lucretia/OneForMe
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Added LDAP login, removed registration option

Browse Source
This commit is contained in:
LD-Reborn
2026-01-09 13:58:22 +01:00
parent 3d43084441
commit bf30f11803
7 changed files with 225 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
Services/LdapService.cs Normal file
View File

@@ -0,0 +1,139 @@
using Novell.Directory.Ldap;
using Microsoft.Extensions.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace OneForMe.Services;
public interface ILdapService
{
Task<bool> AuthenticateAsync(string username, string password);
Task<LdapUser> GetUserAsync(string username);
}
public partial class LdapService : ILdapService
{
public Dictionary<string, HashAlgorithm> HashAlgorithms => new() { ["MD5"] = MD5.Create(), ["SHA1"] = SHA1.Create(), ["SHA256"] = SHA256.Create(), ["SHA384"] = SHA384.Create(), ["SHA512"] = SHA512.Create(), ["SSHA"] = SHA1.Create(), ["SSHA256"] = SHA256.Create(), ["SSHA384"] = SHA384.Create(), ["SSHA512"] = SHA512.Create()};
private readonly IConfiguration _configuration;
private readonly ILogger<LdapService> _logger;
public LdapService(IConfiguration configuration, ILogger<LdapService> logger)
{
_configuration = configuration;
_logger = logger;
}
public async Task<bool> AuthenticateAsync(string username, string password)
{
try
{
LdapUser user = await GetUserAsync(username);
bool hashMatches = CompareStringToHashed(password, user.Password);
_logger.LogInformation("User {username} authenticated successfully via LDAP", [username]);
return hashMatches;
}
catch (LdapException ex)
{
_logger.LogWarning("LDAP authentication failed for user {username}: {ex.Message}", [username, ex.Message]);
return false;
}
catch (Exception ex)
{
_logger.LogError("LDAP authentication error for user {username}: {ex.Message}", [username, ex.Message]);
return false;
}
}
public async Task<LdapUser> GetUserAsync(string username)
{
try
{
var connection = new LdapConnection();
var ldapSettings = _configuration.GetSection("LdapSettings");
var serverName = ldapSettings["ServerName"];
var port = int.Parse(ldapSettings["Port"] ?? "389");
var baseDn = ldapSettings["BaseDn"];
var bindDn = ldapSettings["BindDn"];
var bindPassword = ldapSettings["BindPassword"];
connection.Connect(serverName, port);
connection.Bind(bindDn, bindPassword);
var searchFilter = $"(uid={username})";
var results = connection.Search(
baseDn,
LdapConnection.ScopeSub,
searchFilter,
new[] { "uid", "mail", "cn", "sn", "userPassword" },
false
);
LdapUser user = null;
while (results.HasMore())
{
var entry = results.Next();
LdapAttributeSet attributeSet = entry.GetAttributeSet();
attributeSet.TryGetValue("uid", out LdapAttribute? uid);
attributeSet.TryGetValue("mail", out LdapAttribute? mail);
attributeSet.TryGetValue("cn", out LdapAttribute? cn);
attributeSet.TryGetValue("sn", out LdapAttribute? sn);
attributeSet.TryGetValue("userPassword", out LdapAttribute? userPassword);
user = new LdapUser
{
Username = uid?.StringValue ?? username, //entry.GetAttribute("uid")?.StringValue ?? username,
Email = mail?.StringValue ?? "", //entry.GetAttribute("mail")?.StringValue ?? $"{username}@example.com",
FullName = cn?.StringValue ?? "", //entry.GetAttribute("cn")?.StringValue ?? username,
LastName = sn?.StringValue ?? "", //entry.GetAttribute("sn")?.StringValue ?? "",
Password = userPassword?.StringValue ?? "" //entry.GetAttribute("userPassword")?.StringValue ?? ""
};
}
connection.Disconnect();
return user;
}
catch (Exception ex)
{
_logger.LogError($"Error retrieving LDAP user {username}: {ex.Message}");
return null;
}
}
public bool CompareStringToHashed(string sourcePassword, string targetPasswordHashed)
{
string algorithmName = CurlyBracesExtractor().Match(targetPasswordHashed).Groups[1].Value;
HashAlgorithm hashAlgorithm = HashAlgorithms[algorithmName.ToUpperInvariant()];
byte[] sourcePasswordBytes = Encoding.UTF8.GetBytes(sourcePassword);
byte[] targetPasswordHashedBytes = Convert.FromBase64String(CurlyBracesRemover().Replace(targetPasswordHashed, ""));
int hashSize = hashAlgorithm.HashSize / 8;
if (targetPasswordHashedBytes.Length > hashSize) // Has salt
{
int saltLength = targetPasswordHashedBytes.Length - hashSize;
byte[] salt = new byte[saltLength];
Array.Copy(targetPasswordHashedBytes, hashSize, salt, 0, saltLength);
Array.Resize(ref targetPasswordHashedBytes, hashSize);
byte[] newSourcePasswordBytes = new byte[sourcePasswordBytes.Length + salt.Length];
Array.Copy(sourcePasswordBytes, 0, newSourcePasswordBytes, 0, sourcePasswordBytes.Length);
Array.Copy(salt, 0, newSourcePasswordBytes, sourcePasswordBytes.Length, salt.Length);
sourcePasswordBytes = newSourcePasswordBytes;
}
sourcePasswordBytes = hashAlgorithm.ComputeHash(sourcePasswordBytes);
return CryptographicOperations.FixedTimeEquals(sourcePasswordBytes, targetPasswordHashedBytes);
}
[GeneratedRegex(@"\{.*?\}")]
private static partial Regex CurlyBracesRemover();
[GeneratedRegex(@"\{([^}]*)\}")]
private static partial Regex CurlyBracesExtractor();
}
public class LdapUser
{
public string Username { get; set; }
public string Password { get; set; }
public string Email { get; set; }
public string FullName { get; set; }
public string LastName { get; set; }
}