feat: add plugin

doc/zh-cn.yaml

@@ -0,0 +1,27 @@
+---
+name: 禅道开源版LDAP插件
+code: ldap
+type: extension
+site: http://www.zentao.net
+author: 'jie.dong<409726418@qq.com>'
+abstract: >
+  支持LDAP验证登录，并将用户的邮箱，姓名同步至禅道数据库。
+desc: >
+  1.插件安装后，在后台页面会多出一个"LDAP"子页面，可在该页面配置LDAP服务器信息
+  2.本地用户，通过在账户名称前加“$”符号来登录禅道
+install: |
+  1. 通过禅道的插件管理来进行安装。
+    1.1 使用管理员身份登录禅道，访问插件管理。
+    1.2 通过本地安装的方式进行安装
+  2. 手工安装，将代码解压缩，然后将目录拷贝到禅道对应的目录，比如module拷贝到zentao的module。
+releases:
+  1.2:
+    zentao:
+      compatible: 11.5
+      incompatible:
+    charge: free
+    date: 2019-05-16
+    conflicts: null
+    depends: null
+    license: LGPL
+    changelog: >

module/common/ext/lang/zh-cn/ldap-plugin.php

@@ -0,0 +1,7 @@
+<?php
+$lang->admin->menu->ldap      = array('link' => 'LDAP|ldap|index', 'subModule' => 'ldap');
+$lang->ldap      = new stdclass();
+$lang->ldap->menu 	   = $lang->admin->menu;
+$lang->menugroup->ldap 		  = 'admin';
+$lang->admin->menuOrder[100] = 'ldap';
+$lang->ldap->menuOrder      = $lang->admin->menuOrder;

module/group/ext/lang/en/ldap-resource.php

@@ -0,0 +1,5 @@
+<?php
+
+$lang->resource->ldap = new stdclass();
+$lang->resource->ldap->index = 'common'; 
+$lang->resource->ldap->setting = 'setting';

module/group/ext/lang/zh-cn/ldap-resource.php

@@ -0,0 +1,5 @@
+<?php
+
+$lang->resource->ldap = new stdclass();
+$lang->resource->ldap->index = 'common'; 
+$lang->resource->ldap->setting = 'setting';

module/group/ext/lang/zh-tw/ldap-resource.php

@@ -0,0 +1,5 @@
+<?php
+
+$lang->resource->ldap = new stdclass();
+$lang->resource->ldap->index = 'common'; 
+$lang->resource->ldap->setting = 'setting';

module/ldap/control.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * The control file of user module of ZenTaoPMS.
+ *
+ * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
+ * @package     user
+ * @version     $Id: control.php 5005 2013-07-03 08:39:11Z chencongzhi520@gmail.com $
+ * @link        http://www.zentao.net
+ */
+class ldap extends control
+{
+    public $referer;
+
+    /**
+     * Construct 
+     * 
+     * @access public
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    public function index()
+    {
+        $this->locate(inlink('setting'));
+    }
+
+    public function setting() 
+    {
+        $this->view->title      = $this->lang->ldap->common . $this->lang->colon . $this->lang->ldap->setting;
+        $this->view->position[] = html::a(inlink('index'), $this->lang->ldap->common);
+        $this->view->position[] = $this->lang->ldap->setting;
+        $this->display();
+    }
+	
+    //将LDAP信息保存至config.php
+    public function save()
+    {
+        if (!empty($_POST)) {
+            $this->config->ldap->host = $this->post->ldapHost;
+            $this->config->ldap->version = $this->post->ldapVersion;
+            $this->config->ldap->bindDN = $this->post->ldapBindDN;
+            $this->config->ldap->bindPWD = $this->post->ldapPassword;
+            $this->config->ldap->baseDN =  $this->post->ldapBaseDN;
+            $this->config->ldap->searchFilter = $this->post->ldapFilter;
+            $this->config->ldap->uid = $this->post->ldapAttr;
+            $this->config->ldap->mail = $this->post->ldapMail;
+
+            // 此处我们把配置写入配置文件
+            $ldapConfig = "<?php \n"
+                          ."\$config->ldap = new stdclass();\n"
+                          ."\$config->ldap->host = '{$this->post->ldapHost}';\n"
+                          ."\$config->ldap->version = '{$this->post->ldapVersion}';\n"
+                          ."\$config->ldap->bindDN = '{$this->post->ldapBindDN}';\n"
+                          ."\$config->ldap->bindPWD = '{$this->post->ldapPassword}';\n"
+                          ."\$config->ldap->baseDN = '{$this->post->ldapBaseDN}';\n"
+                          ."\$config->ldap->searchFilter = '{$this->post->ldapFilter}';\n"
+                          ."\$config->ldap->uid = '{$this->post->ldapAttr}';\n"
+                          ."\$config->ldap->mail = '{$this->post->ldapMail}';\n"
+                          ."\$config->ldap->name = '{$this->post->ldapName}';\n";
+
+            $file = fopen("config.php", "w") or die("Unable to open file!");
+            fwrite($file, $ldapConfig); 
+            fclose($file); 
+            $this->locate(inlink('setting'));        
+        }
+    }
+}

module/ldap/lang/en.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * The user module English file of ZenTaoPMS.
+ *
+ * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
+ * @package     user
+ * @version     $Id: en.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $
+ * @link        http://www.zentao.net
+ */
+$lang->ldap->common 		= "LDAP";
+$lang->ldap->setting    	= "Setting";
+$lang->ldap->host 			= 'LDAP Host:  ';
+$lang->ldap->version 		= 'Protocol Version:  ';
+$lang->ldap->bindDN 		= 'BindDN:  ';
+$lang->ldap->password 		= 'BindDN Password:  ';
+$lang->ldap->baseDN 		= 'BaseDN:  ';
+$lang->ldap->filter 		= 'Search filter:  ';
+$lang->ldap->attributes 	= 'Account Attribute:  ';
+$lang->ldap->sync 			= 'Sync';
+$lang->ldap->save 			= 'Save';
+$lang->ldap->test 			= 'Connect Test';
+$lang->ldap->mail 			= 'EMail:';
+$lang->ldap->name  			= 'Name Attrubte:';
+
+$lang->ldap->methodOrder[5] = 'index';
+$lang->ldap->methodOrder[10] = 'setting';

module/ldap/lang/zh-cn.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * The user module zh-cn file of ZenTaoPMS.
+ *
+ * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
+ * @package     user
+ * @version     $Id: zh-cn.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $
+ * @link        http://www.zentao.net
+ */
+
+$lang->ldap->common 		= "LDAP";
+$lang->ldap->setting    	= "设置";
+$lang->ldap->host 			= 'LDAP服务器:  ';
+$lang->ldap->version 		= '协议版本:  ';
+$lang->ldap->bindDN 		= 'BindDN:  ';
+$lang->ldap->password 		= 'BindDN 密码:  ';
+$lang->ldap->baseDN 		= 'BaseDN:  ';
+$lang->ldap->filter 		= 'Search filter:  ';
+$lang->ldap->attributes 	= '账号字段:  ';
+$lang->ldap->sync 			= '手动同步';
+$lang->ldap->save 			= '保存设置';
+$lang->ldap->test 			= '测试连接';
+$lang->ldap->mail 			= 'EMail 字段:';
+$lang->ldap->name  			= '姓名字段:';
+
+$lang->ldap->methodOrder[5] = 'index';
+$lang->ldap->methodOrder[10] = 'setting';

module/ldap/lang/zh-tw.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * The user module zh-tw file of ZenTaoPMS.
+ *
+ * @copyright   Copyright 2009-2015 青島易軟天創網絡科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      Chunsheng Wang <chunsheng@cnezsoft.com>
+ * @package     user
+ * @version     $Id: zh-tw.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $
+ * @link        http://www.zentao.net
+ */
+$lang->ldap->common 		= "LDAP";
+$lang->ldap->setting    	= "设置";
+$lang->ldap->host 			= 'LDAP服务器:  ';
+$lang->ldap->version 		= '协议版本:  ';
+$lang->ldap->bindDN 		= 'BindDN:  ';
+$lang->ldap->password 		= 'BindDN 密码:  ';
+$lang->ldap->baseDN 		= 'BaseDN:  ';
+$lang->ldap->filter 		= 'Search filter:  ';
+$lang->ldap->attributes 	= '账号字段:  ';
+$lang->ldap->sync 			= '手动同步';
+$lang->ldap->save 			= '保存设置';
+$lang->ldap->test 			= '测试连接';
+$lang->ldap->mail 			= 'EMail 字段:';
+$lang->ldap->name  			= '姓名字段:';
+
+$lang->ldap->methodOrder[5] = 'index';
+$lang->ldap->methodOrder[10] = 'setting';

module/ldap/model.php

@@ -0,0 +1,127 @@
+<?php
+/**
+ * The model file of ldap module of ZenTaoPMS.
+ *
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      TigerLau
+ * @package     ldap
+ * @link        http://www.zentao.net
+ */
+?>
+<?php
+class ldapModel extends model
+{
+	//通过UID和passwd验证用户登录
+	//参数：LDAP地址，用户UID，用户口令
+	//验证成功返回Success，失败返回ldap error message
+    public function identify($config, $dn, $pwd)
+    {
+        $ret = '';
+    	$ds = ldap_connect($config->host);
+    	if ($ds) {
+    		ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
+			ldap_bind($ds, $dn, $pwd);
+            $ret = ldap_error($ds);
+    		ldap_close($ds);
+    	}  else {
+            $ret = ldap_error($ds);
+        }
+    	return $ret;
+    }
+
+	//通过UID获取用户DN信息
+	//参数：配置文件，用户UID
+	//返回用户DN信息或者null
+    public function getUserDN($config, $account)
+    {
+        $ret = null;
+        $ds = ldap_connect($config->host);
+        if ($ds) {
+            ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
+            ldap_bind($ds, $config->bindDN, $config->bindPWD);
+            //$filter = "(uid=$account)";
+            $rlt = ldap_search($ds, $config->baseDN, $config->uid.'='.$account);
+            $count=ldap_count_entries($ds, $rlt);
+        if($count > 0){
+            $data = ldap_get_entries($ds, $rlt);
+            $ret = $data[0]['dn'];
+            $str = serialize($data);
+        }
+            ldap_unbind($ds);
+        }
+        return $ret;
+}
+
+    //添加新用户到禅道数据库
+    public function addUserToZrnTaoDB($config, $data, $password){
+	    $pass = true;
+        $user = new stdclass();
+        //$account = '';
+        $user->account = $data[0][$config->uid][0];
+		$user->password = md5($password);
+        $user->email = $data[0][$config->mail][0];
+        $user->realname = $data[0][$config->name][0];
+        $this->dao->insert(TABLE_USER)->data($user)->autoCheck()->exec();
+        if(dao::isError())
+        {
+            echo js::error(dao::getError());
+            die(js::reload('parent'));
+			$pass = false;
+        }
+        return $pass;
+    }
+    //获取LDAP用户信息
+    //accoutn uid=d0388
+    public function getUserMessageFromLDAP($config, $account)
+        {
+        $ds = ldap_connect($config->host);
+        if ($ds) {
+            ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
+            ldap_bind($ds, $config->bindDN, $config->bindPWD);
+        	$filter = "(|(sn=*))";
+            $rlt = ldap_search($ds, $config->baseDN, $account);
+            $data = ldap_get_entries($ds, $rlt);
+            return $data;
+        }
+        return null;
+    }
+
+    //判断当前用户是否存在于禅道数据库
+	//参数：用户UID
+	//成功返回true，失败返回false
+    public function isExistInZenTaoDB($account)
+    {
+        $pass = false;
+        $record = $this->dao->select('*')->from(TABLE_USER)
+                ->where('account')->eq($account)
+                ->andWhere('deleted')->eq(0)
+                ->fetch();
+        if($record){
+        	$pass = true;
+        }
+        return $pass;
+    }
+
+	//更新用户状态
+	public function updateUserDB($account, $password){
+		$record = $this->dao->select('*')->from(TABLE_USER)
+            ->where('account')->eq($account)
+            ->andWhere('deleted')->eq(0)
+            ->fetch();
+		$user = $record;
+		$ip   = $this->server->remote_addr;
+		$password = md5($password);
+	    $last = $this->server->request_time;
+	    $this->dao->update(TABLE_USER)->set('password')->eq($password)->set('visits = visits + 1')->set('ip')->eq($ip)->set('last')->eq($last)->where('account')->eq($account)->exec();
+	    $user->last = date(DT_DATETIME1, $user->last);
+	}
+
+	//设置新增用户默认权限，默认权限为guest
+	//参数：account
+	public function setDefaultUserGroup($account){
+		$data = new stdclass();
+        $data->account = $account;
+        $data->group = 2;
+        $this->dao->insert(TABLE_USERGROUP)->data($data)->exec();
+	}
+}

module/ldap/view/setting.html.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * The detect view file of mail module of ZenTaoPMS.
+ *
+ * @copyright   Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
+ * @license     ZPL (http://zpl.pub/page/zplv11.html)
+ * @author      Chunsheng Wang <wwccss@cnezsoft.com>
+ * @package     mail
+ * @version     $Id$
+ * @link        http://www.zentao.net
+ */
+include '../../common/view/header.html.php';
+?>
+<div class='container mw-700px'>
+  <div id='titlebar'>
+    <div class='heading'>
+      <span class='prefix'><?php echo html::icon($lang->icons['mail']);?></span>
+      <strong><?php echo $lang->ldap->common;?></strong>
+      <small class='text-muted'> <?php echo $lang->ldap->setting;?> <?php echo html::icon('cog');?></small>
+    </div>
+  </div>
+  <form class='form-condensed pdt-20' method='post' action='<?php echo inlink('save');?>'>
+    <table class='table table-form'>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->host; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapHost', $config->ldap->host, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->version; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapVersion', $config->ldap->version, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->bindDN; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapBindDN', $config->ldap->bindDN, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->password; ?></th>
+        <td class='w-p50'><?php echo html::password('ldapPassword', $config->ldap->bindPWD, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->baseDN; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapBaseDN', $config->ldap->baseDN, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->filter; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapFilter', $config->ldap->searchFilter, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->attributes; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapAttr', $config->ldap->uid, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->mail; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapMail', $config->ldap->mail, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <th class='w-p25'><?php echo $lang->ldap->name; ?></th>
+        <td class='w-p50'><?php echo html::input('ldapName', $config->ldap->name, "class='form-control'");?></td>
+      </tr>
+      <tr>
+        <td class='w-p25'></td>
+        <td class="text-center">
+          <?php 
+          echo html::submitButton($lang->ldap->save);
+          ?>
+        </td>
+      </tr>
+
+    </table>
+  </form>
+</div>
+<?php include '../../common/view/footer.html.php';?>

module/user/ext/model/identify.php

@@ -0,0 +1,31 @@
+<?php
+public function identify($account, $password, $password1)
+{
+	//如果添加$符号，则启用本地账号。
+	if (0 == strcmp('$',substr($account, 0, 1))) {
+		return parent::identify(ltrim($account, '$'), $password);
+	} else {
+		//进行LDAP用户验证
+		$ldap = $this->loadModel('ldap');
+		$dn = $ldap->getUserDN($this->config->ldap, $account);
+    $pass = $ldap->identify($this->config->ldap, $dn, $password);
+		if ('Success' == $pass){
+			//验证成功
+			//账户是否存在于禅道DB
+			if ($ldap->isExistInZenTaoDB($account)){
+				//存在，更新用户信息并登录
+				$ldap->updateUserDB($account, $password);
+				return parent::identify($account, $password);
+			} else {
+				//不存在，添加到禅道DB后进行登录
+				$data = $ldap->getUserMessageFromLDAP($this->config->ldap,$this->config->ldap->uid.'='.$account);
+				$addUser = $ldap->addUserToZrnTaoDB($this->config->ldap, $data, $password);
+				//设置用户默认权限
+        $ldap->setDefaultUserGroup($account);
+				return parent::identify($account, $password);
+			}
+		}
+		//验证失败
+		return false;
+	}
+}