generis-auth-ldap/model/LdapAdapter.php

264 lines
6.7 KiB
PHP
Raw Normal View History

2014-07-15 16:02:32 +02:00
<?php
/**
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; under version 2
* of the License (non-upgradable).
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (c) 2013 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
*
*
*/
/**
* Authentication adapter interface to be implemented by authentication methodes
*
* @author christophe massin
2014-07-29 14:25:07 +02:00
* @package authLdap
2014-07-15 16:02:32 +02:00
*/
namespace oat\authLdap\model;
use core_kernel_users_Service;
use core_kernel_users_InvalidLoginException;
2014-07-29 14:25:07 +02:00
use oat\authLdap\model\LdapUser;
use oat\generisHard\models\hardsql\Exception;
2014-07-15 16:02:32 +02:00
use oat\oatbox\user\auth\LoginAdapter;
use Zend\Authentication\Adapter\Ldap;
2014-07-17 15:41:49 +02:00
use common_persistence_Manager;
use oat\taoTestTaker\models\CrudService;
use core_kernel_classes_Class;
use oat\oatbox\user\LoginService;
use oat\taoGroups\models\CrudGroupsService;
use oat\taoGroups\models\GroupsService;
2014-07-15 16:02:32 +02:00
/**
* Adapter to authenticate users stored in the Ldap implementation
*
* @author Christophe Massin <christope@taotesting.com>
*
*/
class LdapAdapter implements LoginAdapter
{
const OPTION_ADAPTER_CONFIG = 'config';
const OPTION_USER_MAPPING = 'mapping';
2014-07-15 16:02:32 +02:00
/** @var $username string */
private $username;
/** @var $password string */
private $password;
/** @var $configuration array $configuration */
protected $configuration;
2014-07-17 15:41:49 +02:00
/**
* @var \Zend\Authentication\Adapter\Ldap
*/
protected $adapter;
/**
* Create an adapter from the configuration
*
* @param array $configuration
2014-07-18 14:39:37 +02:00
* @return oat\authLdap\model\LdapAdapter
*/
public static function createFromConfig(array $configuration) {
$adapter = new self();
$adapter->setOptions($configuration);
return $adapter;
}
/**
2015-11-30 09:49:24 +01:00
* Instantiates Zend Ldap adapter
*/
2015-11-30 09:49:24 +01:00
public function __construct() {
$this->adapter = new Ldap();
}
2014-07-17 15:41:49 +02:00
2015-11-30 09:49:24 +01:00
public function setOptions(array $options) {
$this->configuration = $options;
$this->adapter->setOptions($options['config']);
}
public function getOption($name) {
return $this->configuration[$name];
}
2015-12-21 15:07:34 +01:00
public function hasOption($name) {
return isset($this->configuration[$name]);
}
2014-07-15 16:02:32 +02:00
/**
* Set the credential
*
* @param string $login
* @param string $password
*/
public function setCredentials($login, $password){
$this->username = $login;
$this->password = $password;
}
public function authenticate() {
2014-07-17 15:41:49 +02:00
$adapter = $this->getAdapter();
2014-07-15 16:02:32 +02:00
$adapter->setUsername($this->getUsername());
$adapter->setPassword($this->getPassword());
2014-07-17 13:20:53 +02:00
$result = $adapter->authenticate();
2014-07-15 16:02:32 +02:00
2014-07-17 13:20:53 +02:00
if($result->isValid()){
2014-07-15 16:02:32 +02:00
2014-07-16 15:48:46 +02:00
$result = $adapter->getAccountObject();
$params = get_object_vars($result);
2015-12-21 15:07:34 +01:00
$mapping = $this->hasOption(self::OPTION_USER_MAPPING)
? $this->getOption(self::OPTION_USER_MAPPING)
: array();
2014-07-16 15:48:46 +02:00
//TODO: change this
$user = $this->createTestTaker($this->getUsername(), $this->getPassword(), $params);
$this->addUserToGroup($user, 'LDAP');
return LoginService::authenticate($this->getUsername(), $this->getPassword());
2014-07-15 16:02:32 +02:00
} else {
throw new core_kernel_users_InvalidLoginException('User "'.$this->getUsername().'" failed LDAP authentication.');
2014-07-15 16:02:32 +02:00
}
}
private function createTestTaker($login, $password, $params)
{
$testTakerCrudService = CrudService::singleton();
$testTakerClass = new core_kernel_classes_Class(('http://www.tao.lu/Ontologies/TAO.rdf#User'));
$data = [
PROPERTY_USER_LOGIN => $login,
PROPERTY_USER_PASSWORD => $password,
RDFS_LABEL => $login . ' - ' . $params['givenname'] . ' ' . $params['sn'],
PROPERTY_USER_FIRSTNAME => $params['givenname'],
PROPERTY_USER_LASTNAME => $params['sn'],
];
try {
$testTaker = $testTakerCrudService->createFromLdapData($data);
} catch (\common_exception_PreConditionFailure $e) {
//TODO: throw better exception
throw new core_kernel_users_InvalidLoginException('Error while creating test taker: ' . $login);
}
return $testTaker;
}
private function addUserToGroup($user, $groupLabel)
{
$groupCrudService = CrudGroupsService::singleton();
$groupService = GroupsService::singleton();
$groupClass = $groupService->getRootClass();
$instances = $groupClass->searchInstances(array(
RDFS_LABEL => $groupLabel
), array(
'recursive' => true,
'like' => false
));
if (count($instances)) {
$group = current($instances);
} else {
$group = $groupCrudService->createFromArray([
RDFS_LABEL => $groupLabel
]);
}
$groupService->addUser($user->getUri(), $group);
}
2014-07-17 15:41:49 +02:00
/**
* @param \Zend\Authentication\Adapter\Ldap $adapter
*/
public function setAdapter($adapter)
{
$this->adapter = $adapter;
}
/**
* @return \Zend\Authentication\Adapter\Ldap
*/
public function getAdapter()
{
return $this->adapter;
}
2014-07-15 16:02:32 +02:00
/**
* @param array $configuration
*/
public function setConfiguration($configuration)
{
$this->configuration = $configuration;
}
/**
* @return array
*/
public function getConfiguration()
{
return $this->configuration;
}
/**
* @param string $password
*/
public function setPassword($password)
{
$this->password = $password;
}
/**
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* @param string $username
*/
public function setUsername($username)
{
$this->username = $username;
}
/**
* @return string
*/
public function getUsername()
{
return $this->username;
}
}