kaliop-uk /
ezidentitymanagementbundle
@@ -3,15 +3,12 @@ |
||
| 3 | 3 | namespace Kaliop\IdentityManagementBundle\Security\User\Provider; |
| 4 | 4 | |
| 5 | 5 | use Symfony\Component\Security\Core\User\UserProviderInterface; |
| 6 | -use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
|
| 7 | 6 | use Symfony\Component\Security\Core\Exception\UnsupportedUserException; |
| 8 | 7 | use Symfony\Component\Security\Core\User\UserInterface; |
| 9 | -use Kaliop\IdentityManagementBundle\Security\User\AMSUser as UserClass; |
|
| 10 | 8 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUserProviderInterface; |
| 11 | 9 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUser as KaliopRemoteUser; |
| 12 | 10 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUserHandlerInterface; |
| 13 | 11 | use eZ\Publish\Core\MVC\Symfony\Security\User\APIUserProviderInterface; |
| 14 | -use eZ\Publish\Core\MVC\Symfony\Security\User as eZMVCUser; |
|
| 15 | 12 | use Psr\Log\LoggerInterface; |
| 16 | 13 | |
| 17 | 14 | class RemoteUser implements UserProviderInterface, RemoteUserProviderInterface |
@@ -108,7 +108,9 @@ |
||
| 108 | 108 | } |
| 109 | 109 | |
| 110 | 110 | } catch (\Exception $e) { |
| 111 | - if ($this->logger) $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: " . $e->getMessage()); |
|
| 111 | + if ($this->logger) { |
|
| 112 | + $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: " . $e->getMessage()); |
|
| 113 | + } |
|
| 112 | 114 | throw $e; |
| 113 | 115 | } |
| 114 | 116 | |
@@ -4,8 +4,6 @@ |
||
| 4 | 4 | |
| 5 | 5 | use Kaliop\IdentityManagementBundle\Adapter\ClientInterface; |
| 6 | 6 | use eZ\Publish\API\Repository\Repository; |
| 7 | -use eZ\Publish\API\Repository\Values\Content\Query; |
|
| 8 | -use eZ\Publish\API\Repository\Values\Content\Query\Criterion; |
|
| 9 | 7 | use eZ\Publish\API\Repository\Values\User\User; |
| 10 | 8 | use eZ\Publish\API\Repository\Exceptions\NotFoundException; |
| 11 | 9 | |
@@ -52,8 +52,7 @@ discard block |
||
| 52 | 52 | try |
| 53 | 53 | { |
| 54 | 54 | return $this->repository->getUserService()->loadUserByLogin($remoteUser->getUsername()); |
| 55 | - } |
|
| 56 | - catch (NotFoundException $e) |
|
| 55 | + } catch (NotFoundException $e) |
|
| 57 | 56 | { |
| 58 | 57 | return false; |
| 59 | 58 | } |
@@ -226,8 +225,9 @@ discard block |
||
| 226 | 225 | protected function cleanUpAfterUserCreation() |
| 227 | 226 | { |
| 228 | 227 | foreach ($this->tempFiles as $fileName) { |
| 229 | - if (is_file( $fileName)) |
|
| 230 | - unlink($fileName); |
|
| 228 | + if (is_file( $fileName)) { |
|
| 229 | + unlink($fileName); |
|
| 230 | + } |
|
| 231 | 231 | } |
| 232 | 232 | } |
| 233 | 233 | |
@@ -237,8 +237,9 @@ discard block |
||
| 237 | 237 | protected function cleanUpAfterUserUpdate() |
| 238 | 238 | { |
| 239 | 239 | foreach ($this->tempFiles as $fileName) { |
| 240 | - if (is_file( $fileName)) |
|
| 241 | - unlink($fileName); |
|
| 240 | + if (is_file( $fileName)) { |
|
| 241 | + unlink($fileName); |
|
| 242 | + } |
|
| 242 | 243 | } |
| 243 | 244 | } |
| 244 | 245 | } |
@@ -48,7 +48,9 @@ discard block |
||
| 48 | 48 | */ |
| 49 | 49 | public function authenticateUser($username, $password) |
| 50 | 50 | { |
| 51 | - if ($this->logger) $this->logger->info("Looking up remote user: '$username'"); |
|
| 51 | + if ($this->logger) { |
|
| 52 | + $this->logger->info("Looking up remote user: '$username'"); |
|
| 53 | + } |
|
| 52 | 54 | |
| 53 | 55 | $ldaps = is_array($this->ldap) ? array_values($this->ldap) : array($this->ldap); |
| 54 | 56 | $i = 0; |
@@ -69,36 +71,48 @@ discard block |
||
| 69 | 71 | } |
| 70 | 72 | |
| 71 | 73 | } catch (ConnectionException $e) { |
| 72 | - if ($this->logger) $this->logger->error(sprintf('Connection error "%s"', $e->getMessage())); |
|
| 74 | + if ($this->logger) { |
|
| 75 | + $this->logger->error(sprintf('Connection error "%s"', $e->getMessage())); |
|
| 76 | + } |
|
| 73 | 77 | |
| 74 | 78 | if ($i < count($ldaps)) { |
| 75 | - if ($this->logger) $this->logger->error("Connecting to ldap server $i"); |
|
| 79 | + if ($this->logger) { |
|
| 80 | + $this->logger->error("Connecting to ldap server $i"); |
|
| 81 | + } |
|
| 76 | 82 | continue; |
| 77 | 83 | } |
| 78 | 84 | |
| 79 | 85 | /// @todo shall we log an error ? |
| 80 | 86 | throw new AuthenticationServiceException(sprintf('Connection error "%s"', $e->getMessage()), 0, $e); |
| 81 | 87 | } catch (\Exception $e) { |
| 82 | - if ($this->logger) $this->logger->error(sprintf('Unexpected error "%s"', $e->getMessage())); |
|
| 88 | + if ($this->logger) { |
|
| 89 | + $this->logger->error(sprintf('Unexpected error "%s"', $e->getMessage())); |
|
| 90 | + } |
|
| 83 | 91 | |
| 84 | 92 | throw new AuthenticationServiceException(sprintf('Internal error "%s"', $e->getMessage()), 0, $e); |
| 85 | 93 | } |
| 86 | 94 | |
| 87 | 95 | if (!$search) { |
| 88 | - if ($this->logger) $this->logger->info("User not found"); |
|
| 96 | + if ($this->logger) { |
|
| 97 | + $this->logger->info("User not found"); |
|
| 98 | + } |
|
| 89 | 99 | |
| 90 | 100 | throw new BadCredentialsException(sprintf('User "%s" not found.', $username)); |
| 91 | 101 | } |
| 92 | 102 | |
| 93 | 103 | if ($search['count'] > 1) { |
| 94 | - if ($this->logger) $this->logger->warning('More than one ldap account found for ' . $username); |
|
| 104 | + if ($this->logger) { |
|
| 105 | + $this->logger->warning('More than one ldap account found for ' . $username); |
|
| 106 | + } |
|
| 95 | 107 | |
| 96 | 108 | throw new AuthenticationServiceException('More than one user found'); |
| 97 | 109 | } |
| 98 | 110 | |
| 99 | 111 | // always carry out this check, as the data is needed to log in |
| 100 | 112 | if (!isset($this->settings['ldap_login_attribute']) || !isset($search[0][$this->settings['ldap_login_attribute']][0])) { |
| 101 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: " . @$this->settings['ldap_login_attribute']); |
|
| 113 | + if ($this->logger) { |
|
| 114 | + $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: " . @$this->settings['ldap_login_attribute']); |
|
| 115 | + } |
|
| 102 | 116 | |
| 103 | 117 | throw new AuthenticationServiceException('Invalid user profile: missing ldap attribute needed for log-in'); |
| 104 | 118 | } |
@@ -106,29 +120,41 @@ discard block |
||
| 106 | 120 | try { |
| 107 | 121 | $this->validateLdapResults($search[0]); |
| 108 | 122 | } catch (\Exception $e) { |
| 109 | - if ($this->logger) $this->logger->warning("Invalid user profile for user: '$username': ".$e->getMessage()); |
|
| 123 | + if ($this->logger) { |
|
| 124 | + $this->logger->warning("Invalid user profile for user: '$username': ".$e->getMessage()); |
|
| 125 | + } |
|
| 110 | 126 | |
| 111 | 127 | throw new AuthenticationServiceException('Invalid user profile: '.$e->getMessage()); |
| 112 | 128 | } |
| 113 | 129 | |
| 114 | - if ($this->logger) $this->logger->info("Remote user found, attempting authentication for user: '$username'"); |
|
| 130 | + if ($this->logger) { |
|
| 131 | + $this->logger->info("Remote user found, attempting authentication for user: '$username'"); |
|
| 132 | + } |
|
| 115 | 133 | |
| 116 | 134 | try { |
| 117 | 135 | $ldap->bind($search[0][$this->settings['ldap_login_attribute']][0], $password); |
| 118 | 136 | } catch (ConnectionException $e) { |
| 119 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', bind failed: ".$e->getMessage()); |
|
| 137 | + if ($this->logger) { |
|
| 138 | + $this->logger->info("Authentication failed for user: '$username', bind failed: ".$e->getMessage()); |
|
| 139 | + } |
|
| 120 | 140 | throw new BadCredentialsException('The presented password is invalid.'); |
| 121 | 141 | } catch (\Exception $e) { |
| 122 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', unexpected ldap error: ".$e->getMessage()); |
|
| 142 | + if ($this->logger) { |
|
| 143 | + $this->logger->info("Authentication failed for user: '$username', unexpected ldap error: ".$e->getMessage()); |
|
| 144 | + } |
|
| 123 | 145 | throw new AuthenticationServiceException('Unexpected exception: '.$e->getMessage()); |
| 124 | 146 | } |
| 125 | 147 | |
| 126 | - if ($this->logger) $this->logger->info("Authentication succeeded for user: '$username'"); |
|
| 148 | + if ($this->logger) { |
|
| 149 | + $this->logger->info("Authentication succeeded for user: '$username'"); |
|
| 150 | + } |
|
| 127 | 151 | |
| 128 | 152 | // allow ldap to give us back the actual login field to be used in eZ. It might be different because of dashes, spaces, case... |
| 129 | 153 | if (isset($this->settings['login_attribute']) && isset($search[0][$this->settings['login_attribute']][0])) { |
| 130 | 154 | if ($username != $search[0][$this->settings['login_attribute']][0]) { |
| 131 | - if ($this->logger) $this->logger->info("Renamed user '$username' to '{$search[0][$this->settings['login_attribute']][0]}'"); |
|
| 155 | + if ($this->logger) { |
|
| 156 | + $this->logger->info("Renamed user '$username' to '{$search[0][$this->settings['login_attribute']][0]}'"); |
|
| 157 | + } |
|
| 132 | 158 | |
| 133 | 159 | $username = $search[0][$this->settings['login_attribute']][0]; |
| 134 | 160 | } |
@@ -22,8 +22,7 @@ |
||
| 22 | 22 | { |
| 23 | 23 | self::loginSucceeded( $user ); |
| 24 | 24 | return $user; |
| 25 | - } |
|
| 26 | - else |
|
| 25 | + } else |
|
| 27 | 26 | { |
| 28 | 27 | self::loginFailed( $user, $login ); |
| 29 | 28 | return false; |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
@@ -1,7 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[GeneralSettings] |
|
| 4 | -# The name of the firewall set in security.yml, connected to the 'remoteuser_login' |
|
| 5 | -# NB: even if the fw is used for the front sites, we use it to handle log in in the backoffice. No need to rename it or |
|
| 6 | -# to create a custom firewall |
|
| 7 | -FirewallName=ezpublish_front |
|
| 1 | +<?php |
|
| 8 | 2 | \ No newline at end of file |
