WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

show info if login failed and account can be determined as locked

pull/102/head
Roland Gruber 3 years ago
parent
38cbfb9dab
commit
780daded11
3 changed files with 47 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      lam/lib/account.inc
  2. 8
      lam/lib/ldap.inc
  3. 34
      lam/templates/login.php

15
lam/lib/account.inc
View File

@ -1770,6 +1770,8 @@ function isDeveloperVersion($version) {
class LAMException extends Exception {
private $title;
private $ldapErrorCode;
/**
* Constructor.
@ -1777,10 +1779,12 @@ class LAMException extends Exception {
* @param string $title title
* @param string $message message (optional)
* @param Exception $cause (optional)
* @param int $ldapErrorCode original LDAP error code
*/
public function __construct($title, $message = null, $cause = null) {
public function __construct($title, $message = null, $cause = null, $ldapErrorCode = null) {
parent::__construct($message, null, $cause);
$this->title = $title;
$this->ldapErrorCode = $ldapErrorCode;
}
/**
@ -1792,6 +1796,15 @@ class LAMException extends Exception {
return $this->title;
}
/**
* Returns the original LDAP error code.
*
* @return int error code
*/
public function getLdapErrorCode() {
return $this->ldapErrorCode;
}
}
?>

8
lam/lib/ldap.inc
View File

@ -92,7 +92,6 @@ class Ldap{
ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
$bind = @ldap_bind($this->server, $user, $passwd);
if ($bind) {
$return = ldap_errno($this->server);
$this->is_connected = true;
return;
}
@ -103,17 +102,17 @@ class Ldap{
|| ($errorNumber == 81)) {
// connection failed
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."), null, null, $errorNumber);
}
elseif ($errorNumber == 49) {
// user name/password invalid. Return to login page.
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (wrong password). ' . getDefaultLDAPErrorString($this->server));
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server));
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server), null, $errorNumber);
}
else {
// other errors
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server));
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server), null, $errorNumber);
}
}
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
@ -122,6 +121,7 @@ class Ldap{
/** Closes connection to server */
public function close() {
if ($this->server != null) {
$this->is_connected = false;
@ldap_close($this->server);
}
}

34
lam/templates/login.php
View File

@ -178,8 +178,9 @@ setlanguage(); // setting correct language
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
* @param string $error_message error message to display
* @param string $errorDetails error details
* @param string $extraMessage extra message that is shown as info
*/
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null) {
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null, $extraMessage = null) {
$config_object = $_SESSION['config'];
$cfgMain = $_SESSION["cfgMain"];
logNewMessage(LOG_DEBUG, "Display login page");
@ -405,12 +406,15 @@ function display_LoginPage($licenseValidator, $error_message, $errorDetails = nu
$row->add(new htmlSpacer(null, '20px'), 12);
$row->add(new htmlButton('checklogin', _("Login")), 12);
// error message
if(!empty($error_message)) {
if (!empty($error_message)) {
$row->add(new \htmlSpacer(null, '5px'), 12);
$message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
$message->colspan = 3;
$row->add($message, 12);
}
if (!empty($extraMessage)) {
$extraMessage = new htmlStatusMessage('INFO', $extraMessage);
$row->add($extraMessage, 12);
}
parseHtml(null, $row, array(), false, $tabindex, 'user');
?>
@ -590,12 +594,32 @@ if(isset($_POST['checklogin'])) {
die();
}
catch (LAMException $e) {
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
$extraMessage = null;
if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username);
}
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
exit();
}
}
/**
* Tries to get additional information why invalid credentials was returned. E.g. account is locked.
*
* @param Ldap $ldap LDAP object to connect for getting extra data
* @param string $username failed DN
* @return string extra message
*/
function getExtraInvalidCredentialsMessage($ldap, $username) {
$extraMessage = null;
$userData = ldapGetDN($username, array('dn', 'pwdaccountlockedtime'), $ldap->server());
if (!empty($userData['pwdaccountlockedtime'][0])) {
$extraMessage = _('Account is locked');
}
$ldap->close();
return $extraMessage;
}
//displays the login window
display_LoginPage($licenseValidator, $error_message);
?>
Write Preview
Loading…
Cancel
Save