This allows you to assume - | connectivity rather than having to connect manually - | in your application. - | - | If this is set to false, you **must** connect manually before running - | LDAP operations. - | - */ - - 'auto_connect' => env('ADLDAP_AUTO_CONNECT', true), - - /* - |-------------------------------------------------------------------------- - | Connection - |-------------------------------------------------------------------------- - | - | The connection class to use to run raw LDAP operations on. - | - | Custom connection classes must implement: - | - | Adldap\Connections\ConnectionInterface - | - */ - - 'connection' => Adldap\Connections\Ldap::class, - - /* - |-------------------------------------------------------------------------- - | Connection Settings - |-------------------------------------------------------------------------- - | - | This connection settings array is directly passed into the Adldap constructor. - | - | Feel free to add or remove settings you don't need. - | - */ - - 'settings' => [ - - /* - |-------------------------------------------------------------------------- - | Schema - |-------------------------------------------------------------------------- - | - | The schema class to use for retrieving attributes and generating models. - | - | You can also set this option to `null` to use the default schema class. - | - | For OpenLDAP, you must use the schema: - | - | Adldap\Schemas\OpenLDAP::class - | - | For FreeIPA, you must use the schema: - | - | Adldap\Schemas\FreeIPA::class - | - | Custom schema classes must implement Adldap\Schemas\SchemaInterface - | - */ - - 'schema' => $schema, - - /* - |-------------------------------------------------------------------------- - | Account Prefix - |-------------------------------------------------------------------------- - | - | The account prefix option is the prefix of your user accounts in LDAP directory. - | - | This string is prepended to authenticating users usernames. - | - */ - - 'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''), - - /* - |-------------------------------------------------------------------------- - | Account Suffix - |-------------------------------------------------------------------------- - | - | The account suffix option is the suffix of your user accounts in your LDAP directory. - | - | This string is appended to authenticating users usernames. - | - */ - - 'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''), - - /* - |-------------------------------------------------------------------------- - | Domain Controllers - |-------------------------------------------------------------------------- - | - | The domain controllers option is an array of servers located on your - | network that serve Active Directory. You can insert as many servers or - | as little as you'd like depending on your forest (with the - | minimum of one of course). - | - | These can be IP addresses of your server(s), or the host name. - | - */ - - 'hosts' => explode(' ', env('ADLDAP_CONTROLLERS', '127.0.0.1')), - - /* - |-------------------------------------------------------------------------- - | Port - |-------------------------------------------------------------------------- - | - | The port option is used for authenticating and binding to your LDAP server. - | - */ - - 'port' => env('ADLDAP_PORT', 389), - - /* - |-------------------------------------------------------------------------- - | Timeout - |-------------------------------------------------------------------------- - | - | The timeout option allows you to configure the amount of time in - | seconds that your application waits until a response - | is received from your LDAP server. - | - */ - - 'timeout' => env('ADLDAP_TIMEOUT', 5), - - /* - |-------------------------------------------------------------------------- - | Base Distinguished Name - |-------------------------------------------------------------------------- - | - | The base distinguished name is the base distinguished name you'd - | like to perform query operations on. An example base DN would be: - | - | dc=corp,dc=acme,dc=org - | - | A correct base DN is required for any query results to be returned. - | - */ - - 'base_dn' => env('ADLDAP_BASEDN', 'dc=temp'), - - /* - |-------------------------------------------------------------------------- - | Administrator Username & Password - |-------------------------------------------------------------------------- - | - | When connecting to your LDAP server, a username and password is required - | to be able to query and run operations on your server(s). You can - | use any user account that has these permissions. This account - | does not need to be a domain administrator unless you - | require changing and resetting user passwords. - | - */ - - 'username' => env('ADLDAP_ADMIN_USERNAME', ''), - 'password' => env('ADLDAP_ADMIN_PASSWORD', ''), - - /* - |-------------------------------------------------------------------------- - | Follow Referrals - |-------------------------------------------------------------------------- - | - | The follow referrals option is a boolean to tell active directory - | to follow a referral to another server on your network if the - | server queried knows the information your asking for exists, - | but does not yet contain a copy of it locally. - | - | This option is defaulted to false. - | - */ - - 'follow_referrals' => env('ADLDAP_FOLLOW_REFFERALS', false), - - /* - |-------------------------------------------------------------------------- - | SSL & TLS - |-------------------------------------------------------------------------- - | - | If you need to be able to change user passwords on your server, then an - | SSL or TLS connection is required. All other operations are allowed - | on unsecured protocols. - | - | One of these options are definitely recommended if you - | have the ability to connect to your server securely. - | - */ - - 'use_ssl' => env('ADLDAP_USE_SSL', false), - 'use_tls' => env('ADLDAP_USE_TLS', false), - - 'custom_options' => $sslOptions, - ], - - ], - - ], - -]; diff --git a/config/xldap_auth.php b/config/xldap_auth.php deleted file mode 100644 index 446b9c831a..0000000000 --- a/config/xldap_auth.php +++ /dev/null @@ -1,394 +0,0 @@ -. - */ - -declare(strict_types=1); - -use FireflyIII\Scopes\LdapFilterScope; - -use Adldap\Laravel\Events\Authenticated; -use Adldap\Laravel\Events\AuthenticatedModelTrashed; -use Adldap\Laravel\Events\AuthenticatedWithWindows; -use Adldap\Laravel\Events\Authenticating; -use Adldap\Laravel\Events\AuthenticationFailed; -use Adldap\Laravel\Events\AuthenticationRejected; -use Adldap\Laravel\Events\AuthenticationSuccessful; -use Adldap\Laravel\Events\DiscoveredWithCredentials; -use Adldap\Laravel\Events\Importing; -use Adldap\Laravel\Events\Synchronized; -use Adldap\Laravel\Events\Synchronizing; -use Adldap\Laravel\Listeners\LogAuthenticated; -use Adldap\Laravel\Listeners\LogAuthentication; -use Adldap\Laravel\Listeners\LogAuthenticationFailure; -use Adldap\Laravel\Listeners\LogAuthenticationRejection; -use Adldap\Laravel\Listeners\LogAuthenticationSuccess; -use Adldap\Laravel\Listeners\LogDiscovery; -use Adldap\Laravel\Listeners\LogImport; -use Adldap\Laravel\Listeners\LogSynchronized; -use Adldap\Laravel\Listeners\LogSynchronizing; -use Adldap\Laravel\Listeners\LogTrashedModel; -use Adldap\Laravel\Listeners\LogWindowsAuth; -use Adldap\Laravel\Scopes\UidScope; -use Adldap\Laravel\Scopes\UpnScope; - -// default OpenLDAP scopes. -$scopes = [ - LdapFilterScope::class, - UidScope::class, -]; -if ('FreeIPA' === env('ADLDAP_CONNECTION_SCHEME')) { - $scopes = [ - LdapFilterScope::class, - ]; -} -if ('ActiveDirectory' === env('ADLDAP_CONNECTION_SCHEME')) { - $scopes = [ - LdapFilterScope::class, - UpnScope::class, - ]; -} - -return [ - /* - |-------------------------------------------------------------------------- - | Connection - |-------------------------------------------------------------------------- - | - | The LDAP connection to use for laravel authentication. - | - | You must specify connections in your `config/adldap.php` configuration file. - | - | This must be a string. - | - */ - - 'connection' => envNonEmpty('ADLDAP_CONNECTION', 'default'), - - /* - |-------------------------------------------------------------------------- - | Provider - |-------------------------------------------------------------------------- - | - | The LDAP authentication provider to use depending - | if you require database synchronization. - | - | For synchronizing LDAP users to your local applications database, use the provider: - | - | Adldap\Laravel\Auth\DatabaseUserProvider::class - | - | Otherwise, if you just require LDAP authentication, use the provider: - | - | Adldap\Laravel\Auth\NoDatabaseUserProvider::class - | - */ - - 'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class, - //'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class, - - /* - |-------------------------------------------------------------------------- - | Model - |-------------------------------------------------------------------------- - | - | The model to utilize for authentication and importing. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'model' => FireflyIII\User::class, - - /* - |-------------------------------------------------------------------------- - | Rules - |-------------------------------------------------------------------------- - | - | Rules allow you to control user authentication requests depending on scenarios. - | - | You can create your own rules and insert them here. - | - | All rules must extend from the following class: - | - | Adldap\Laravel\Validation\Rules\Rule - | - */ - - 'rules' => [ - - // Denys deleted users from authenticating. - Adldap\Laravel\Validation\Rules\DenyTrashed::class, - - // Allows only manually imported users to authenticate. - // Adldap\Laravel\Validation\Rules\OnlyImported::class, - - ], - - /* - |-------------------------------------------------------------------------- - | Scopes - |-------------------------------------------------------------------------- - | - | Scopes allow you to restrict the LDAP query that locates - | users upon import and authentication. - | - | All scopes must implement the following interface: - | - | Adldap\Laravel\Scopes\ScopeInterface - |[ - - // Only allows users with a user principal name to authenticate. - // Remove this if you're using OpenLDAP. - //Adldap\Laravel\Scopes\UpnScope::class, - - // Only allows users with a uid to authenticate. - // Uncomment if you're using OpenLDAP. - Adldap\Laravel\Scopes\UidScope::class, - - ], - */ - - 'scopes' => $scopes, - - 'identifiers' => [ - - /* - |-------------------------------------------------------------------------- - | LDAP - |-------------------------------------------------------------------------- - | - | Discover: - | - | The discover value is the users attribute you would - | like to locate LDAP users by in your directory. - | - | For example, using the default configuration below, if you're - | authenticating users with an email address, your LDAP server - | will be queried for a user with the a `userprincipalname` - | equal to the entered email address. - | - | Authenticate: - | - | The authenticate value is the users attribute you would - | like to use to bind to your LDAP server. - | - | For example, when a user is located by the above 'discover' - | attribute, the users attribute you specify below will - | be used as the username to bind to your LDAP server. - | - */ - - 'ldap' => [ - - 'locate_users_by' => envNonEmpty('ADLDAP_DISCOVER_FIELD', 'userprincipalname'), - 'bind_users_by' => envNonEmpty('ADLDAP_AUTH_FIELD', 'distinguishedname'), - - ], - - /* - |-------------------------------------------------------------------------- - | Eloquent - |-------------------------------------------------------------------------- - | - | The value you enter is the database column name used for locating - | the local database record of the authenticating user. - | - | If you're using a `username` column instead, change this to `username`. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'eloquent' => 'email', - - /* - |-------------------------------------------------------------------------- - | Windows Authentication Middleware (SSO) - |-------------------------------------------------------------------------- - | - | Enabled: - | - | The middleware will be registered only if enabled is set to true. - | If you update this file, beware, this is not a standard - | AdLdap2-Laravel configuration key. - | - | Locate Users By: - | - | This value is the users attribute you would like to locate LDAP - | users by in your directory. - | - | For example, if 'samaccountname' is the value, then your LDAP server is - | queried for a user with the 'samaccountname' equal to the value of - | $_SERVER['AUTH_USER']. - | - | If a user is found, they are imported (if using the DatabaseUserProvider) - | into your local database, then logged in. - | - | Server Key: - | - | This value represents the 'key' of the $_SERVER - | array to pull the users account name from. - | - | For example, $_SERVER['AUTH_USER']. - | - */ - - 'windows' => [ - 'enabled' => false, - 'locate_users_by' => 'samaccountname', - 'server_key' => 'AUTH_USER', - ], - ], - - 'passwords' => [ - - /* - |-------------------------------------------------------------------------- - | Password Sync - |-------------------------------------------------------------------------- - | - | The password sync option allows you to automatically synchronize users - | LDAP passwords to your local database. These passwords are hashed - | natively by Laravel using the bcrypt() method. - | - | Enabling this option would also allow users to login to their accounts - | using the password last used when an LDAP connection was present. - | - | If this option is disabled, the local database account is applied a - | random 16 character hashed password upon every login, and will - | lose access to this account upon loss of LDAP connectivity. - | - | This option must be true or false and is only applicable - | to the DatabaseUserProvider. - | - */ - - 'sync' => env('ADLDAP_PASSWORD_SYNC', false), - - /* - |-------------------------------------------------------------------------- - | Column - |-------------------------------------------------------------------------- - | - | This is the column of your users database table - | that is used to store passwords. - | - | Set this to `null` if you do not have a password column. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'column' => 'password', - - ], - - /* - |-------------------------------------------------------------------------- - | Login Fallback - |-------------------------------------------------------------------------- - | - | The login fallback option allows you to login as a user located on the - | local database if active directory authentication fails. - | - | Set this to true if you would like to enable it. - | - | This option must be true or false and is only - | applicable to the DatabaseUserProvider. - | - */ - - 'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false), - - /* - |-------------------------------------------------------------------------- - | Sync Attributes - |-------------------------------------------------------------------------- - | - | Attributes specified here will be added / replaced on the user model - | upon login, automatically synchronizing and keeping the attributes - | up to date. - | - | The array key represents the users Laravel model key, and - | the value represents the users LDAP attribute. - | - | This option must be an array and is only applicable - | to the DatabaseUserProvider. - | - */ - - 'sync_attributes' => [ - - 'email' => envNonEmpty('ADLDAP_SYNC_FIELD', 'userprincipalname'), - - ], - - /* - |-------------------------------------------------------------------------- - | Logging - |-------------------------------------------------------------------------- - | - | User authentication attempts will be logged using Laravel's - | default logger if this setting is enabled. - | - | No credentials are logged, only usernames. - | - | This is usually stored in the '/storage/logs' directory - | in the root of your application. - | - | This option is useful for debugging as well as auditing. - | - | You can freely remove any events you would not like to log below, - | as well as use your own listeners if you would prefer. - | - */ - - 'logging' => [ - 'enabled' => true, - 'events' => [ - - Importing::class => LogImport::class, - Synchronized::class => LogSynchronized::class, - Synchronizing::class => LogSynchronizing::class, - Authenticated::class => LogAuthenticated::class, - Authenticating::class => LogAuthentication::class, - AuthenticationFailed::class => LogAuthenticationFailure::class, - AuthenticationRejected::class => LogAuthenticationRejection::class, - AuthenticationSuccessful::class => LogAuthenticationSuccess::class, - DiscoveredWithCredentials::class => LogDiscovery::class, - AuthenticatedWithWindows::class => LogWindowsAuth::class, - AuthenticatedModelTrashed::class => LogTrashedModel::class, - - ], - ], - - /* - |-------------------------------------------------------------------------- - | Custom LDAP Filter - |-------------------------------------------------------------------------- - | - | This value can be optionally provided to restrict LDAP queries to the - | given filter. It should be in LDAP filter format, and will be - | applied in the LdapFilterScope. - | - */ - 'custom_filter' => env('ADLDAP_AUTH_FILTER', ''), - -];