[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * This file is part of the Symfony package. 5 * 6 * (c) Fabien Potencier <[email protected]> 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12 namespace Symfony\Component\Ldap\Security; 13 14 use Symfony\Component\Ldap\Entry; 15 use Symfony\Component\Ldap\Exception\ConnectionException; 16 use Symfony\Component\Ldap\Exception\ExceptionInterface; 17 use Symfony\Component\Ldap\LdapInterface; 18 use Symfony\Component\Security\Core\Exception\InvalidArgumentException; 19 use Symfony\Component\Security\Core\Exception\UnsupportedUserException; 20 use Symfony\Component\Security\Core\Exception\UserNotFoundException; 21 use Symfony\Component\Security\Core\User\PasswordUpgraderInterface; 22 use Symfony\Component\Security\Core\User\UserInterface; 23 use Symfony\Component\Security\Core\User\UserProviderInterface; 24 25 /** 26 * LdapUserProvider is a simple user provider on top of LDAP. 27 * 28 * @author Grégoire Pineau <[email protected]> 29 * @author Charles Sarrazin <[email protected]> 30 * @author Robin Chalas <[email protected]> 31 */ 32 class LdapUserProvider implements UserProviderInterface, PasswordUpgraderInterface 33 { 34 private $ldap; 35 private $baseDn; 36 private $searchDn; 37 private $searchPassword; 38 private $defaultRoles; 39 private $uidKey; 40 private $defaultSearch; 41 private $passwordAttribute; 42 private $extraFields; 43 44 public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = []) 45 { 46 if (null === $uidKey) { 47 $uidKey = 'sAMAccountName'; 48 } 49 50 if (null === $filter) { 51 $filter = '({uid_key}={user_identifier})'; 52 } 53 54 $this->ldap = $ldap; 55 $this->baseDn = $baseDn; 56 $this->searchDn = $searchDn; 57 $this->searchPassword = $searchPassword; 58 $this->defaultRoles = $defaultRoles; 59 $this->uidKey = $uidKey; 60 $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter); 61 $this->passwordAttribute = $passwordAttribute; 62 $this->extraFields = $extraFields; 63 } 64 65 /** 66 * {@inheritdoc} 67 */ 68 public function loadUserByUsername(string $username) 69 { 70 trigger_deprecation('symfony/ldap', '5.3', 'Method "%s()" is deprecated, use loadUserByIdentifier() instead.', __METHOD__); 71 72 return $this->loadUserByIdentifier($username); 73 } 74 75 public function loadUserByIdentifier(string $identifier): UserInterface 76 { 77 try { 78 $this->ldap->bind($this->searchDn, $this->searchPassword); 79 $identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER); 80 $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch); 81 $search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '*' : $this->extraFields]); 82 } catch (ConnectionException $e) { 83 $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier), 0, $e); 84 $e->setUserIdentifier($identifier); 85 86 throw $e; 87 } 88 89 $entries = $search->execute(); 90 $count = \count($entries); 91 92 if (!$count) { 93 $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier)); 94 $e->setUserIdentifier($identifier); 95 96 throw $e; 97 } 98 99 if ($count > 1) { 100 $e = new UserNotFoundException('More than one user found.'); 101 $e->setUserIdentifier($identifier); 102 103 throw $e; 104 } 105 106 $entry = $entries[0]; 107 108 try { 109 if (null !== $this->uidKey) { 110 $identifier = $this->getAttributeValue($entry, $this->uidKey); 111 } 112 } catch (InvalidArgumentException $e) { 113 } 114 115 return $this->loadUser($identifier, $entry); 116 } 117 118 /** 119 * {@inheritdoc} 120 */ 121 public function refreshUser(UserInterface $user) 122 { 123 if (!$user instanceof LdapUser) { 124 throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); 125 } 126 127 return new LdapUser($user->getEntry(), $user->getUserIdentifier(), $user->getPassword(), $user->getRoles(), $user->getExtraFields()); 128 } 129 130 /** 131 * {@inheritdoc} 132 * 133 * @final 134 */ 135 public function upgradePassword($user, string $newHashedPassword): void 136 { 137 if (!$user instanceof LdapUser) { 138 throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); 139 } 140 141 if (null === $this->passwordAttribute) { 142 return; 143 } 144 145 try { 146 $user->getEntry()->setAttribute($this->passwordAttribute, [$newHashedPassword]); 147 $this->ldap->getEntryManager()->update($user->getEntry()); 148 $user->setPassword($newHashedPassword); 149 } catch (ExceptionInterface $e) { 150 // ignore failed password upgrades 151 } 152 } 153 154 /** 155 * {@inheritdoc} 156 */ 157 public function supportsClass(string $class) 158 { 159 return LdapUser::class === $class; 160 } 161 162 /** 163 * Loads a user from an LDAP entry. 164 * 165 * @return UserInterface 166 */ 167 protected function loadUser(string $identifier, Entry $entry) 168 { 169 $password = null; 170 $extraFields = []; 171 172 if (null !== $this->passwordAttribute) { 173 $password = $this->getAttributeValue($entry, $this->passwordAttribute); 174 } 175 176 foreach ($this->extraFields as $field) { 177 $extraFields[$field] = $this->getAttributeValue($entry, $field); 178 } 179 180 return new LdapUser($entry, $identifier, $password, $this->defaultRoles, $extraFields); 181 } 182 183 private function getAttributeValue(Entry $entry, string $attribute) 184 { 185 if (!$entry->hasAttribute($attribute)) { 186 throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn())); 187 } 188 189 $values = $entry->getAttribute($attribute); 190 191 if (1 !== \count($values)) { 192 throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute)); 193 } 194 195 return $values[0]; 196 } 197 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |