From b87faad0c9833f24429c393fa5bd113d14a9ea38 Mon Sep 17 00:00:00 2001
From: Sergio Brighenti <sergio@brighenti.me>
Date: Tue, 31 Mar 2020 17:23:09 +0200
Subject: [PATCH] Improved ldap auth

---
 app/Controllers/Auth/LoginController.php | 16 +++++++++++++---
 composer.json                            |  3 ++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/app/Controllers/Auth/LoginController.php b/app/Controllers/Auth/LoginController.php
index 420f973..8c24509 100644
--- a/app/Controllers/Auth/LoginController.php
+++ b/app/Controllers/Auth/LoginController.php
@@ -53,8 +53,11 @@ class LoginController extends Controller
         $username = param($request, 'username');
         $user = $this->database->query('SELECT `id`, `email`, `username`, `password`,`is_admin`, `active`, `current_disk_quota`, `max_disk_quota` FROM `users` WHERE `username` = ? OR `email` = ? LIMIT 1', [$username, $username])->fetch();
 
-        if ($this->config['ldap']['enabled'] && !$user) {
-            $this->ldapLogin($username, param($request, 'password'), $user);
+        if ($this->config['ldap']['enabled']) {
+            $result = $this->ldapLogin($username, param($request, 'password'), $user);
+            if ($result) {
+                $user = $this->database->query('SELECT `id`, `email`, `username`, `password`,`is_admin`, `active`, `current_disk_quota`, `max_disk_quota` FROM `users` WHERE `username` = ? OR `email` = ? LIMIT 1', [$username, $username])->fetch();
+            }
         }
 
         $validator = ValidationChecker::make()
@@ -124,6 +127,7 @@ class LoginController extends Controller
     protected function ldapLogin(string $username, string $password, $dbUser)
     {
         if (!extension_loaded('ldap')) {
+            $this->logger->error('The LDAP extension is not loaded.');
             return false;
         }
 
@@ -152,8 +156,14 @@ class LoginController extends Controller
         }
 
         if (!$dbUser) {
+            $email = $username;
+            if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
+                $search = ldap_search($server, $this->config['ldap']['user_domain'].','.$this->config['ldap']['base_domain'], 'uid='.addslashes($username), ['mail']);
+                $entry = ldap_first_entry($server, $search);
+                $email = @ldap_get_values($server, $entry, 'mail')[0] ?? platform_mail($username.uniqid());
+            }
             make(UserQuery::class)->create(
-                filter_var($username, FILTER_VALIDATE_EMAIL) ? $username : $username.$this->config['ldap']['user_domain'],
+                $email,
                 $username,
                 $password,
                 0,
diff --git a/composer.json b/composer.json
index 2348315..a612a42 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,8 @@
     "slim/slim": "^4.0",
     "spatie/flysystem-dropbox": "^1.0",
     "superbalist/flysystem-google-storage": "^7.2",
-    "twig/twig": "^2.12"
+    "twig/twig": "^2.12",
+    "ext-ldap": "*"
   },
   "config": {
     "optimize-autoloader": true,