splitbrain /
dokuwiki
Complex classes like auth_plugin_authldap often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use auth_plugin_authldap, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 13 | class auth_plugin_authldap extends DokuWiki_Auth_Plugin { |
||
| 14 | /* @var resource $con holds the LDAP connection*/ |
||
| 15 | protected $con = null; |
||
| 16 | |||
| 17 | /* @var int $bound What type of connection does already exist? */ |
||
| 18 | protected $bound = 0; // 0: anonymous, 1: user, 2: superuser |
||
| 19 | |||
| 20 | /* @var array $users User data cache */ |
||
| 21 | protected $users = null; |
||
| 22 | |||
| 23 | /* @var array $_pattern User filter pattern */ |
||
| 24 | protected $_pattern = null; |
||
| 25 | |||
| 26 | /** |
||
| 27 | * Constructor |
||
| 28 | */ |
||
| 29 | public function __construct() { |
||
| 42 | |||
| 43 | /** |
||
| 44 | * Check user+password |
||
| 45 | * |
||
| 46 | * Checks if the given user exists and the given |
||
| 47 | * plaintext password is correct by trying to bind |
||
| 48 | * to the LDAP server |
||
| 49 | * |
||
| 50 | * @author Andreas Gohr <[email protected]> |
||
| 51 | * @param string $user |
||
| 52 | * @param string $pass |
||
| 53 | * @return bool |
||
| 54 | */ |
||
| 55 | public function checkPass($user, $pass) { |
||
| 123 | |||
| 124 | /** |
||
| 125 | * Return user info |
||
| 126 | * |
||
| 127 | * Returns info about the given user needs to contain |
||
| 128 | * at least these fields: |
||
| 129 | * |
||
| 130 | * name string full name of the user |
||
| 131 | * mail string email addres of the user |
||
| 132 | * grps array list of groups the user is in |
||
| 133 | * |
||
| 134 | * This LDAP specific function returns the following |
||
| 135 | * addional fields: |
||
| 136 | * |
||
| 137 | * dn string distinguished name (DN) |
||
| 138 | * uid string Posix User ID |
||
| 139 | * inbind bool for internal use - avoid loop in binding |
||
| 140 | * |
||
| 141 | * @author Andreas Gohr <[email protected]> |
||
| 142 | * @author Trouble |
||
| 143 | * @author Dan Allen <[email protected]> |
||
| 144 | * @author <[email protected]> |
||
| 145 | * @author Stephane Chazelas <[email protected]> |
||
| 146 | * @author Steffen Schoch <[email protected]> |
||
| 147 | * |
||
| 148 | * @param string $user |
||
| 149 | * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin |
||
| 150 | * @return array containing user data or false |
||
| 151 | */ |
||
| 152 | public function getUserData($user, $requireGroups=true) { |
||
| 155 | |||
| 156 | /** |
||
| 157 | * @param string $user |
||
| 158 | * @param bool $inbind authldap specific, true if in bind phase |
||
| 159 | * @return array containing user data or false |
||
| 160 | */ |
||
| 161 | protected function _getUserData($user, $inbind = false) { |
||
| 275 | |||
| 276 | /** |
||
| 277 | * Definition of the function modifyUser in order to modify the password |
||
| 278 | */ |
||
| 279 | |||
| 280 | function modifyUser($user,$changes){ |
||
| 331 | |||
| 332 | /** |
||
| 333 | * Most values in LDAP are case-insensitive |
||
| 334 | * |
||
| 335 | * @return bool |
||
| 336 | */ |
||
| 337 | public function isCaseSensitive() { |
||
| 340 | |||
| 341 | /** |
||
| 342 | * Bulk retrieval of user data |
||
| 343 | * |
||
| 344 | * @author Dominik Eckelmann <[email protected]> |
||
| 345 | * @param int $start index of first user to be returned |
||
| 346 | * @param int $limit max number of users to be returned |
||
| 347 | * @param array $filter array of field/pattern pairs, null for no filter |
||
| 348 | * @return array of userinfo (refer getUserData for internal userinfo details) |
||
| 349 | */ |
||
| 350 | function retrieveUsers($start = 0, $limit = 0, $filter = array()) { |
||
| 391 | |||
| 392 | /** |
||
| 393 | * Make LDAP filter strings. |
||
| 394 | * |
||
| 395 | * Used by auth_getUserData to make the filter |
||
| 396 | * strings for grouptree and groupfilter |
||
| 397 | * |
||
| 398 | * @author Troels Liebe Bentsen <[email protected]> |
||
| 399 | * @param string $filter ldap search filter with placeholders |
||
| 400 | * @param array $placeholders placeholders to fill in |
||
| 401 | * @return string |
||
| 402 | */ |
||
| 403 | protected function _makeFilter($filter, $placeholders) { |
||
| 418 | |||
| 419 | /** |
||
| 420 | * return true if $user + $info match $filter criteria, false otherwise |
||
| 421 | * |
||
| 422 | * @author Chris Smith <[email protected]> |
||
| 423 | * |
||
| 424 | * @param string $user the user's login name |
||
| 425 | * @param array $info the user's userinfo array |
||
| 426 | * @return bool |
||
| 427 | */ |
||
| 428 | protected function _filter($user, $info) { |
||
| 440 | |||
| 441 | /** |
||
| 442 | * Set the filter pattern |
||
| 443 | * |
||
| 444 | * @author Chris Smith <[email protected]> |
||
| 445 | * |
||
| 446 | * @param $filter |
||
| 447 | * @return void |
||
| 448 | */ |
||
| 449 | protected function _constructPattern($filter) { |
||
| 455 | |||
| 456 | /** |
||
| 457 | * Escape a string to be used in a LDAP filter |
||
| 458 | * |
||
| 459 | * Ported from Perl's Net::LDAP::Util escape_filter_value |
||
| 460 | * |
||
| 461 | * @author Andreas Gohr |
||
| 462 | * @param string $string |
||
| 463 | * @return string |
||
| 464 | */ |
||
| 465 | protected function _filterEscape($string) { |
||
| 466 | // see https://github.com/adldap/adLDAP/issues/22 |
||
| 467 | return preg_replace_callback( |
||
| 468 | '/([\x00-\x1F\*\(\)\\\\])/', |
||
| 469 | function ($matches) { |
||
| 470 | return "\\".join("", unpack("H2", $matches[1])); |
||
| 471 | }, |
||
| 472 | $string |
||
| 473 | ); |
||
| 474 | } |
||
| 475 | |||
| 476 | /** |
||
| 477 | * Opens a connection to the configured LDAP server and sets the wanted |
||
| 478 | * option on the connection |
||
| 479 | * |
||
| 480 | * @author Andreas Gohr <[email protected]> |
||
| 481 | */ |
||
| 482 | protected function _openLDAP() { |
||
| 483 | if($this->con) return true; // connection already established |
||
| 484 | |||
| 485 | if($this->getConf('debug')) { |
||
| 486 | ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); |
||
| 487 | } |
||
| 488 | |||
| 489 | $this->bound = 0; |
||
| 490 | |||
| 491 | $port = $this->getConf('port'); |
||
| 492 | $bound = false; |
||
| 493 | $servers = explode(',', $this->getConf('server')); |
||
| 494 | foreach($servers as $server) { |
||
| 495 | $server = trim($server); |
||
| 496 | $this->con = @ldap_connect($server, $port); |
||
| 497 | if(!$this->con) { |
||
| 498 | continue; |
||
| 499 | } |
||
| 500 | |||
| 501 | /* |
||
| 502 | * When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does |
||
| 503 | * not actually connect but just initializes the connecting parameters. The actual |
||
| 504 | * connect happens with the next calls to ldap_* funcs, usually with ldap_bind(). |
||
| 505 | * |
||
| 506 | * So we should try to bind to server in order to check its availability. |
||
| 507 | */ |
||
| 508 | |||
| 509 | //set protocol version and dependend options |
||
| 510 | if($this->getConf('version')) { |
||
| 511 | if(!@ldap_set_option( |
||
| 512 | $this->con, LDAP_OPT_PROTOCOL_VERSION, |
||
| 513 | $this->getConf('version') |
||
| 514 | ) |
||
| 515 | ) { |
||
| 516 | msg('Setting LDAP Protocol version '.$this->getConf('version').' failed', -1); |
||
| 517 | $this->_debug('LDAP version set: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 518 | } else { |
||
| 519 | //use TLS (needs version 3) |
||
| 520 | if($this->getConf('starttls')) { |
||
| 521 | if(!@ldap_start_tls($this->con)) { |
||
| 522 | msg('Starting TLS failed', -1); |
||
| 523 | $this->_debug('LDAP TLS set: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 524 | } |
||
| 525 | } |
||
| 526 | // needs version 3 |
||
| 527 | if($this->getConf('referrals') > -1) { |
||
| 528 | if(!@ldap_set_option( |
||
| 529 | $this->con, LDAP_OPT_REFERRALS, |
||
| 530 | $this->getConf('referrals') |
||
| 531 | ) |
||
| 532 | ) { |
||
| 533 | msg('Setting LDAP referrals failed', -1); |
||
| 534 | $this->_debug('LDAP referal set: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 535 | } |
||
| 536 | } |
||
| 537 | } |
||
| 538 | } |
||
| 539 | |||
| 540 | //set deref mode |
||
| 541 | if($this->getConf('deref')) { |
||
| 542 | if(!@ldap_set_option($this->con, LDAP_OPT_DEREF, $this->getConf('deref'))) { |
||
| 543 | msg('Setting LDAP Deref mode '.$this->getConf('deref').' failed', -1); |
||
| 544 | $this->_debug('LDAP deref set: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); |
||
| 545 | } |
||
| 546 | } |
||
| 547 | /* As of PHP 5.3.0 we can set timeout to speedup skipping of invalid servers */ |
||
| 548 | if(defined('LDAP_OPT_NETWORK_TIMEOUT')) { |
||
| 549 | ldap_set_option($this->con, LDAP_OPT_NETWORK_TIMEOUT, 1); |
||
| 550 | } |
||
| 551 | |||
| 552 | if($this->getConf('binddn') && $this->getConf('bindpw')) { |
||
| 553 | $bound = @ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw'))); |
||
| 554 | $this->bound = 2; |
||
| 555 | } else { |
||
| 556 | $bound = @ldap_bind($this->con); |
||
| 557 | } |
||
| 558 | if($bound) { |
||
| 559 | break; |
||
| 560 | } |
||
| 561 | } |
||
| 562 | |||
| 563 | if(!$bound) { |
||
| 564 | msg("LDAP: couldn't connect to LDAP server", -1); |
||
| 565 | $this->_debug(ldap_error($this->con), 0, __LINE__, __FILE__); |
||
| 566 | return false; |
||
| 567 | } |
||
| 568 | |||
| 569 | $this->cando['getUsers'] = true; |
||
| 570 | return true; |
||
| 571 | } |
||
| 572 | |||
| 573 | /** |
||
| 574 | * Wraps around ldap_search, ldap_list or ldap_read depending on $scope |
||
| 575 | * |
||
| 576 | * @author Andreas Gohr <[email protected]> |
||
| 577 | * @param resource $link_identifier |
||
| 578 | * @param string $base_dn |
||
| 579 | * @param string $filter |
||
| 580 | * @param string $scope can be 'base', 'one' or 'sub' |
||
| 581 | * @param null|array $attributes |
||
| 582 | * @param int $attrsonly |
||
| 583 | * @param int $sizelimit |
||
| 584 | * @return resource |
||
| 585 | */ |
||
| 586 | protected function _ldapsearch($link_identifier, $base_dn, $filter, $scope = 'sub', $attributes = null, |
||
| 607 | |||
| 608 | /** |
||
| 609 | * Wrapper around msg() but outputs only when debug is enabled |
||
| 610 | * |
||
| 611 | * @param string $message |
||
| 612 | * @param int $err |
||
| 613 | * @param int $line |
||
| 614 | * @param string $file |
||
| 615 | * @return void |
||
| 616 | */ |
||
| 617 | protected function _debug($message, $err, $line, $file) { |
||
| 621 | |||
| 622 | } |
||
| 623 |
Loading history...
