kaliop-uk /
ezidentitymanagementbundle
@@ -30,6 +30,10 @@ |
||
| 30 | 30 | } |
| 31 | 31 | } |
| 32 | 32 | |
| 33 | + /** |
|
| 34 | + * @param string $login |
|
| 35 | + * @param string $password |
|
| 36 | + */ |
|
| 33 | 37 | protected static function _loginUser( $login, $password, $authenticationMatch = false ) |
| 34 | 38 | { |
| 35 | 39 | $fwName = eZINI::instance('identitymanagement.ini')->variable('GeneralSettings', 'FirewallName'); |
@@ -14,23 +14,23 @@ discard block |
||
| 14 | 14 | * @param bool $authenticationMatch |
| 15 | 15 | * @return bool|mixed |
| 16 | 16 | */ |
| 17 | - static function loginUser( $login, $password, $authenticationMatch = false ) |
|
| 17 | + static function loginUser($login, $password, $authenticationMatch = false) |
|
| 18 | 18 | { |
| 19 | - $user = self::_loginUser( $login, $password, $authenticationMatch ); |
|
| 19 | + $user = self::_loginUser($login, $password, $authenticationMatch); |
|
| 20 | 20 | |
| 21 | - if ( is_object( $user ) ) |
|
| 21 | + if (is_object($user)) |
|
| 22 | 22 | { |
| 23 | - self::loginSucceeded( $user ); |
|
| 23 | + self::loginSucceeded($user); |
|
| 24 | 24 | return $user; |
| 25 | 25 | } |
| 26 | 26 | else |
| 27 | 27 | { |
| 28 | - self::loginFailed( $user, $login ); |
|
| 28 | + self::loginFailed($user, $login); |
|
| 29 | 29 | return false; |
| 30 | 30 | } |
| 31 | 31 | } |
| 32 | 32 | |
| 33 | - protected static function _loginUser( $login, $password, $authenticationMatch = false ) |
|
| 33 | + protected static function _loginUser($login, $password, $authenticationMatch = false) |
|
| 34 | 34 | { |
| 35 | 35 | $fwName = eZINI::instance('identitymanagement.ini')->variable('GeneralSettings', 'FirewallName'); |
| 36 | 36 | |
@@ -60,10 +60,10 @@ discard block |
||
| 60 | 60 | |
| 61 | 61 | return self::fetch($user->id); |
| 62 | 62 | |
| 63 | - } catch(\Exception $e) { |
|
| 63 | + } catch (\Exception $e) { |
|
| 64 | 64 | /// @todo make it easier to tell apart system error from user errors such as bad password... |
| 65 | 65 | |
| 66 | - eZDebug::writeError($e->getMessage(), __METHOD__ ); |
|
| 66 | + eZDebug::writeError($e->getMessage(), __METHOD__); |
|
| 67 | 67 | |
| 68 | 68 | return false; |
| 69 | 69 | } |
@@ -22,8 +22,7 @@ |
||
| 22 | 22 | { |
| 23 | 23 | self::loginSucceeded( $user ); |
| 24 | 24 | return $user; |
| 25 | - } |
|
| 26 | - else |
|
| 25 | + } else |
|
| 27 | 26 | { |
| 28 | 27 | self::loginFailed( $user, $login ); |
| 29 | 28 | return false; |
@@ -3,15 +3,12 @@ |
||
| 3 | 3 | namespace Kaliop\IdentityManagementBundle\Security\User\Provider; |
| 4 | 4 | |
| 5 | 5 | use Symfony\Component\Security\Core\User\UserProviderInterface; |
| 6 | -use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
|
| 7 | 6 | use Symfony\Component\Security\Core\Exception\UnsupportedUserException; |
| 8 | 7 | use Symfony\Component\Security\Core\User\UserInterface; |
| 9 | -use Kaliop\IdentityManagementBundle\Security\User\AMSUser as UserClass; |
|
| 10 | 8 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUserProviderInterface; |
| 11 | 9 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUser as KaliopRemoteUser; |
| 12 | 10 | use Kaliop\IdentityManagementBundle\Security\User\RemoteUserHandlerInterface; |
| 13 | 11 | use eZ\Publish\Core\MVC\Symfony\Security\User\APIUserProviderInterface; |
| 14 | -use eZ\Publish\Core\MVC\Symfony\Security\User as eZMVCUser; |
|
| 15 | 12 | use Psr\Log\LoggerInterface; |
| 16 | 13 | |
| 17 | 14 | class RemoteUser implements UserProviderInterface, RemoteUserProviderInterface |
@@ -108,7 +108,7 @@ |
||
| 108 | 108 | } |
| 109 | 109 | |
| 110 | 110 | } catch (\Exception $e) { |
| 111 | - if ($this->logger) $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: " . $e->getMessage()); |
|
| 111 | + if ($this->logger) $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: ".$e->getMessage()); |
|
| 112 | 112 | throw $e; |
| 113 | 113 | } |
| 114 | 114 | |
@@ -108,7 +108,9 @@ |
||
| 108 | 108 | } |
| 109 | 109 | |
| 110 | 110 | } catch (\Exception $e) { |
| 111 | - if ($this->logger) $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: " . $e->getMessage()); |
|
| 111 | + if ($this->logger) { |
|
| 112 | + $this->logger->error("Unexpected error while finding/creating/updating repo user from data gotten from remote service: " . $e->getMessage()); |
|
| 113 | + } |
|
| 112 | 114 | throw $e; |
| 113 | 115 | } |
| 114 | 116 | |
@@ -4,8 +4,6 @@ |
||
| 4 | 4 | |
| 5 | 5 | use Kaliop\IdentityManagementBundle\Adapter\ClientInterface; |
| 6 | 6 | use eZ\Publish\API\Repository\Repository; |
| 7 | -use eZ\Publish\API\Repository\Values\Content\Query; |
|
| 8 | -use eZ\Publish\API\Repository\Values\Content\Query\Criterion; |
|
| 9 | 7 | use eZ\Publish\API\Repository\Values\User\User; |
| 10 | 8 | use eZ\Publish\API\Repository\Exceptions\NotFoundException; |
| 11 | 9 | |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | $newUserGroups = $this->getGroupsFromProfile($profile); |
| 135 | 135 | $currentUserGroups = $userService->loadUserGroupsOfUser($eZUser); |
| 136 | 136 | $groupsToRemove = array(); |
| 137 | - foreach($currentUserGroups as $currentUserGroup) { |
|
| 137 | + foreach ($currentUserGroups as $currentUserGroup) { |
|
| 138 | 138 | if (!array_key_exists($currentUserGroup->id, $newUserGroups)) { |
| 139 | 139 | $groupsToRemove[] = $currentUserGroup; |
| 140 | 140 | } else { |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | |
| 165 | 165 | protected function getRemoteIdFromProfile($profile) |
| 166 | 166 | { |
| 167 | - return $this->remoteIdPrefix . $this->profileHash($profile); |
|
| 167 | + return $this->remoteIdPrefix.$this->profileHash($profile); |
|
| 168 | 168 | } |
| 169 | 169 | |
| 170 | 170 | /** |
@@ -211,7 +211,7 @@ discard block |
||
| 211 | 211 | * @param string $prefix |
| 212 | 212 | * @return string |
| 213 | 213 | */ |
| 214 | - protected function createTempFile($data, $prefix='') |
|
| 214 | + protected function createTempFile($data, $prefix = '') |
|
| 215 | 215 | { |
| 216 | 216 | $imageFileName = trim(tempnam(sys_get_temp_dir(), $prefix), '.'); |
| 217 | 217 | file_put_contents($imageFileName, $data); |
@@ -226,7 +226,7 @@ discard block |
||
| 226 | 226 | protected function cleanUpAfterUserCreation() |
| 227 | 227 | { |
| 228 | 228 | foreach ($this->tempFiles as $fileName) { |
| 229 | - if (is_file( $fileName)) |
|
| 229 | + if (is_file($fileName)) |
|
| 230 | 230 | unlink($fileName); |
| 231 | 231 | } |
| 232 | 232 | } |
@@ -237,7 +237,7 @@ discard block |
||
| 237 | 237 | protected function cleanUpAfterUserUpdate() |
| 238 | 238 | { |
| 239 | 239 | foreach ($this->tempFiles as $fileName) { |
| 240 | - if (is_file( $fileName)) |
|
| 240 | + if (is_file($fileName)) |
|
| 241 | 241 | unlink($fileName); |
| 242 | 242 | } |
| 243 | 243 | } |
@@ -52,8 +52,7 @@ discard block |
||
| 52 | 52 | try |
| 53 | 53 | { |
| 54 | 54 | return $this->repository->getUserService()->loadUserByLogin($remoteUser->getUsername()); |
| 55 | - } |
|
| 56 | - catch (NotFoundException $e) |
|
| 55 | + } catch (NotFoundException $e) |
|
| 57 | 56 | { |
| 58 | 57 | return false; |
| 59 | 58 | } |
@@ -226,8 +225,9 @@ discard block |
||
| 226 | 225 | protected function cleanUpAfterUserCreation() |
| 227 | 226 | { |
| 228 | 227 | foreach ($this->tempFiles as $fileName) { |
| 229 | - if (is_file( $fileName)) |
|
| 230 | - unlink($fileName); |
|
| 228 | + if (is_file( $fileName)) { |
|
| 229 | + unlink($fileName); |
|
| 230 | + } |
|
| 231 | 231 | } |
| 232 | 232 | } |
| 233 | 233 | |
@@ -237,8 +237,9 @@ discard block |
||
| 237 | 237 | protected function cleanUpAfterUserUpdate() |
| 238 | 238 | { |
| 239 | 239 | foreach ($this->tempFiles as $fileName) { |
| 240 | - if (is_file( $fileName)) |
|
| 241 | - unlink($fileName); |
|
| 240 | + if (is_file( $fileName)) { |
|
| 241 | + unlink($fileName); |
|
| 242 | + } |
|
| 242 | 243 | } |
| 243 | 244 | } |
| 244 | 245 | } |
@@ -24,10 +24,10 @@ |
||
| 24 | 24 | { |
| 25 | 25 | $loader = new YamlFileLoader( |
| 26 | 26 | $container, |
| 27 | - new FileLocator( __DIR__ . '/../Resources/config' ) |
|
| 27 | + new FileLocator(__DIR__.'/../Resources/config') |
|
| 28 | 28 | ); |
| 29 | 29 | |
| 30 | 30 | // New services |
| 31 | - $loader->load( 'services.yml' ); |
|
| 31 | + $loader->load('services.yml'); |
|
| 32 | 32 | } |
| 33 | 33 | } |
@@ -23,7 +23,7 @@ discard block |
||
| 23 | 23 | * Note that the list of attributes gotten from ladp is decided by settings for the client class... |
| 24 | 24 | * @todo store the password salted and encrypted in memory instead of plaintext |
| 25 | 25 | */ |
| 26 | - public function __construct($authUserResult, $emailField, $login, $password='') |
|
| 26 | + public function __construct($authUserResult, $emailField, $login, $password = '') |
|
| 27 | 27 | { |
| 28 | 28 | $this->username = $login; |
| 29 | 29 | $this->password = $password; |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | */ |
| 72 | 72 | protected function ldap2array($data) { |
| 73 | 73 | //return $data; |
| 74 | - foreach($data as $key => $value) { |
|
| 74 | + foreach ($data as $key => $value) { |
|
| 75 | 75 | if ($key === 'dn') { |
| 76 | 76 | continue; |
| 77 | 77 | } |
@@ -91,14 +91,14 @@ |
||
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | if ($search['count'] > 1) { |
| 94 | - if ($this->logger) $this->logger->warning('More than one ldap account found for ' . $username); |
|
| 94 | + if ($this->logger) $this->logger->warning('More than one ldap account found for '.$username); |
|
| 95 | 95 | |
| 96 | 96 | throw new AuthenticationServiceException('More than one user found'); |
| 97 | 97 | } |
| 98 | 98 | |
| 99 | 99 | // always carry out this check, as the data is needed to log in |
| 100 | 100 | if (!isset($this->settings['ldap_login_attribute']) || !isset($search[0][$this->settings['ldap_login_attribute']][0])) { |
| 101 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: " . @$this->settings['ldap_login_attribute']); |
|
| 101 | + if ($this->logger) $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: ".@$this->settings['ldap_login_attribute']); |
|
| 102 | 102 | |
| 103 | 103 | throw new AuthenticationServiceException('Invalid user profile: missing ldap attribute needed for log-in'); |
| 104 | 104 | } |
@@ -48,7 +48,9 @@ discard block |
||
| 48 | 48 | */ |
| 49 | 49 | public function authenticateUser($username, $password) |
| 50 | 50 | { |
| 51 | - if ($this->logger) $this->logger->info("Looking up remote user: '$username'"); |
|
| 51 | + if ($this->logger) { |
|
| 52 | + $this->logger->info("Looking up remote user: '$username'"); |
|
| 53 | + } |
|
| 52 | 54 | |
| 53 | 55 | $ldaps = is_array($this->ldap) ? array_values($this->ldap) : array($this->ldap); |
| 54 | 56 | $i = 0; |
@@ -69,36 +71,48 @@ discard block |
||
| 69 | 71 | } |
| 70 | 72 | |
| 71 | 73 | } catch (ConnectionException $e) { |
| 72 | - if ($this->logger) $this->logger->error(sprintf('Connection error "%s"', $e->getMessage())); |
|
| 74 | + if ($this->logger) { |
|
| 75 | + $this->logger->error(sprintf('Connection error "%s"', $e->getMessage())); |
|
| 76 | + } |
|
| 73 | 77 | |
| 74 | 78 | if ($i < count($ldaps)) { |
| 75 | - if ($this->logger) $this->logger->error("Connecting to ldap server $i"); |
|
| 79 | + if ($this->logger) { |
|
| 80 | + $this->logger->error("Connecting to ldap server $i"); |
|
| 81 | + } |
|
| 76 | 82 | continue; |
| 77 | 83 | } |
| 78 | 84 | |
| 79 | 85 | /// @todo shall we log an error ? |
| 80 | 86 | throw new AuthenticationServiceException(sprintf('Connection error "%s"', $e->getMessage()), 0, $e); |
| 81 | 87 | } catch (\Exception $e) { |
| 82 | - if ($this->logger) $this->logger->error(sprintf('Unexpected error "%s"', $e->getMessage())); |
|
| 88 | + if ($this->logger) { |
|
| 89 | + $this->logger->error(sprintf('Unexpected error "%s"', $e->getMessage())); |
|
| 90 | + } |
|
| 83 | 91 | |
| 84 | 92 | throw new AuthenticationServiceException(sprintf('Internal error "%s"', $e->getMessage()), 0, $e); |
| 85 | 93 | } |
| 86 | 94 | |
| 87 | 95 | if (!$search) { |
| 88 | - if ($this->logger) $this->logger->info("User not found"); |
|
| 96 | + if ($this->logger) { |
|
| 97 | + $this->logger->info("User not found"); |
|
| 98 | + } |
|
| 89 | 99 | |
| 90 | 100 | throw new BadCredentialsException(sprintf('User "%s" not found.', $username)); |
| 91 | 101 | } |
| 92 | 102 | |
| 93 | 103 | if ($search['count'] > 1) { |
| 94 | - if ($this->logger) $this->logger->warning('More than one ldap account found for ' . $username); |
|
| 104 | + if ($this->logger) { |
|
| 105 | + $this->logger->warning('More than one ldap account found for ' . $username); |
|
| 106 | + } |
|
| 95 | 107 | |
| 96 | 108 | throw new AuthenticationServiceException('More than one user found'); |
| 97 | 109 | } |
| 98 | 110 | |
| 99 | 111 | // always carry out this check, as the data is needed to log in |
| 100 | 112 | if (!isset($this->settings['ldap_login_attribute']) || !isset($search[0][$this->settings['ldap_login_attribute']][0])) { |
| 101 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: " . @$this->settings['ldap_login_attribute']); |
|
| 113 | + if ($this->logger) { |
|
| 114 | + $this->logger->info("Authentication failed for user: '$username', missing attribute used to log in to ldap: " . @$this->settings['ldap_login_attribute']); |
|
| 115 | + } |
|
| 102 | 116 | |
| 103 | 117 | throw new AuthenticationServiceException('Invalid user profile: missing ldap attribute needed for log-in'); |
| 104 | 118 | } |
@@ -106,29 +120,41 @@ discard block |
||
| 106 | 120 | try { |
| 107 | 121 | $this->validateLdapResults($search[0]); |
| 108 | 122 | } catch (\Exception $e) { |
| 109 | - if ($this->logger) $this->logger->warning("Invalid user profile for user: '$username': ".$e->getMessage()); |
|
| 123 | + if ($this->logger) { |
|
| 124 | + $this->logger->warning("Invalid user profile for user: '$username': ".$e->getMessage()); |
|
| 125 | + } |
|
| 110 | 126 | |
| 111 | 127 | throw new AuthenticationServiceException('Invalid user profile: '.$e->getMessage()); |
| 112 | 128 | } |
| 113 | 129 | |
| 114 | - if ($this->logger) $this->logger->info("Remote user found, attempting authentication for user: '$username'"); |
|
| 130 | + if ($this->logger) { |
|
| 131 | + $this->logger->info("Remote user found, attempting authentication for user: '$username'"); |
|
| 132 | + } |
|
| 115 | 133 | |
| 116 | 134 | try { |
| 117 | 135 | $ldap->bind($search[0][$this->settings['ldap_login_attribute']][0], $password); |
| 118 | 136 | } catch (ConnectionException $e) { |
| 119 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', bind failed: ".$e->getMessage()); |
|
| 137 | + if ($this->logger) { |
|
| 138 | + $this->logger->info("Authentication failed for user: '$username', bind failed: ".$e->getMessage()); |
|
| 139 | + } |
|
| 120 | 140 | throw new BadCredentialsException('The presented password is invalid.'); |
| 121 | 141 | } catch (\Exception $e) { |
| 122 | - if ($this->logger) $this->logger->info("Authentication failed for user: '$username', unexpected ldap error: ".$e->getMessage()); |
|
| 142 | + if ($this->logger) { |
|
| 143 | + $this->logger->info("Authentication failed for user: '$username', unexpected ldap error: ".$e->getMessage()); |
|
| 144 | + } |
|
| 123 | 145 | throw new AuthenticationServiceException('Unexpected exception: '.$e->getMessage()); |
| 124 | 146 | } |
| 125 | 147 | |
| 126 | - if ($this->logger) $this->logger->info("Authentication succeeded for user: '$username'"); |
|
| 148 | + if ($this->logger) { |
|
| 149 | + $this->logger->info("Authentication succeeded for user: '$username'"); |
|
| 150 | + } |
|
| 127 | 151 | |
| 128 | 152 | // allow ldap to give us back the actual login field to be used in eZ. It might be different because of dashes, spaces, case... |
| 129 | 153 | if (isset($this->settings['login_attribute']) && isset($search[0][$this->settings['login_attribute']][0])) { |
| 130 | 154 | if ($username != $search[0][$this->settings['login_attribute']][0]) { |
| 131 | - if ($this->logger) $this->logger->info("Renamed user '$username' to '{$search[0][$this->settings['login_attribute']][0]}'"); |
|
| 155 | + if ($this->logger) { |
|
| 156 | + $this->logger->info("Renamed user '$username' to '{$search[0][$this->settings['login_attribute']][0]}'"); |
|
| 157 | + } |
|
| 132 | 158 | |
| 133 | 159 | $username = $search[0][$this->settings['login_attribute']][0]; |
| 134 | 160 | } |
@@ -9,13 +9,13 @@ |
||
| 9 | 9 | protected $securityToken = null; |
| 10 | 10 | |
| 11 | 11 | protected function isAuthenticated() { |
| 12 | - if( $this->securityToken == null ) { |
|
| 13 | - $securityToken = $this->container->get( 'security.token_storage' )->getToken(); |
|
| 14 | - if( $securityToken instanceof TokenInterface ) { |
|
| 12 | + if ($this->securityToken == null) { |
|
| 13 | + $securityToken = $this->container->get('security.token_storage')->getToken(); |
|
| 14 | + if ($securityToken instanceof TokenInterface) { |
|
| 15 | 15 | $this->securityToken = $securityToken; |
| 16 | 16 | } |
| 17 | 17 | } |
| 18 | 18 | |
| 19 | - return $this->securityToken->isAuthenticated() === true && count( $this->securityToken->getRoles() ); |
|
| 19 | + return $this->securityToken->isAuthenticated() === true && count($this->securityToken->getRoles()); |
|
| 20 | 20 | } |
| 21 | 21 | } |
@@ -156,10 +156,10 @@ |
||
| 156 | 156 | //$user = $this->userProvider->loadUserByUsername($username); |
| 157 | 157 | return $user; |
| 158 | 158 | |
| 159 | - } catch(AuthenticationException $e) { |
|
| 159 | + } catch (AuthenticationException $e) { |
|
| 160 | 160 | // let through any exception of the expected authentication type |
| 161 | 161 | throw $e; |
| 162 | - } catch(\Exception $e) { |
|
| 162 | + } catch (\Exception $e) { |
|
| 163 | 163 | // we mask any internal, unexpected error from the Client |
| 164 | 164 | /// @todo we should log a message here: the Client used an unexpected exception type... |
| 165 | 165 | /// @tood we should really be using an AuthenticationServiceException here |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
@@ -1,5 +1,1 @@ |
||
| 1 | -<?php /* |
|
| 2 | - |
|
| 3 | -[UserSettings] |
|
| 4 | -ExtensionDirectory[]=identitymanagementextension |
|
| 5 | -LoginHandler[]=RemoteUserLogin |
|
| 6 | 1 | \ No newline at end of file |
| 2 | +<?php |
|
| 7 | 3 | \ No newline at end of file |
