/**
* Synchronizes a single user in LDAP. This method can be used by superusers to synchronize
* a user before (s)he logs in.
*
* @param string $login The login of the user.
* @throws Exception if the user cannot be found or a problem occurs during synchronization.
*/
public function synchronizeUser($login)
{
Piwik::checkUserHasSuperUserAccess();
$ldapUser = $this->ldapUsers->getUser($login);
if (empty($ldapUser)) {
throw new Exception(Piwik::translate('LoginLdap_UserNotFound', $login));
}
$this->userSynchronizer->synchronizeLdapUser($login, $ldapUser);
$this->userSynchronizer->synchronizePiwikAccessFromLdap($login, $ldapUser);
}
/**
* Returns a WebServerAuth instance configured with INI config.
* @return SynchronizedAuth
*/
public static function makeConfigured()
{
$result = new SynchronizedAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
$synchronizeUsersAfterSuccessfulLogin = Config::getShouldSynchronizeUsersAfterLogin();
$result->setSynchronizeUsersAfterSuccessfulLogin($synchronizeUsersAfterSuccessfulLogin);
return $result;
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return LdapAuth
*/
public static function makeConfigured()
{
$result = new LdapAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
Log::debug("LdapAuth::%s: creating with configured components", __FUNCTION__);
return $result;
}
private function setUserModelMock($returnValue)
{
$mock = $this->getMock('Piwik\\Plugins\\UsersManager\\Model', array('getUser', 'deleteUserAccess'));
$mock->expects($this->any())->method('getUser')->will($this->returnValue($returnValue));
$this->userSynchronizer->setUserModel($mock);
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return WebServerAuth
*/
public static function makeConfigured()
{
$result = new WebServerAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
$synchronizeUsersAfterSuccessfulLogin = Config::getShouldSynchronizeUsersAfterLogin();
$result->setSynchronizeUsersAfterSuccessfulLogin($synchronizeUsersAfterSuccessfulLogin);
if (Config::getUseLdapForAuthentication()) {
$fallbackAuth = LdapAuth::makeConfigured();
} else {
$fallbackAuth = SynchronizedAuth::makeConfigured();
}
$result->setFallbackAuth($fallbackAuth);
return $result;
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return LdapAuth
*/
public static function makeConfigured()
{
$result = new LdapAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
return $result;
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
Log::debug("UserSynchronizer::%s(): Using UserAccessMapper when synchronizing users.", __FUNCTION__);
} else {
Log::debug("UserSynchronizer::%s(): LDAP access synchronization not enabled.", __FUNCTION__);
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
Log::warning("UserSynchronizer::%s(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", __FUNCTION__);
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
Log::debug("UserSynchronizer::%s: configuring with defaultSitesWithViewAccess = %s", __FUNCTION__, $defaultSitesWithViewAccess);
return $result;
}
protected function synchronizeLdapUser($ldapUser)
{
$this->userForLogin = $this->userSynchronizer->synchronizeLdapUser($this->login, $ldapUser);
$this->userSynchronizer->synchronizePiwikAccessFromLdap($this->login, $ldapUser);
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
/** @var LoggerInterface $logger */
$logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
$logger->debug("UserSynchronizer::{func}(): Using UserAccessMapper when synchronizing users.", array('func' => __FUNCTION__));
} else {
$logger->debug("UserSynchronizer::{func}(): LDAP access synchronization not enabled.", array('func' => __FUNCTION__));
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
$logger->warning("UserSynchronizer::{func}(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", array('func' => __FUNCTION__));
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
$logger->debug("UserSynchronizer::{func}: configuring with defaultSitesWithViewAccess = {sites}", array('func' => __FUNCTION__, 'sites' => $defaultSitesWithViewAccess));
return $result;
}
