lucretia/OneForMe
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'Added LDAP login, removed registration option' (#21) from 18-ldap-login into master

Browse Source 
Reviewed-on: #21
This commit was merged in pull request #21.
This commit is contained in:
lucretia
2026-01-09 12:59:32 +00:00
parent 3d43084441 bf30f11803
commit 4d1dac1c8f
7 changed files with 225 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Controllers/AccountController.cs
View File

@@ -20,12 +20,6 @@ public class AccountController : Controller
return View();
}
[HttpGet("Register")]
public IActionResult Register()
{
return View();
}
[HttpGet("Logout")]
public async Task<IActionResult> Logout()
{

92
Controllers/AuthController.cs
View File

@@ -1,5 +1,6 @@
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using OneForMe.Services;
namespace OneForMe.Controllers;
@@ -7,42 +8,78 @@ namespace OneForMe.Controllers;
[Route("api/[controller]")]
public class AuthController : ControllerBase
{
private readonly UserManager<IdentityUser> _userManager;
private readonly ILdapService _ldapService;
private readonly SignInManager<IdentityUser> _signInManager;
private readonly UserManager<IdentityUser> _userManager;
private readonly ILogger<AuthController> _logger;
public AuthController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
public AuthController(
ILdapService ldapService,
SignInManager<IdentityUser> signInManager,
UserManager<IdentityUser> userManager,
ILogger<AuthController> logger)
{
_userManager = userManager;
_ldapService = ldapService;
_signInManager = signInManager;
_userManager = userManager;
_logger = logger;
}
/// <summary>
/// Register a new user
/// </summary>
[HttpPost("register")]
public async Task<IActionResult> Register([FromBody] RegisterRequest request)
{
var user = new IdentityUser { UserName = request.Email, Email = request.Email };
var result = await _userManager.CreateAsync(user, request.Password);
if (result.Succeeded)
return Ok(new { message = "User registered successfully" });
return BadRequest(new { errors = result.Errors.Select(e => e.Description) });
}
/// <summary>
/// Login user
/// Login user with LDAP credentials
/// </summary>
[HttpPost("login")]
public async Task<IActionResult> Login([FromBody] LoginRequest request)
{
var result = await _signInManager.PasswordSignInAsync(request.Email, request.Password, false, false);
try
{
// Authenticate with LDAP
var isAuthenticated = await _ldapService.AuthenticateAsync(request.Username, request.Password);
if (!isAuthenticated)
{
_logger.LogWarning($"LDAP authentication failed for user {request.Username}");
return Unauthorized(new { message = "Invalid username or password" });
}
if (result.Succeeded)
// Get user details from LDAP
var ldapUser = await _ldapService.GetUserAsync(request.Username);
if (ldapUser == null)
{
_logger.LogWarning($"Could not retrieve LDAP user details for {request.Username}");
return Unauthorized(new { message = "Could not retrieve user details" });
}
// Check if user exists in database, if not create them
var user = await _userManager.FindByNameAsync(request.Username);
if (user == null)
{
user = new IdentityUser
{
UserName = request.Username,
Email = ldapUser.Email,
EmailConfirmed = true
};
var result = await _userManager.CreateAsync(user);
if (!result.Succeeded)
{
_logger.LogError($"Failed to create user {request.Username} in database");
return BadRequest(new { message = "Failed to create user account" });
}
_logger.LogInformation($"Created new user {request.Username} in database");
}
// Sign in the user
await _signInManager.SignInAsync(user, false);
_logger.LogInformation($"User {request.Username} signed in successfully");
return Ok(new { message = "Login successful" });
return Unauthorized(new { message = "Invalid email or password" });
}
catch (Exception ex)
{
_logger.LogError($"Login error: {ex.Message}");
return StatusCode(500, new { message = "An error occurred during login" });
}
}
/// <summary>
@@ -52,18 +89,13 @@ public class AuthController : ControllerBase
public async Task<IActionResult> Logout()
{
await _signInManager.SignOutAsync();
_logger.LogInformation("User logged out");
return Ok(new { message = "Logout successful" });
}
}
public class RegisterRequest
{
public string Email { get; set; } = string.Empty;
public string Password { get; set; } = string.Empty;
}
public class LoginRequest
{
public string Email { get; set; } = string.Empty;
public string Username { get; set; } = string.Empty;
public string Password { get; set; } = string.Empty;
}

1
OneForMe.csproj
View File

@@ -17,6 +17,7 @@
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="10.0.0-rc.2.25502.107" />
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="10.0.0-rc.2.25502.107" />
<PackageReference Include="Microsoft.Extensions.Localization" Version="10.0.0-rc.2.25502.107" />
<PackageReference Include="Novell.Directory.Ldap.NETStandard" Version="3.6.0" />
</ItemGroup>
</Project>

3
Program.cs
View File

@@ -54,6 +54,9 @@ builder.Services.AddIdentity<IdentityUser, IdentityRole>(options =>
// Add LocalizationService
builder.Services.AddScoped<LocalizationService>();
// Add LDAP Service
builder.Services.AddScoped<ILdapService, LdapService>();
var app = builder.Build();
// Create and migrate database on startup

139
Services/LdapService.cs Normal file
View File

@@ -0,0 +1,139 @@
using Novell.Directory.Ldap;
using Microsoft.Extensions.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace OneForMe.Services;
public interface ILdapService
{
Task<bool> AuthenticateAsync(string username, string password);
Task<LdapUser> GetUserAsync(string username);
}
public partial class LdapService : ILdapService
{
public Dictionary<string, HashAlgorithm> HashAlgorithms => new() { ["MD5"] = MD5.Create(), ["SHA1"] = SHA1.Create(), ["SHA256"] = SHA256.Create(), ["SHA384"] = SHA384.Create(), ["SHA512"] = SHA512.Create(), ["SSHA"] = SHA1.Create(), ["SSHA256"] = SHA256.Create(), ["SSHA384"] = SHA384.Create(), ["SSHA512"] = SHA512.Create()};
private readonly IConfiguration _configuration;
private readonly ILogger<LdapService> _logger;
public LdapService(IConfiguration configuration, ILogger<LdapService> logger)
{
_configuration = configuration;
_logger = logger;
}
public async Task<bool> AuthenticateAsync(string username, string password)
{
try
{
LdapUser user = await GetUserAsync(username);
bool hashMatches = CompareStringToHashed(password, user.Password);
_logger.LogInformation("User {username} authenticated successfully via LDAP", [username]);
return hashMatches;
}
catch (LdapException ex)
{
_logger.LogWarning("LDAP authentication failed for user {username}: {ex.Message}", [username, ex.Message]);
return false;
}
catch (Exception ex)
{
_logger.LogError("LDAP authentication error for user {username}: {ex.Message}", [username, ex.Message]);
return false;
}
}
public async Task<LdapUser> GetUserAsync(string username)
{
try
{
var connection = new LdapConnection();
var ldapSettings = _configuration.GetSection("LdapSettings");
var serverName = ldapSettings["ServerName"];
var port = int.Parse(ldapSettings["Port"] ?? "389");
var baseDn = ldapSettings["BaseDn"];
var bindDn = ldapSettings["BindDn"];
var bindPassword = ldapSettings["BindPassword"];
connection.Connect(serverName, port);
connection.Bind(bindDn, bindPassword);
var searchFilter = $"(uid={username})";
var results = connection.Search(
baseDn,
LdapConnection.ScopeSub,
searchFilter,
new[] { "uid", "mail", "cn", "sn", "userPassword" },
false
);
LdapUser user = null;
while (results.HasMore())
{
var entry = results.Next();
LdapAttributeSet attributeSet = entry.GetAttributeSet();
attributeSet.TryGetValue("uid", out LdapAttribute? uid);
attributeSet.TryGetValue("mail", out LdapAttribute? mail);
attributeSet.TryGetValue("cn", out LdapAttribute? cn);
attributeSet.TryGetValue("sn", out LdapAttribute? sn);
attributeSet.TryGetValue("userPassword", out LdapAttribute? userPassword);
user = new LdapUser
{
Username = uid?.StringValue ?? username, //entry.GetAttribute("uid")?.StringValue ?? username,
Email = mail?.StringValue ?? "", //entry.GetAttribute("mail")?.StringValue ?? $"{username}@example.com",
FullName = cn?.StringValue ?? "", //entry.GetAttribute("cn")?.StringValue ?? username,
LastName = sn?.StringValue ?? "", //entry.GetAttribute("sn")?.StringValue ?? "",
Password = userPassword?.StringValue ?? "" //entry.GetAttribute("userPassword")?.StringValue ?? ""
};
}
connection.Disconnect();
return user;
}
catch (Exception ex)
{
_logger.LogError($"Error retrieving LDAP user {username}: {ex.Message}");
return null;
}
}
public bool CompareStringToHashed(string sourcePassword, string targetPasswordHashed)
{
string algorithmName = CurlyBracesExtractor().Match(targetPasswordHashed).Groups[1].Value;
HashAlgorithm hashAlgorithm = HashAlgorithms[algorithmName.ToUpperInvariant()];
byte[] sourcePasswordBytes = Encoding.UTF8.GetBytes(sourcePassword);
byte[] targetPasswordHashedBytes = Convert.FromBase64String(CurlyBracesRemover().Replace(targetPasswordHashed, ""));
int hashSize = hashAlgorithm.HashSize / 8;
if (targetPasswordHashedBytes.Length > hashSize) // Has salt
{
int saltLength = targetPasswordHashedBytes.Length - hashSize;
byte[] salt = new byte[saltLength];
Array.Copy(targetPasswordHashedBytes, hashSize, salt, 0, saltLength);
Array.Resize(ref targetPasswordHashedBytes, hashSize);
byte[] newSourcePasswordBytes = new byte[sourcePasswordBytes.Length + salt.Length];
Array.Copy(sourcePasswordBytes, 0, newSourcePasswordBytes, 0, sourcePasswordBytes.Length);
Array.Copy(salt, 0, newSourcePasswordBytes, sourcePasswordBytes.Length, salt.Length);
sourcePasswordBytes = newSourcePasswordBytes;
}
sourcePasswordBytes = hashAlgorithm.ComputeHash(sourcePasswordBytes);
return CryptographicOperations.FixedTimeEquals(sourcePasswordBytes, targetPasswordHashedBytes);
}
[GeneratedRegex(@"\{.*?\}")]
private static partial Regex CurlyBracesRemover();
[GeneratedRegex(@"\{([^}]*)\}")]
private static partial Regex CurlyBracesExtractor();
}
public class LdapUser
{
public string Username { get; set; }
public string Password { get; set; }
public string Email { get; set; }
public string FullName { get; set; }
public string LastName { get; set; }
}

12
Views/Account/Login.cshtml
View File

@@ -14,8 +14,8 @@
<form id="loginForm">
<div class="mb-3">
<label for="email" class="form-label">@Localizer["Email"]</label>
<input type="email" class="form-control" id="email" name="email" required>
<label for="username" class="form-label">@Localizer["Username"]</label>
<input type="text" class="form-control" id="username" name="username" required autofocus>
</div>
<div class="mb-3">
@@ -26,10 +26,6 @@
<button type="submit" class="btn btn-primary w-100">@Localizer["Login"]</button>
</form>
<hr>
<p class="text-center">@Localizer["DontHaveAccount"] <a asp-controller="Account" asp-action="Register">@Localizer["RegisterHere"]</a></p>
<div id="message" class="mt-3"></div>
</div>
</div>
@@ -41,7 +37,7 @@
document.getElementById('loginForm').addEventListener('submit', async (e) => {
e.preventDefault();
const email = document.getElementById('email').value;
const username = document.getElementById('username').value;
const password = document.getElementById('password').value;
const messageDiv = document.getElementById('message');
@@ -51,7 +47,7 @@ document.getElementById('loginForm').addEventListener('submit', async (e) => {
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ email, password })
body: JSON.stringify({ username, password })
});
if (response.ok) {

17
appsettings.json
View File

@@ -9,5 +9,20 @@
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
"AllowedHosts": "*",
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://0.0.0.0:5000"
}
}
},
"LdapSettings": {
"ServerName": "192.168.0.117",
"Port": "389",
"BaseDn": "dc=ham,dc=ld50,dc=dev",
"UserDnTemplate": "uid={0},ou=users,dc=ham,dc=ld50,dc=dev",
"BindDn": "cn=admin,dc=ham,dc=ld50,dc=dev",
"BindPassword": "TestLDAP"
}
}