2016-03-14 15:46:55 +01:00
|
|
|
<?php
|
|
|
|
|
|
2016-12-29 06:43:02 +01:00
|
|
|
namespace PHPCensor\Security\Authentication\UserProvider;
|
2016-03-14 15:46:55 +01:00
|
|
|
|
2018-03-04 08:30:34 +01:00
|
|
|
use PHPCensor\Store\Factory;
|
2016-12-29 06:43:02 +01:00
|
|
|
use PHPCensor\Model\User;
|
2017-01-22 12:05:24 +01:00
|
|
|
use PHPCensor\Security\Authentication\LoginPasswordProviderInterface;
|
|
|
|
|
use PHPCensor\Service\UserService;
|
2017-02-04 18:44:55 +01:00
|
|
|
use PHPCensor\Store\UserStore;
|
2016-03-14 15:46:55 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Ldap user provider.
|
2016-07-17 12:55:42 +02:00
|
|
|
*
|
|
|
|
|
* @author Dmitrii Zolotov (@itherz)
|
2016-03-14 15:46:55 +01:00
|
|
|
*/
|
2017-01-22 12:05:24 +01:00
|
|
|
class Ldap extends AbstractProvider implements LoginPasswordProviderInterface
|
2016-03-14 15:46:55 +01:00
|
|
|
{
|
2017-11-05 15:48:36 +01:00
|
|
|
/**
|
|
|
|
|
* @param User $user
|
|
|
|
|
* @param string $password
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
2016-03-14 15:46:55 +01:00
|
|
|
public function verifyPassword(User $user, $password)
|
|
|
|
|
{
|
2017-01-22 13:53:59 +01:00
|
|
|
if (isset($this->config['data'])) {
|
|
|
|
|
$ldapData = $this->config['data'];
|
|
|
|
|
$ldapPort = !empty($ldapData['port']) ? $ldapData['port'] : null;
|
|
|
|
|
$ldapHost = !empty($ldapData['host']) ? $ldapData['host'] : 'localhost';
|
|
|
|
|
$ldapBaseDn = !empty($ldapData['base_dn']) ? $ldapData['base_dn'] : 'dc=nodomain';
|
|
|
|
|
$ldapMail = !empty($ldapData['mail_attribute']) ? $ldapData['mail_attribute'] : 'mail';
|
2016-07-17 12:55:42 +02:00
|
|
|
|
2017-01-22 13:53:59 +01:00
|
|
|
if ($ldapPort) {
|
|
|
|
|
$ldap = @ldap_connect($ldapHost, $ldapPort);
|
|
|
|
|
} else {
|
|
|
|
|
$ldap = @ldap_connect($ldapHost);
|
|
|
|
|
}
|
2016-07-17 12:55:42 +02:00
|
|
|
|
2017-01-22 13:53:59 +01:00
|
|
|
if (false === $ldap) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2016-07-17 12:55:42 +02:00
|
|
|
|
2017-01-22 13:53:59 +01:00
|
|
|
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
|
2016-07-17 12:55:42 +02:00
|
|
|
|
2017-01-22 13:53:59 +01:00
|
|
|
$ls = @ldap_search($ldap, $ldapBaseDn, $ldapMail . '=' . $user->getEmail());
|
|
|
|
|
if (false === $ls) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2016-07-17 12:55:42 +02:00
|
|
|
|
2017-01-22 13:53:59 +01:00
|
|
|
$le = @ldap_get_entries($ldap, $ls);
|
|
|
|
|
if (!$le['count']) {
|
|
|
|
|
return false;
|
2017-01-22 12:05:24 +01:00
|
|
|
}
|
2017-01-22 13:53:59 +01:00
|
|
|
|
|
|
|
|
$dn = $le[0]['dn'];
|
|
|
|
|
|
|
|
|
|
return @ldap_bind($ldap, $dn, $password);
|
2017-01-22 12:05:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
2016-03-14 15:46:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function checkRequirements()
|
|
|
|
|
{
|
|
|
|
|
// Always fine
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-05 15:48:36 +01:00
|
|
|
/**
|
|
|
|
|
* @param string $identifier
|
|
|
|
|
*
|
|
|
|
|
* @return User
|
|
|
|
|
*/
|
2016-03-14 15:46:55 +01:00
|
|
|
public function provisionUser($identifier)
|
|
|
|
|
{
|
2017-02-04 18:44:55 +01:00
|
|
|
/** @var UserStore $user */
|
|
|
|
|
$user = Factory::getStore('User');
|
|
|
|
|
$userService = new UserService($user);
|
2017-01-22 12:05:24 +01:00
|
|
|
|
|
|
|
|
$parts = explode("@", $identifier);
|
|
|
|
|
$username = $parts[0];
|
2017-01-22 13:53:59 +01:00
|
|
|
|
2018-03-09 19:00:53 +01:00
|
|
|
return $userService->createUser($username, $identifier, $this->key, $this->config, '', false);
|
2016-03-14 15:46:55 +01:00
|
|
|
}
|
|
|
|
|
}
|
