/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof LdapUserInterface) {
if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!$user->getDn()) {
$userLdap = $this->ldapManager->findUserByUsername($user->getUsername());
if (!$userLdap) {
throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername()));
}
$user->setDn($userLdap->getDn());
}
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->ldapManager->bind($user, $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
/**
* Hydrates an user entity with ldap attributes.
*
* @param UserInterface $user user to hydrate
* @param array $entry ldap result
*
* @return UserInterface
*/
protected function hydrate(UserInterface $user, array $entry)
{
$user->setPassword('');
if ($user instanceof AdvancedUserInterface) {
$user->setEnabled(true);
}
foreach ($this->params['attributes'] as $attr) {
if (!array_key_exists($attr['ldap_attr'], $entry)) {
continue;
}
$ldapValue = $entry[$attr['ldap_attr']];
$value = null;
if (!array_key_exists('count', $ldapValue) || $ldapValue['count'] == 1) {
$value = $ldapValue[0];
} else {
$value = array_slice($ldapValue, 1);
}
call_user_func(array($user, $attr['user_method']), $value);
}
if ($user instanceof LdapUserInterface) {
$user->setDn($entry['dn']);
}
}
