From 542e7cd8392621f1c4c85fd24651425191e5a7a9 Mon Sep 17 00:00:00 2001
From: root <root@e5c68db50333>
Date: Mon, 14 Mar 2016 20:46:55 +0600
Subject: [PATCH] Added ldap support as pluggable authentication provider

---
 PHPCI/Command/RegisterLdapUserCommand.php     | 86 +++++++++++++++++++
 .../Authentication/UserProvider/Ldap.php      | 48 +++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 PHPCI/Command/RegisterLdapUserCommand.php
 create mode 100644 PHPCI/Security/Authentication/UserProvider/Ldap.php

diff --git a/PHPCI/Command/RegisterLdapUserCommand.php b/PHPCI/Command/RegisterLdapUserCommand.php
new file mode 100644
index 00000000..1bd57a65
--- /dev/null
+++ b/PHPCI/Command/RegisterLdapUserCommand.php
@@ -0,0 +1,86 @@
+<?php
+/**
+ * PHPCI - Continuous Integration for PHP
+ *
+ * @copyright    Copyright 2014, Block 8 Limited.
+ * @license      https://github.com/Block8/PHPCI/blob/master/LICENSE.md
+ * @link         https://www.phptesting.org/
+ */
+
+namespace PHPCI\Command;
+
+use PHPCI\Service\UserService;
+use PHPCI\Helper\Lang;
+use PHPCI\Store\UserStore;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+/**
+ * Register user command - creates an user with provider (Adirelle pluggable-auth)
+ * @author       Dmitrii Zolotov (@itherz)
+ * @package      PHPCI
+ * @subpackage   Console
+ */
+class RegisterLdapUserCommand extends Command
+{
+    /**
+     * @var UserStore
+     */
+    protected $userStore;
+
+    /**
+     * @param UserStore $userStore
+     */
+    public function __construct(UserStore $userStore)
+    {
+        parent::__construct();
+
+        $this->userStore = $userStore;
+    }
+
+    protected function configure()
+    {
+        $this
+            ->setName('phpci:register-ldap-user')
+            ->setDescription(Lang::get('register_ldap_user'));
+    }
+
+    /**
+     * Creates an admin user in the existing PHPCI database
+     *
+     * {@inheritDoc}
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $userService = new UserService($this->userStore);
+
+        /** @var $dialog \Symfony\Component\Console\Helper\DialogHelper */
+        $dialog = $this->getHelperSet()->get('dialog');
+
+        // Function to validate mail address.
+        $mailValidator = function ($answer) {
+            if (!filter_var($answer, FILTER_VALIDATE_EMAIL)) {
+                throw new \InvalidArgumentException(Lang::get('must_be_valid_email'));
+            }
+
+            return $answer;
+        };
+
+	$email = $dialog->askAndValidate($output, Lang::get('enter_email'), $mailValidator, false);
+        $name = $dialog->ask($output, Lang::get('enter_name'));
+	$providerKey = "ldap";
+	$providerData = null;
+	$isAdmin = ($dialog->ask($output, Lang::get('enter_isadmin')));
+	$isAdmin = !empty($isAdmin);
+	$password = "";
+
+        try {
+	    $userService->createUserWithProvider($name, $email, $password, $providerKey, $providerData, $isAdmin);
+            $output->writeln(Lang::get('user_created'));
+        } catch (\Exception $e) {
+            $output->writeln(sprintf('<error>%s</error>', Lang::get('failed_to_create')));
+            $output->writeln(sprintf('<error>%s</error>', $e->getMessage()));
+        }
+    }
+}
diff --git a/PHPCI/Security/Authentication/UserProvider/Ldap.php b/PHPCI/Security/Authentication/UserProvider/Ldap.php
new file mode 100644
index 00000000..23b73aa9
--- /dev/null
+++ b/PHPCI/Security/Authentication/UserProvider/Ldap.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * PHPCI - Continuous Integration for PHP
+ *
+ * @copyright    Copyright 2014, Block 8 Limited.
+ * @license      https://github.com/Block8/PHPCI/blob/master/LICENSE.md
+ * @link         https://www.phptesting.org/
+ */
+
+namespace PHPCI\Security\Authentication\UserProvider;
+
+use b8\Config;
+use PHPCI\Model\User;
+use PHPCI\Security\Authentication\LoginPasswordProvider;
+
+/**
+ * Ldap user provider.
+ * @author   Adirelle <adirelle@gmail.com>
+ */
+class Ldap extends AbstractProvider implements LoginPasswordProvider
+{
+
+    public function verifyPassword(User $user, $password)
+    {
+        $config = Config::getInstance()->get('phpci.security.ldap', []);
+	$server = $config["server"];
+	$mailAttribute = $config["mailAttribute"];
+	$ldap = ldap_connect($server);
+	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+	var_dump($mailAttribute."=".$user->getEmail());
+	$ls = ldap_search($ldap, $config["base"], $mailAttribute."=".$user->getEmail());
+	$le = ldap_get_entries($ldap, $ls);
+	if ($le["count"]==0) return false;
+	$dn = $le[0]["dn"];
+	return ldap_bind($ldap, $dn, $password);
+    }
+
+    public function checkRequirements()
+    {
+        // Always fine
+    }
+
+    public function provisionUser($identifier)
+    {
+        return null;
+    }
+}