From 6e55195e6fc5253b65bc75fad4ec169fb6c0b356 Mon Sep 17 00:00:00 2001
From: Brock H Caldwell <brock@caldwellnetworks.com>
Date: Sat, 10 May 2025 08:48:12 -0500
Subject: [PATCH] wip-feat: authenticates with LDAP

---
 .env.dist                          | 10 ++++
 Dockerfile                         |  6 +++
 Dockerfile.prod                    |  6 +++
 composer.json                      |  1 +
 composer.lock                      | 77 +++++++++++++++++++++++++++++-
 config/packages/security.yaml      | 25 ++++++++--
 config/services.yaml               | 16 +++++++
 src/Controller/IndexController.php |  1 +
 templates/user/login.html.twig     |  4 +-
 9 files changed, 139 insertions(+), 7 deletions(-)

diff --git a/.env.dist b/.env.dist
index b3f0b04..3bffcf3 100644
--- a/.env.dist
+++ b/.env.dist
@@ -10,3 +10,13 @@ MERCURE_JWT_SECRET="%%mercure_jwt_secret%%"
 JELLYFIN_URL=%%jellyfin_url%%
 JELLYFIN_TOKEN=%%jellyfin_token%%
 REDIS_HOST="%%redis_host%%"
+
+
+
+LDAP_HOST=
+LDAP_PORT=
+LDAP_ENCRYPTION=
+LDAP_BASE_DN=
+LDAP_BIND_USER=
+LDAP_BIND_PASS=
+LDAP_DN_STRING=
diff --git a/Dockerfile b/Dockerfile
index 1866712..795fb69 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,10 @@
 FROM registry.caldwell.digital/library/php:8.4-apache
 
+RUN apt-get update && \
+    apt-get install libldap2-dev -y && \
+    rm -rf /var/lib/apt/lists/* && \
+    docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
+    docker-php-ext-install ldap
+
 COPY ./bash/vhost.conf /etc/apache2/sites-enabled/vhost.conf
 RUN rm /etc/apache2/sites-enabled/000-default.conf
diff --git a/Dockerfile.prod b/Dockerfile.prod
index 397f190..1f906e9 100644
--- a/Dockerfile.prod
+++ b/Dockerfile.prod
@@ -1,5 +1,11 @@
 FROM registry.caldwell.digital/library/php:8.4-apache
 
+RUN apt-get update && \
+    apt-get install libldap2-dev -y && \
+    rm -rf /var/lib/apt/lists/* && \
+    docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
+    docker-php-ext-install ldap
+
 COPY --chown=www-data:www-data . /var/www
 COPY ./bash/vhost.conf /etc/apache2/sites-enabled/vhost.conf
 RUN rm /etc/apache2/sites-enabled/000-default.conf
diff --git a/composer.json b/composer.json
index 5a15d20..1b1418b 100644
--- a/composer.json
+++ b/composer.json
@@ -29,6 +29,7 @@
         "symfony/flex": "^2",
         "symfony/form": "7.2.*",
         "symfony/framework-bundle": "7.2.*",
+        "symfony/ldap": "7.2.*",
         "symfony/mercure-bundle": "^0.3.9",
         "symfony/messenger": "7.2.*",
         "symfony/runtime": "7.2.*",
diff --git a/composer.lock b/composer.lock
index 438cb8b..b8844f1 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "7e29123297e1ac72cd417967d2a761b4",
+    "content-hash": "c179718ee29dbe018b93ea7d46764931",
     "packages": [
         {
             "name": "1tomany/rich-bundle",
@@ -5082,6 +5082,81 @@
             ],
             "time": "2025-05-02T09:04:03+00:00"
         },
+        {
+            "name": "symfony/ldap",
+            "version": "v7.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/ldap.git",
+                "reference": "48013cfa9d394343162dae7da914112a6206b575"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/ldap/zipball/48013cfa9d394343162dae7da914112a6206b575",
+                "reference": "48013cfa9d394343162dae7da914112a6206b575",
+                "shasum": ""
+            },
+            "require": {
+                "ext-ldap": "*",
+                "php": ">=8.2",
+                "symfony/options-resolver": "^6.4|^7.0"
+            },
+            "conflict": {
+                "symfony/options-resolver": "<6.4",
+                "symfony/security-core": "<6.4"
+            },
+            "require-dev": {
+                "symfony/security-core": "^6.4|^7.0",
+                "symfony/security-http": "^6.4|^7.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\Ldap\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Charles Sarrazin",
+                    "email": "charles@sarraz.in"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Provides a LDAP client for PHP on top of PHP's ldap extension",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "active-directory",
+                "ldap"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/ldap/tree/v7.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-11-25T15:21:05+00:00"
+        },
         {
             "name": "symfony/mercure",
             "version": "v0.6.5",
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index b29c265..465eb22 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -10,19 +10,36 @@ security:
                 class: App\User\Framework\Entity\User
                 property: email
 
+        app_ldap_provider:
+            ldap:
+                service: Symfony\Component\Ldap\Ldap
+                base_dn: '%env(LDAP_BASE_DN)%'
+                search_dn: '%env(LDAP_BIND_USER)%'
+                search_password: '%env(LDAP_BIND_PASS)%'
+                default_roles: ROLE_USER
+                uid_key: uid
+                extra_fields: ['mail', 'cn', 'givenname', 'sn', 'displayname', 'initials']
+
+
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
             lazy: true
-            provider: app_user_provider
-            form_login:
+            provider: app_ldap_provider
+#            form_login:
+#                login_path: app_login
+#                check_path: app_login
+#                enable_csrf: true
+            logout:
+                path: app_logout
+            form_login_ldap:
                 login_path: app_login
                 check_path: app_login
                 enable_csrf: true
-            logout:
-                path: app_logout
+                service: Symfony\Component\Ldap\Ldap
+                dn_string: '%env(LDAP_DN_STRING)%'
                 # where to redirect after logout
                 # target: app_any_route
 
diff --git a/config/services.yaml b/config/services.yaml
index 7748626..9bcee5e 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -28,6 +28,22 @@ services:
     # please note that last definitions always *replace* previous ones
     App\Download\Downloader\DownloaderInterface: "@App\\Download\\Downloader\\ProcessDownloader"
 
+    # Session
     Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
         arguments:
             - '%env(DATABASE_URL)%'
+
+    # LDAP
+    Symfony\Component\Ldap\Ldap:
+        arguments: [ '@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter' ]
+        tags:
+            - ldap
+
+    Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
+        arguments:
+            - host: '%env(LDAP_HOST)%'
+              port: '%env(LDAP_PORT)%'
+              encryption: '%env(LDAP_ENCRYPTION)%'
+              options:
+                  protocol_version: 3
+                  referrals: false
diff --git a/src/Controller/IndexController.php b/src/Controller/IndexController.php
index 1f0e129..55e391e 100644
--- a/src/Controller/IndexController.php
+++ b/src/Controller/IndexController.php
@@ -18,6 +18,7 @@ final class IndexController extends AbstractController
     #[Route('/', name: 'app_index')]
     public function index(): Response
     {
+        dd($this->getUser());
         return $this->render('index/index.html.twig', [
             'active_downloads' => $this->downloadRepository->getActivePaginated(),
             'recent_downloads' => $this->downloadRepository->latest(5),
diff --git a/templates/user/login.html.twig b/templates/user/login.html.twig
index 92de17a..4089753 100644
--- a/templates/user/login.html.twig
+++ b/templates/user/login.html.twig
@@ -17,8 +17,8 @@
             {% endif %}
 
             <label for="username" class="mb-2 flex flex-col">
-                Email
-                <input type="email"
+                User
+                <input type=""
                        value="{{ last_username }}"
                        name="_username"
                        id="username"