/**
* Attaches roles depending on the users active directory group.
*
* @param User $user
* @param AdldapUser $adldapUser
*
* @return void
*/
protected function handleLdapUserWasAuthenticated(User $user, AdldapUser $adldapUser)
{
if ($adldapUser->inGroup('Help Desk')) {
$admin = Role::whereName(Role::getAdministratorName())->first();
// If we have the administrator role and the user isn't
// already a member, then we'll assign them the role.
if ($admin instanceof Role && !$user->hasRole($admin)) {
$user->assignRole($admin);
}
}
$user->from_ad = true;
$user->save();
}
/**
* Creates a local User from Active Directory
*
* @param User $user
* @param string $password
*
* @return \Illuminate\Database\Eloquent\Model
*/
protected function getModelFromAdldap(User $user, $password)
{
$email = $user->getEmail();
$model = $this->createModel()->newQuery()->where(compact('email'))->first();
if (!$model) {
$model = $this->createModel();
$model->email = $email;
$model->password = bcrypt($password);
}
$model = $this->syncModelFromAdldap($user, $model);
if ($this->getBindUserToModel()) {
$model = $this->bindAdldapToModel($user, $model);
}
return $model;
}
/**
* Imports an active directory user.
*
* @param User $user
*
* @return bool
*/
public function handle(User $user)
{
$user = $user->where('email', $this->user->getEmail())->first();
if (!$user instanceof User) {
$email = $this->user->getEmail();
$password = str_random(40);
$fullName = $this->user->getName();
$user = $this->dispatch(new CreateUser($email, $password, $fullName));
}
// Synchronize their AD attributes.
$user->from_ad = true;
if ($user->isDirty()) {
// Check if there's any changed before
// firing a save to save on inserts.
$user->save();
}
return $user;
}
protected function mapDataToUserModel(adLDAPUserModel $user, $password)
{
$model = new UserModel(['username' => $user->getAccountName(), 'password' => $password ? $this->_hasher->make($password) : null]);
$model->setUserInfo($user);
return $model;
}
/**
* Handles retrieving the specified field from the User model.
*
* @param User $user
* @param string $field
*
* @return string|null
*/
protected function handleAttributeRetrieval(User $user, $field)
{
if ($field === $this->getSchema()->thumbnail()) {
// If the field we're retrieving is the users thumbnail photo, we need
// to retrieve it encoded so we're able to save it to the database.
$value = $user->getThumbnailEncoded();
} else {
$value = $user->{$field};
// If the AD Value is an array, we'll
// retrieve the first value.
$value = is_array($value) ? array_get($value, 0) : $value;
}
return $value;
}
/**
* Handles retrieving the specified field from the User model.
*
* @param User $user
* @param string $field
*
* @return string|null
*/
protected function handleAttributeRetrieval(User $user, $field)
{
if ($field === ActiveDirectory::THUMBNAIL) {
// If the field we're retrieving is the users thumbnail photo, we need
// to retrieve it encoded so we're able to save it to the database.
$value = $user->getThumbnailEncoded();
} else {
$value = $user->{$field};
if (is_array($value)) {
// If the AD Value is an array, we'll
// retrieve the first value.
$value = Arr::get($value, 0);
}
}
return $value;
}
/**
* Attaches roles depending on the users active directory group.
*
* @param User $user
* @param AdldapUser $adldapUser
*/
protected function handleLdapUserWasAuthenticated(User $user, AdldapUser $adldapUser)
{
if ($adldapUser->inGroup('Help Desk')) {
$admin = Role::admin();
if ($admin instanceof Role) {
$user->attachRole($admin->getKey());
}
}
}
/**
* Update roles
*
* @param User $user
* @param Models\User $adUser
*/
protected function updateRole(User &$user, Models\User $adUser)
{
$memberOf = [];
foreach ($adUser->getMemberOfNames() as $group) {
$memberOf[] = \Adldap\Classes\Utilities::unescape($group);
}
foreach ($this->group2Role as $group => $role) {
if (in_array($group, $memberOf, true)) {
if ($this->roleExists($role)) {
$user->addRole($role);
}
}
}
}
/**
* Soft deletes the specified model if the specified AD account is disabled.
*
* @param User $user
* @param Model $model
*/
protected function delete(User $user, Model $model)
{
if (method_exists($model, 'trashed') && !$model->trashed() && $user->isDisabled()) {
// If deleting is enabled, the model supports soft deletes, the model
// isn't already deleted, and the AD user is disabled, we'll
// go ahead and delete the users model.
$model->delete();
if ($this->isLogging()) {
logger()->info("Soft-deleted user {$user->getCommonName()}. Their AD user account is disabled.");
}
}
}
/**
* Fills a models attributes by the specified Users attributes.
*
* @param User $user
* @param Authenticatable $model
*
* @return Authenticatable
*/
protected function syncModelFromAdldap(User $user, Authenticatable $model)
{
$attributes = $this->getSyncAttributes();
foreach ($attributes as $modelField => $adField) {
if ($adField === ActiveDirectory::THUMBNAIL) {
// If the field we're retrieving is the users thumbnail photo, we need
// to retrieve it encoded so we're able to save it to the database.
$adValue = $user->getThumbnailEncoded();
} else {
$adValue = $user->{$adField};
if (is_array($adValue)) {
// If the AD Value is an array, we'll
// retrieve the first value.
$adValue = Arr::get($adValue, 0);
}
}
$model->{$modelField} = $adValue;
}
if ($model instanceof Model) {
$model->save();
}
return $model;
}
