splitbrain /
dokuwiki
Complex classes like auth_plugin_authldap often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use auth_plugin_authldap, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 12 | class auth_plugin_authldap extends DokuWiki_Auth_Plugin |
||
| 13 | { |
||
| 14 | /* @var resource $con holds the LDAP connection */ |
||
| 15 | protected $con = null; |
||
| 16 | |||
| 17 | /* @var int $bound What type of connection does already exist? */ |
||
| 18 | protected $bound = 0; // 0: anonymous, 1: user, 2: superuser |
||
| 19 | |||
| 20 | /* @var array $users User data cache */ |
||
| 21 | protected $users = null; |
||
| 22 | |||
| 23 | /* @var array $pattern User filter pattern */ |
||
| 24 | protected $pattern = null; |
||
| 25 | |||
| 26 | /** |
||
| 27 | * Constructor |
||
| 28 | */ |
||
| 29 | public function __construct() |
||
| 30 | { |
||
| 31 | parent::__construct(); |
||
| 32 | |||
| 33 | // ldap extension is needed |
||
| 34 | if (!function_exists('ldap_connect')) { |
||
| 35 | $this->debug("LDAP err: PHP LDAP extension not found.", -1, __LINE__, __FILE__); |
||
| 36 | $this->success = false; |
||
| 37 | return; |
||
| 38 | } |
||
| 39 | |||
| 40 | // Add the capabilities to change the password |
||
| 41 | $this->cando['modPass'] = $this->getConf('modPass'); |
||
| 42 | } |
||
| 43 | |||
| 44 | /** |
||
| 45 | * Check user+password |
||
| 46 | * |
||
| 47 | * Checks if the given user exists and the given |
||
| 48 | * plaintext password is correct by trying to bind |
||
| 49 | * to the LDAP server |
||
| 50 | * |
||
| 51 | * @param string $user |
||
| 52 | * @param string $pass |
||
| 53 | * @return bool |
||
| 54 | * @author Andreas Gohr <[email protected]> |
||
| 55 | */ |
||
| 56 | public function checkPass($user, $pass) |
||
| 57 | { |
||
| 58 | // reject empty password |
||
| 59 | if (empty($pass)) return false; |
||
| 60 | if (!$this->openLDAP()) return false; |
||
| 61 | |||
| 62 | // indirect user bind |
||
| 63 | if ($this->getConf('binddn') && $this->getConf('bindpw')) { |
||
| 64 | // use superuser credentials |
||
| 65 | if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) { |
||
| 66 | $this->debug('LDAP bind as superuser: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 67 | return false; |
||
| 68 | } |
||
| 69 | $this->bound = 2; |
||
| 70 | } elseif ($this->getConf('binddn') && |
||
| 71 | $this->getConf('usertree') && |
||
| 72 | $this->getConf('userfilter') |
||
| 73 | ) { |
||
| 74 | // special bind string |
||
| 75 | $dn = $this->makeFilter( |
||
| 76 | $this->getConf('binddn'), |
||
| 77 | array('user' => $user, 'server' => $this->getConf('server')) |
||
| 78 | ); |
||
| 79 | } elseif (strpos($this->getConf('usertree'), '%{user}')) { |
||
| 80 | // direct user bind |
||
| 81 | $dn = $this->makeFilter( |
||
| 82 | $this->getConf('usertree'), |
||
| 83 | array('user' => $user, 'server' => $this->getConf('server')) |
||
| 84 | ); |
||
| 85 | } else { |
||
| 86 | // Anonymous bind |
||
| 87 | if (!@ldap_bind($this->con)) { |
||
| 88 | msg("LDAP: can not bind anonymously", -1); |
||
| 89 | $this->debug('LDAP anonymous bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 90 | return false; |
||
| 91 | } |
||
| 92 | } |
||
| 93 | |||
| 94 | // Try to bind to with the dn if we have one. |
||
| 95 | if (!empty($dn)) { |
||
| 96 | // User/Password bind |
||
| 97 | if (!@ldap_bind($this->con, $dn, $pass)) { |
||
| 98 | $this->debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__); |
||
| 99 | $this->debug('LDAP user dn bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 100 | return false; |
||
| 101 | } |
||
| 102 | $this->bound = 1; |
||
| 103 | return true; |
||
| 104 | } else { |
||
| 105 | // See if we can find the user |
||
| 106 | $info = $this->fetchUserData($user, true); |
||
| 107 | if (empty($info['dn'])) { |
||
| 108 | return false; |
||
| 109 | } else { |
||
| 110 | $dn = $info['dn']; |
||
| 111 | } |
||
| 112 | |||
| 113 | // Try to bind with the dn provided |
||
| 114 | if (!@ldap_bind($this->con, $dn, $pass)) { |
||
| 115 | $this->debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__); |
||
| 116 | $this->debug('LDAP user bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 117 | return false; |
||
| 118 | } |
||
| 119 | $this->bound = 1; |
||
| 120 | return true; |
||
| 121 | } |
||
| 122 | } |
||
| 123 | |||
| 124 | /** |
||
| 125 | * Return user info |
||
| 126 | * |
||
| 127 | * Returns info about the given user needs to contain |
||
| 128 | * at least these fields: |
||
| 129 | * |
||
| 130 | * name string full name of the user |
||
| 131 | * mail string email addres of the user |
||
| 132 | * grps array list of groups the user is in |
||
| 133 | * |
||
| 134 | * This LDAP specific function returns the following |
||
| 135 | * addional fields: |
||
| 136 | * |
||
| 137 | * dn string distinguished name (DN) |
||
| 138 | * uid string Posix User ID |
||
| 139 | * inbind bool for internal use - avoid loop in binding |
||
| 140 | * |
||
| 141 | * @param string $user |
||
| 142 | * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin |
||
| 143 | * @return array containing user data or false |
||
| 144 | * @author <[email protected]> |
||
| 145 | * @author Stephane Chazelas <[email protected]> |
||
| 146 | * @author Steffen Schoch <[email protected]> |
||
| 147 | * |
||
| 148 | * @author Andreas Gohr <[email protected]> |
||
| 149 | * @author Trouble |
||
| 150 | * @author Dan Allen <[email protected]> |
||
| 151 | */ |
||
| 152 | public function getUserData($user, $requireGroups = true) |
||
| 153 | { |
||
| 154 | return $this->fetchUserData($user); |
||
| 155 | } |
||
| 156 | |||
| 157 | /** |
||
| 158 | * @param string $user |
||
| 159 | * @param bool $inbind authldap specific, true if in bind phase |
||
| 160 | * @return array containing user data or false |
||
| 161 | */ |
||
| 162 | protected function fetchUserData($user, $inbind = false) |
||
| 310 | |||
| 311 | /** |
||
| 312 | * Definition of the function modifyUser in order to modify the password |
||
| 313 | * |
||
| 314 | * @param string $user nick of the user to be changed |
||
| 315 | * @param array $changes array of field/value pairs to be changed (password will be clear text) |
||
| 316 | * @return bool true on success, false on error |
||
| 317 | */ |
||
| 318 | public function modifyUser($user, $changes) |
||
| 379 | |||
| 380 | /** |
||
| 381 | * Most values in LDAP are case-insensitive |
||
| 382 | * |
||
| 383 | * @return bool |
||
| 384 | */ |
||
| 385 | public function isCaseSensitive() |
||
| 389 | |||
| 390 | /** |
||
| 391 | * Bulk retrieval of user data |
||
| 392 | * |
||
| 393 | * @param int $start index of first user to be returned |
||
| 394 | * @param int $limit max number of users to be returned |
||
| 395 | * @param array $filter array of field/pattern pairs, null for no filter |
||
| 396 | * @return array of userinfo (refer getUserData for internal userinfo details) |
||
| 397 | * @author Dominik Eckelmann <[email protected]> |
||
| 398 | */ |
||
| 399 | public function retrieveUsers($start = 0, $limit = 0, $filter = array()) |
||
| 441 | |||
| 442 | /** |
||
| 443 | * Make LDAP filter strings. |
||
| 444 | * |
||
| 445 | * Used by auth_getUserData to make the filter |
||
| 446 | * strings for grouptree and groupfilter |
||
| 447 | * |
||
| 448 | * @param string $filter ldap search filter with placeholders |
||
| 449 | * @param array $placeholders placeholders to fill in |
||
| 450 | * @return string |
||
| 451 | * @author Troels Liebe Bentsen <[email protected]> |
||
| 452 | */ |
||
| 453 | protected function makeFilter($filter, $placeholders) |
||
| 469 | |||
| 470 | /** |
||
| 471 | * return true if $user + $info match $filter criteria, false otherwise |
||
| 472 | * |
||
| 473 | * @param string $user the user's login name |
||
| 474 | * @param array $info the user's userinfo array |
||
| 475 | * @return bool |
||
| 476 | * @author Chris Smith <[email protected]> |
||
| 477 | * |
||
| 478 | */ |
||
| 479 | protected function filter($user, $info) |
||
| 492 | |||
| 493 | /** |
||
| 494 | * Set the filter pattern |
||
| 495 | * |
||
| 496 | * @param $filter |
||
| 497 | * @return void |
||
| 498 | * @author Chris Smith <[email protected]> |
||
| 499 | * |
||
| 500 | */ |
||
| 501 | protected function constructPattern($filter) |
||
| 508 | |||
| 509 | /** |
||
| 510 | * Escape a string to be used in a LDAP filter |
||
| 511 | * |
||
| 512 | * Ported from Perl's Net::LDAP::Util escape_filter_value |
||
| 513 | * |
||
| 514 | * @param string $string |
||
| 515 | * @return string |
||
| 516 | * @author Andreas Gohr |
||
| 517 | */ |
||
| 518 | protected function filterEscape($string) |
||
| 529 | |||
| 530 | /** |
||
| 531 | * Opens a connection to the configured LDAP server and sets the wanted |
||
| 532 | * option on the connection |
||
| 533 | * |
||
| 534 | * @author Andreas Gohr <[email protected]> |
||
| 535 | */ |
||
| 536 | protected function openLDAP() |
||
| 629 | |||
| 630 | /** |
||
| 631 | * Wraps around ldap_search, ldap_list or ldap_read depending on $scope |
||
| 632 | * |
||
| 633 | * @param resource $link_identifier |
||
| 634 | * @param string $base_dn |
||
| 635 | * @param string $filter |
||
| 636 | * @param string $scope can be 'base', 'one' or 'sub' |
||
| 637 | * @param null|array $attributes |
||
| 638 | * @param int $attrsonly |
||
| 639 | * @param int $sizelimit |
||
| 640 | * @return resource |
||
| 641 | * @author Andreas Gohr <[email protected]> |
||
| 642 | */ |
||
| 643 | protected function ldapSearch( |
||
| 684 | |||
| 685 | /** |
||
| 686 | * Wrapper around msg() but outputs only when debug is enabled |
||
| 687 | * |
||
| 688 | * @param string $message |
||
| 689 | * @param int $err |
||
| 690 | * @param int $line |
||
| 691 | * @param string $file |
||
| 692 | * @return void |
||
| 693 | */ |
||
| 694 | protected function debug($message, $err, $line, $file) |
||
| 699 | } |
||
| 700 |
Loading history...
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.