| <?php |
|
|
| namespace Kanboard\Core\Ldap; |
|
|
| use LogicException; |
| use Kanboard\Core\Security\Role; |
| use Kanboard\User\LdapUserProvider; |
|
|
| |
| |
| |
| |
| |
| |
| class User |
| { |
| |
| |
| |
| |
| |
| |
| protected $query; |
|
|
| |
| |
| |
| |
| |
| |
| protected $group; |
|
|
| |
| |
| |
| |
| |
| |
| |
| public function __construct(Query $query, Group $group = null) |
| { |
| $this->query = $query; |
| $this->group = $group; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| public static function getUser(Client $client, $username) |
| { |
| $self = new static(new Query($client), new Group(new Query($client))); |
| return $self->find($self->getLdapUserPattern($username)); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| public function find($query) |
| { |
| $this->query->execute($this->getBaseDn(), $query, $this->getAttributes()); |
| $user = null; |
|
|
| if ($this->query->hasResult()) { |
| $user = $this->build(); |
| } |
|
|
| return $user; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| protected function getGroups(Entry $entry) |
| { |
| $userattr = ''; |
| if ('username' == $this->getGroupUserAttribute()) { |
| $userattr = $entry->getFirstValue($this->getAttributeUsername()); |
| } else if ('dn' == $this->getGroupUserAttribute()) { |
| $userattr = $entry->getDn(); |
| } |
| $groupIds = array(); |
|
|
| if (! empty($userattr) && $this->group !== null && $this->hasGroupUserFilter()) { |
| $groups = $this->group->find(sprintf($this->getGroupUserFilter(), $userattr)); |
|
|
| foreach ($groups as $group) { |
| $groupIds[] = $group->getExternalId(); |
| } |
| } else { |
| $groupIds = $entry->getAll($this->getAttributeGroup()); |
| } |
|
|
| return $groupIds; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| protected function getRole(array $groupIds) |
| { |
| if (! $this->hasGroupsConfigured()) { |
| return null; |
| } |
| |
| if (LDAP_USER_DEFAULT_ROLE_MANAGER) { |
| $role = Role::APP_MANAGER; |
| } else { |
| $role = Role::APP_USER; |
| } |
|
|
| foreach ($groupIds as $groupId) { |
| $groupId = strtolower($groupId); |
|
|
| if ($groupId === strtolower($this->getGroupAdminDn())) { |
| $role = Role::APP_ADMIN; |
| break; |
| } |
|
|
| if ($groupId === strtolower($this->getGroupManagerDn())) { |
| $role = Role::APP_MANAGER; |
| } |
| } |
|
|
| return $role; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| protected function build() |
| { |
| $entry = $this->query->getEntries()->getFirstEntry(); |
| $groupIds = $this->getGroups($entry); |
|
|
| return new LdapUserProvider( |
| $entry->getDn(), |
| $entry->getFirstValue($this->getAttributeUsername()), |
| $entry->getFirstValue($this->getAttributeName()), |
| $entry->getFirstValue($this->getAttributeEmail()), |
| $this->getRole($groupIds), |
| $groupIds, |
| $entry->getFirstValue($this->getAttributePhoto()), |
| $entry->getFirstValue($this->getAttributeLanguage()) |
| ); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| public function getAttributes() |
| { |
| return array_values(array_filter(array( |
| $this->getAttributeUsername(), |
| $this->getAttributeName(), |
| $this->getAttributeEmail(), |
| $this->getAttributeGroup(), |
| $this->getAttributePhoto(), |
| $this->getAttributeLanguage(), |
| ))); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributeUsername() |
| { |
| if (! LDAP_USER_ATTRIBUTE_USERNAME) { |
| throw new LogicException('LDAP username attribute empty, check the parameter LDAP_USER_ATTRIBUTE_USERNAME'); |
| } |
|
|
| return strtolower(LDAP_USER_ATTRIBUTE_USERNAME); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributeName() |
| { |
| if (! LDAP_USER_ATTRIBUTE_FULLNAME) { |
| throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_USER_ATTRIBUTE_FULLNAME'); |
| } |
|
|
| return strtolower(LDAP_USER_ATTRIBUTE_FULLNAME); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributeEmail() |
| { |
| if (! LDAP_USER_ATTRIBUTE_EMAIL) { |
| throw new LogicException('LDAP email attribute empty, check the parameter LDAP_USER_ATTRIBUTE_EMAIL'); |
| } |
|
|
| return strtolower(LDAP_USER_ATTRIBUTE_EMAIL); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributeGroup() |
| { |
| return strtolower(LDAP_USER_ATTRIBUTE_GROUPS); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributePhoto() |
| { |
| return strtolower(LDAP_USER_ATTRIBUTE_PHOTO); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getAttributeLanguage() |
| { |
| return strtolower(LDAP_USER_ATTRIBUTE_LANGUAGE); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getGroupUserFilter() |
| { |
| return LDAP_GROUP_USER_FILTER; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getGroupUserAttribute() |
| { |
| return LDAP_GROUP_USER_ATTRIBUTE; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function hasGroupUserFilter() |
| { |
| return $this->getGroupUserFilter() !== '' && $this->getGroupUserFilter() !== null; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function hasGroupsConfigured() |
| { |
| return $this->getGroupAdminDn() || $this->getGroupManagerDn(); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getGroupAdminDn(): string |
| { |
| return strtolower(LDAP_GROUP_ADMIN_DN); |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getGroupManagerDn(): string |
| { |
| return LDAP_GROUP_MANAGER_DN; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| public function getBaseDn() |
| { |
| return LDAP_USER_BASE_DN; |
| } |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| public function getLdapUserPattern($username, $filter = LDAP_USER_FILTER) |
| { |
| if (! $filter) { |
| throw new LogicException('LDAP user filter empty, check the parameter LDAP_USER_FILTER'); |
| } |
|
|
| return str_replace('%s', $username, $filter); |
| } |
| } |
|
|
