public function runAction()
{
$em = $this->getEntityManager();
$console = $this->getServiceLocator()->get('console');
$schemaTool = new \Doctrine\ORM\Tools\SchemaTool($em);
$console->writeLine('建立資料表中, 請稍待!!', ColorInterface::GREEN);
$classes = $em->getMetadataFactory()->getAllMetadata();
if ($this->params()->fromRoute('re-create-database')) {
$schemaTool->dropSchema($classes);
}
$schemaTool->createSchema($classes);
// 安裝預設管理人員及選單
$username = '******';
$password = \Zend\Math\Rand::getString(8, null, true);
$user = new \Base\Entity\User();
$user->setUsername($username);
$user->setPassword(\Zend\Ldap\Attribute::createPassword($password));
$user->setDisplayName('管理者');
$user->setRole('admin');
$em->persist($user);
$em->flush();
$menu = new \Base\Entity\Menu();
$menu->setName('首頁');
$menu->setUser($user);
$params = ['max_records' => 10, 'order_kind' => 'desc', 'term' => ''];
$menu->setParams(serialize($params));
$em->persist($menu);
$em->flush();
$console->writeLine('建立完成!!', ColorInterface::GREEN);
$console->writeLine('預設帳號 ' . $username . ', 密碼 ' . $password, ColorInterface::GREEN);
}
public function saveAction()
{
$jsonModel = new JsonModel();
if ($this->getRequest()->isPost()) {
$data = $this->params()->fromPost();
$em = $this->getEntityManager();
if (!($userRes = $em->getRepository('Base\\Entity\\User')->find($data['id']))) {
$userRes = new \Base\Entity\User();
}
$form = new UserForm();
$roleArr = $em->getRepository('Base\\Entity\\User')->getRoleArray();
$form->get('role')->setValueOptions($roleArr);
$form->setData($data);
if ($form->isValid()) {
$userRes->setDisplayName($data['display_name']);
$userRes->setUsername($data['username']);
$userRes->setRole($data['role']);
$userRes->setPassword(\Zend\Ldap\Attribute::createPassword($data['password']));
$em->persist($userRes);
$em->flush();
$jsonModel->setVariable('success', true);
} else {
$jsonModel->setVariable('success', false);
$jsonModel->setVariable('message', $form->getMessages());
}
}
return $jsonModel;
}
public function runAction()
{
$username = $this->params()->fromRoute('username');
$password = $this->params()->fromRoute('password');
$em = $this->getEntityManager();
$qb = $em->createQueryBuilder()->select('u')->from('Base\\Entity\\User', 'u')->where('u.username=:username')->setParameter('username', $username)->getQuery()->getResult();
if (count($qb)) {
$userRes = $qb[0];
} else {
$userRes = new \Base\Entity\User();
$userRes->setUsername($username);
$userRes->setDisplayName('管理者');
}
$userRes->setPassword(\Zend\Ldap\Attribute::createPassword($password));
$userRes->setRole('admin');
$em->persist($userRes);
$em->flush();
echo "\n {$username} 設定成功 \n ";
}
/**
* Parse the given tokens into a data structure
*
* @param array $data
* @param array $tokens
* @return void
*/
protected function _parseLdapSchemaSyntax(array &$data, array $tokens)
{
// tokens that have no value associated
$noValue = array('single-value', 'obsolete', 'collective', 'no-user-modification', 'abstract', 'structural', 'auxiliary');
// tokens that can have multiple values
$multiValue = array('must', 'may', 'sup');
while (count($tokens) > 0) {
$token = strtolower(array_shift($tokens));
if (in_array($token, $noValue)) {
$data[$token] = true;
// single value token
} else {
$data[$token] = array_shift($tokens);
// this one follows a string or a list if it is multivalued
if ($data[$token] == '(') {
// this creates the list of values and cycles through the tokens
// until the end of the list is reached ')'
$data[$token] = array();
while ($tmp = array_shift($tokens)) {
if ($tmp == ')') {
break;
}
if ($tmp != '$') {
$data[$token][] = Ldap\Attribute::convertFromLdapValue($tmp);
}
}
} else {
$data[$token] = Ldap\Attribute::convertFromLdapValue($data[$token]);
}
// create a array if the value should be multivalued but was not
if (in_array($token, $multiValue) && !is_array($data[$token])) {
$data[$token] = array($data[$token]);
}
}
}
}
/**
* Gets a LDAP date/time attribute.
*
* This is an offline method.
*
* @param string $name
* @param int $index
* @return array|int
* @throws \Zend\Ldap\Exception\LdapException
*/
public function getDateTimeAttribute($name, $index = null)
{
return Ldap\Attribute::getDateTimeAttribute($this->currentData, $name, $index);
}
/**
* Remove given values from a LDAP attribute
*
* @param string $attribName
* @param mixed|array $value
* @return void
*/
public function removeFromAttribute($attribName, $value)
{
Attribute::removeFromAttribute($this->currentData, $attribName, $value);
}
public function testChangePasswordWithUserAccountActiveDirectory()
{
if ($this->getLDAP()->getRootDse()->getServerType() !== Node\RootDse::SERVER_TYPE_ACTIVEDIRECTORY) {
$this->markTestSkipped('Test can only be run on an ActiveDirectory server');
}
$options = $this->getLDAP()->getOptions();
if ($options['useSsl'] !== true && $options['useStartTls'] !== true) {
$this->markTestSkipped('Test can only be run on an SSL or TLS secured connection');
}
$dn = $this->createDn('cn=New User,');
$data = array();
$password = '******';
Ldap\Attribute::setAttribute($data, 'cn', 'New User', false);
Ldap\Attribute::setAttribute($data, 'displayName', 'New User', false);
Ldap\Attribute::setAttribute($data, 'sAMAccountName', 'newuser', false);
Ldap\Attribute::setAttribute($data, 'userAccountControl', 512, false);
Ldap\Attribute::setAttribute($data, 'objectClass', 'person', true);
Ldap\Attribute::setAttribute($data, 'objectClass', 'organizationalPerson', true);
Ldap\Attribute::setAttribute($data, 'objectClass', 'user', true);
Ldap\Attribute::setPassword($data, $password, Ldap\Attribute::PASSWORD_UNICODEPWD, 'unicodePwd');
try {
$this->getLDAP()->add($dn, $data);
$this->getLDAP()->bind($dn, $password);
$newPasswd = 'newpasswd';
$newData = array();
Ldap\Attribute::setPassword($newData, $newPasswd, Ldap\Attribute::PASSWORD_UNICODEPWD);
$this->getLDAP()->update($dn, $newData);
try {
$this->getLDAP()->bind($dn, $password);
$this->fail('Expected exception not thrown');
} catch (Exception\LdapException $zle) {
$message = $zle->getMessage();
$this->assertTrue(strstr($message, 'Invalid credentials') || strstr($message, 'Server is unwilling to perform'));
}
$this->assertInstanceOf('\\Zend\\Ldap\\Ldap', $this->getLDAP()->bind($dn, $newPasswd));
$this->getLDAP()->bind();
$this->getLDAP()->delete($dn);
} catch (Exception\LdapException $e) {
$this->getLDAP()->bind();
if ($this->getLDAP()->exists($dn)) {
$this->getLDAP()->delete($dn);
}
$this->fail($e->getMessage());
}
}
public function testPasswordGenerationUnicodePwd()
{
$password = '******';
$unicodePwd = Attribute::createPassword($password, Attribute::PASSWORD_UNICODEPWD);
$this->assertEquals(10, strlen($unicodePwd));
$this->assertEquals("\"new\"", $unicodePwd);
}
public function changePasswordAction()
{
$viewModel = new ViewModel();
$username = $this->getAuthService()->getIdentity()->getUsername();
$registerForm = new RegisterForm();
$form = new \Zend\Form\Form('changePasswordForm');
$form->add($registerForm->get('password'));
$form->add($registerForm->get('re_password'));
// $form->add($registerForm->get('submit')->setAttribute('value', '修改密碼'));
$accountFilter = new AccountFIlter();
$filter = new InputFilter();
$filter->add($accountFilter->get('password'))->add($accountFilter->get('re_password'));
$form->setInputFilter($filter);
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost();
$form->setData($data);
if ($form->isValid()) {
$em = $this->getServiceLocator()->get('doctrine.entitymanager.orm_default');
$user = $em->getRepository('Base\\Entity\\User')->findOneBy(array('username' => $username));
if ($user) {
//$user->setPassword(md5($form->get('password')->getValue()));
$user->setPassword(\Zend\Ldap\Attribute::createPassword($form->get('password')->getValue()));
$em->persist($user);
$em->flush();
$this->getServiceLocator()->get('Zend\\Log')->info($username . ' changed password');
$this->flashMessenger()->addSuccessMessage('更改密碼成功!');
return $this->redirect()->refresh();
}
}
}
$viewModel->setVariable('form', $form);
return $viewModel;
}
private function write($isUpdate = false, $employeeNumber = null)
{
// Get the request body (prepared by \Slim\Middleware\ContentTypes)
$env = $this->app->environment();
$data = $env['slim.input'];
if ($data === '{}') {
$data = array();
}
// Build the entry
$entry = $this->formatJsonForEntry($data);
$entry['objectClass'] = array('person', 'organizationalPerson', 'inetOrgPerson', 'personMailDelivery');
$entry['employeeNumber'] = $isUpdate === false ? $this->ldap->getUUID('employeeNumber') : $employeeNumber;
// Validate the data
$dn = $this->assertValidEntry($entry, $isUpdate);
unset($entry['passwordConfirmation']);
if (isset($entry['userPassword'])) {
$entry['userPassword'] = Attribute::createPassword($entry['userPassword'], Attribute::PASSWORD_HASH_SSHA);
}
// Adi/Update to LDAP
if ($isUpdate !== true) {
$this->ldap->add($dn, $entry);
} else {
$this->ldap->update($dn, $entry);
}
// Return the created/updated entry
$this->getById($entry['employeeNumber']);
}
public function testPasswordGenerationUnicodePwd()
{
$password = '******';
$unicodePwd = Ldap\Attribute::createPassword($password, Ldap\Attribute::PASSWORD_UNICODEPWD);
$this->assertEquals(10, strlen($unicodePwd));
$this->assertEquals("\x22\x00\x6E\x00\x65\x00\x77\x00\x22\x00", $unicodePwd);
}
public function loginAction()
{
// if($this->identity()->
$prg = $this->postRedirectGet('login');
if ($prg instanceof Response) {
return $prg;
} else {
/** @var \Zend\Form\Form $form */
$form = $this->getServiceLocator()->get('form\\loginForm');
if ($prg) {
$form->setData($prg);
if ($form->isValid()) {
/** @var \Zend\Authentication\Adapter\Ldap $ldapAdapter */
$ldapAdapter = $this->getServiceLocator()->get('ldap_auth_adapter');
$username = $form->get('username')->getValue();
$password = $form->get('password')->getValue();
$ldapResult = $ldapAdapter->setIdentity($username)->setCredential($password)->authenticate();
if (!$ldapResult->isValid()) {
/** @var \Zend\Authentication\Adapter\DbTable\CallbackCheckAdapter $wpAdapter */
$wpAdapter = $this->getServiceLocator()->get('auth_adapter_wordpress');
$wpResult = $wpAdapter->setIdentity($username)->setCredential($password)->authenticate();
if ($wpResult->isValid()) {
$wpUser = $wpAdapter->getResultRowObject(null, array('user_pass'));
/** @var \Application\Mapper\WPUserMeta $wpMeta */
$wpMeta = $this->getServiceLocator()->get('mapper/wpusermeta');
$groups = unserialize($wpMeta->getMetaForUser($wpUser, 'wp_capabilities')->meta_value);
$rfid = $wpMeta->getMetaForUser($wpUser, 'rfid_code')->meta_value;
$entry = [];
LdapAttribute::setAttribute($entry, 'cn', $wpUser->user_login);
LdapAttribute::setAttribute($entry, 'rfidCode', $rfid);
LdapAttribute::setAttribute($entry, 'mail', $wpUser->user_email);
LdapAttribute::setAttribute($entry, 'objectClass', 'User');
LdapAttribute::setAttribute($entry, 'samAccountName', $wpUser->user_login);
LdapAttribute::setPassword($entry, $password, LdapAttribute::PASSWORD_UNICODEPWD);
LdapAttribute::setAttribute($entry, 'userAccountControl', 512);
// $ldap = $ldapAdapter->getLdap();
/** @var ZendLdap $ldap */
$ldap = $this->getServiceLocator()->get('ldap');
$dn = sprintf('CN=%s,CN=Users,DC=hackspace,DC=internal', $wpUser->user_login);
$ldap->add($dn, $entry);
$dn = $ldap->getCanonicalAccountName($username, ZendLdap::ACCTNAME_FORM_DN);
$ldapPasswordArray = [];
LdapAttribute::setPassword($ldapPasswordArray, $password, LdapAttribute::PASSWORD_UNICODEPWD);
try {
$ldap->update($dn, $ldapPasswordArray);
} catch (LdapException $e) {
// $ldapAdapter->getLdap()->delete($dn);
Debug::dump($e->getMessage());
die;
}
// Debug::dump($hm);
// Debug::dump($hm);
// \Zend\Debug\Debug::dump($groups);
// \Zend\Debug\Debug::dump($rfid);
//$ldapAdapter->getLdap()->add();
} else {
$this->flashMessenger()->addMessage('The username and/or password is invalid');
foreach ($ldapResult->getMessages() as $message) {
$this->flashMessenger()->addMessage($message);
}
$this->redirect()->refresh();
}
} else {
$ldap = $this->getServiceLocator()->get('ldap');
$this->flashMessenger()->addMessage('Logged in via LDAP!');
$dn = sprintf('CN=%s,CN=Users,DC=hackspace,DC=internal', $username);
$ldapPasswordArray = [];
LdapAttribute::setPassword($ldapPasswordArray, 'Frogs22ontheroof', LdapAttribute::PASSWORD_UNICODEPWD);
try {
$ldap->update($dn, $ldapPasswordArray);
} catch (LdapException $e) {
$this->flashMessenger()->addMessage($e->getMessage());
}
$this->redirect()->refresh();
}
}
}
return array('loginForm' => $form);
}
}
public static function hashPassword($player, $password)
{
return $player->getPassword() === \Zend\Ldap\Attribute::createPassword($password);
}
