splitbrain /
dokuwiki
Complex classes like auth_plugin_authldap often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use auth_plugin_authldap, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 13 | class auth_plugin_authldap extends DokuWiki_Auth_Plugin { |
||
| 14 | /* @var resource $con holds the LDAP connection*/ |
||
| 15 | protected $con = null; |
||
| 16 | |||
| 17 | /* @var int $bound What type of connection does already exist? */ |
||
| 18 | protected $bound = 0; // 0: anonymous, 1: user, 2: superuser |
||
| 19 | |||
| 20 | /* @var array $users User data cache */ |
||
| 21 | protected $users = null; |
||
| 22 | |||
| 23 | /* @var array $_pattern User filter pattern */ |
||
| 24 | protected $_pattern = null; |
||
| 25 | |||
| 26 | /** |
||
| 27 | * Constructor |
||
| 28 | */ |
||
| 29 | public function __construct() { |
||
| 30 | parent::__construct(); |
||
| 31 | |||
| 32 | // ldap extension is needed |
||
| 33 | if(!function_exists('ldap_connect')) { |
||
| 34 | $this->_debug("LDAP err: PHP LDAP extension not found.", -1, __LINE__, __FILE__); |
||
| 35 | $this->success = false; |
||
| 36 | return; |
||
| 37 | } |
||
| 38 | |||
| 39 | // Add the capabilities to change the password |
||
| 40 | $this->cando['modPass'] = $this->getConf('modPass'); |
||
| 41 | } |
||
| 42 | |||
| 43 | /** |
||
| 44 | * Check user+password |
||
| 45 | * |
||
| 46 | * Checks if the given user exists and the given |
||
| 47 | * plaintext password is correct by trying to bind |
||
| 48 | * to the LDAP server |
||
| 49 | * |
||
| 50 | * @author Andreas Gohr <[email protected]> |
||
| 51 | * @param string $user |
||
| 52 | * @param string $pass |
||
| 53 | * @return bool |
||
| 54 | */ |
||
| 55 | public function checkPass($user, $pass) { |
||
| 56 | // reject empty password |
||
| 57 | if(empty($pass)) return false; |
||
| 58 | if(!$this->_openLDAP()) return false; |
||
| 59 | |||
| 60 | // indirect user bind |
||
| 61 | if($this->getConf('binddn') && $this->getConf('bindpw')) { |
||
| 62 | // use superuser credentials |
||
| 63 | if(!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) { |
||
| 64 | $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 65 | return false; |
||
| 66 | } |
||
| 67 | $this->bound = 2; |
||
| 68 | } else if($this->getConf('binddn') && |
||
| 69 | $this->getConf('usertree') && |
||
| 70 | $this->getConf('userfilter') |
||
| 71 | ) { |
||
| 72 | // special bind string |
||
| 73 | $dn = $this->_makeFilter( |
||
| 74 | $this->getConf('binddn'), |
||
| 75 | array('user'=> $user, 'server'=> $this->getConf('server')) |
||
| 76 | ); |
||
| 77 | |||
| 78 | } else if(strpos($this->getConf('usertree'), '%{user}')) { |
||
| 79 | // direct user bind |
||
| 80 | $dn = $this->_makeFilter( |
||
| 81 | $this->getConf('usertree'), |
||
| 82 | array('user'=> $user, 'server'=> $this->getConf('server')) |
||
| 83 | ); |
||
| 84 | |||
| 85 | } else { |
||
| 86 | // Anonymous bind |
||
| 87 | if(!@ldap_bind($this->con)) { |
||
| 88 | msg("LDAP: can not bind anonymously", -1); |
||
| 89 | $this->_debug('LDAP anonymous bind: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 90 | return false; |
||
| 91 | } |
||
| 92 | } |
||
| 93 | |||
| 94 | // Try to bind to with the dn if we have one. |
||
| 95 | if(!empty($dn)) { |
||
| 96 | // User/Password bind |
||
| 97 | if(!@ldap_bind($this->con, $dn, $pass)) { |
||
| 98 | $this->_debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__); |
||
| 99 | $this->_debug('LDAP user dn bind: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 100 | return false; |
||
| 101 | } |
||
| 102 | $this->bound = 1; |
||
| 103 | return true; |
||
| 104 | } else { |
||
| 105 | // See if we can find the user |
||
| 106 | $info = $this->_getUserData($user, true); |
||
| 107 | if(empty($info['dn'])) { |
||
| 108 | return false; |
||
| 109 | } else { |
||
| 110 | $dn = $info['dn']; |
||
| 111 | } |
||
| 112 | |||
| 113 | // Try to bind with the dn provided |
||
| 114 | if(!@ldap_bind($this->con, $dn, $pass)) { |
||
| 115 | $this->_debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__); |
||
| 116 | $this->_debug('LDAP user bind: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 117 | return false; |
||
| 118 | } |
||
| 119 | $this->bound = 1; |
||
| 120 | return true; |
||
| 121 | } |
||
| 122 | } |
||
| 123 | |||
| 124 | /** |
||
| 125 | * Return user info |
||
| 126 | * |
||
| 127 | * Returns info about the given user needs to contain |
||
| 128 | * at least these fields: |
||
| 129 | * |
||
| 130 | * name string full name of the user |
||
| 131 | * mail string email addres of the user |
||
| 132 | * grps array list of groups the user is in |
||
| 133 | * |
||
| 134 | * This LDAP specific function returns the following |
||
| 135 | * addional fields: |
||
| 136 | * |
||
| 137 | * dn string distinguished name (DN) |
||
| 138 | * uid string Posix User ID |
||
| 139 | * inbind bool for internal use - avoid loop in binding |
||
| 140 | * |
||
| 141 | * @author Andreas Gohr <[email protected]> |
||
| 142 | * @author Trouble |
||
| 143 | * @author Dan Allen <[email protected]> |
||
| 144 | * @author <[email protected]> |
||
| 145 | * @author Stephane Chazelas <[email protected]> |
||
| 146 | * @author Steffen Schoch <[email protected]> |
||
| 147 | * |
||
| 148 | * @param string $user |
||
| 149 | * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin |
||
| 150 | * @return array containing user data or false |
||
| 151 | */ |
||
| 152 | public function getUserData($user, $requireGroups=true) { |
||
| 155 | |||
| 156 | /** |
||
| 157 | * @param string $user |
||
| 158 | * @param bool $inbind authldap specific, true if in bind phase |
||
| 159 | * @return array containing user data or false |
||
| 160 | */ |
||
| 161 | protected function _getUserData($user, $inbind = false) { |
||
| 275 | |||
| 276 | /** |
||
| 277 | * Definition of the function modifyUser in order to modify the password |
||
| 278 | * |
||
| 279 | * @param string $user nick of the user to be changed |
||
| 280 | * @param array $changes array of field/value pairs to be changed (password will be clear text) |
||
| 281 | * @return bool true on success, false on error |
||
| 282 | */ |
||
| 283 | |||
| 284 | function modifyUser($user,$changes){ |
||
| 335 | |||
| 336 | /** |
||
| 337 | * Most values in LDAP are case-insensitive |
||
| 338 | * |
||
| 339 | * @return bool |
||
| 340 | */ |
||
| 341 | public function isCaseSensitive() { |
||
| 344 | |||
| 345 | /** |
||
| 346 | * Bulk retrieval of user data |
||
| 347 | * |
||
| 348 | * @author Dominik Eckelmann <[email protected]> |
||
| 349 | * @param int $start index of first user to be returned |
||
| 350 | * @param int $limit max number of users to be returned |
||
| 351 | * @param array $filter array of field/pattern pairs, null for no filter |
||
| 352 | * @return array of userinfo (refer getUserData for internal userinfo details) |
||
| 353 | */ |
||
| 354 | function retrieveUsers($start = 0, $limit = 0, $filter = array()) { |
||
| 395 | |||
| 396 | /** |
||
| 397 | * Make LDAP filter strings. |
||
| 398 | * |
||
| 399 | * Used by auth_getUserData to make the filter |
||
| 400 | * strings for grouptree and groupfilter |
||
| 401 | * |
||
| 402 | * @author Troels Liebe Bentsen <[email protected]> |
||
| 403 | * @param string $filter ldap search filter with placeholders |
||
| 404 | * @param array $placeholders placeholders to fill in |
||
| 405 | * @return string |
||
| 406 | */ |
||
| 407 | protected function _makeFilter($filter, $placeholders) { |
||
| 422 | |||
| 423 | /** |
||
| 424 | * return true if $user + $info match $filter criteria, false otherwise |
||
| 425 | * |
||
| 426 | * @author Chris Smith <[email protected]> |
||
| 427 | * |
||
| 428 | * @param string $user the user's login name |
||
| 429 | * @param array $info the user's userinfo array |
||
| 430 | * @return bool |
||
| 431 | */ |
||
| 432 | protected function _filter($user, $info) { |
||
| 444 | |||
| 445 | /** |
||
| 446 | * Set the filter pattern |
||
| 447 | * |
||
| 448 | * @author Chris Smith <[email protected]> |
||
| 449 | * |
||
| 450 | * @param $filter |
||
| 451 | * @return void |
||
| 452 | */ |
||
| 453 | protected function _constructPattern($filter) { |
||
| 459 | |||
| 460 | /** |
||
| 461 | * Escape a string to be used in a LDAP filter |
||
| 462 | * |
||
| 463 | * Ported from Perl's Net::LDAP::Util escape_filter_value |
||
| 464 | * |
||
| 465 | * @author Andreas Gohr |
||
| 466 | * @param string $string |
||
| 467 | * @return string |
||
| 468 | */ |
||
| 469 | protected function _filterEscape($string) { |
||
| 479 | |||
| 480 | /** |
||
| 481 | * Opens a connection to the configured LDAP server and sets the wanted |
||
| 482 | * option on the connection |
||
| 483 | * |
||
| 484 | * @author Andreas Gohr <[email protected]> |
||
| 485 | */ |
||
| 486 | protected function _openLDAP() { |
||
| 576 | |||
| 577 | /** |
||
| 578 | * Wraps around ldap_search, ldap_list or ldap_read depending on $scope |
||
| 579 | * |
||
| 580 | * @author Andreas Gohr <[email protected]> |
||
| 581 | * @param resource $link_identifier |
||
| 582 | * @param string $base_dn |
||
| 583 | * @param string $filter |
||
| 584 | * @param string $scope can be 'base', 'one' or 'sub' |
||
| 585 | * @param null|array $attributes |
||
| 586 | * @param int $attrsonly |
||
| 587 | * @param int $sizelimit |
||
| 588 | * @return resource |
||
| 589 | */ |
||
| 590 | protected function _ldapsearch($link_identifier, $base_dn, $filter, $scope = 'sub', $attributes = null, |
||
| 611 | |||
| 612 | /** |
||
| 613 | * Wrapper around msg() but outputs only when debug is enabled |
||
| 614 | * |
||
| 615 | * @param string $message |
||
| 616 | * @param int $err |
||
| 617 | * @param int $line |
||
| 618 | * @param string $file |
||
| 619 | * @return void |
||
| 620 | */ |
||
| 621 | protected function _debug($message, $err, $line, $file) { |
||
| 625 | |||
| 626 | } |
||
| 627 |
Loading history...
