Next release (#151)

* Custom email body (#51)

* get email body from ENV

* read subject from env

* html mail

* replace special string with username and password

* missing ;

* more str_replace

* utf8 in mail

* typo

* docs

* fix var

* count accounts

* fix print

* Add the ability to set the server path.  Get directed to the appropriate module when you log in.

* Fixes to allow overriding attribute labels properly

* Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access.

* Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136)

* mod: condense Dockerfile

* add: _FILE feature
add: list of sensitive env_vars

* mod: sorted env_var list

* add: complete current env_var list

* fix: formatting

* mod: revert Dockerfile to prev. version

* mod: updated comment to be more descriptive
mod: rename variables to be more descriptive

* rem: list of env_var; no longer needed.
mod: env_file_replace function
^ search for all <env_var>_FILE variables and replace
^ <env_var> if the file exists and is not empty
mod: env_file_replace comment

Co-authored-by: pyunramura <[email protected]>

* Update the README with information on using _FILE

* Change username regex variables

* Named server certs, as suggested by @huzvar

* Update LDAP filter method as suggested by @xgaia

* Feature/http header username (#120)

* Implement Remote Headers Auth

* Hide Logout on Remote Sessions

* Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing

Co-authored-by: Damian Galli <[email protected]>

* Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username

* Fix issues #124 and #126

* Change badges to buttons for list counts

* Don't secretly set displayName

* Add Group Additional (#113)

* Add doku Group additional.

* Read Group additional configuration.

* New group add Additional objectclasses

* Allow for attributes that take multiple values.

* Updated README

* Formatting fixes, fix parsing params from account requests, initial code for the simple interface flag.

* Add attribute fields for groups and allow user-defined attributes to be displayed.  Move alert banner JS to a function.

* Update entries with any missing additional objectclasses when updating entries.  Update README to describe changes. Initial work to allow file uploads for attributes.

* Functionality to upload binary files and display them in the form it's a JPEG.  Added a new page to download existing binary content.

* Bugfixes for compatibility with older osixia/openldap versions.  Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES.

* Update version number in README.

Co-authored-by: Monsieur X <[email protected]>
Co-authored-by: pyunramura <[email protected]>
Co-authored-by: pyunramura <[email protected]>
Co-authored-by: Damian Galli <[email protected]>
Co-authored-by: Damian Galli <[email protected]>
Co-authored-by: huzvar <[email protected]>

entrypoint

@@ -4,6 +4,17 @@ set -e
 ssl_dir="/opt/ssl"
 php_dir="/opt/ldap_user_manager"
 
+env_file_replace() {
+  for env_file in $(env|grep _FILE=); do
+    read -a env <<< "$(echo "$env_file" | sed 's/\(.*\)_FILE=\(.*\)/\1 \2/')"
+    if [ -s "${env[1]}" ]; then
+      echo Setting "${env[0]}" from "${env[1]}"
+      export "${env[0]}"="$(cat "${env[1]}")"
+      else echo "${env[1]} does not exist or is empty. Leaving ${env[0]} unset"
+    fi
+  done
+}
+
 if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
 if [ ! "$SERVER_PATH" ]; then
   export SERVER_PATH="/";
@@ -17,8 +28,8 @@ fi
 
 if [ "$LDAP_TLS_CACERT" ]; then
   echo "$LDAP_TLS_CACERT" >/opt/ca.crt
-  mkdir -p /etc/ldap
-  echo "TLS_CACERT /opt/ca.crt/" > /etc/ldap/ldap.conf
+  mkdir -p /etc/ldap  
+  sed -i "s/TLS_CACERT.*/TLS_CACERT \/opt\/ca.crt/" /etc/ldap/ldap.conf
 fi
 
 if [ "${NO_HTTPS,,}" == "true" ]; then
@@ -47,15 +58,15 @@ else
   ########################
   #If there aren't any SSL certs then create a CA and then CA-signed certificate
 
-  if [ ! -f "${ssl_dir}/server.key" ] && [ ! -f "${ssl_dir}/server.crt" ]; then
+  if [ ! -f "${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}" ]; then
 
     mkdir -p $ssl_dir
     confout="${ssl_dir}/conf"
     keyout="${ssl_dir}/server.key"
     certout="${ssl_dir}/server.crt"
-    cakey="${ssl_dir}/ca.key"
-    cacert="${ssl_dir}/ca.crt"
-    serialfile="${ssl_dir}/serial"
+    cakey="${ssl_dir}/.ca.key"
+    cacert="${ssl_dir}/.ca.crt"
+    serialfile="${ssl_dir}/.serial"
 
     echo "Generating CA key"
     openssl genrsa -out $cakey 2048
@@ -75,7 +86,7 @@ else
 
     echo "Generating openssl configuration"
 
-    cat <<EoCertConf>$confout
+    cat <<EoCertConf >$confout
 subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
 extendedKeyUsage = serverAuth
 EoCertConf
@@ -113,7 +124,7 @@ EoCertConf
   ########################
   #Create Apache config
 
-  if [ -f "${ssl_dir}/chain.pem" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/chain.pem"; fi
+  if [ -f "${ssl_dir}/${CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/${CA_CERT_FILENAME}"; fi
 
   echo  > /etc/apache2/sites-enabled/lum.conf
   echo  > /etc/apache2/ports.conf
@@ -152,22 +163,25 @@ EoHTTPrd
  </Directory>
 
  SSLEngine On
- SSLCertificateFile /opt/ssl/server.crt
- SSLCertificateKeyFile /opt/ssl/server.key
+ SSLCertificateFile ${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}
+ SSLCertificateKeyFile ${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}
  $ssl_chain
 
 </VirtualHost>
 EoHTTPSC
 
 fi
 
+########################
+#If <env_var>_FILE is set, read and export env_var from the referenced file's contents
+env_file_replace
 
 ########################
 #Run Apache
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-	set -- apache2-foreground "$@"
+        set -- apache2-foreground "$@"
 fi
 
 exec "$@"

www/account_manager/download.php

@@ -0,0 +1,41 @@
+<?php
+
+set_include_path( ".:" . __DIR__ . "/../includes/");
+include_once "web_functions.inc.php";
+include_once "ldap_functions.inc.php";
+include_once "module_functions.inc.php";
+set_page_access("admin");
+
+if (!isset($_GET['resource_identifier']) or !isset($_GET['attribute'])) {
+  exit(0);
+}
+else {
+  $this_resource=ldap_escape($_GET['resource_identifier'], "", LDAP_ESCAPE_FILTER);
+  $this_attribute=ldap_escape($_GET['attribute'], "", LDAP_ESCAPE_FILTER);
+}
+
+
+$exploded = ldap_explode_dn($this_resource,0);
+$filter = $exploded[0];
+$ldap_connection = open_ldap_connection();
+$ldap_search_query="($filter)";
+$ldap_search = ldap_search($ldap_connection, $this_resource, $ldap_search_query,array($this_attribute));
+
+if ($ldap_search) {
+
+  $records = ldap_get_entries($ldap_connection, $ldap_search);
+  if ($records['count'] == 1) {
+    $this_record = $records[0];
+      if (isset($this_record[$this_attribute][0])) {
+        header("Content-Type: application/octet-stream");
+        header("Cache-Control: no-cache private");
+        header("Content-Transfer-Encoding: Binary");
+        header("Content-disposition: attachment; filename='${this_resource}.${this_attribute}'");
+        header("Content-Length: ". strlen($this_record[$this_attribute][0]));
+        print $this_record[$this_attribute][0];
+      }
+  }
+
+}
+
+?>

www/account_manager/groups.php

@@ -14,37 +14,18 @@
 
 if (isset($_POST['delete_group'])) {
 
- ?>
- <script>
-    window.setTimeout(function() {
-                                  $(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
-                                 }, 4000);
- </script>
- <?php
-
  $this_group = $_POST['delete_group'];
  $this_group = urldecode($this_group);
 
  $del_group = ldap_delete_group($ldap_connection,$this_group);
 
  if ($del_group) {
-  ?>
-  <div class="alert alert-success" role="alert">
-   <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <p class="text-center">Group <strong><?php print $this_group; ?> was deleted.</p>
-  </div>
-  <?php
+   render_alert_banner("Group <strong>$this_group</strong> was deleted.");
  }
  else {
-  ?>
-  <div class="alert alert-danger" role="alert">
-   <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <p class="text-center">Group <strong><?php print $this_group; ?></strong> wasn't deleted.</p>
-  </div>
-  <?php
+   render_alert_banner("Group <strong>$this_group</strong> wasn't deleted.  See the logs for more information.","danger",15000);
  }
 
-
 }
 
 $groups = ldap_get_group_list($ldap_connection);
@@ -72,18 +53,28 @@ function show_new_group_form() {
  <div class="form-inline" id="new_group_div">
   <form action="<?php print "${THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
    <input type="hidden" name="new_group">
-   <span class="badge badge-secondary" style="font-size:1.9rem;"><?php print count($groups);?> group<?php if (count($groups) != 1) { print "s"; }?></span>  &nbsp;  <button id="show_new_group" class="form-control btn btn-default" type="button" onclick="show_new_group_form();">New group</button>
+   <button type="button" class="btn btn-light"><?php print count($groups);?> group<?php if (count($groups) != 1) { print "s"; }?></button>  &nbsp;  <button id="show_new_group" class="form-control btn btn-default" type="button" onclick="show_new_group_form();">New group</button>
    <input type="text" class="form-control invisible" name="group_name" id="group_name" placeholder="Group name" onkeyup="check_entity_name_validity(document.getElementById('group_name').value,'new_group_div');"><button id="add_group" class="form-control btn btn-primary btn-sm invisible" type="submit">Add</button>
   </form>
  </div>
-
+ <input class="form-control" id="search_input" type="text" placeholder="Search..">
  <table class="table table-striped">
   <thead>
    <tr>
      <th>Group name</th>
    </tr>
   </thead>
- <tbody>
+ <tbody id="grouplist">
+   <script>
+    $(document).ready(function(){
+      $("#search_input").on("keyup", function() {
+        var value = $(this).val().toLowerCase();
+        $("#grouplist tr").filter(function() {
+          $(this).toggle($(this).text().toLowerCase().indexOf(value) > -1)
+        });
+      });
+    });
+  </script>
 <?php
 foreach ($groups as $group){
  print " <tr>\n   <td><a href='${THIS_MODULE_PATH}/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";

www/account_manager/index.php

@@ -14,46 +14,29 @@
 
 if (isset($_POST['delete_user'])) {
 
- ?>
- <script>
-    window.setTimeout(function() {
-                                  $(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
-                                 }, 4000);
- </script>
- <?php
-
  $this_user = $_POST['delete_user'];
  $this_user = urldecode($this_user);
 
  $del_user = ldap_delete_account($ldap_connection,$this_user);
 
  if ($del_user) {
- ?>
- <div class="alert alert-success" role="alert">
-  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-  <p class="text-center">User <strong><?php print $this_user; ?> was deleted.</p>
- </div>
- <?php
+   render_alert_banner("User <strong>$this_user</strong> was deleted.");
  }
  else {
- ?>
- <div class="alert alert-danger" role="alert">
-  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-  <p class="text-center">User <strong><?php print $this_user; ?></strong> wasn't deleted.</p>
- </div>
- <?php
+   render_alert_banner("User <strong>$this_user</strong> wasn't deleted.  See the logs for more information.","danger",15000);
  }
 
 
 }
-#'
+
 $people = ldap_get_user_list($ldap_connection);
 
 ?>
 <div class="container">
  <form action="<?php print $THIS_MODULE_PATH; ?>/new_user.php" method="post">
-  <span class="badge badge-secondary" style="font-size:1.9rem;"><?php print count($people);?> account<?php if (count($people) != 1) { print "s"; }?></span>  &nbsp; <button id="add_group" class="btn btn-default" type="submit">New user</button>
- </form>
+  <button type="button" class="btn btn-light"><?php print count($people);?> account<?php if (count($people) != 1) { print "s"; }?></button>  &nbsp; <button id="add_group" class="btn btn-default" type="submit">New user</button>
+ </form> 
+ <input class="form-control" id="search_input" type="text" placeholder="Search..">
  <table class="table table-striped">
   <thead>
    <tr>
@@ -64,7 +47,17 @@
      <th>Member of</th>
    </tr>
   </thead>
- <tbody>
+ <tbody id="userlist">
+   <script>
+    $(document).ready(function(){
+      $("#search_input").on("keyup", function() {
+        var value = $(this).val().toLowerCase();
+        $("#userlist tr").filter(function() {
+          $(this).toggle($(this).text().toLowerCase().indexOf(value) > -1)
+        });
+      });
+    });
+  </script>
 <?php
 foreach ($people as $account_identifier => $attribs){