YubiKey support
|
@ -1,5 +1,6 @@
|
||||||
December 2018 6.6
|
December 2018 6.6
|
||||||
- New import/export in tools menu
|
- New import/export in tools menu
|
||||||
|
- YubiKey support
|
||||||
|
|
||||||
|
|
||||||
25.09.2018 6.5
|
25.09.2018 6.5
|
||||||
|
|
|
@ -1992,6 +1992,74 @@ ldapsearch -x -h $server -p $port -b $baseDN -s sub "(&(objectclass=posixAcc
|
||||||
AuthorizedKeysCommandUser root</literallayout>
|
AuthorizedKeysCommandUser root</literallayout>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>YubiKey</title>
|
||||||
|
|
||||||
|
<para>You can manage your YubiKey ids with LAM. It supports the <ulink
|
||||||
|
url="https://github.com/mludvig/yubikey-ldap">yubiKeyUser schema</ulink>
|
||||||
|
or any other attribute mapping.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Configuration</emphasis></para>
|
||||||
|
|
||||||
|
<para>First, you need to activate the YubiKey module for users in your
|
||||||
|
LAM server profile.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey1.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Second, you need to specify which object class and attribute name
|
||||||
|
should be used.</para>
|
||||||
|
|
||||||
|
<para>Object class: If you have an object class just for the YubiKey ids
|
||||||
|
then enter it here. LAM will then provide options to add and remove it.
|
||||||
|
In case you reuse some existing attribute from e.g. inetOrgPerson please
|
||||||
|
leave object class name blank.</para>
|
||||||
|
|
||||||
|
<para>Attribute name: please enter the attribute name that is used for
|
||||||
|
the key ids.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey2.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>You will then be able to manage the key ids for your users.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey3.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Self Service (LAM Pro)</emphasis></para>
|
||||||
|
|
||||||
|
<para>This will allow your users to update their own keys.</para>
|
||||||
|
|
||||||
|
<para>You need to configure the object class and attribute name first.
|
||||||
|
This is done on tab "Module settings" in self service profile.</para>
|
||||||
|
|
||||||
|
<para><emphasis role="bold">Attention: </emphasis>Please note that both
|
||||||
|
fields are mandatory here. Even if you reused an attribute from some
|
||||||
|
existing object class you need to set it here. LAM needs this to detect
|
||||||
|
if the user can add keys.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey5.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>Then add the YubiKey ids field to your self service profile on tab
|
||||||
|
"Page layout".</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey4.png"/>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<para>When a user with the specified object class logs in then the key
|
||||||
|
input fields are shown.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<graphic fileref="images/mod_yubikey6.png"/>
|
||||||
|
</screenshot>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Authorized services</title>
|
<title>Authorized services</title>
|
||||||
|
|
||||||
|
|
After Width: | Height: | Size: 45 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 7.2 KiB |
After Width: | Height: | Size: 8.6 KiB |
After Width: | Height: | Size: 7.6 KiB |
After Width: | Height: | Size: 1.2 KiB |
|
@ -68,7 +68,10 @@ abstract class baseModule {
|
||||||
/** configuration settings of all modules */
|
/** configuration settings of all modules */
|
||||||
protected $moduleSettings;
|
protected $moduleSettings;
|
||||||
|
|
||||||
/** self service profile with settings of all modules */
|
/**
|
||||||
|
* self service profile with settings of all modules
|
||||||
|
* @var selfServiceProfile profile
|
||||||
|
*/
|
||||||
protected $selfServiceSettings;
|
protected $selfServiceSettings;
|
||||||
|
|
||||||
/** name of parent accountContainer ($_SESSION[$base]) */
|
/** name of parent accountContainer ($_SESSION[$base]) */
|
||||||
|
|
|
@ -0,0 +1,592 @@
|
||||||
|
<?php
|
||||||
|
use \LAM\PDF\PDFTable;
|
||||||
|
use \LAM\PDF\PDFTableCell;
|
||||||
|
use \LAM\PDF\PDFTableRow;
|
||||||
|
/*
|
||||||
|
|
||||||
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
|
Copyright (C) 2018 Roland Gruber
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages YubiKey keys.
|
||||||
|
*
|
||||||
|
* @package modules
|
||||||
|
* @author Roland Gruber
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages YubiKey keys.
|
||||||
|
*
|
||||||
|
* @package modules
|
||||||
|
*/
|
||||||
|
class yubiKeyUser extends baseModule {
|
||||||
|
|
||||||
|
/** session variable for existing keys in self service */
|
||||||
|
const SESS_KEY_LIST = 'yubiKeyUser_keyList';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new yubiKeyUser object.
|
||||||
|
*
|
||||||
|
* @param string $scope account type (user, group, host)
|
||||||
|
*/
|
||||||
|
public function __construct($scope) {
|
||||||
|
// call parent constructor
|
||||||
|
parent::__construct($scope);
|
||||||
|
$this->autoAddObjectClasses = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if this module can manage accounts of the current type, otherwise false.
|
||||||
|
*
|
||||||
|
* @return boolean true if module fits
|
||||||
|
*/
|
||||||
|
public function can_manage() {
|
||||||
|
return in_array($this->get_scope(), array('user'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns meta data that is interpreted by parent class
|
||||||
|
*
|
||||||
|
* @return array array with meta data
|
||||||
|
*
|
||||||
|
* @see baseModule::get_metaData()
|
||||||
|
*/
|
||||||
|
public function get_metaData() {
|
||||||
|
$return = array();
|
||||||
|
// icon
|
||||||
|
$return['icon'] = 'yubikey.png';
|
||||||
|
// alias name
|
||||||
|
$return["alias"] = _("YubiKey");
|
||||||
|
// module dependencies
|
||||||
|
$return['dependencies'] = array('depends' => array(), 'conflicts' => array());
|
||||||
|
// managed object classes
|
||||||
|
$objectClass = $this->getObjectClassName();
|
||||||
|
if (!empty($objectClass)) {
|
||||||
|
$return['objectClasses'] = array($objectClass);
|
||||||
|
}
|
||||||
|
// managed attributes
|
||||||
|
$attributeName = $this->getAttributeName();
|
||||||
|
$return['attributes'] = array($attributeName);
|
||||||
|
// help Entries
|
||||||
|
$return['help'] = array(
|
||||||
|
$attributeName => array(
|
||||||
|
"Headline" => _("YubiKey ids"), 'attr' => $attributeName,
|
||||||
|
"Text" => _("Please enter your YubiKey ids.")
|
||||||
|
),
|
||||||
|
'keyList' => array(
|
||||||
|
"Headline" => _("YubiKey ids"), 'attr' => $attributeName,
|
||||||
|
"Text" => _("Please a comma separated list of your YubiKey ids.")
|
||||||
|
),
|
||||||
|
'objectClass' => array(
|
||||||
|
"Headline" => _("Object class"),
|
||||||
|
"Text" => _("Please enter the object class that should be used for YubiKey (e.g. 'yubiKeyUser').")
|
||||||
|
),
|
||||||
|
'attributeName' => array(
|
||||||
|
"Headline" => _("Attribute name"),
|
||||||
|
"Text" => _("Please enter the attribute name that should be used for YubiKey (e.g. 'yubiKeyId').")
|
||||||
|
),
|
||||||
|
);
|
||||||
|
// upload fields
|
||||||
|
$return['upload_columns'] = array(
|
||||||
|
array(
|
||||||
|
'name' => 'yubiKeyUser_yubiKeyId',
|
||||||
|
'description' => _('YubiKey ids'),
|
||||||
|
'help' => 'keyList',
|
||||||
|
'example' => 'abcd1234, vwyxz12345'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
// available PDF fields
|
||||||
|
$return['PDF_fields'] = array(
|
||||||
|
'yubiKeyId' => _('YubiKey ids')
|
||||||
|
);
|
||||||
|
// self service field settings
|
||||||
|
$return['selfServiceFieldSettings'] = array(
|
||||||
|
'yubiKeyId' => _('YubiKey ids'),
|
||||||
|
);
|
||||||
|
$return['selfServiceReadOnlyFields'] = array('yubiKeyId');
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function fills the message array.
|
||||||
|
**/
|
||||||
|
protected function load_Messages() {
|
||||||
|
$this->messages['yubiKeyId'][0] = array('ERROR', _('Please enter a valid key id.'));
|
||||||
|
$this->messages['yubiKeyId'][1] = array('ERROR', _('Account %s:') . ' yubiKeyUser_yubiKeyId', _('Please enter a valid key id.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the HTML meta data for the main account page.
|
||||||
|
*
|
||||||
|
* @return htmlElement HTML meta data
|
||||||
|
*/
|
||||||
|
public function display_html_attributes() {
|
||||||
|
$return = new htmlTable();
|
||||||
|
$objectClass = $this->getObjectClassName();
|
||||||
|
$attributeName = $this->getAttributeName();
|
||||||
|
if (empty($attributeName)) {
|
||||||
|
$message = new htmlStatusMessage('ERROR', _('Invalid configuration detected. Please edit your server profile (module settings) and fill all required fields.'));
|
||||||
|
$return->addElement($message, true);
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
if (empty($objectClass) || in_array($objectClass, $this->attributes['objectClass'])) {
|
||||||
|
$this->addMultiValueInputTextField($return, $attributeName, _('YubiKey ids'), false, '256', false, null, '50');
|
||||||
|
if (!empty($objectClass)) {
|
||||||
|
$return->addElement(new htmlSpacer(null, '30px'), true);
|
||||||
|
|
||||||
|
$remButton = new htmlButton('remObjectClass', _('Remove YubiKey extension'));
|
||||||
|
$remButton->colspan = 3;
|
||||||
|
$return->addElement($remButton);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return->addElement(new htmlButton('addObjectClass', _('Add YubiKey extension')));
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Processes user input of the primary module page.
|
||||||
|
* It checks if all input values are correct and updates the associated LDAP attributes.
|
||||||
|
*
|
||||||
|
* @return array list of info/error messages
|
||||||
|
*/
|
||||||
|
public function process_attributes() {
|
||||||
|
$messages = array();
|
||||||
|
$objectClass = $this->getObjectClassName();
|
||||||
|
$attributeName = $this->getAttributeName();
|
||||||
|
// add extension
|
||||||
|
if (isset($_POST['addObjectClass'])) {
|
||||||
|
$this->attributes['objectClass'][] = $objectClass;
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
// remove extension
|
||||||
|
elseif (isset($_POST['remObjectClass'])) {
|
||||||
|
$this->attributes['objectClass'] = array_delete(array($objectClass), $this->attributes['objectClass']);
|
||||||
|
if (!empty($this->attributes[$attributeName])) {
|
||||||
|
unset($this->attributes[$attributeName]);
|
||||||
|
}
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
// skip processing if extension is not active
|
||||||
|
if (!empty($objectClass) && !in_array($objectClass, $this->attributes['objectClass'])) {
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
$this->processMultiValueInputTextField($attributeName, $messages, 'ascii');
|
||||||
|
$this->attributes[$attributeName] = array_values(array_unique($this->attributes[$attributeName]));
|
||||||
|
return $messages;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of modifications which have to be made to the LDAP account.
|
||||||
|
*
|
||||||
|
* @return array list of modifications
|
||||||
|
* <br>This function returns an array with 3 entries:
|
||||||
|
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
|
||||||
|
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
|
||||||
|
* <br>"add" are attributes which have to be added to LDAP entry
|
||||||
|
* <br>"remove" are attributes which have to be removed from LDAP entry
|
||||||
|
* <br>"modify" are attributes which have to been modified in LDAP entry
|
||||||
|
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
|
||||||
|
*/
|
||||||
|
public function save_attributes() {
|
||||||
|
$objectClass = $this->getObjectClassName();
|
||||||
|
if (!empty($objectClass) && !in_array($objectClass, $this->attributes['objectClass']) && !in_array($objectClass, $this->orig['objectClass'])) {
|
||||||
|
// skip saving if the extension was not added/modified
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
return parent::save_attributes();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
* @see baseModule::build_uploadAccounts()
|
||||||
|
*/
|
||||||
|
public function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules, &$type) {
|
||||||
|
$objectClass = $this->getObjectClassName();
|
||||||
|
$attributeName = $this->getAttributeName();
|
||||||
|
$messages = array();
|
||||||
|
for ($i = 0; $i < sizeof($rawAccounts); $i++) {
|
||||||
|
// add object class
|
||||||
|
if (!empty($objectClass) && !in_array($objectClass, $partialAccounts[$i]['objectClass'])) {
|
||||||
|
$partialAccounts[$i]['objectClass'][] = $objectClass;
|
||||||
|
}
|
||||||
|
// add keys
|
||||||
|
$message = $this->messages['yubiKeyId'][1];
|
||||||
|
$this->mapSimpleUploadField($rawAccounts, $ids, $partialAccounts, $i, 'yubiKeyUser_yubiKeyId', $attributeName, 'ascii', $message, $messages, '/,[ ]*/');
|
||||||
|
}
|
||||||
|
return $messages;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
* @see baseModule::get_pdfEntries()
|
||||||
|
*/
|
||||||
|
public function get_pdfEntries($pdfKeys, $typeId) {
|
||||||
|
$return = array();
|
||||||
|
$attributeName = $this->getAttributeName();
|
||||||
|
if (!empty($this->attributes[$attributeName])) {
|
||||||
|
$pdfTable = new PDFTable(_('YubiKey ids'));
|
||||||
|
for ($i = 0; $i < sizeof($this->attributes[$attributeName]); $i++) {
|
||||||
|
$pdfRow = new PDFTableRow();
|
||||||
|
$pdfRow->cells[] = new PDFTableCell($this->attributes[$attributeName][$i]);
|
||||||
|
$pdfTable->rows[] = $pdfRow;
|
||||||
|
}
|
||||||
|
$this->addPDFTable($return, 'yubiKeyId', $pdfTable);
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the meta HTML code for each input field.
|
||||||
|
* format: array(<field1> => array(<META HTML>), ...)
|
||||||
|
* It is not possible to display help links.
|
||||||
|
*
|
||||||
|
* @param array $fields list of active fields
|
||||||
|
* @param array $attributes attributes of LDAP account
|
||||||
|
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||||
|
* @param array $readOnlyFields list of read-only fields
|
||||||
|
* @return array list of meta HTML elements (field name => htmlResponsiveRow)
|
||||||
|
*/
|
||||||
|
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
|
||||||
|
$return = array();
|
||||||
|
if ($passwordChangeOnly) {
|
||||||
|
return $return; // no fields as long no LDAP content can be read
|
||||||
|
}
|
||||||
|
$attributes = array_change_key_case($attributes, CASE_LOWER);
|
||||||
|
$objectClass = strtolower($this->getObjectClassName());
|
||||||
|
if (!in_array_ignore_case($objectClass, $attributes['objectclass'])) {
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
if (in_array('yubiKeyId', $fields)) {
|
||||||
|
$attributeName = strtolower($this->getAttributeName());
|
||||||
|
$keyIds = array();
|
||||||
|
if (isset($attributes[$attributeName][0])) {
|
||||||
|
$keyIds = $attributes[$attributeName];
|
||||||
|
}
|
||||||
|
$_SESSION[self::SESS_KEY_LIST] = $keyIds;
|
||||||
|
$keyTable = new htmlTable();
|
||||||
|
// JavaScript functions
|
||||||
|
$keyTable->addElement($this->getSelfServiceKeysJSBlock(), true);
|
||||||
|
// input fields
|
||||||
|
$keyTable->addElement(new htmlDiv('yubiKeyIdDiv', $this->getSelfServiceKeys()), true);
|
||||||
|
$keyLabel = new htmlOutputText($this->getSelfServiceLabel('yubiKeyId', _('YubiKey ids')));
|
||||||
|
$row = new htmlResponsiveRow();
|
||||||
|
$row->addLabel($keyLabel);
|
||||||
|
$row->addField($keyTable);
|
||||||
|
$return['yubiKeyId'] = $row;
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the meta HTML code to display the key area.
|
||||||
|
* This also includes the file upload.
|
||||||
|
*
|
||||||
|
* @return htmlTable key content
|
||||||
|
*/
|
||||||
|
private function getSelfServiceKeys() {
|
||||||
|
$keys = $_SESSION[self::SESS_KEY_LIST];
|
||||||
|
$content = new htmlResponsiveRow();
|
||||||
|
if (sizeof($keys) > 0) {
|
||||||
|
for ($i = 0; $i < sizeof($keys); $i++) {
|
||||||
|
$group = new htmlGroup();
|
||||||
|
$keyInput = new htmlInputField('yubiKeyId_' . $i, $keys[$i]);
|
||||||
|
$keyInput->setFieldMaxLength(16384);
|
||||||
|
$group->addElement($keyInput);
|
||||||
|
$delLink = new htmlLink('', '#', '../../graphics/del.png');
|
||||||
|
$delLink->setTitle(_('Delete'));
|
||||||
|
$delLink->setOnClick('yubiKeyIdDeleteKey(' . $i . ', ' . sizeof($keys) . ');return false;');
|
||||||
|
$group->addElement($delLink);
|
||||||
|
if ($i == (sizeof($keys) - 1)) {
|
||||||
|
$addLink = new htmlLink('', '#', '../../graphics/add.png');
|
||||||
|
$addLink->setTitle(_('Add'));
|
||||||
|
$addLink->setOnClick('yubiKeyIdAddKey(' . sizeof($keys) . ');return false;');
|
||||||
|
$group->addElement($addLink);
|
||||||
|
}
|
||||||
|
$content->add($group, 12, 12, 12, 'nowrap');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$addLink = new htmlLink('', '#', '../../graphics/add.png');
|
||||||
|
$addLink->setTitle(_('Add'));
|
||||||
|
$addLink->setOnClick('yubiKeyIdAddKey(' . sizeof($keys) . ');return false;');
|
||||||
|
$content->add($addLink, 12);
|
||||||
|
}
|
||||||
|
return $content;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the Java Script functions to manage the keys.
|
||||||
|
*
|
||||||
|
* @return htmlJavaScript JS block
|
||||||
|
*/
|
||||||
|
private static function getSelfServiceKeysJSBlock() {
|
||||||
|
$content = '
|
||||||
|
function yubiKeyIdDeleteKey(id, count) {
|
||||||
|
var actionJSON = {
|
||||||
|
"action": "deleteKey",
|
||||||
|
"id": id
|
||||||
|
};
|
||||||
|
for (c = 0; c < count; c++) {
|
||||||
|
actionJSON["yubiKeyId_" + c] = jQuery(\'#yubiKeyId_\' + c).val();
|
||||||
|
}
|
||||||
|
var data = {jsonInput: actionJSON};
|
||||||
|
data["' . getSecurityTokenName() . '"] = "' . getSecurityTokenValue() . '";
|
||||||
|
jQuery.post(\'../misc/ajax.php?selfservice=1&module=yubiKeyUser&scope=user\',
|
||||||
|
data, function(data) {yubiKeyIdDeleteKeyHandleReply(data);}, \'json\');
|
||||||
|
}
|
||||||
|
|
||||||
|
function yubiKeyIdDeleteKeyHandleReply(data) {
|
||||||
|
if (data.errorsOccured == "false") {
|
||||||
|
jQuery(\'#yubiKeyIdDiv\').html(data.html);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
alert(data.errormessage);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function yubiKeyIdAddKey(count) {
|
||||||
|
var actionJSON = {
|
||||||
|
"action": "addKey"
|
||||||
|
};
|
||||||
|
for (c = 0; c < count; c++) {
|
||||||
|
actionJSON["yubiKeyId_" + c] = jQuery(\'#yubiKeyId_\' + c).val();
|
||||||
|
}
|
||||||
|
var data = {jsonInput: actionJSON};
|
||||||
|
data["' . getSecurityTokenName() . '"] = "' . getSecurityTokenValue() . '";
|
||||||
|
jQuery.post(\'../misc/ajax.php?selfservice=1&module=yubiKeyUser&scope=user'
|
||||||
|
. '&' . getSecurityTokenName() . '=' . getSecurityTokenValue()
|
||||||
|
. '\', data, function(data) {yubiKeyIdAddKeyHandleReply(data);}, \'json\');
|
||||||
|
}
|
||||||
|
|
||||||
|
function yubiKeyIdAddKeyHandleReply(data) {
|
||||||
|
if (data.errorsOccured == "false") {
|
||||||
|
jQuery(\'#yubiKeyIdDiv\').html(data.html);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
alert(data.errormessage);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
';
|
||||||
|
return new htmlJavaScript($content);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
|
||||||
|
* <br>Return values:
|
||||||
|
* <br>messages: array of parameters to create status messages
|
||||||
|
* <br>add: array of attributes to add
|
||||||
|
* <br>del: array of attributes to remove
|
||||||
|
* <br>mod: array of attributes to modify
|
||||||
|
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
|
||||||
|
*
|
||||||
|
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
|
||||||
|
*
|
||||||
|
* @param string $fields input fields
|
||||||
|
* @param array $attributes LDAP attributes
|
||||||
|
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||||
|
* @param array $readOnlyFields list of read-only fields
|
||||||
|
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||||
|
*/
|
||||||
|
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
|
||||||
|
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||||
|
if ($passwordChangeOnly) {
|
||||||
|
return $return; // skip processing if only a password change is done
|
||||||
|
}
|
||||||
|
$attributes = array_change_key_case($attributes, CASE_LOWER);
|
||||||
|
$objectClass = strtolower($this->getObjectClassName());
|
||||||
|
if (!in_array_ignore_case($objectClass, $attributes['objectclass'])) {
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
if (in_array('yubiKeyId', $fields)) {
|
||||||
|
$attributeName = strtolower($this->getAttributeName());
|
||||||
|
$newKeys = array();
|
||||||
|
$counter = 0;
|
||||||
|
while (isset($_POST['yubiKeyId_' . $counter])) {
|
||||||
|
$newKeys[] = $_POST['yubiKeyId_' . $counter];
|
||||||
|
$counter++;
|
||||||
|
}
|
||||||
|
$count = sizeof($newKeys);
|
||||||
|
for ($i = 0; $i < $count; $i++) {
|
||||||
|
if (trim($newKeys[$i]) == '') {
|
||||||
|
unset($newKeys[$i]);
|
||||||
|
}
|
||||||
|
elseif (!get_preg($newKeys[$i], 'ascii')) {
|
||||||
|
$return['messages'][] = array('ERROR', _('Please enter a valid key id.'), htmlspecialchars($newKeys[$i]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$newKeys = array_values(array_unique($newKeys));
|
||||||
|
$oldKeys = array();
|
||||||
|
if (isset($attributes[$attributeName][0])) {
|
||||||
|
$oldKeys = $attributes[$attributeName];
|
||||||
|
}
|
||||||
|
$update = false;
|
||||||
|
if (sizeof($newKeys) != sizeof($oldKeys)) {
|
||||||
|
$update = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
for ($i = 0; $i < sizeof($newKeys); $i++) {
|
||||||
|
if (!in_array($newKeys[$i], $oldKeys)) {
|
||||||
|
$update = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($update) {
|
||||||
|
if (sizeof($oldKeys) == 0) {
|
||||||
|
$return['add'][$attributeName] = $newKeys;
|
||||||
|
}
|
||||||
|
elseif (sizeof($newKeys) == 0) {
|
||||||
|
$return['del'][$attributeName] = $newKeys;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$return['mod'][$attributeName] = $newKeys;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages AJAX requests.
|
||||||
|
* This function may be called with or without an account container.
|
||||||
|
*/
|
||||||
|
public function handleAjaxRequest() {
|
||||||
|
$jsonInput = $_POST['jsonInput'];
|
||||||
|
$jsonReturn = self::invalidAjaxRequest();
|
||||||
|
if (isset($jsonInput['action'])) {
|
||||||
|
if ($jsonInput['action'] == 'deleteKey') {
|
||||||
|
$jsonReturn = $this->ajaxDeleteSelfServiceKey($jsonInput);
|
||||||
|
}
|
||||||
|
elseif ($jsonInput['action'] == 'addKey') {
|
||||||
|
$_SESSION[self::SESS_KEY_LIST][] = '';
|
||||||
|
ob_start();
|
||||||
|
$contentElement = $this->getSelfServiceKeys();
|
||||||
|
ob_end_clean();
|
||||||
|
ob_start();
|
||||||
|
$tabindex = 999;
|
||||||
|
parseHtml(null, $contentElement, array(), true, $tabindex, $this->get_scope());
|
||||||
|
$content = ob_get_contents();
|
||||||
|
ob_end_clean();
|
||||||
|
$jsonReturn = array(
|
||||||
|
'errorsOccured' => 'false',
|
||||||
|
'html' => $content,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo json_encode($jsonReturn);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages the deletion of a key.
|
||||||
|
*
|
||||||
|
* @param array $data JSON data
|
||||||
|
*/
|
||||||
|
private function ajaxDeleteSelfServiceKey($data) {
|
||||||
|
if (!isset($data['id'])) {
|
||||||
|
return self::invalidAjaxRequest();
|
||||||
|
}
|
||||||
|
$index = $data['id'];
|
||||||
|
if (array_key_exists($index, $_SESSION[self::SESS_KEY_LIST])) {
|
||||||
|
unset($_SESSION[self::SESS_KEY_LIST][$index]);
|
||||||
|
$_SESSION[self::SESS_KEY_LIST] = array_values($_SESSION[self::SESS_KEY_LIST]);
|
||||||
|
}
|
||||||
|
ob_start();
|
||||||
|
$contentElement = $this->getSelfServiceKeys();
|
||||||
|
ob_end_clean();
|
||||||
|
ob_start();
|
||||||
|
$tabindex = 999;
|
||||||
|
parseHtml(null, $contentElement, array(), true, $tabindex, $this->get_scope());
|
||||||
|
$content = ob_get_contents();
|
||||||
|
ob_end_clean();
|
||||||
|
return array(
|
||||||
|
'errorsOccured' => 'false',
|
||||||
|
'html' => $content,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Invalid AJAX request received.
|
||||||
|
*
|
||||||
|
* @param String $message error message
|
||||||
|
*/
|
||||||
|
public static function invalidAjaxRequest($message = null) {
|
||||||
|
if ($message == null) {
|
||||||
|
$message = _('Invalid request');
|
||||||
|
}
|
||||||
|
return array('errorsOccured' => 'true', 'errormessage' => $message);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the object class used for YubiKey.
|
||||||
|
*
|
||||||
|
* @return string object class
|
||||||
|
*/
|
||||||
|
private function getObjectClassName() {
|
||||||
|
if (!empty($this->moduleSettings['yubiKeyUser_objectClass'][0])) {
|
||||||
|
return $this->moduleSettings['yubiKeyUser_objectClass'][0];
|
||||||
|
}
|
||||||
|
elseif (!empty($this->selfServiceSettings->moduleSettings['yubiKeyUser_objectClass'][0])) {
|
||||||
|
return $this->selfServiceSettings->moduleSettings['yubiKeyUser_objectClass'][0];
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the attribute name used for YubiKey.
|
||||||
|
*
|
||||||
|
* @return string attribute name
|
||||||
|
*/
|
||||||
|
private function getAttributeName() {
|
||||||
|
if (!empty($this->moduleSettings['yubiKeyUser_attributeName'][0])) {
|
||||||
|
return $this->moduleSettings['yubiKeyUser_attributeName'][0];
|
||||||
|
}
|
||||||
|
elseif (!empty($this->selfServiceSettings->moduleSettings['yubiKeyUser_attributeName'][0])) {
|
||||||
|
return $this->selfServiceSettings->moduleSettings['yubiKeyUser_attributeName'][0];
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
* @see baseModule::get_configOptions()
|
||||||
|
*/
|
||||||
|
public function get_configOptions($scopes, $allScopes) {
|
||||||
|
$configContainer = new htmlResponsiveRow();
|
||||||
|
$configContainer->add(new htmlResponsiveInputField(_('Object class'), 'yubiKeyUser_objectClass', null, 'objectClass'), 12);
|
||||||
|
$configContainer->add(new htmlResponsiveInputField(_('Attribute name'), 'yubiKeyUser_attributeName', 'yubiKeyId', 'attributeName', true), 12);
|
||||||
|
return $configContainer;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
* @see baseModule::getSelfServiceSettings()
|
||||||
|
*/
|
||||||
|
public function getSelfServiceSettings($profile) {
|
||||||
|
$container = new htmlResponsiveRow();
|
||||||
|
$container->add(new htmlResponsiveInputField(_('Object class'), 'yubiKeyUser_objectClass', null, array('objectClass', 'yubiKeyUser')), 12);
|
||||||
|
$container->add(new htmlResponsiveInputField(_('Attribute name'), 'yubiKeyUser_attributeName', 'yubiKeyId', array('attributeName', 'yubiKeyUser')), 12);
|
||||||
|
return $container;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|