[ Index ]

PHP Cross Reference of Joomla 4.2.2 documentation

title

Body

[close]

/libraries/vendor/symfony/ldap/Security/ -> LdapUserProvider.php (source)

[Summary view] [Print] [Text view] 

   1  <?php
   2  
   3  /*
   4   * This file is part of the Symfony package.
   5   *
   6   * (c) Fabien Potencier <[email protected]>
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Symfony\Component\Ldap\Security;
  13  
  14  use Symfony\Component\Ldap\Entry;
  15  use Symfony\Component\Ldap\Exception\ConnectionException;
  16  use Symfony\Component\Ldap\Exception\ExceptionInterface;
  17  use Symfony\Component\Ldap\LdapInterface;
  18  use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
  19  use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
  20  use Symfony\Component\Security\Core\Exception\UserNotFoundException;
  21  use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
  22  use Symfony\Component\Security\Core\User\UserInterface;
  23  use Symfony\Component\Security\Core\User\UserProviderInterface;
  24  
  25  /**
  26   * LdapUserProvider is a simple user provider on top of LDAP.
  27   *
  28   * @author GrĂ©goire Pineau <[email protected]>
  29   * @author Charles Sarrazin <[email protected]>
  30   * @author Robin Chalas <[email protected]>
  31   */
  32  class LdapUserProvider implements UserProviderInterface, PasswordUpgraderInterface
  33  {
  34      private $ldap;
  35      private $baseDn;
  36      private $searchDn;
  37      private $searchPassword;
  38      private $defaultRoles;
  39      private $uidKey;
  40      private $defaultSearch;
  41      private $passwordAttribute;
  42      private $extraFields;
  43  
  44      public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
  45      {
  46          if (null === $uidKey) {
  47              $uidKey = 'sAMAccountName';
  48          }
  49  
  50          if (null === $filter) {
  51              $filter = '({uid_key}={user_identifier})';
  52          }
  53  
  54          $this->ldap = $ldap;
  55          $this->baseDn = $baseDn;
  56          $this->searchDn = $searchDn;
  57          $this->searchPassword = $searchPassword;
  58          $this->defaultRoles = $defaultRoles;
  59          $this->uidKey = $uidKey;
  60          $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
  61          $this->passwordAttribute = $passwordAttribute;
  62          $this->extraFields = $extraFields;
  63      }
  64  
  65      /**
  66       * {@inheritdoc}
  67       */
  68      public function loadUserByUsername(string $username)
  69      {
  70          trigger_deprecation('symfony/ldap', '5.3', 'Method "%s()" is deprecated, use loadUserByIdentifier() instead.', __METHOD__);
  71  
  72          return $this->loadUserByIdentifier($username);
  73      }
  74  
  75      public function loadUserByIdentifier(string $identifier): UserInterface
  76      {
  77          try {
  78              $this->ldap->bind($this->searchDn, $this->searchPassword);
  79              $identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);
  80              $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch);
  81              $search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '*' : $this->extraFields]);
  82          } catch (ConnectionException $e) {
  83              $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier), 0, $e);
  84              $e->setUserIdentifier($identifier);
  85  
  86              throw $e;
  87          }
  88  
  89          $entries = $search->execute();
  90          $count = \count($entries);
  91  
  92          if (!$count) {
  93              $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier));
  94              $e->setUserIdentifier($identifier);
  95  
  96              throw $e;
  97          }
  98  
  99          if ($count > 1) {
 100              $e = new UserNotFoundException('More than one user found.');
 101              $e->setUserIdentifier($identifier);
 102  
 103              throw $e;
 104          }
 105  
 106          $entry = $entries[0];
 107  
 108          try {
 109              if (null !== $this->uidKey) {
 110                  $identifier = $this->getAttributeValue($entry, $this->uidKey);
 111              }
 112          } catch (InvalidArgumentException $e) {
 113          }
 114  
 115          return $this->loadUser($identifier, $entry);
 116      }
 117  
 118      /**
 119       * {@inheritdoc}
 120       */
 121      public function refreshUser(UserInterface $user)
 122      {
 123          if (!$user instanceof LdapUser) {
 124              throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
 125          }
 126  
 127          return new LdapUser($user->getEntry(), $user->getUserIdentifier(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
 128      }
 129  
 130      /**
 131       * {@inheritdoc}
 132       *
 133       * @final
 134       */
 135      public function upgradePassword($user, string $newHashedPassword): void
 136      {
 137          if (!$user instanceof LdapUser) {
 138              throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
 139          }
 140  
 141          if (null === $this->passwordAttribute) {
 142              return;
 143          }
 144  
 145          try {
 146              $user->getEntry()->setAttribute($this->passwordAttribute, [$newHashedPassword]);
 147              $this->ldap->getEntryManager()->update($user->getEntry());
 148              $user->setPassword($newHashedPassword);
 149          } catch (ExceptionInterface $e) {
 150              // ignore failed password upgrades
 151          }
 152      }
 153  
 154      /**
 155       * {@inheritdoc}
 156       */
 157      public function supportsClass(string $class)
 158      {
 159          return LdapUser::class === $class;
 160      }
 161  
 162      /**
 163       * Loads a user from an LDAP entry.
 164       *
 165       * @return UserInterface
 166       */
 167      protected function loadUser(string $identifier, Entry $entry)
 168      {
 169          $password = null;
 170          $extraFields = [];
 171  
 172          if (null !== $this->passwordAttribute) {
 173              $password = $this->getAttributeValue($entry, $this->passwordAttribute);
 174          }
 175  
 176          foreach ($this->extraFields as $field) {
 177              $extraFields[$field] = $this->getAttributeValue($entry, $field);
 178          }
 179  
 180          return new LdapUser($entry, $identifier, $password, $this->defaultRoles, $extraFields);
 181      }
 182  
 183      private function getAttributeValue(Entry $entry, string $attribute)
 184      {
 185          if (!$entry->hasAttribute($attribute)) {
 186              throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn()));
 187          }
 188  
 189          $values = $entry->getAttribute($attribute);
 190  
 191          if (1 !== \count($values)) {
 192              throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
 193          }
 194  
 195          return $values[0];
 196      }
 197  }

Body

Body

Body

Body


Generated: Wed Sep 7 05:41:13 2022 Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer