yetangitu/lam
1
0
Fork 0
mirror of https://github.com/LDAPAccountManager/lam.git synced 2025-10-03 17:59:21 +02:00
Code Issues Releases Wiki Activity

refactoring

Browse source
This commit is contained in:
Roland Gruber 2025-07-17 07:59:28 +02:00
parent 68a26ab851
commit 65e61f8f9d
10 changed files with 109 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lam/lib/config.inc
View file

@ -3517,7 +3517,7 @@ class LAMCfgMain {
* Uploads a new SSL CA cert. * Uploads a new SSL CA cert.
* *
* @param String $cert file content in DER/PEM format * @param String $cert file content in DER/PEM format
* @return mixed TRUE if format is correct, error message if file is not accepted * @return true|string true if format is correct, error message if file is not accepted
*/ */
public function uploadSSLCaCert($cert) { public function uploadSSLCaCert($cert) {
if (!str_contains($cert, '-----BEGIN CERTIFICATE-----')) { if (!str_contains($cert, '-----BEGIN CERTIFICATE-----')) {
@ -3680,7 +3680,7 @@ class LAMCfgMain {
/** /**
* Returns the license key as multiple lines. * Returns the license key as multiple lines.
* *
* @return String license * @return string[] license
*/ */
public function getLicenseLines() { public function getLicenseLines() {
return explode(LAMConfig::LINE_SEPARATOR, $this->license); return explode(LAMConfig::LINE_SEPARATOR, $this->license);
@ -3689,7 +3689,7 @@ class LAMCfgMain {
/** /**
* Sets the license key as multiple lines. * Sets the license key as multiple lines.
* *
* @param String[] $licenseLines license lines * @param string[] $licenseLines license lines
*/ */
public function setLicenseLines($licenseLines) { public function setLicenseLines($licenseLines) {
$this->license = implode(LAMConfig::LINE_SEPARATOR, $licenseLines); $this->license = implode(LAMConfig::LINE_SEPARATOR, $licenseLines);

4
lam/lib/html.inc
View file

@ -3634,8 +3634,8 @@ class htmlSortableList extends htmlElement {
/** /**
* Constructor. * Constructor.
* *
* @param string[] $elements list of elements as text (HTML special chars must be escaped already) or htmlElement * @param string[]|htmlElement[] $elements list of elements as text (HTML special chars must be escaped already) or htmlElement
* @param string HTML ID * @param string $id HTML ID
*/ */
function __construct(array $elements, string $id) { function __construct(array $elements, string $id) {
$this->elements = $elements; $this->elements = $elements;

2
lam/lib/modules.inc
View file

@ -259,7 +259,7 @@ function check_module_depends($selected, $deps) {
* *
* @param array $selected selected module names * @param array $selected selected module names
* @param array $deps module dependencies * @param array $deps module dependencies
* @return boolean false if no conflict was found, * @return false|array<int, string[]> false if no conflict was found,
* otherwise an array of array(selected module, conflicting module) if conflicts were found * otherwise an array of array(selected module, conflicting module) if conflicts were found
*/ */
function check_module_conflicts($selected, $deps) { function check_module_conflicts($selected, $deps) {

6
lam/lib/security.inc
View file

@ -396,10 +396,10 @@ function checkIfDeleteEntriesIsAllowed($scope) {
/** /**
* Checks if the password fulfills the password policies. * Checks if the password fulfills the password policies.
* *
* @param String $password password * @param string $password password
* @param String|array $userNames user name(s) * @param string|array|null $userNames user name(s)
* @param array $otherUserAttrs user's first/last name * @param array $otherUserAttrs user's first/last name
* @return mixed true if ok, string with error message if not valid * @return true|string true if ok, string with error message if not valid
*/ */
function checkPasswordStrength($password, $userNames, $otherUserAttrs) { function checkPasswordStrength($password, $userNames, $otherUserAttrs) {
if (($userNames !== null) && !is_array($userNames)) { if (($userNames !== null) && !is_array($userNames)) {

5
lam/templates/changePassword.php
View file

@ -11,7 +11,7 @@ use htmlStatusMessage;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2020 - 2023 Roland Gruber Copyright (C) 2020 - 2025 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -79,13 +79,12 @@ if (isset($_POST['changePassword'])) {
} }
// check password strength // check password strength
$userDn = $_SESSION['ldap']->getUserName(); $userDn = $_SESSION['ldap']->getUserName();
$additionalAttrs = [];
$rdnAttr = extractRDNAttribute($userDn); $rdnAttr = extractRDNAttribute($userDn);
$userName = null; $userName = null;
if ($rdnAttr === 'uid') { if ($rdnAttr === 'uid') {
$userName = extractRDNValue($userDn); $userName = extractRDNValue($userDn);
} }
$pwdPolicyResult = checkPasswordStrength($password1, $userName, $additionalAttrs); $pwdPolicyResult = checkPasswordStrength($password1, $userName, []);
if ($pwdPolicyResult !== true) { if ($pwdPolicyResult !== true) {
$message = new htmlStatusMessage('ERROR', $pwdPolicyResult); $message = new htmlStatusMessage('ERROR', $pwdPolicyResult);
printContent($message); printContent($message);

17
lam/templates/config/confmain.php
View file

@ -3,6 +3,7 @@
namespace LAM\CONFIG; namespace LAM\CONFIG;
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService; use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
use LAM\REMOTE\Remote;
use LAMCfgMain; use LAMCfgMain;
use LAMConfig; use LAMConfig;
use htmlTable; use htmlTable;
@ -263,7 +264,7 @@ $loginSelect->setTableRowsToShow([
$row->add($loginSelect); $row->add($loginSelect);
// admin list // admin list
$adminText = implode("\n", explode(";", $conf->get_Adminstring())); $adminText = implode("\n", explode(";", $conf->get_Adminstring()));
$adminTextInput = new htmlResponsiveInputTextarea('admins', $adminText, '50', '3', _("List of valid users"), '207'); $adminTextInput = new htmlResponsiveInputTextarea('admins', $adminText, 50, 3, _("List of valid users"), '207');
$adminTextInput->setRequired(true); $adminTextInput->setRequired(true);
$row->add($adminTextInput); $row->add($adminTextInput);
// search suffix // search suffix
@ -360,9 +361,6 @@ foreach ($tools as $tool) {
} }
$hideableTools++; $hideableTools++;
$toolClass = $tool::class; $toolClass = $tool::class;
if ($toolClass === false) {
continue;
}
$toolName = substr($toolClass, strrpos($toolClass, '\\') + 1); $toolName = substr($toolClass, strrpos($toolClass, '\\') + 1);
$selected = false; $selected = false;
if (isset($toolSettings['tool_hide_' . $toolName]) && ($toolSettings['tool_hide_' . $toolName] === 'true')) { if (isset($toolSettings['tool_hide_' . $toolName]) && ($toolSettings['tool_hide_' . $toolName] === 'true')) {
@ -559,7 +557,7 @@ if (extension_loaded('curl')) {
$twoFactorUrl = new htmlResponsiveInputField(_("Base URL"), 'twoFactorURL', $conf->getTwoFactorAuthenticationURL(), '515'); $twoFactorUrl = new htmlResponsiveInputField(_("Base URL"), 'twoFactorURL', $conf->getTwoFactorAuthenticationURL(), '515');
$twoFactorUrl->setRequired(true); $twoFactorUrl->setRequired(true);
$row->add($twoFactorUrl); $row->add($twoFactorUrl);
$twoFactorUrl = new htmlResponsiveInputTextarea('twoFactorURLs', $conf->getTwoFactorAuthenticationURL(), '80', '4', _("Base URLs"), '515a'); $twoFactorUrl = new htmlResponsiveInputTextarea('twoFactorURLs', $conf->getTwoFactorAuthenticationURL(), 80, 4, _("Base URLs"), '515a');
$twoFactorUrl->setRequired(true); $twoFactorUrl->setRequired(true);
$row->add($twoFactorUrl); $row->add($twoFactorUrl);
$twoFactorClientId = new htmlResponsiveInputField(_("Client id"), 'twoFactorClientId', $conf->getTwoFactorAuthenticationClientId(), '524'); $twoFactorClientId = new htmlResponsiveInputField(_("Client id"), 'twoFactorClientId', $conf->getTwoFactorAuthenticationClientId(), '524');
@ -572,7 +570,7 @@ if (extension_loaded('curl')) {
$row->add($twoFactorLabel); $row->add($twoFactorLabel);
$row->add(new htmlResponsiveInputCheckbox('twoFactorOptional', $conf->getTwoFactorAuthenticationOptional(), _('Optional'), '519')); $row->add(new htmlResponsiveInputCheckbox('twoFactorOptional', $conf->getTwoFactorAuthenticationOptional(), _('Optional'), '519'));
$row->add(new htmlResponsiveInputCheckbox('twoFactorInsecure', $conf->getTwoFactorAuthenticationInsecure(), _('Disable certificate check'), '516')); $row->add(new htmlResponsiveInputCheckbox('twoFactorInsecure', $conf->getTwoFactorAuthenticationInsecure(), _('Disable certificate check'), '516'));
$twoFactorCaption = new htmlResponsiveInputTextarea('twoFactorCaption', $conf->getTwoFactorAuthenticationCaption(), '80', '4', _("Caption")); $twoFactorCaption = new htmlResponsiveInputTextarea('twoFactorCaption', $conf->getTwoFactorAuthenticationCaption(), 80, 4, _("Caption"));
$twoFactorCaption->setIsRichEdit(true); $twoFactorCaption->setIsRichEdit(true);
$row->add($twoFactorCaption); $row->add($twoFactorCaption);
$row->addVerticalSpacer('0.5rem'); $row->addVerticalSpacer('0.5rem');
@ -629,7 +627,7 @@ parseHtml(null, $buttonContainer, [], false, 'user');
/** /**
* Checks user input and saves the entered settings. * Checks user input and saves the entered settings.
* *
* @return array<mixed> list of errors * @return array<int, string[]> list of errors
*/ */
function checkInput(): array { function checkInput(): array {
$conf = &$_SESSION['conf_config']; $conf = &$_SESSION['conf_config'];
@ -798,7 +796,7 @@ function checkInput(): array {
$conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']); $conf->setScriptSSHKeyPassword($_POST['scriptkeypassword']);
if (!empty($_POST['scriptkey'])) { if (!empty($_POST['scriptkey'])) {
include_once __DIR__ . '/../../lib/remote.inc'; include_once __DIR__ . '/../../lib/remote.inc';
$remote = new \LAM\REMOTE\Remote(); $remote = new Remote();
try { try {
$remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword()); $remote->loadKey($conf->getScriptSSHKey(), $conf->getScriptSSHKeyPassword());
} }
@ -814,9 +812,6 @@ function checkInput(): array {
} }
foreach ($tools as $tool) { foreach ($tools as $tool) {
$toolClass = $tool::class; $toolClass = $tool::class;
if ($toolClass === false) {
continue;
}
$toolName = substr($toolClass, strrpos($toolClass, '\\') + 1); $toolName = substr($toolClass, strrpos($toolClass, '\\') + 1);
$toolConfigID = 'tool_hide_' . $toolName; $toolConfigID = 'tool_hide_' . $toolName;
$toolSettings[$toolConfigID] = (isset($_POST[$toolConfigID])) && ($_POST[$toolConfigID] == 'on') ? 'true' : 'false'; $toolSettings[$toolConfigID] = (isset($_POST[$toolConfigID])) && ($_POST[$toolConfigID] == 'on') ? 'true' : 'false';

60
lam/templates/config/confmodules.php
View file

@ -4,23 +4,26 @@ namespace LAM\CONFIG;
use htmlInputField; use htmlInputField;
use htmlJavaScript; use htmlJavaScript;
use \htmlTable; use htmlTable;
use \htmlOutputText; use htmlOutputText;
use \htmlHelpLink; use htmlHelpLink;
use \htmlHiddenInput; use htmlHiddenInput;
use \htmlButton; use htmlButton;
use \htmlSpacer; use htmlSpacer;
use \htmlElement; use htmlElement;
use \htmlImage; use htmlImage;
use \htmlSortableList; use htmlSortableList;
use \htmlSubTitle; use htmlSubTitle;
use \htmlDiv; use htmlDiv;
use \htmlResponsiveRow; use htmlResponsiveRow;
use \htmlGroup; use htmlGroup;
use LAM\TYPES\ConfiguredType;
use LAM\TYPES\TypeManager;
use LAMConfig;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2024 Roland Gruber Copyright (C) 2004 - 2025 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -78,8 +81,11 @@ if (isset($_POST['cancelSettings'])) {
} }
$conf = &$_SESSION['conf_config']; $conf = &$_SESSION['conf_config'];
if (!($conf instanceof LAMConfig)) {
die();
}
$errorsToDisplay = checkInput(); $errorsToDisplay = checkModuleInput($conf);
// check if button was pressed and if we have to save the settings or go to another tab // check if button was pressed and if we have to save the settings or go to another tab
if ((isset($_POST['saveSettings']) || isset($_POST['editmodules']) if ((isset($_POST['saveSettings']) || isset($_POST['editmodules'])
@ -129,7 +135,7 @@ echo "<form id=\"inputForm\" action=\"confmodules.php\" method=\"post\" onSubmit
printConfigurationPageTabs(ConfigurationPageTab::MODULES); printConfigurationPageTabs(ConfigurationPageTab::MODULES);
$typeManager = new \LAM\TYPES\TypeManager($conf); $typeManager = new TypeManager($conf);
$types = $typeManager->getConfiguredTypes(); $types = $typeManager->getConfiguredTypes();
$container = new htmlResponsiveRow(); $container = new htmlResponsiveRow();
@ -139,10 +145,10 @@ foreach ($types as $type) {
$legendContainer = new htmlGroup(); $legendContainer = new htmlGroup();
$legendContainer->addElement(new htmlOutputText("* " . _("Base module"))); $legendContainer->addElement(new htmlOutputText("* " . _("Base module")));
$legendContainer->addElement(new \htmlSpacer('2rem', null)); $legendContainer->addElement(new htmlSpacer('2rem', null));
$legendContainer->addElement(new htmlHelpLink('237')); $legendContainer->addElement(new htmlHelpLink('237'));
$container->add($legendContainer, 12); $container->add($legendContainer);
$container->add(new htmlHiddenInput('postAvailable', 'yes'), 12); $container->add(new htmlHiddenInput('postAvailable', 'yes'));
parseHtml(null, $container, [], false, 'user'); parseHtml(null, $container, [], false, 'user');
@ -172,10 +178,10 @@ echo "</html>\n";
/** /**
* Displays the module selection boxes and checks if dependencies are fulfilled. * Displays the module selection boxes and checks if dependencies are fulfilled.
* *
* @param \LAM\TYPES\ConfiguredType $type account type * @param ConfiguredType $type account type
* @param htmlResponsiveRow $container meta HTML container * @param htmlResponsiveRow $container meta HTML container
*/ */
function config_showAccountModules($type, &$container): void { function config_showAccountModules($type, $container): void {
// account modules // account modules
$available = getAvailableModules($type->getScope(), true); $available = getAvailableModules($type->getScope(), true);
$selected = $type->getModules(); $selected = $type->getModules();
@ -210,7 +216,7 @@ function config_showAccountModules($type, &$container): void {
} }
// add account module selection // add account module selection
$container->add(new htmlSubTitle($type->getAlias(), '../../graphics/' . $type->getIcon()), 12); $container->add(new htmlSubTitle($type->getAlias(), '../../graphics/' . $type->getIcon()));
if ($selOptions !== []) { if ($selOptions !== []) {
$container->add(new htmlOutputText(_("Selected modules")), 12, 6); $container->add(new htmlOutputText(_("Selected modules")), 12, 6);
} }
@ -279,7 +285,7 @@ function config_showAccountModules($type, &$container): void {
for ($i = 0; $i < count($selOptions); $i++) { for ($i = 0; $i < count($selOptions); $i++) {
$positions[] = $i; $positions[] = $i;
} }
$container->add(new htmlHiddenInput('positions_' . $type->getId(), implode(',', $positions)), 12); $container->add(new htmlHiddenInput('positions_' . $type->getId(), implode(',', $positions)));
// spacer to next account type // spacer to next account type
$container->addVerticalSpacer('2rem'); $container->addVerticalSpacer('2rem');
} }
@ -287,16 +293,16 @@ function config_showAccountModules($type, &$container): void {
/** /**
* Checks user input and saves the entered settings. * Checks user input and saves the entered settings.
* *
* @return array<mixed> list of errors * @param LAMConfig $conf config
* @return array<int, string[]> list of errors
*/ */
function checkInput(): array { function checkModuleInput(LAMConfig $conf): array {
if (!isset($_POST['postAvailable'])) { if (!isset($_POST['postAvailable'])) {
return []; return [];
} }
$errors = []; $errors = [];
$conf = &$_SESSION['conf_config'];
$typeSettings = $conf->get_typeSettings(); $typeSettings = $conf->get_typeSettings();
$typeManager = new \LAM\TYPES\TypeManager($conf); $typeManager = new TypeManager($conf);
$accountTypes = $typeManager->getConfiguredTypes(); $accountTypes = $typeManager->getConfiguredTypes();
foreach ($accountTypes as $type) { foreach ($accountTypes as $type) {
$scope = $type->getScope(); $scope = $type->getScope();

89
lam/templates/config/conftypes.php
View file

@ -2,22 +2,25 @@
namespace LAM\CONFIG; namespace LAM\CONFIG;
use \htmlTable; use baseType;
use \htmlSubTitle; use htmlTable;
use \htmlImage; use htmlSubTitle;
use \htmlOutputText; use htmlImage;
use \htmlSpacer; use htmlOutputText;
use \htmlButton; use htmlSpacer;
use \htmlGroup; use htmlButton;
use \htmlDiv; use htmlGroup;
use \htmlResponsiveInputCheckbox; use htmlDiv;
use \LAMConfig; use htmlResponsiveInputCheckbox;
use \htmlResponsiveRow; use LAM\TYPES\TypeManager;
use \htmlResponsiveInputField; use LAMConfig;
use htmlResponsiveRow;
use htmlResponsiveInputField;
use function LAM\TYPES\getTypes;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2023 Roland Gruber Copyright (C) 2004 - 2025 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -74,8 +77,11 @@ if (isset($_POST['cancelSettings'])) {
} }
$conf = &$_SESSION['conf_config']; $conf = &$_SESSION['conf_config'];
if (!($conf instanceof LAMConfig)) {
die();
}
$errorsToDisplay = checkInput(); $errorsToDisplay = checkTypeInput($conf);
// check if button was pressed and if we have to save the settings or go to another tab // check if button was pressed and if we have to save the settings or go to another tab
if ((isset($_POST['saveSettings']) || isset($_POST['editmodules']) if ((isset($_POST['saveSettings']) || isset($_POST['editmodules'])
@ -120,8 +126,8 @@ if ((isset($_POST['saveSettings']) || isset($_POST['editmodules'])
} }
$typeSettings = $conf->get_typeSettings(); $typeSettings = $conf->get_typeSettings();
$allScopes = \LAM\TYPES\getTypes(); $allScopes = getTypes();
$typeManager = new \LAM\TYPES\TypeManager($conf); $typeManager = new TypeManager($conf);
$activeTypes = $typeManager->getConfiguredTypes(); $activeTypes = $typeManager->getConfiguredTypes();
$activeScopes = []; $activeScopes = [];
foreach ($activeTypes as $activeType) { foreach ($activeTypes as $activeType) {
@ -157,7 +163,7 @@ $row = new htmlResponsiveRow();
// show available types // show available types
if ($availableScopes !== []) { if ($availableScopes !== []) {
$row->add(new htmlSubTitle(_("Available account types")), 12); $row->add(new htmlSubTitle(_("Available account types")));
foreach ($availableScopes as $availableScope) { foreach ($availableScopes as $availableScope) {
$availableLabelGroup = new htmlGroup(); $availableLabelGroup = new htmlGroup();
$availableLabelGroup->addElement(new htmlImage('../../graphics/' . $availableScope->getIcon(), '16px', '16px')); $availableLabelGroup->addElement(new htmlImage('../../graphics/' . $availableScope->getIcon(), '16px', '16px'));
@ -182,7 +188,7 @@ $container = new htmlResponsiveRow();
$_SESSION['conftypes_optionTypes'] = []; $_SESSION['conftypes_optionTypes'] = [];
// show active types // show active types
if (count($activeTypes) > 0) { if (count($activeTypes) > 0) {
$container->add(new htmlSubTitle(_("Active account types")), 12); $container->add(new htmlSubTitle(_("Active account types")));
$index = 0; $index = 0;
foreach ($activeTypes as $activeType) { foreach ($activeTypes as $activeType) {
// title // title
@ -224,36 +230,31 @@ if (count($activeTypes) > 0) {
$suffix = $typeSettings['suffix_' . $activeType->getId()]; $suffix = $typeSettings['suffix_' . $activeType->getId()];
} }
$suffixInput = new htmlResponsiveInputField(_("LDAP suffix"), 'suffix_' . $activeType->getId(), $suffix, '202', true); $suffixInput = new htmlResponsiveInputField(_("LDAP suffix"), 'suffix_' . $activeType->getId(), $suffix, '202', true);
$container->add($suffixInput, 12); $container->add($suffixInput);
// list attributes // list attributes
if (isset($typeSettings['attr_' . $activeType->getId()])) { $attributes = $typeSettings['attr_' . $activeType->getId()] ?? $activeType->getBaseType()->getDefaultListAttributes();
$attributes = $typeSettings['attr_' . $activeType->getId()];
}
else {
$attributes = $activeType->getBaseType()->getDefaultListAttributes();
}
$attrsInput = new htmlResponsiveInputField(_("List attributes"), 'attr_' . $activeType->getId(), $attributes, '206'); $attrsInput = new htmlResponsiveInputField(_("List attributes"), 'attr_' . $activeType->getId(), $attributes, '206');
$attrsInput->setFieldMaxLength(1000); $attrsInput->setFieldMaxLength(1000);
$container->add($attrsInput, 12); $container->add($attrsInput);
// custom label // custom label
$customLabel = ''; $customLabel = '';
if (isset($typeSettings['customLabel_' . $activeType->getId()])) { if (isset($typeSettings['customLabel_' . $activeType->getId()])) {
$customLabel = $typeSettings['customLabel_' . $activeType->getId()]; $customLabel = $typeSettings['customLabel_' . $activeType->getId()];
} }
$customLabelInput = new htmlResponsiveInputField(_('Custom label'), 'customLabel_' . $activeType->getId(), $customLabel, '264'); $customLabelInput = new htmlResponsiveInputField(_('Custom label'), 'customLabel_' . $activeType->getId(), $customLabel, '264');
$container->add($customLabelInput, 12); $container->add($customLabelInput);
// LDAP filter // LDAP filter
$filter = ''; $filter = '';
if (isset($typeSettings['filter_' . $activeType->getId()])) { if (isset($typeSettings['filter_' . $activeType->getId()])) {
$filter = $typeSettings['filter_' . $activeType->getId()]; $filter = $typeSettings['filter_' . $activeType->getId()];
} }
$filterInput = new htmlResponsiveInputField(_("Additional LDAP filter"), 'filter_' . $activeType->getId(), $filter, '260'); $filterInput = new htmlResponsiveInputField(_("Additional LDAP filter"), 'filter_' . $activeType->getId(), $filter, '260');
$container->add($filterInput, 12); $container->add($filterInput);
// type options // type options
$typeConfigOptions = $activeType->getBaseType()->get_configOptions(); $typeConfigOptions = $activeType->getBaseType()->get_configOptions();
if (!empty($typeConfigOptions)) { if (!empty($typeConfigOptions)) {
foreach ($typeConfigOptions as $typeConfigOption) { foreach ($typeConfigOptions as $typeConfigOption) {
$container->add($typeConfigOption, 12); $container->add($typeConfigOption);
} }
// save option types to session // save option types to session
ob_start(); ob_start();
@ -271,29 +272,29 @@ if (count($activeTypes) > 0) {
} }
$readOnly = new htmlResponsiveInputCheckbox('readOnly_' . $activeType->getId(), $isReadOnly, _('Read-only'), '265'); $readOnly = new htmlResponsiveInputCheckbox('readOnly_' . $activeType->getId(), $isReadOnly, _('Read-only'), '265');
$readOnly->setElementsToDisable(['hideNewButton_' . $activeType->getId(), 'hideDeleteButton_' . $activeType->getId()]); $readOnly->setElementsToDisable(['hideNewButton_' . $activeType->getId(), 'hideDeleteButton_' . $activeType->getId()]);
$advancedOptions->add($readOnly, 12); $advancedOptions->add($readOnly);
} }
// hidden type // hidden type
$hidden = false; $hidden = false;
if (isset($typeSettings['hidden_' . $activeType->getId()])) { if (isset($typeSettings['hidden_' . $activeType->getId()])) {
$hidden = $typeSettings['hidden_' . $activeType->getId()]; $hidden = $typeSettings['hidden_' . $activeType->getId()];
} }
$advancedOptions->add(new htmlResponsiveInputCheckbox('hidden_' . $activeType->getId(), $hidden, _('Hidden'), '261'), 12); $advancedOptions->add(new htmlResponsiveInputCheckbox('hidden_' . $activeType->getId(), $hidden, _('Hidden'), '261'));
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) { if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
// hide button to create new accounts // hide button to create new accounts
$hideNewButton = false; $hideNewButton = false;
if (isset($typeSettings['hideNewButton_' . $activeType->getId()])) { if (isset($typeSettings['hideNewButton_' . $activeType->getId()])) {
$hideNewButton = $typeSettings['hideNewButton_' . $activeType->getId()]; $hideNewButton = $typeSettings['hideNewButton_' . $activeType->getId()];
} }
$advancedOptions->add(new htmlResponsiveInputCheckbox('hideNewButton_' . $activeType->getId(), $hideNewButton, _('No new entries'), '262'), 12); $advancedOptions->add(new htmlResponsiveInputCheckbox('hideNewButton_' . $activeType->getId(), $hideNewButton, _('No new entries'), '262'));
// hide button to delete accounts // hide button to delete accounts
$hideDeleteButton = false; $hideDeleteButton = false;
if (isset($typeSettings['hideDeleteButton_' . $activeType->getId()])) { if (isset($typeSettings['hideDeleteButton_' . $activeType->getId()])) {
$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeType->getId()]; $hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeType->getId()];
} }
$advancedOptions->add(new htmlResponsiveInputCheckbox('hideDeleteButton_' . $activeType->getId(), $hideDeleteButton, _('Disallow delete'), '263'), 12); $advancedOptions->add(new htmlResponsiveInputCheckbox('hideDeleteButton_' . $activeType->getId(), $hideDeleteButton, _('Disallow delete'), '263'));
} }
$container->add($advancedOptions, 12); $container->add($advancedOptions);
$container->addVerticalSpacer('2rem'); $container->addVerticalSpacer('2rem');
$index++; $index++;
@ -330,15 +331,15 @@ echo "</html>\n";
/** /**
* Checks user input and saves the entered settings. * Checks user input and saves the entered settings.
* *
* @return array<mixed> list of errors * @param LAMConfig $conf config
* @return array<int, string[]> list of errors
*/ */
function checkInput(): array { function checkTypeInput(LAMConfig $conf): array {
if (!isset($_POST['postAvailable'])) { if (!isset($_POST['postAvailable'])) {
return []; return [];
} }
$errors = []; $errors = [];
$conf = &$_SESSION['conf_config']; $typeManager = new TypeManager($conf);
$typeManager = new \LAM\TYPES\TypeManager($conf);
$typeSettings = $conf->get_typeSettings(); $typeSettings = $conf->get_typeSettings();
$accountTypes = $conf->get_ActiveTypes(); $accountTypes = $conf->get_ActiveTypes();
$postKeys = array_keys($_POST); $postKeys = array_keys($_POST);
@ -372,6 +373,9 @@ function checkInput(): array {
elseif (str_starts_with($key, "suffix_")) { elseif (str_starts_with($key, "suffix_")) {
$typeSettings[$key] = trim($_POST[$key]); $typeSettings[$key] = trim($_POST[$key]);
$type = $typeManager->getConfiguredType(substr($postKeys[$i], 7)); $type = $typeManager->getConfiguredType(substr($postKeys[$i], 7));
if ($type === null) {
continue;
}
if (strlen($_POST[$key]) < 1) { if (strlen($_POST[$key]) < 1) {
$errors[] = ["ERROR", _("LDAP Suffix is invalid!"), $type->getAlias()]; $errors[] = ["ERROR", _("LDAP Suffix is invalid!"), $type->getAlias()];
} }
@ -380,6 +384,9 @@ function checkInput(): array {
elseif (str_starts_with($key, "attr_")) { elseif (str_starts_with($key, "attr_")) {
$typeSettings[$key] = $_POST[$key]; $typeSettings[$key] = $_POST[$key];
$type = $typeManager->getConfiguredType(substr($postKeys[$i], 5)); $type = $typeManager->getConfiguredType(substr($postKeys[$i], 5));
if ($type === null) {
continue;
}
if (!is_string($_POST[$key]) || !preg_match("/^((#[^:;]+)|([^:;]*:[^:;]+))(;((#[^:;]+)|([^:;]*:[^:;]+)))*$/", $_POST[$key])) { if (!is_string($_POST[$key]) || !preg_match("/^((#[^:;]+)|([^:;]*:[^:;]+))(;((#[^:;]+)|([^:;]*:[^:;]+)))*$/", $_POST[$key])) {
$errors[] = ["ERROR", _("List attributes are invalid!"), $type->getAlias()]; $errors[] = ["ERROR", _("List attributes are invalid!"), $type->getAlias()];
} }
@ -449,10 +456,10 @@ function checkInput(): array {
/** /**
* Compares types by alias for sorting. * Compares types by alias for sorting.
* *
* @param \baseType $a first type * @param baseType $a first type
* @param \baseType $b second type * @param baseType $b second type
* @return int comparison result * @return int comparison result
*/ */
function compareTypesByAlias(\baseType $a, \baseType $b): int { function compareTypesByAlias(baseType $a, baseType $b): int {
return strnatcasecmp($a->getAlias(), $b->getAlias()); return strnatcasecmp($a->getAlias(), $b->getAlias());
} }

16
lam/templates/config/mainmanage.php
View file

@ -29,6 +29,7 @@ use htmlResponsiveInputCheckbox;
use htmlResponsiveInputField; use htmlResponsiveInputField;
use htmlDiv; use htmlDiv;
use htmlHiddenInput; use htmlHiddenInput;
use LAMConfig;
use LAMException; use LAMException;
use LamTemporaryFilesManager; use LamTemporaryFilesManager;
use PDO; use PDO;
@ -85,6 +86,9 @@ if (!isset($_SESSION['cfgMain'])) {
$_SESSION['cfgMain'] = $cfg; $_SESSION['cfgMain'] = $cfg;
} }
$cfg = &$_SESSION['cfgMain']; $cfg = &$_SESSION['cfgMain'];
if (!($cfg instanceof LAMCfgMain)) {
die();
}
// check if user is logged in // check if user is logged in
if (!isset($_SESSION["mainconf_password"]) || (!$cfg->checkPassword($_SESSION["mainconf_password"]))) { if (!isset($_SESSION["mainconf_password"]) || (!$cfg->checkPassword($_SESSION["mainconf_password"]))) {
@ -377,7 +381,7 @@ if (isset($_POST['submitFormData'])) {
} }
foreach (array_keys($_POST) as $key) { foreach (array_keys($_POST) as $key) {
if (str_starts_with($key, 'deleteCert_')) { if (str_starts_with($key, 'deleteCert_')) {
$index = substr($key, strlen('deleteCert_')); $index = (int) substr($key, strlen('deleteCert_'));
$cfg->deleteSSLCaCert($index); $cfg->deleteSSLCaCert($index);
} }
} }
@ -509,7 +513,7 @@ if (isset($_POST['submitFormData'])) {
// license // license
if (isLAMProVersion()) { if (isLAMProVersion()) {
$row->add(new htmlSubTitle(_('Licence'))); $row->add(new htmlSubTitle(_('Licence')));
$row->add(new htmlResponsiveInputTextarea('license', implode("\n", $cfg->getLicenseLines()), '30', '10', _('Licence'), '287')); $row->add(new htmlResponsiveInputTextarea('license', implode("\n", $cfg->getLicenseLines()), 30, 10, _('Licence'), '287'));
$warningOptions = [ $warningOptions = [
_('Screen') => LAMCfgMain::LICENSE_WARNING_SCREEN, _('Screen') => LAMCfgMain::LICENSE_WARNING_SCREEN,
_('Email') => LAMCfgMain::LICENSE_WARNING_EMAIL, _('Email') => LAMCfgMain::LICENSE_WARNING_EMAIL,
@ -535,7 +539,7 @@ if (isset($_POST['submitFormData'])) {
$licenseTo->setRequired(true); $licenseTo->setRequired(true);
$row->add($licenseTo); $row->add($licenseTo);
$row->add(new htmlSpacer(null, '1rem'), true); $row->add(new htmlSpacer(null, '1rem'));
} }
// security settings // security settings
@ -544,9 +548,9 @@ if (isset($_POST['submitFormData'])) {
$row->add(new htmlResponsiveSelect('sessionTimeout', $options, [$cfg->sessionTimeout], _("Session timeout"), '238')); $row->add(new htmlResponsiveSelect('sessionTimeout', $options, [$cfg->sessionTimeout], _("Session timeout"), '238'));
$hideLoginErrorDetails = ($cfg->hideLoginErrorDetails === 'true'); $hideLoginErrorDetails = ($cfg->hideLoginErrorDetails === 'true');
$row->add(new htmlResponsiveInputCheckbox('hideLoginErrorDetails', $hideLoginErrorDetails, _('Hide LDAP details on failed login'), '257')); $row->add(new htmlResponsiveInputCheckbox('hideLoginErrorDetails', $hideLoginErrorDetails, _('Hide LDAP details on failed login'), '257'));
$row->add(new htmlResponsiveInputTextarea('allowedHosts', implode("\n", explode(",", $cfg->allowedHosts)), '30', '7', _("Allowed hosts"), '241')); $row->add(new htmlResponsiveInputTextarea('allowedHosts', implode("\n", explode(",", $cfg->allowedHosts)), 30, 7, _("Allowed hosts"), '241'));
if (isLAMProVersion()) { if (isLAMProVersion()) {
$row->add(new htmlResponsiveInputTextarea('allowedHostsSelfService', implode("\n", explode(",", $cfg->allowedHostsSelfService)), '30', '7', _("Allowed hosts (self service)"), '241')); $row->add(new htmlResponsiveInputTextarea('allowedHostsSelfService', implode("\n", explode(",", $cfg->allowedHostsSelfService)), 30, 7, _("Allowed hosts (self service)"), '241'));
} }
// SSL certificate // SSL certificate
$row->addVerticalSpacer('1rem'); $row->addVerticalSpacer('1rem');
@ -578,7 +582,7 @@ if (isset($_POST['submitFormData'])) {
$sslUploadBtn->setTitle(_('Upload CA certificate in DER/PEM format.')); $sslUploadBtn->setTitle(_('Upload CA certificate in DER/PEM format.'));
$row->addField($sslUploadBtn); $row->addField($sslUploadBtn);
if (function_exists('stream_socket_client') && function_exists('stream_context_get_params')) { if (function_exists('stream_socket_client') && function_exists('stream_context_get_params')) {
$sslImportServerUrl = empty($_POST['serverurl']) ? 'ldaps://' : $_POST['serverurl']; $sslImportServerUrl = empty($_POST['serverurl']) ? 'ldaps://' : (string) $_POST['serverurl'];
$serverUrlUpload = new htmlInputField('serverurl', $sslImportServerUrl); $serverUrlUpload = new htmlInputField('serverurl', $sslImportServerUrl);
$row->addLabel($serverUrlUpload); $row->addLabel($serverUrlUpload);
$sslImportBtn = new htmlButton('sslCaCertImport', _('Import from server')); $sslImportBtn = new htmlButton('sslCaCertImport', _('Import from server'));

1
phpstan.neon
View file

@ -12,6 +12,7 @@ parameters:
excludePaths: excludePaths:
analyseAndScan: analyseAndScan:
- */3rdParty/* - */3rdParty/*
- */lists/changePassword.php
ignoreErrors: ignoreErrors:
- '#.* on an unknown class .*#' - '#.* on an unknown class .*#'
- '#.* has invalid type .*#' - '#.* has invalid type .*#'