2017-03-18 19:15:20 +01:00
< ? php
2022-07-07 20:01:15 +02:00
2017-03-18 19:15:20 +01:00
/**
2021-10-11 16:10:47 +02:00
* Auth adaptor for FreeIPA .
2017-03-18 19:15:20 +01:00
*/
2021-10-11 16:10:47 +02:00
class LibreTime_Auth_Adaptor_FreeIpa implements Zend_Auth_Adapter_Interface
{
2017-03-18 19:15:20 +01:00
/**
* @ var string
*/
private $username ;
2022-01-14 18:52:42 +01:00
2017-03-18 19:15:20 +01:00
/**
* @ var string
*/
private $password ;
2022-01-14 18:52:42 +01:00
2017-03-18 19:15:20 +01:00
/**
* @ var Application_Model_User
*/
private $user ;
/**
2021-10-11 16:10:47 +02:00
* username from form .
*
* @ param mixed $username
2017-03-18 19:15:20 +01:00
*
* @ return self
*/
2021-10-11 16:10:47 +02:00
public function setIdentity ( $username )
{
2017-03-18 19:15:20 +01:00
$this -> username = $username ;
2021-10-11 16:10:47 +02:00
2017-03-18 19:15:20 +01:00
return $this ;
}
/**
2021-10-11 16:10:47 +02:00
* password from form .
2017-03-18 19:15:20 +01:00
*
* This is ignored by FreeIPA but needs to get passed for completeness
*
2021-10-11 16:10:47 +02:00
* @ param mixed $password
*
2017-03-18 19:15:20 +01:00
* @ return self
*/
2021-10-11 16:10:47 +02:00
public function setCredential ( $password )
{
2017-03-18 19:15:20 +01:00
$this -> password = $password ;
2021-10-11 16:10:47 +02:00
2017-03-18 19:15:20 +01:00
return $this ;
}
/**
2021-10-11 16:10:47 +02:00
* Check if apache logged the user and get data from ldap .
2017-03-18 19:15:20 +01:00
*
* @ return Zend_Auth_Result
*/
2021-10-11 16:10:47 +02:00
public function authenticate ()
2017-03-18 19:15:20 +01:00
{
if ( array_key_exists ( 'EXTERNAL_AUTH_ERROR' , $_SERVER )) {
2021-10-11 16:10:47 +02:00
return new Zend_Auth_Result ( Zend_Auth_Result :: FAILURE , null , [ $_SERVER [ 'EXTERNAL_AUTH_ERROR' ]]);
2017-03-18 19:15:20 +01:00
}
if ( ! array_key_exists ( 'REMOTE_USER' , $_SERVER )) {
return new Zend_Auth_Result ( Zend_Auth_Result :: FAILURE , null );
}
// success, the user is good since the service populated the REMOTE_USER
$remoteUser = $_SERVER [ 'REMOTE_USER' ];
$subj = CcSubjsQuery :: create () -> findOneByDbLogin ( $remoteUser );
2021-10-11 16:10:47 +02:00
$subjId = null ;
2017-03-18 19:15:20 +01:00
if ( $subj ) {
$subjId = $subj -> getDBId ();
}
if ( $subjId ) {
$user = new Application_Model_User ( $subjId );
} else {
// upsert the user on login for first time users
$user = new Application_Model_User ( '' );
}
// Always zap any local info with new info from ipa
$user -> setLogin ( $remoteUser );
// Use a random password for IPA users, reset on each login... I may change this to get set to the IPA pass but hate that it is being stored as md5 behind the scenes
// gets rescrambled on each succeful login for security purposes
$ipaDummyPass = bin2hex ( openssl_random_pseudo_bytes ( 10 ));
$user -> setPassword ( $ipaDummyPass );
// grab user info from LDAP
$userParts = explode ( '@' , $remoteUser );
$userInfo = LibreTime_Model_FreeIpa :: GetUserInfo ( $userParts [ 0 ]);
$user -> setType ( $userInfo [ 'type' ]);
$user -> setFirstName ( $userInfo [ 'first_name' ]);
$user -> setLastName ( $userInfo [ 'last_name' ]);
$user -> setEmail ( $userInfo [ 'email' ]);
$user -> setCellPhone ( $userInfo [ 'cell_phone' ]);
$user -> setSkype ( $userInfo [ 'skype' ]);
$user -> setJabber ( $userInfo [ 'jabber' ]);
$user -> save ();
$this -> user = $user ;
2021-10-11 16:10:47 +02:00
2017-03-18 19:15:20 +01:00
try {
return new Zend_Auth_Result ( Zend_Auth_Result :: SUCCESS , $user );
} catch ( Exception $e ) {
// exception occured
return new Zend_Auth_Result ( Zend_Auth_Result :: FAILURE , null );
}
}
/**
2021-10-11 16:10:47 +02:00
* return dummy object for internal auth handling .
*
2017-03-18 19:15:20 +01:00
* we need to build a dummpy object since the auth layer knows nothing about the db
*
* @ return stdClass
*/
2021-10-11 16:10:47 +02:00
public function getResultRowObject ()
{
2024-01-07 13:59:02 +01:00
$o = new stdClass ();
2017-03-18 19:15:20 +01:00
$o -> id = $this -> user -> getId ();
2021-10-11 16:10:47 +02:00
$o -> username = $this -> user -> getLogin ();
$o -> password = $this -> user -> getPassword ();
$o -> real_name = implode ( ' ' , [ $this -> user -> getFirstName (), $this -> user -> getLastName ()]);
2017-03-18 19:15:20 +01:00
$o -> type = $this -> user -> getType ();
$o -> login = $this -> user -> getLogin ();
2021-10-11 16:10:47 +02:00
2017-03-18 19:15:20 +01:00
return $o ;
}
}