|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
FreeIPA library for PHP |
|
4
|
|
|
Copyright (C) 2015 Tobias Sette <[email protected]> |
|
5
|
|
|
|
|
6
|
|
|
This program is free software: you can redistribute it and/or modify |
|
7
|
|
|
it under the terms of the GNU Lesser General Public License as published by |
|
8
|
|
|
the Free Software Foundation, either version 3 of the License, or |
|
9
|
|
|
(at your option) any later version. |
|
10
|
|
|
|
|
11
|
|
|
This program is distributed in the hope that it will be useful, |
|
12
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
13
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
14
|
|
|
GNU Lesser General Public License for more details. |
|
15
|
|
|
|
|
16
|
|
|
You should have received a copy of the GNU Lesser General Public License |
|
17
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
18
|
|
|
*/ |
|
19
|
|
|
|
|
20
|
|
|
// Dependencies: |
|
|
|
|
|
|
21
|
|
|
//require_once('Base.php'); |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Classes for access to FreeIPA API |
|
25
|
|
|
* @since GIT: 0.1.0 |
|
26
|
|
|
*/ |
|
27
|
|
|
namespace FreeIPA\APIAccess; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* Class to access user resources |
|
31
|
|
|
* |
|
32
|
|
|
* @author Tobias Sette <[email protected]> |
|
33
|
|
|
* @copyright Copyright (c) 2015 Tobias Sette <[email protected]> |
|
34
|
|
|
* @license LGPLv3 |
|
35
|
|
|
* @package php-freeipa |
|
36
|
|
|
* @since GIT: 0.1.0 |
|
37
|
|
|
* @version GIT: 0.2.0 |
|
38
|
|
|
*/ |
|
39
|
|
|
class User extends \FreeIPA\APIAccess\Base |
|
40
|
|
|
{ |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* Search user through of user_find method. |
|
44
|
|
|
* If $args is a string, the server will search in login, first_name and |
|
45
|
|
|
* last_name fields. |
|
46
|
|
|
* |
|
47
|
|
|
* @param array $args arguments for user_find method |
|
48
|
|
|
* @param array $options options for user_find method |
|
49
|
|
|
* @return array|bool false if the user was not found |
|
50
|
|
|
* @since GIT: 0.1.0 |
|
51
|
|
|
* @version GIT: 0.2.0 |
|
52
|
|
|
* @throws \Exception if error in json return |
|
53
|
|
|
* @see ../../docs/return_samples/user_find.txt |
|
54
|
|
|
* @see \FreeIPA\APIAccess\Connection\buildRequest() |
|
55
|
|
|
*/ |
|
56
|
|
|
public function find($args = array(), $options = array()) |
|
57
|
|
|
{ |
|
58
|
|
|
if (!is_array($args) || !is_array($options)) { |
|
59
|
|
|
return false; |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
// Obtained with the command ipa -vv user-find --all |
|
63
|
|
|
$default_options = array( |
|
64
|
|
|
'all' => true, |
|
65
|
|
|
'no_members' => false, |
|
66
|
|
|
'pkey_only' => false, |
|
67
|
|
|
'raw' => false, |
|
68
|
|
|
'whoami' => false, |
|
69
|
|
|
); |
|
70
|
|
|
$final_options = array_merge($default_options, $options); |
|
71
|
|
|
|
|
72
|
|
|
$return_request = $this->getConnection()->buildRequest('user_find', $args, $final_options); //returns json and http code of response |
|
73
|
|
|
$json = $return_request[0]; |
|
74
|
|
|
|
|
75
|
|
|
if (empty($json->result) || !isset($json->result->count)) { |
|
76
|
|
|
throw new \Exception('Malformed json'); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
if ($json->result->count < 1) { |
|
80
|
|
|
return false; |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
return $json->result->result; |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
/** |
|
87
|
|
|
* Search user by field |
|
88
|
|
|
* Principal fields are: |
|
89
|
|
|
* 'givenname' => first name |
|
90
|
|
|
* 'sn' => last name |
|
91
|
|
|
* 'cn' => full name |
|
92
|
|
|
* 'in_group' => user is in group |
|
93
|
|
|
* 'not_in_group' => user it not in group |
|
94
|
|
|
* 'mail' => e-mail address |
|
95
|
|
|
* 'uid' => user unique name |
|
96
|
|
|
* 'uidnumber' => user unique number |
|
97
|
|
|
* |
|
98
|
|
|
* @param array $field field name. See examples above |
|
99
|
|
|
* @param string $value field value |
|
100
|
|
|
* @return array|bool false if the user was not found |
|
101
|
|
|
* @since GIT: 0.1.0 |
|
102
|
|
|
* @version GIT: 0.1.0 |
|
103
|
|
|
* @see find() |
|
104
|
|
|
*/ |
|
105
|
|
|
public function findBy($field = null, $value = null) |
|
106
|
|
|
{ |
|
107
|
|
|
if (!$field || !$value) { |
|
|
|
|
|
|
108
|
|
|
return false; |
|
109
|
|
|
} |
|
110
|
|
|
|
|
111
|
|
|
$options = array($field => $value); |
|
112
|
|
|
return $this->find(array(), $options); |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* Get user data by login through user_show method |
|
117
|
|
|
* |
|
118
|
|
|
* @param string|array $params user login or some parameters |
|
119
|
|
|
* @param array $options options for user_show method |
|
120
|
|
|
* @return array|bool false if the user was not found |
|
121
|
|
|
* @since GIT: 0.1.0 |
|
122
|
|
|
* @version GIT: 0.2.0 |
|
123
|
|
|
* @throws \Exception se houver erro no retorno json |
|
124
|
|
|
* @see ../../docs/return_samples/user_show.txt |
|
125
|
|
|
* @see \FreeIPA\APIAccess\Connection\buildRequest() |
|
126
|
|
|
*/ |
|
127
|
|
|
public function get($params = null, $options = array()) |
|
128
|
|
|
{ |
|
129
|
|
|
if (!is_array($options)) { |
|
130
|
|
|
return false; |
|
131
|
|
|
} |
|
132
|
|
|
|
|
133
|
|
|
if (is_string($params)) { |
|
134
|
|
|
$final_params = array($params); |
|
135
|
|
|
} else if (is_array($params)) { |
|
136
|
|
|
$final_params = $params; |
|
137
|
|
|
} else { |
|
138
|
|
|
return false; |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
// Obtained with the command ipa -vv user-show admin |
|
142
|
|
|
$default_options = array( |
|
143
|
|
|
'all' => true, |
|
144
|
|
|
'no_members' => false, |
|
145
|
|
|
'raw' => false, |
|
146
|
|
|
'rights' => false, |
|
147
|
|
|
); |
|
148
|
|
|
$final_options = array_merge($options, $default_options); |
|
149
|
|
|
|
|
150
|
|
|
$return_request = $this->getConnection()->buildRequest('user_show', $final_params, $final_options, false); |
|
151
|
|
|
$json = $return_request[0]; |
|
152
|
|
|
|
|
153
|
|
|
if (!empty($json->error) && strtolower($json->error->name) == 'notfound') { |
|
154
|
|
|
// user not found |
|
155
|
|
|
return false; |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
if (empty($json->result)) { |
|
159
|
|
|
throw new \Exception('Malformed json'); |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
|
|
// #TODO erase this code? |
|
163
|
|
|
if (!isset($json->result->result)) { |
|
164
|
|
|
return false; |
|
165
|
|
|
} |
|
166
|
|
|
|
|
167
|
|
|
return $json->result->result; |
|
168
|
|
|
} |
|
169
|
|
|
|
|
170
|
|
|
/** |
|
171
|
|
|
* Adds a user |
|
172
|
|
|
* The main fields in $data: |
|
173
|
|
|
* 'givenname' => first name |
|
174
|
|
|
* 'sn' => last name |
|
175
|
|
|
* 'cn' => full name |
|
176
|
|
|
* 'mail' => e-mail address |
|
177
|
|
|
* 'uid' => login (required field) |
|
178
|
|
|
* 'userpassword' => user password |
|
179
|
|
|
* |
|
180
|
|
|
* @param array $data user data. See example above |
|
181
|
|
|
* @return object|bool Object with new user data or false if the user was not found |
|
182
|
|
|
* @since GIT: 0.1.0 |
|
183
|
|
|
* @version GIT: 0.1.0 |
|
184
|
|
|
* @see \FreeIPA\APIAccess\Connection\buildRequest() |
|
185
|
|
|
*/ |
|
186
|
|
|
public function add($data) |
|
187
|
|
|
{ |
|
188
|
|
|
if (!$data || !isset($data['uid']) || empty($data['uid'])) { |
|
|
|
|
|
|
189
|
|
|
return false; |
|
190
|
|
|
} |
|
191
|
|
|
|
|
192
|
|
|
// Obtained with the command: |
|
193
|
|
|
// ipa -vv user_add tobias --first="Tobias" --last="Sette" --email="[email protected]" --password |
|
194
|
|
|
$args = array($data['uid']); |
|
195
|
|
|
$default_options = array( |
|
196
|
|
|
'all' => false, |
|
197
|
|
|
'no_members' => false, |
|
198
|
|
|
'noprivate' => false, |
|
199
|
|
|
'random' => false, |
|
200
|
|
|
'raw' => false, |
|
201
|
|
|
); |
|
202
|
|
|
unset($data['uid']); |
|
203
|
|
|
$final_options = array_merge($default_options, $data); |
|
204
|
|
|
|
|
205
|
|
|
// The buildRequest() method already checks the field 'error', which is the only relevant to this API method |
|
206
|
|
|
$return_request = $this->getConnection()->buildRequest('user_add', $args, $final_options); //returns json and http code of response |
|
207
|
|
|
if (!$return_request) { |
|
|
|
|
|
|
208
|
|
|
return false; |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
return $return_request[0]->result->result; |
|
212
|
|
|
} |
|
213
|
|
|
|
|
214
|
|
|
/** |
|
215
|
|
|
* Change user data |
|
216
|
|
|
* The main fields in $data: |
|
217
|
|
|
* 'givenname' => first name |
|
218
|
|
|
* 'sn' => last name |
|
219
|
|
|
* 'cn' => full name |
|
220
|
|
|
* 'mail' => e-mail address |
|
221
|
|
|
* 'userpassword' => user password |
|
222
|
|
|
* 'krbprincipalexpiration' => Date of password expiration (Python __datetime__). Example: 20150816010101Z |
|
223
|
|
|
* |
|
224
|
|
|
* If user does not exists, the \FreeIPA\APIAccess\Connection\buildRequest() method will return \Exception. |
|
225
|
|
|
* Please, note that change the user password will be subject to server policies, such as |
|
226
|
|
|
* length, expiration date and freeIPA behavior that will invalidate the first password. |
|
227
|
|
|
* If password was invalidated the user don't will be able to make login through authenticate() method |
|
228
|
|
|
* |
|
229
|
|
|
* @param string $login uid user that will be changed |
|
230
|
|
|
* @param array $data See above |
|
231
|
|
|
* @return object|bool Object with new 1user data or false if the user was not found |
|
232
|
|
|
* @since GIT: 0.1.0 |
|
233
|
|
|
* @version GIT: 0.1.0 |
|
234
|
|
|
* @see ../../docs/return_samples/user_mod.txt |
|
235
|
|
|
* @see \FreeIPA\APIAccess\Connection\buildRequest() |
|
236
|
|
|
* @link https://www.freeipa.org/page/New_Passwords_Expired |
|
237
|
|
|
* @link https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/changing-pwds.html |
|
238
|
|
|
* @link http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/pwd-expiration.html |
|
239
|
|
|
*/ |
|
240
|
|
|
public function modify($login = null, $data = array()) |
|
241
|
|
|
{ |
|
242
|
|
|
if (!$login || !$data) { |
|
|
|
|
|
|
243
|
|
|
return false; |
|
244
|
|
|
} |
|
245
|
|
|
|
|
246
|
|
|
// Obtained with the command: ipa -vv user_mod tobias --first="testaaaaaa" |
|
247
|
|
|
$args = array($login); |
|
248
|
|
|
$default_options = array( |
|
249
|
|
|
'all' => false, |
|
250
|
|
|
'no_members' => false, |
|
251
|
|
|
'random' => false, |
|
252
|
|
|
'raw' => false, |
|
253
|
|
|
'rights' => false, |
|
254
|
|
|
); |
|
255
|
|
|
$final_options = array_merge($default_options, $data); |
|
256
|
|
|
|
|
257
|
|
|
// The buildRequest() method already checks the field 'error', which is the only relevant to this API method |
|
258
|
|
|
$return_request = $this->getConnection()->buildRequest('user_mod', $args, $final_options); //returns json and http code of response |
|
259
|
|
|
if (!$return_request) { |
|
|
|
|
|
|
260
|
|
|
return false; |
|
261
|
|
|
} |
|
262
|
|
|
|
|
263
|
|
|
return $return_request[0]->result->result; |
|
264
|
|
|
} |
|
265
|
|
|
|
|
266
|
|
|
} |
|
267
|
|
|
|
gnumoksha /
php-freeipa
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.