From 3cbf8bdb7c1c475e87f34dccc5d0c1254a492aee Mon Sep 17 00:00:00 2001
From: Dmitry Khomutov <poisoncorpsee@gmail.com>
Date: Sun, 22 Jan 2017 19:53:59 +0700
Subject: [PATCH] LDAP provider fixes

---
 .../UserProvider/AbstractProvider.php         | 23 ++++----
 .../Authentication/UserProvider/Internal.php  |  1 -
 .../Authentication/UserProvider/Ldap.php      | 54 +++++++++++--------
 3 files changed, 45 insertions(+), 33 deletions(-)

diff --git a/src/PHPCensor/Security/Authentication/UserProvider/AbstractProvider.php b/src/PHPCensor/Security/Authentication/UserProvider/AbstractProvider.php
index 02695b1b..6d8cf8de 100644
--- a/src/PHPCensor/Security/Authentication/UserProvider/AbstractProvider.php
+++ b/src/PHPCensor/Security/Authentication/UserProvider/AbstractProvider.php
@@ -22,19 +22,22 @@ abstract class AbstractProvider implements UserProviderInterface
     /**
      * @var string
      */
-    private $key;
-
-    public function __construct($key)
-    {
-        $this->key = $key;
-    }
+    protected $key;
 
     /**
-     *
-     * @return string
+     * @var array
      */
-    public function getKey()
+    protected $config;
+
+    /**
+     * AbstractProvider constructor
+     * 
+     * @param string $key
+     * @param array  $config
+     */
+    public function __construct($key, array $config)
     {
-        return $this->key;
+        $this->key    = $key;
+        $this->config = $config;
     }
 }
diff --git a/src/PHPCensor/Security/Authentication/UserProvider/Internal.php b/src/PHPCensor/Security/Authentication/UserProvider/Internal.php
index 85d66250..ff8c7853 100644
--- a/src/PHPCensor/Security/Authentication/UserProvider/Internal.php
+++ b/src/PHPCensor/Security/Authentication/UserProvider/Internal.php
@@ -20,7 +20,6 @@ use PHPCensor\Security\Authentication\LoginPasswordProviderInterface;
  */
 class Internal extends AbstractProvider implements LoginPasswordProviderInterface
 {
-
     public function verifyPassword(User $user, $password)
     {
         return password_verify($password, $user->getHash());
diff --git a/src/PHPCensor/Security/Authentication/UserProvider/Ldap.php b/src/PHPCensor/Security/Authentication/UserProvider/Ldap.php
index 61889f37..142da14f 100644
--- a/src/PHPCensor/Security/Authentication/UserProvider/Ldap.php
+++ b/src/PHPCensor/Security/Authentication/UserProvider/Ldap.php
@@ -10,7 +10,6 @@
 
 namespace PHPCensor\Security\Authentication\UserProvider;
 
-use b8\Config;
 use b8\Store\Factory;
 use PHPCensor\Model\User;
 use PHPCensor\Security\Authentication\LoginPasswordProviderInterface;
@@ -25,27 +24,38 @@ class Ldap extends AbstractProvider implements LoginPasswordProviderInterface
 {
     public function verifyPassword(User $user, $password)
     {
-        $providers = Config::getInstance()->get('php-censor.security.auth_providers', []);
-        if ($providers) {
-            foreach ($providers as $provider) {
-                if (isset($provider['type']) && 'ldap' === $provider['type']) {
-                    $ldapData = $provider['data'];
+        if (isset($this->config['data'])) {
+            $ldapData   = $this->config['data'];
+            $ldapPort   = !empty($ldapData['port']) ? $ldapData['port'] : null;
+            $ldapHost   = !empty($ldapData['host']) ? $ldapData['host'] : 'localhost';
+            $ldapBaseDn = !empty($ldapData['base_dn']) ? $ldapData['base_dn'] : 'dc=nodomain';
+            $ldapMail   = !empty($ldapData['mail_attribute']) ? $ldapData['mail_attribute'] : 'mail';
 
-                    $ldap = ldap_connect($ldapData['host'], $ldapData['port']);
-
-                    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
-
-                    $ls = ldap_search($ldap, $ldapData['base_dn'], $ldapData['mail_attribute'] . '=' . $user->getEmail());
-                    $le = ldap_get_entries($ldap, $ls);
-                    if (!$le['count']) {
-                        continue;
-                    }
-
-                    $dn = $le[0]['dn'];
-
-                    return @ldap_bind($ldap, $dn, $password);
-                }
+            if ($ldapPort) {
+                $ldap = @ldap_connect($ldapHost, $ldapPort);
+            } else {
+                $ldap = @ldap_connect($ldapHost);
             }
+
+            if (false === $ldap) {
+                return false;
+            }
+
+            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+            $ls = @ldap_search($ldap, $ldapBaseDn, $ldapMail . '=' . $user->getEmail());
+            if (false === $ls) {
+                return false;
+            }
+
+            $le = @ldap_get_entries($ldap, $ls);
+            if (!$le['count']) {
+                return false;
+            }
+
+            $dn = $le[0]['dn'];
+
+            return @ldap_bind($ldap, $dn, $password);
         }
 
         return false;
@@ -62,7 +72,7 @@ class Ldap extends AbstractProvider implements LoginPasswordProviderInterface
 
         $parts    = explode("@", $identifier);
         $username = $parts[0];
-        
-        return $userService->createUserWithProvider($username, $identifier, 'ldap', null);
+
+        return $userService->createUserWithProvider($username, $identifier, $this->key, null);
     }
 }