Re: [Mojolicious] Re: Basic HTTP auth and plugin "Directory"

[Brad Robertson]

Thanks.

On Mon, Feb 19, 2018 at 01:21:36PM -0800, Luc Larochelle wrote:
> Hey Brad,
> 
> This is not neat, but attached you'll find some code that can do the job in 
> a full Mojolicious app. Should be .pm though.
> 
> I did use it to login successfully through ldap as discussed.
> 
> 
> 
> 
> 
> On Monday, 19 February 2018 14:29:09 UTC-5, Brad Robertson wrote:
> >
> > On Sun, Feb 18, 2018 at 05:48:08PM -0800, Luc Larochelle wrote: 
> > > Hey Brad this is looking good ! If you need me to share what I've done 
> > with net::ldaps + certificates let me know. 
> > > 
> > > Would be terrific if the session object was returned in some way so the 
> > that the AD entries are accessible. 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the Google 
> > Groups "Mojolicious" group. 
> > > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to mojolicious...@googlegroups.com <javascript:>. 
> > > To post to this group, send email to mojol...@googlegroups.com 
> > <javascript:>. 
> > > Visit this group at https://groups.google.com/group/mojolicious. 
> > > For more options, visit https://groups.google.com/d/optout. 
> >
> > Sure, if you want to share, that would be great, thanks.  I'll keep in 
> > mind your request for the LDAP session object to be returned.  :-) 
> >
> > Regards, 
> >
> > -- 
> > Brad Robertson 
> > <bradrob...@gmail.com <javascript:>> 
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to mojolicious+unsubscr...@googlegroups.com.
> To post to this group, send email to mojolicious@googlegroups.com.
> Visit this group at https://groups.google.com/group/mojolicious.
> For more options, visit https://groups.google.com/d/optout.

> package Auth;
> use Mojo::Base 'Mojolicious::Controller';
> use Net::LDAPS;
> use Data::Dumper;
> 
> 
>         my $SSLMODE = 1;
>         my $SSLCAFILE = 'mycert.ca';
>         my $SSLVERIFYCA = 0;
> 
> 
> sub connectToLdap($) {
> 
>         my $url = shift;
> 
>         my $ldap;
>         my $verifyca = 'none';
> 
>         if($SSLMODE) {
>                 if($SSLVERIFYCA) {$verifyca = 'require';}
> 
>                 eval {$ldap = Net::LDAPS->new($url, verify => $verifyca, 
> cafile => $SSLCAFILE)};
>                 if ($@) { logger(0, $@); }
>     }
>     else {
>         $ldap = Net::LDAP->new($url);
>     }
> 
>     return $ldap;
> }
> 
> sub auth_netLDAP {
> 
>         my $self = shift;
>         my $username = $self->param('username');
>         my $password = $self->param('password');
> 
> 
>         my $BINDUSER='CN=user,OU=unitDC=my,DC=domain,DC=com';
>         my $BINDPASS='xxxxxxxxxxx';
>         my $LDAPBASE="OU=unit,DC=my,DC=domain,DC=com";
>         my $LDAPUID = "samaccountname";
>         my $LDAPSERVERURL="ldaps://dapserver.domain.com";
> 
>     my $LDAPError = 0;
> 
>     # Need to have $username and $password before calling
>     
>     my $ldap = connectToLdap($LDAPSERVERURL);
> 
>     my $mesg = $ldap->bind($BINDUSER, password => $BINDPASS);
>     return unless $mesg;
> 
>     if ($mesg->code) {
>         say "Error #" . $mesg->code . " binding to LDAP server.";
>         return;
>     } 
> 
>     $mesg = $ldap->search(base => $LDAPBASE, filter => 
> "($LDAPUID=$username)");
> 
>     if ($mesg->code) {
>         say "Error #" . $mesg->code . " searching LDAP server for $username.";
>         $ldap->unbind;
>         return;
>     }
> 
>     my $entry = $mesg->entry(0);
> 
> 
>         $self->session->{givenName} = $entry->get_value("givenName");
>         $self->session->{displayName} = $entry->get_value("displayName");
> 
> 
>     if(!defined($entry)) {
>         say "User $username not found in LDAP.";
>         $ldap->unbind;
>         return;
>     } else {
>         my $dn = $entry->dn;
>         my $result = $ldap->bind(dn => $dn, password => $password);
>     }
> 
>     $ldap->unbind;
> 
>     return $self;
> 
> 
> }
> 
> 
> sub login {
>   use Net::LDAPS;
>   
>   my $c = shift;
>   my $username = $c->param('username');
>   my $password = $c->param('password');
>    
>   if ($c->auth_netLDAP) {
> 
>                 $c->session->{username} = $username;
>                 print Dumper($c->stash);
>                 my $user = {
>                         username => $username,
>                         password => '',
>                         name     => $c->session->{givenName},
>                 };
> 
>                 #$c->stash->(givenName => $c->session->{givenName});
> 
>                 print Dumper($user);
> 
>                 $c->model->add_user($user);
>         }
> 
>         $c->redirect_to('/');
> }
> 
> sub logout {
>   my $c = shift;
>   $c->session(expires => 1);
>   $c->redirect_to('/');
> }
> 
> 1;

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.