*/ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, EventManagerAwareInterface { /** * @var ServiceManager */ protected $serviceManager; /** * @var EventManager */ protected $eventManager; /** * @var LdapAuthAdapter */ protected $ldapAuthAdapter; /** * @var ModuleOptions */ protected $options; /** * * @param AuthEvent $e * @return boolean * @throws UnexpectedValueException * @see ChainableAdapter */ public function authenticate(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity']) ->setCode(AuthenticationResult::SUCCESS) ->setMessages(array('Authentication successful.')); return; } $username = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); // // username is the only identity source supported // $fields = $this->getZfcUserOptions()->getAuthIdentityFields(); // if ('username' !== ($mode = array_shift($fields))) { // throw new UnexpectedValueException("Username is the only identity source supported by the LDAP adapter."); // } // LDAP auth $result = $this->getLdapAuthAdapter()->setUsername($username)->setPassword($credential)->authenticate(); $failure = true; if (!$result->isValid()) { // if account exists but invalid credential, and sesame password used : get LDAP entry manually if (($sesame = $this->getOptions()->getSesamePassword()) && AuthenticationResult::FAILURE_CREDENTIAL_INVALID === $result->getCode()) { $bcrypt = new Bcrypt(); $bcrypt->setBackwardCompatibility(true); // indispensable pour serveurs en PHP < 5.3.7 if ($bcrypt->verify($credential, $sesame)) { // Sesame password matches $failure = false; } } } else { $failure = false; } // Failure! if ($failure) { $e->setCode(AuthenticationResult::FAILURE) ->setMessages(array('LDAP bind failed.')); $this->setSatisfied(false); return false; } $e->setIdentity($username); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS) ->setMessages(array('Authentication successful.')); $this->getEventManager()->trigger('userAuthenticated', $e); $e->stopPropagation(); return true; } /** * @param ModuleOptions $options */ public function setOptions(ModuleOptions $options) { $this->options = $options; } /** * @return ModuleOptions */ public function getOptions() { if (!$this->options instanceof ModuleOptions) { $options = array_merge( $this->getServiceManager()->get('zfcuser_module_options')->toArray(), $this->getServiceManager()->get('unicaen-auth_module_options')->toArray()); $this->setOptions(new ModuleOptions($options)); } return $this->options; } /** * @return \UnicaenApp\Options\ModuleOptions */ public function getAppModuleOptions() { return $this->getServiceManager()->get('unicaen-app_module_options'); } /** * get ldap connection adapter * * @return LdapAuthAdapter */ public function getLdapAuthAdapter() { if (null === $this->ldapAuthAdapter) { $options = array(); if (($config = $this->getAppModuleOptions()->getLdap())) { foreach ($config['connection'] as $name => $connection) { $options[$name] = $connection['params']; } } $this->ldapAuthAdapter = new LdapAuthAdapter($options); // NB: array(array) } return $this->ldapAuthAdapter; } /** * set ldap connection adapter * * @param LdapAuthAdapter $authAdapter * @return Ldap */ public function setLdapAuthAdapter(LdapAuthAdapter $authAdapter) { $this->ldapAuthAdapter = $authAdapter; return $this; } /** * Get service manager * * @return ServiceManager */ public function getServiceManager() { return $this->serviceManager; } /** * Set service manager * * @param ServiceManager $serviceManager * @return Ldap */ public function setServiceManager(ServiceManager $serviceManager) { $this->serviceManager = $serviceManager; return $this; } /** * Retrieve EventManager instance * * @return EventManagerInterface */ public function getEventManager() { return $this->eventManager; } /** * Inject an EventManager instance * * @param EventManagerInterface $eventManager * @return Ldap */ public function setEventManager(EventManagerInterface $eventManager) { $this->eventManager = $eventManager; return $this; } }