/** * @inheritdoc */ function __invoke(TokenRequestEventInterface $event) { // If other listener has granted access, we don`t need to authenticate if (false === $event->isAccessGranted()) { /** @var Application $app */ $app = $event->getApp(); $parameters = $event->getParameters(); $vars = ['{username}' => $parameters->getAuthUsername(), '{host}' => $this->host]; $rdn = $this->format($this->rdn, $vars); $filter = $this->format($this->filter, $vars); $app->getLogger()->info(sprintf('Checking LDAP authentication, user: "******", scope: "%s", rdn: "%s"', $parameters->getAuthUsername(), $parameters->getScope(), $rdn)); if (false === ($connection = @ldap_connect($this->host))) { $message = 'Could not connect to LDAP server'; $app->getLogger()->error($message); throw new ListenerAccessException($message); } ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3); if (false === @ldap_bind($connection, $rdn, $parameters->getAuthPassword())) { $app->getLogger()->error(sprintf("Authentication failed for user '%s'", $parameters->getAuthUsername())); $app->getLogger()->error(ldap_error($connection)); $event->setAccessDenied(); ldap_close($connection); } else { if (false === ($result = @ldap_search($connection, $rdn, $filter, ['uid']))) { $app->getLogger()->error(ldap_error($connection)); $event->setAccessDenied(); } else { $entries = ldap_get_entries($connection, $result); ldap_unbind($connection); ldap_close($connection); if (isset($entries['count']) && $entries['count'] > 0) { $app->getLogger()->info(sprintf("Authentication success for user '%s'", $parameters->getAuthUsername())); $event->setAccessGranted(); } else { $app->getLogger()->error(sprintf("Authentication failed for user '%s'", $parameters->getAuthUsername())); $event->setAccessDenied(); } } } } }
/** * @inheritdoc */ function __invoke(TokenRequestEventInterface $event) { if (false === $event->isAccessGranted()) { /** @var Application $app */ $app = $event->getApp(); $parameters = $event->getParameters(); $app->getLogger()->info(sprintf('Checking YAML authentication, user: "******", scope: "%s"', $parameters->getAuthUsername(), $parameters->getScope())); foreach ($this->users as $user) { if ($user['username'] === $parameters->getAuthUsername() && $user['password'] === $parameters->getAuthPassword()) { $app->getLogger()->debug(sprintf('User found: %s', isset($user['access']) ? json_encode($user['access']) : "[ALL RIGHTS]")); if (null === ($scope = $event->getParameters()->getScope())) { // no scope to validate $event->setAccessGranted(); return; } else { if (isset($user['access'])) { foreach ($user['access'] as $access) { $type = isset($access['type']) ? $access['type'] : null; $name = isset($access['name']) ? $access['name'] : null; $actions = isset($access['actions']) ? $access['actions'] : []; if ($scope->isValid($type, $name, $actions)) { $event->setAccessGranted(); return; } } } else { // no limits on account $event->setAccessGranted(); return; } } $event->setAccessDenied(); } } } }