Adding local user managment

config/config-sample.ini

@@ -83,6 +83,7 @@ password = password
 database = ska-db
 
 [ldap]
+enabled = 0
 ; Address to connect to LDAP server
 host = ldaps://ldap.example.com:636
 ; Use StartTLS for connection security (recommended if using ldap:// instead

core.php

@@ -35,10 +35,12 @@
 require('ldap.php');
 require('email.php');
 
-$ldap_options = array();
-$ldap_options[LDAP_OPT_PROTOCOL_VERSION] = 3;
-$ldap_options[LDAP_OPT_REFERRALS] = !empty($config['ldap']['follow_referrals']);
-$ldap = new LDAP($config['ldap']['host'], $config['ldap']['starttls'], $config['ldap']['bind_dn'], $config['ldap']['bind_password'], $ldap_options);
+if ($config['ldap']['enabled'] == 1) {
+ $ldap_options = array();
+ $ldap_options[LDAP_OPT_PROTOCOL_VERSION] = 3;
+ $ldap_options[LDAP_OPT_REFERRALS] = !empty($config['ldap']['follow_referrals']);
+ $ldap = new LDAP($config['ldap']['host'], $config['ldap']['starttls'], $config['ldap']['bind_dn'], $config['ldap']['bind_password'], $ldap_options);
+}
 setup_database();
 
 $relative_frontend_base_url = (string)parse_url($config['web']['baseurl'], PHP_URL_PATH);

migrations/004.php

@@ -0,0 +1,159 @@
+<?php
+$migration_name = 'Add local usermanagment';
+
+function free_results($database) {
+ do {
+ if ($res = $database->store_result()) {
+ $res->free();
+ }
+ } while ($database->more_results() && $database->next_result()); 
+}
+
+$this->database->autocommit(FALSE);
+
+$result = $this->database->query("
+ SELECT uid FROM user WHERE uid = 'keys-sync'
+");
+if ($result) {
+ if($result->num_rows === 0) {
+ $result->close();
+ $result = $this->database->multi_query("
+ INSERT INTO entity SET type = 'user';
+ INSERT INTO user SET entity_id = (
+ SELECT LAST_INSERT_ID()
+ ), uid = 'keys-sync', name = 'Synchronization script', email = '', auth_realm = 'local', admin = 1;
+ "); 
+ free_results($this->database);
+ } else {
+ $result->close();
+ $this->database->query("
+ UPDATE user SET auth_realm = 'local', active = 1 WHERE uid = 'keys-sync';
+ ");
+ }
+}
+
+
+$this->database->multi_query("
+CREATE TABLE `entity_event_2` (
+ `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `entity_id` int(10) unsigned NOT NULL,
+ `actor_id` int(10) unsigned,
+ `date` datetime NOT NULL,
+ `details` mediumtext NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `FK_entity_event_entity_id` (`entity_id`),
+ KEY `FK_entity_event_actor_id` (`actor_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+INSERT entity_event_2 SELECT * FROM entity_event;
+
+DROP TABLE entity_event;
+RENAME TABLE entity_event_2 TO entity_event;
+
+ALTER TABLE `entity_event`
+ ADD CONSTRAINT `FK_entity_event_actor_id` FOREIGN KEY (`actor_id`) REFERENCES `entity` (`id`) ON DELETE SET NULL,
+ ADD CONSTRAINT `FK_entity_event_entity_id` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE;
+");
+free_results($this->database);
+
+
+$this->database->multi_query("
+CREATE TABLE `group_event_2` (
+ `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `group` int(10) unsigned NOT NULL,
+ `entity_id` int(10) unsigned,
+ `date` datetime NOT NULL,
+ `details` mediumtext NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `FK_group_event_group` (`group`),
+ KEY `FK_group_event_entity` (`entity_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
+
+INSERT group_event_2 SELECT * FROM group_event;
+
+DROP TABLE group_event;
+RENAME TABLE group_event_2 TO group_event;
+
+ALTER TABLE `group_event`
+ ADD CONSTRAINT `FK_group_event_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE SET NULL,
+ ADD CONSTRAINT `FK_group_event_group` FOREIGN KEY (`group`) REFERENCES `group` (`entity_id`) ON DELETE CASCADE;
+");
+free_results($this->database);
+
+
+$this->database->multi_query("
+CREATE TABLE `group_member_2` (
+ `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `group` int(10) unsigned NOT NULL,
+ `entity_id` int(10) unsigned NOT NULL,
+ `add_date` datetime NOT NULL,
+ `added_by` int(10) unsigned,
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `group_entity_id` (`group`, `entity_id`),
+ KEY `FK_group_member_entity` (`entity_id`),
+ KEY `FK_group_member_entity_2` (`added_by`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
+
+INSERT group_member_2 SELECT * FROM group_member;
+
+DROP TABLE group_member;
+RENAME TABLE group_member_2 TO group_member;
+
+ALTER TABLE `group_member`
+ ADD CONSTRAINT `FK_group_member_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
+ ADD CONSTRAINT `FK_group_member_entity_2` FOREIGN KEY (`added_by`) REFERENCES `entity` (`id`) ON DELETE SET NULL,
+ ADD CONSTRAINT `FK_group_member_group` FOREIGN KEY (`group`) REFERENCES `group` (`entity_id`) ON DELETE CASCADE
+");
+free_results($this->database);
+
+
+$this->database->multi_query("
+CREATE TABLE `server_event_2` (
+ `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `server_id` int(10) unsigned NOT NULL,
+ `actor_id` int(10) unsigned,
+ `date` datetime NOT NULL,
+ `details` mediumtext NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `FK_server_log_server` (`server_id`),
+ KEY `FK_server_event_actor_id` (`actor_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+INSERT server_event_2 SELECT * FROM server_event;
+
+DROP TABLE server_event;
+RENAME TABLE server_event_2 TO server_event;
+
+ALTER TABLE `server_event`
+ ADD CONSTRAINT `FK_server_event_actor_id` FOREIGN KEY (`actor_id`) REFERENCES `entity` (`id`) ON DELETE SET NULL,
+ ADD CONSTRAINT `FK_server_log_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE;
+");
+free_results($this->database);
+
+
+$this->database->multi_query("
+CREATE TABLE `server_note_2` (
+ `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `server_id` int(10) unsigned NOT NULL,
+ `entity_id` int(10) unsigned,
+ `date` datetime NOT NULL,
+ `note` mediumtext NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `FK_server_note_server` (`server_id`),
+ KEY `FK_server_note_user` (`entity_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+INSERT server_note_2 SELECT * FROM server_note;
+
+DROP TABLE server_note;
+RENAME TABLE server_note_2 TO server_note;
+
+ALTER TABLE `server_note`
+ ADD CONSTRAINT `FK_server_note_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE SET NULL,
+ ADD CONSTRAINT `FK_server_note_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
+");
+free_results($this->database);
+
+$this->database->commit();
+
+$this->database->autocommit(TRUE);

model/migrationdirectory.php

@@ -22,7 +22,7 @@ class MigrationDirectory extends DBDirectory {
  /**
  * Increment this constant to activate a new migration from the migrations directory
  */
- const LAST_MIGRATION = 3;
+ const LAST_MIGRATION = 4;
 
  public function __construct() {
  parent::__construct();

model/user.php

@@ -66,6 +66,23 @@ public function update() {
  }
  }
 
+ /**
+ * Delete the given user.
+ */
+ public function delete() {
+ if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before it can be removed');
+ $stmt = $this->database->prepare("DELETE FROM entity WHERE id = ?");
+ $stmt->bind_param('d', $this->entity_id);
+ $stmt->execute();
+ $stmt->close();
+ $stmt = $this->database->prepare("DELETE FROM user WHERE entity_id = ?");
+ $stmt->bind_param('d', $this->entity_id);
+ $stmt->execute();
+ $stmt->close();
+
+ $this->sync_remote_access();
+ }
+
  /**
  * Magic getter method - if superior field requested, return User object of user's superior
  * @param string $field to retrieve

model/userdirectory.php

@@ -45,13 +45,22 @@ public function add_user(User $user) {
  $user_active = $user->active;
  $user_admin = $user->admin;
  $user_email = $user->email;
- $stmt = $this->database->prepare("INSERT INTO entity SET type = 'user'");
- $stmt->execute();
- $user->entity_id = $stmt->insert_id;
- $stmt = $this->database->prepare("INSERT INTO user SET entity_id = ?, uid = ?, name = ?, email = ?, active = ?, admin = ?");
- $stmt->bind_param('dsssdd', $user->entity_id, $user_id, $user_name, $user_email, $user_active, $user_admin);
- $stmt->execute();
- $stmt->close();
+ try {
+ $stmt = $this->database->prepare("INSERT INTO entity SET type = 'user'");
+ $stmt->execute();
+ $user->entity_id = $stmt->insert_id;
+ $stmt = $this->database->prepare("INSERT INTO user SET entity_id = ?, uid = ?, name = ?, email = ?, active = ?, admin = ?, auth_realm = ?");
+ $stmt->bind_param('dsssdds', $user->entity_id, $user_id, $user_name, $user_email, $user_active, $user_admin, $user->auth_realm);
+ $stmt->execute();
+ $stmt->close();
+ } catch(mysqli_sql_exception $e) {
+ if($e->getCode() == 1062) {
+ // Duplicate entry
+ throw new UserAlreadyExistsException("User {$user->uid} already exists");
+ } else {
+ throw $e;
+ }
+ } 
  }
 
  /**
@@ -82,6 +91,8 @@ public function get_user_by_id($id) {
  * @throws UserNotFoundException if no user with that uid exists
  */
  public function get_user_by_uid($uid) {
+ global $config;
+ $ldap_enabled = $config['ldap']['enabled'];
  if(isset($this->cache_uid[$uid])) {
  return $this->cache_uid[$uid];
  }
@@ -93,11 +104,16 @@ public function get_user_by_uid($uid) {
  $user = new User($row['entity_id'], $row);
  $this->cache_uid[$uid] = $user;
  } else {
- $user = new User;
- $user->uid = $uid;
- $this->cache_uid[$uid] = $user;
- $user->get_details_from_ldap();
- $this->add_user($user);
+ if ($ldap_enabled == 1) {
+ $user = new User;
+ $user->uid = $uid;
+ $this->cache_uid[$uid] = $user;
+ $user->auth_realm = 'LDAP';
+ $user->get_details_from_ldap();
+ $this->add_user($user);
+ } else {
+ throw new UserNotFoundException('User does not exist.');
+ }
  }
  $stmt->close();
  return $user;
@@ -148,3 +164,4 @@ public function list_users($include = array(), $filter = array()) {
 }
 
 class UserNotFoundException extends Exception {}
+class UserAlreadyExistsException extends Exception {}

requesthandler.php

@@ -20,26 +20,32 @@
 ob_start();
 set_exception_handler('exception_handler');
 
-if(isset($_SERVER['PHP_AUTH_USER'])) {
- $active_user = $user_dir->get_user_by_uid($_SERVER['PHP_AUTH_USER']);
-} else {
- throw new Exception("Not logged in.");
-}
-
 // Work out where we are on the server
 $base_path = dirname(__FILE__);
 $base_url = dirname($_SERVER['SCRIPT_NAME']);
 $request_url = $_SERVER['REQUEST_URI'];
 $relative_request_url = preg_replace('/^'.preg_quote($base_url, '/').'/', '/', $request_url);
 $absolute_request_url = 'http'.(isset($_SERVER['HTTPS']) ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$request_url;
 
+if(isset($_SERVER['PHP_AUTH_USER'])) {
+ try {
+ $active_user = $user_dir->get_user_by_uid($_SERVER['PHP_AUTH_USER']);
+ } catch(UserNotFoundException $ex) {
+ require('views/error403.php');
+ die;
+ }
+} else {
+ throw new Exception("Not logged in.");
+}
+
 if(empty($config['web']['enabled'])) {
  require('views/error503.php');
  die;
 }
 
 if(!$active_user->active) {
  require('views/error403.php');
+ die;
 }
 
 if(!empty($_POST)) {
@@ -62,10 +68,11 @@
 if(isset($router->view)) {
  $view = path_join($base_path, 'views', $router->view.'.php');
  if(file_exists($view)) {
- if($active_user->auth_realm == 'LDAP' || $router->public) {
+ if($active_user->auth_realm == 'LDAP' || $active_user->auth_realm == 'local' || $router->public) {
  require($view);
  } else {
  require('views/error403.php');
+ die;
  }
  } else {
  throw new Exception("View file $view missing.");

scripts/ldap_update.php

@@ -29,22 +29,28 @@
  $active_user->uid = 'keys-sync';
  $active_user->name = 'Synchronization script';
  $active_user->email = '';
+ $active_user->auth_realm = 'local';
  $active_user->active = 1;
  $active_user->admin = 1;
  $active_user->developer = 0;
  $user_dir->add_user($active_user);
 }
 
-try {
- $sysgrp = $group_dir->get_group_by_name($config['ldap']['admin_group_cn']);
-} catch(GroupNotFoundException $e) {
- $sysgrp = new Group;
- $sysgrp->name = $config['ldap']['admin_group_cn'];
- $sysgrp->system = 1;
- $group_dir->add_group($sysgrp);
+$ldap_enabled = $config['ldap']['enabled'];
+
+if($ldap_enabled == 1) {
+ try {
+ $sysgrp = $group_dir->get_group_by_name($config['ldap']['admin_group_cn']);
+ } catch(GroupNotFoundException $e) {
+ $sysgrp = new Group;
+ $sysgrp->name = $config['ldap']['admin_group_cn'];
+ $sysgrp->system = 1;
+ $group_dir->add_group($sysgrp);
+ }
 }
+
 foreach($users as $user) {
- if($user->auth_realm == 'LDAP') {
+ if($user->auth_realm == 'LDAP' && $ldap_enabled == 1) {
  $active = $user->active;
  try {
  $user->get_details_from_ldap();

scripts/sync.php

@@ -69,6 +69,7 @@
  $active_user->uid = 'keys-sync';
  $active_user->name = 'Synchronization script';
  $active_user->email = '';
+ $active_user->auth_realm = 'local';
  $active_user->active = 1;
  $active_user->admin = 1;
  $active_user->developer = 0;

templates/functions.php

@@ -85,7 +85,11 @@ function show_event($event) {
  <a href="<?php outurl('/groups/'.urlencode($event->group->name))?>" class="group"><?php out($event->group->name) ?></a>
  <?php } ?>
  </td>
+ <?php if(is_null($event->actor->uid)) { ?>
+ <td>removed</td>
+ <?php } else { ?>
  <td><a href="<?php outurl('/users/'.urlencode($event->actor->uid))?>" class="user"><?php out($event->actor->uid) ?></a></td>
+ <?php } ?>
  <td><?php out($details, ESC_NONE) ?></td>
  <td class="nowrap"><?php out($event->date) ?></td>
  </tr>