Skip to content
Snippets Groups Projects
Commit a8d70b5c authored by Lee Rowlands's avatar Lee Rowlands Committed by Lee Rowlands
Browse files

Issue #2726675 by grahl, larowlan: Error on ldap_server.settings form

parent d5f9dda4
No related branches found
No related tags found
No related merge requests found
......@@ -263,12 +263,11 @@ function ldap_help_get_ldap_servers() {
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.settings');
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.admin');
$conf_form = ldap_servers_settings();
$selected = @$conf_form['encryption']['ldap_servers_encryption']['#default_value'];
$selected = \Drupal::config('ldap_servers.settings')->get('encryption');
$options = ldap_servers_encrypt_types('encrypt');
$status[] = array(
'title' => 'encryption',
'value' => @$conf_form['encryption']['ldap_servers_encryption']['#options'][$selected],
'value' => @$options[$selected],
);
$servers_objects = ldap_servers_get_servers(NULL, 'all');
......
<?php
/**
* @file
* admin interface for general ldap api settings
*
*/
function ldap_servers_settings() {
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
if (! ldap_servers_ldap_extension_loaded()) {
drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning");
}
$https_approaches = array();
$https_approaches[] = t('Use secure pages or secure login module to redirect to SSL (https)');
$https_approaches[] = t('Run entire site with SSL (https)');
$https_approaches[] = t('Remove logon block and redirect all /user page to https via webserver redirect');
$form['#title'] = "Configure LDAP Preferences";
$form['ssl'] = array('#type' => 'fieldset', '#title' => t('Require HTTPS on Credential Pages'));
// @FIXME
$item_list = array(
'#type' => 'item_list',
'#items' => $https_approaches,
'#default_value' => Drupal::config('ldap_servers.settings')->get('require_ssl_for_credentials')
);
$list = drupal_render($item_list);
// $form['ssl']['ldap_servers_require_ssl_for_credentials'] = array(
// '#type' => 'checkbox',
// '#title' => t('If checked, modules using LDAP will not allow credentials to
// be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an
// approach to get all logon forms to be https, such as:') .
// theme('item_list', array('items' => $https_approaches)),
// '#default_value' => config('ldap_servers.settings')->get('require_ssl_for_credentials'),
// );
$form['ssl']['ldap_servers_require_ssl_for_credentials'] = array(
'#type' => 'checkbox',
'#title' => t('If checked, modules using LDAP will not allow credentials to
be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an
approach to get all logon forms to be https, such as:') .
$list;
$options = ldap_servers_encrypt_types('encrypt');
/** when this is changed, need to decrypt and possibly encrypt pwd in newly selected format
* ... thus default needs to be "No Encryption" to avoid confusion.
*/
$form['previous_encryption'] = array('#type' => 'hidden', '#default_value' => Drupal::config('ldap_servers.settings')->get('encryption'));
$form['encryption'] = array('#type' => 'fieldset', '#title' => t('Encryption'));
$form['encryption']['ldap_servers_encryption'] = array(
'#type' => 'select',
'#options' => $options,
'#title' => t('Encrypt Stored LDAP Passwords?'),
'#default_value' => Drupal::config('ldap_servers.settings')->get('encryption'),
'#description' => t('With encryption, passwords will be stored in encrypted form.
This is two way encryption because the actual password needs to used to bind to LDAP.
So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental
discovery of a clear text password.'),
);
// $options will be empty if server does not support mcrypt.
// Disable the form field and explain this to the user.
if (empty($options)) {
$form['encryption']['ldap_servers_encryption']['#options'] = array(LDAP_SERVERS_ENC_TYPE_CLEARTEXT => t('Not available.'));
$form['encryption']['ldap_servers_encryption']['#disabled'] = TRUE;
$form['encryption']['ldap_servers_encryption']['#description'] .= ' <strong>' . t('Encryption is not supported on this web server.') . '</strong>';
}
$form = system_settings_form($form);
array_unshift($form['#submit'], 'ldap_servers_settings_submit'); // needs to be first
return $form;
}
function ldap_servers_settings_submit($form, &$form_state) {
if ($form_state['submitted']) {
$new_encryption = $form_state['values']['ldap_servers_encryption'];
$old_encryption = $form_state['values']['previous_encryption'];
// use db instead of functions to avoid classes encryption and decryption
if ($new_encryption != $old_encryption) {
$servers = db_query("SELECT sid, bindpw FROM {ldap_servers} WHERE bindpw is not NULL AND bindpw <> ''")->fetchAllAssoc('sid');
foreach ($servers as $sid => $server) {
$decrypted_bind_pwd = ldap_servers_decrypt($server->bindpw, $old_encryption);
$rencrypted = ldap_servers_encrypt($decrypted_bind_pwd, $new_encryption);
db_query("UPDATE {ldap_servers} SET bindpw = :bindpw WHERE sid = :sid", array(':bindpw' => $rencrypted, ':sid' => $sid));
}
}
}
}
......@@ -113,7 +113,6 @@ class LdapServersSettings extends ConfigFormBase {
}
$form = parent::buildForm($form, $form_state);
array_unshift($form['#submit'], 'ldap_servers_settings_submit'); // needs to be first
return $form;
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment