Beispiel #1
0
 /**
  * Synchronizes a user.
  *
  * @param string $userdn
  * @param $username
  * @return array|FALSE
  */
 public static function synchroniseUser($userdn, $username = NULL)
 {
     // User is valid. Get it from DN.
     $ldapUser = static::getLdapUser($userdn);
     if ($ldapUser === NULL) {
         return FALSE;
     }
     if (!$username) {
         $userAttribute = Configuration::getUsernameAttribute(static::$config['users']['filter']);
         $username = $ldapUser[$userAttribute][0];
     }
     // Get user pid from user mapping.
     $typo3_users_pid = Configuration::getPid(static::$config['users']['mapping']);
     // Get TYPO3 user from username, DN and pid.
     $typo3_user = static::getTypo3User($username, $userdn, $typo3_users_pid);
     if ($typo3_user === NULL) {
         // Non-existing local users are not allowed to authenticate
         return FALSE;
     }
     // Get LDAP and TYPO3 user groups for user
     // First reset the LDAP groups
     static::$ldapGroups = NULL;
     $typo3_groups = static::getUserGroups($ldapUser);
     if ($typo3_groups === NULL) {
         // Required LDAP groups are missing
         static::$lastAuthenticationDiagnostic = 'Missing required LDAP groups.';
         return FALSE;
     }
     if (Configuration::getValue('IfUserExist') && !$typo3_user['uid']) {
         return FALSE;
         // User does not exist in TYPO3.
     } elseif (!$typo3_user['uid'] && (!empty($typo3_groups) || !Configuration::getValue('DeleteUserIfNoTYPO3Groups'))) {
         // Insert new user: use TCA configuration to override default values
         $table = static::$authenticationService->authInfo['db_user']['table'];
         if (is_array($GLOBALS['TCA'][$table]['columns'])) {
             foreach ($GLOBALS['TCA'][$table]['columns'] as $column => $columnConfig) {
                 if (isset($columnConfig['config']['default'])) {
                     $defaultValue = $columnConfig['config']['default'];
                     $typo3_user[$column] = $defaultValue;
                 }
             }
         }
         $typo3_user['username'] = Typo3UserRepository::setUsername($typo3_user['username']);
         $typo3_user = Typo3UserRepository::add($table, $typo3_user);
     }
     if (!empty($typo3_user['uid'])) {
         $typo3_user['deleted'] = 0;
         $typo3_user['endtime'] = 0;
         $typo3_user['password'] = Typo3UserRepository::setRandomPassword();
         if (empty($typo3_groups) && Configuration::getValue('DeleteUserIfNoTYPO3Groups')) {
             $typo3_user['deleted'] = 1;
             $typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
         }
         // Delete user if no LDAP groups found.
         if (Configuration::getValue('DeleteUserIfNoLDAPGroups') && !static::$ldapGroups) {
             $typo3_user['deleted'] = 1;
             $typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
         }
         // Set groups to user.
         $typo3_user = Typo3UserRepository::setUserGroups($typo3_user, $typo3_groups);
         // Merge LDAP user with TYPO3 user from mapping.
         if ($typo3_user) {
             $typo3_user = static::merge($ldapUser, $typo3_user, static::$config['users']['mapping']);
             if (Configuration::getValue('forceLowerCaseUsername')) {
                 // Possible enhancement: use \TYPO3\CMS\Core\Charset\CharsetConverter::conv_case instead
                 $typo3_user['username'] = strtolower($typo3_user['username']);
             }
             // Update TYPO3 user.
             Typo3UserRepository::update(static::$authenticationService->authInfo['db_user']['table'], $typo3_user);
             $typo3_user['tx_igldapssoauth_from'] = 'LDAP';
         }
     } else {
         $typo3_user = FALSE;
     }
     return $typo3_user;
 }
 /**
  * Imports a given user to the TYPO3 database.
  *
  * @param array $user Local user information
  * @param array $ldapUser LDAP user information
  * @param string $restoreBehavior How to restore users (only for update)
  * @return array Modified user data
  * @throws ImportUsersException
  */
 public function import($user, $ldapUser, $restoreBehavior = 'both')
 {
     // Store the extra data for later restore and remove it
     if (isset($user['__extraData'])) {
         $extraData = $user['__extraData'];
         unset($user['__extraData']);
     }
     if (empty($user['uid'])) {
         // Set other necessary information for a new user
         // First make sure to be acting in the right context
         Configuration::setMode($this->context);
         $user['username'] = Typo3UserRepository::setUsername($user['username']);
         $user['password'] = Typo3UserRepository::setRandomPassword();
         $typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable);
         if ($typo3Groups === NULL) {
             // Required LDAP groups are missing: quit!
             return $user;
         }
         $user = Typo3UserRepository::setUserGroups($user, $typo3Groups);
         $user = Typo3UserRepository::add($this->userTable, $user);
         $this->usersAdded++;
     } else {
         // Restore user that may have been previously deleted or disabled, depending on chosen behavior
         // (default to both undelete and re-enable)
         switch ($restoreBehavior) {
             case 'enable':
                 $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0;
                 break;
             case 'undelete':
                 $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0;
                 break;
             case 'nothing':
                 break;
             default:
                 $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0;
                 $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0;
         }
         $typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable);
         $user = Typo3UserRepository::setUserGroups($user, $typo3Groups === NULL ? array() : $typo3Groups);
         $success = Typo3UserRepository::update($this->userTable, $user);
         if ($success) {
             $this->usersUpdated++;
         }
     }
     // Restore the extra data and trigger a signal
     if (isset($extraData)) {
         $user['__extraData'] = $extraData;
         // Hook for processing the extra data
         if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'])) {
             foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'] as $className) {
                 /** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface */
                 $postProcessor = GeneralUtility::getUserObj($className);
                 if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface) {
                     $postProcessor->processExtraData($this->userTable, $user);
                 } else {
                     throw new ImportUsersException(sprintf('Invalid post-processing class %s. It must implement the \\Causal\\IgLdapSsoAuth\\Utility\\ExtraDataProcessorInterface interface', $className), 1414136057);
                 }
             }
         }
     }
     return $user;
 }