[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * This file is part of the Symfony package. 5 * 6 * (c) Fabien Potencier <[email protected]> 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12 namespace Symfony\Component\Ldap\Security; 13 14 use Psr\Container\ContainerInterface; 15 use Symfony\Component\EventDispatcher\EventSubscriberInterface; 16 use Symfony\Component\Ldap\Exception\ConnectionException; 17 use Symfony\Component\Ldap\LdapInterface; 18 use Symfony\Component\Security\Core\Exception\BadCredentialsException; 19 use Symfony\Component\Security\Core\Exception\LogicException; 20 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; 21 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials; 22 use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface; 23 use Symfony\Component\Security\Http\Event\CheckPassportEvent; 24 25 /** 26 * Verifies password credentials using an LDAP service whenever the 27 * LdapBadge is attached to the Security passport. 28 * 29 * @author Wouter de Jong <[email protected]> 30 */ 31 class CheckLdapCredentialsListener implements EventSubscriberInterface 32 { 33 private $ldapLocator; 34 35 public function __construct(ContainerInterface $ldapLocator) 36 { 37 $this->ldapLocator = $ldapLocator; 38 } 39 40 public function onCheckPassport(CheckPassportEvent $event) 41 { 42 $passport = $event->getPassport(); 43 if (!$passport->hasBadge(LdapBadge::class)) { 44 return; 45 } 46 47 /** @var LdapBadge $ldapBadge */ 48 $ldapBadge = $passport->getBadge(LdapBadge::class); 49 if ($ldapBadge->isResolved()) { 50 return; 51 } 52 53 if (!$passport instanceof UserPassportInterface || !$passport->hasBadge(PasswordCredentials::class)) { 54 throw new \LogicException(sprintf('LDAP authentication requires a passport containing a user and password credentials, authenticator "%s" does not fulfill these requirements.', \get_class($event->getAuthenticator()))); 55 } 56 57 /** @var PasswordCredentials $passwordCredentials */ 58 $passwordCredentials = $passport->getBadge(PasswordCredentials::class); 59 if ($passwordCredentials->isResolved()) { 60 throw new \LogicException('LDAP authentication password verification cannot be completed because something else has already resolved the PasswordCredentials.'); 61 } 62 63 if (!$this->ldapLocator->has($ldapBadge->getLdapServiceId())) { 64 throw new \LogicException(sprintf('Cannot check credentials using the "%s" ldap service, as such service is not found. Did you maybe forget to add the "ldap" service tag to this service?', $ldapBadge->getLdapServiceId())); 65 } 66 67 $presentedPassword = $passwordCredentials->getPassword(); 68 if ('' === $presentedPassword) { 69 throw new BadCredentialsException('The presented password cannot be empty.'); 70 } 71 72 $user = $passport->getUser(); 73 if (!$user instanceof PasswordAuthenticatedUserInterface) { 74 trigger_deprecation('symfony/ldap', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authenticators is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user)); 75 } 76 77 /** @var LdapInterface $ldap */ 78 $ldap = $this->ldapLocator->get($ldapBadge->getLdapServiceId()); 79 try { 80 if ($ldapBadge->getQueryString()) { 81 if ('' !== $ldapBadge->getSearchDn() && '' !== $ldapBadge->getSearchPassword()) { 82 $ldap->bind($ldapBadge->getSearchDn(), $ldapBadge->getSearchPassword()); 83 } else { 84 throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.'); 85 } 86 // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0 87 $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_FILTER); 88 $query = str_replace('{username}', $username, $ldapBadge->getQueryString()); 89 $result = $ldap->query($ldapBadge->getDnString(), $query)->execute(); 90 if (1 !== $result->count()) { 91 throw new BadCredentialsException('The presented username is invalid.'); 92 } 93 94 $dn = $result[0]->getDn(); 95 } else { 96 // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0 97 $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_DN); 98 $dn = str_replace('{username}', $username, $ldapBadge->getDnString()); 99 } 100 101 $ldap->bind($dn, $presentedPassword); 102 } catch (ConnectionException $e) { 103 throw new BadCredentialsException('The presented password is invalid.'); 104 } 105 106 $passwordCredentials->markResolved(); 107 $ldapBadge->markResolved(); 108 } 109 110 public static function getSubscribedEvents(): array 111 { 112 return [CheckPassportEvent::class => ['onCheckPassport', 144]]; 113 } 114 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |