Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
a81033a2
Commit
a81033a2
authored
Mar 26, 2015
by
Bertrand Gauthier
Browse files
Authentification Ldap : extraction de méthode publique dans l'adapter.
parent
ec05438c
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/UnicaenAuth/Authentication/Adapter/Ldap.php
View file @
a81033a2
...
...
@@ -43,6 +43,11 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
*/
protected
$options
;
/**
* @var string
*/
protected
$usernameUsurpe
;
/**
*
* @param AuthEvent $e
...
...
@@ -63,43 +68,17 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
$username
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'identity'
);
$credential
=
$e
->
getRequest
()
->
getPost
()
->
get
(
'credential'
);
// si 2 logins sont fournis, cela active l'usurpation d'identité (à n'utiliser que pour les tests) :
// - le format attendu est "loginUsurpateur=loginUsurpé"
// - le mot de passe attendu est celui du compte usurpateur (loginUsurpateur)
$usernameUsurpe
=
null
;
if
(
strpos
(
$username
,
self
::
USURPATION_USERNAMES_SEP
)
>
0
)
{
list
(
$username
,
$usernameUsurpe
)
=
explode
(
self
::
USURPATION_USERNAMES_SEP
,
$username
,
2
);
if
(
!
in_array
(
$username
,
$this
->
getOptions
()
->
getUsurpationAllowedUsernames
()))
{
$usernameUsurpe
=
null
;
}
}
// // username is the only identity source supported
// $fields = $this->getZfcUserOptions()->getAuthIdentityFields();
// if ('username' !== ($mode = array_shift($fields))) {
// throw new UnexpectedValueException("Username is the only identity source supported by the LDAP adapter.");
// }
// LDAP auth
$result
=
$this
->
getLdapAuthAdapter
()
->
setUsername
(
$username
)
->
setPassword
(
$credential
)
->
authenticate
();
$failure
=
!
$result
->
isValid
();
// verif existence du login usurpé
if
(
$usernameUsurpe
)
{
if
(
!
$this
->
getLdapAuthAdapter
()
->
getLdap
()
->
searchEntries
(
"(supannAliasLogin=
$usernameUsurpe
)"
))
{
$usernameUsurpe
=
null
;
}
}
$success
=
$this
->
authenticateUsername
(
$username
,
$credential
);
// Failure!
if
(
$failure
)
{
if
(
!
$success
)
{
$e
->
setCode
(
AuthenticationResult
::
FAILURE
)
->
setMessages
(
array
(
'LDAP bind failed.'
));
$this
->
setSatisfied
(
false
);
return
false
;
}
$e
->
setIdentity
(
$usernameUsurpe
?:
$username
);
$e
->
setIdentity
(
$
this
->
usernameUsurpe
?:
$username
);
$this
->
setSatisfied
(
true
);
$storage
=
$this
->
getStorage
()
->
read
();
$storage
[
'identity'
]
=
$e
->
getIdentity
();
...
...
@@ -110,6 +89,40 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
$this
->
getEventManager
()
->
trigger
(
'userAuthenticated'
,
$e
);
}
/**
* Authentifie l'identifiant et le mot de passe spécifiés.
*
* @param string $username Identifiant de connexion
* @param string $credential Mot de passe
* @return boolean
*/
public
function
authenticateUsername
(
$username
,
$credential
)
{
// si 2 logins sont fournis, cela active l'usurpation d'identité (à n'utiliser que pour les tests) :
// - le format attendu est "loginUsurpateur=loginUsurpé"
// - le mot de passe attendu est celui du compte usurpateur (loginUsurpateur)
$this
->
usernameUsurpe
=
null
;
if
(
strpos
(
$username
,
self
::
USURPATION_USERNAMES_SEP
)
>
0
)
{
list
(
$username
,
$this
->
usernameUsurpe
)
=
explode
(
self
::
USURPATION_USERNAMES_SEP
,
$username
,
2
);
if
(
!
in_array
(
$username
,
$this
->
getOptions
()
->
getUsurpationAllowedUsernames
()))
{
$this
->
usernameUsurpe
=
null
;
}
}
// LDAP auth
$result
=
$this
->
getLdapAuthAdapter
()
->
setUsername
(
$username
)
->
setPassword
(
$credential
)
->
authenticate
();
$success
=
$result
->
isValid
();
// verif existence du login usurpé
if
(
$this
->
usernameUsurpe
)
{
if
(
!
$this
->
getLdapAuthAdapter
()
->
getLdap
()
->
searchEntries
(
"(supannAliasLogin=
$this->usernameUsurpe
)"
))
{
$this
->
usernameUsurpe
=
null
;
}
}
return
$success
;
}
/**
* @param ModuleOptions $options
*/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment