sintonia/legacy/application/auth/adapters/FreeIpa.php

132 lines
3.6 KiB
PHP
Raw Permalink Normal View History

<?php
2022-07-07 20:01:15 +02:00
/**
2021-10-11 16:10:47 +02:00
* Auth adaptor for FreeIPA.
*/
2021-10-11 16:10:47 +02:00
class LibreTime_Auth_Adaptor_FreeIpa implements Zend_Auth_Adapter_Interface
{
/**
* @var string
*/
private $username;
2022-01-14 18:52:42 +01:00
/**
* @var string
*/
private $password;
2022-01-14 18:52:42 +01:00
/**
* @var Application_Model_User
*/
private $user;
/**
2021-10-11 16:10:47 +02:00
* username from form.
*
* @param mixed $username
*
* @return self
*/
2021-10-11 16:10:47 +02:00
public function setIdentity($username)
{
$this->username = $username;
2021-10-11 16:10:47 +02:00
return $this;
}
/**
2021-10-11 16:10:47 +02:00
* password from form.
*
* This is ignored by FreeIPA but needs to get passed for completeness
*
2021-10-11 16:10:47 +02:00
* @param mixed $password
*
* @return self
*/
2021-10-11 16:10:47 +02:00
public function setCredential($password)
{
$this->password = $password;
2021-10-11 16:10:47 +02:00
return $this;
}
/**
2021-10-11 16:10:47 +02:00
* Check if apache logged the user and get data from ldap.
*
* @return Zend_Auth_Result
*/
2021-10-11 16:10:47 +02:00
public function authenticate()
{
if (array_key_exists('EXTERNAL_AUTH_ERROR', $_SERVER)) {
2021-10-11 16:10:47 +02:00
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, [$_SERVER['EXTERNAL_AUTH_ERROR']]);
}
if (!array_key_exists('REMOTE_USER', $_SERVER)) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null);
}
// success, the user is good since the service populated the REMOTE_USER
$remoteUser = $_SERVER['REMOTE_USER'];
$subj = CcSubjsQuery::create()->findOneByDbLogin($remoteUser);
2021-10-11 16:10:47 +02:00
$subjId = null;
if ($subj) {
$subjId = $subj->getDBId();
}
if ($subjId) {
$user = new Application_Model_User($subjId);
} else {
// upsert the user on login for first time users
$user = new Application_Model_User('');
}
// Always zap any local info with new info from ipa
$user->setLogin($remoteUser);
// Use a random password for IPA users, reset on each login... I may change this to get set to the IPA pass but hate that it is being stored as md5 behind the scenes
// gets rescrambled on each succeful login for security purposes
$ipaDummyPass = bin2hex(openssl_random_pseudo_bytes(10));
$user->setPassword($ipaDummyPass);
// grab user info from LDAP
$userParts = explode('@', $remoteUser);
$userInfo = LibreTime_Model_FreeIpa::GetUserInfo($userParts[0]);
$user->setType($userInfo['type']);
$user->setFirstName($userInfo['first_name']);
$user->setLastName($userInfo['last_name']);
$user->setEmail($userInfo['email']);
$user->setCellPhone($userInfo['cell_phone']);
$user->setSkype($userInfo['skype']);
$user->setJabber($userInfo['jabber']);
$user->save();
$this->user = $user;
2021-10-11 16:10:47 +02:00
try {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user);
} catch (Exception $e) {
// exception occured
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null);
}
}
/**
2021-10-11 16:10:47 +02:00
* return dummy object for internal auth handling.
*
* we need to build a dummpy object since the auth layer knows nothing about the db
*
* @return stdClass
*/
2021-10-11 16:10:47 +02:00
public function getResultRowObject()
{
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.46.1 (main) (#2868) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [friendsofphp/php-cs-fixer](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer) | `<3.45.1` -> `<3.46.1` | [![age](https://developer.mend.io/api/mc/badges/age/packagist/friendsofphp%2fphp-cs-fixer/3.46.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/friendsofphp%2fphp-cs-fixer/3.46.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/friendsofphp%2fphp-cs-fixer/3.45.0/3.46.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/friendsofphp%2fphp-cs-fixer/3.45.0/3.46.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>PHP-CS-Fixer/PHP-CS-Fixer (friendsofphp/php-cs-fixer)</summary> ### [`v3.46.0`](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/HEAD/CHANGELOG.md#Changelog-for-v3460) [Compare Source](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/compare/v3.45.0...v3.46.0) - chore: fix internal typehints in Tokens ([#&#8203;7656](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7656)) - chore: reduce PHPStan baseline ([#&#8203;7643](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7643)) - docs: Show class with unit tests and BC promise info ([#&#8203;7667](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7667)) - feat: change default ruleset to `@PER-CS` (only behind PHP_CS_FIXER_FUTURE_MODE=1) ([#&#8203;7650](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7650)) - feat: Support new/instanceof/use trait in `fully_qualified_strict_types` ([#&#8203;7653](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7653)) - fix: FQCN parse phpdoc using full grammar regex ([#&#8203;7649](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7649)) - fix: Handle FQCN properly with `leading_backslash_in_global_namespace` option enabled ([#&#8203;7654](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7654)) - fix: PhpdocToParamTypeFixerTest - support for arrow functions ([#&#8203;7647](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7647)) - fix: PHP_CS_FIXER_FUTURE_MODE - proper boolean validation ([#&#8203;7651](https://togithub.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7651)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/libretime/libretime). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: jo <ljonas@riseup.net>
2024-01-07 13:59:02 +01:00
$o = new stdClass();
$o->id = $this->user->getId();
2021-10-11 16:10:47 +02:00
$o->username = $this->user->getLogin();
$o->password = $this->user->getPassword();
$o->real_name = implode(' ', [$this->user->getFirstName(), $this->user->getLastName()]);
$o->type = $this->user->getType();
$o->login = $this->user->getLogin();
2021-10-11 16:10:47 +02:00
return $o;
}
}