/**
* Refresh ldap users
*
* New users (found in ldap) will be automatically created if all required fiélds are set.
* Profile fields which are bind to LDAP will automatically updated.
*/
public function syncUsers()
{
if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) {
return;
}
$userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter');
$baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn');
$userCollection = $this->getLdap()->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB);
$authClient = null;
$ids = [];
foreach ($userCollection as $attributes) {
$authClient = new static();
$authClient->setUserAttributes($attributes);
$attributes = $authClient->getUserAttributes();
$user = AuthClientHelpers::getUserByAuthClient($authClient);
if ($user === null) {
if (!AuthClientHelpers::createUser($authClient)) {
Yii::warning('Could not automatically create LDAP user ' . $attributes['email'] . ' - check required attributes!');
}
} else {
AuthClientHelpers::updateUser($authClient, $user);
}
$ids[] = $attributes['id'];
}
/**
* Since userTableAttribute can be automatically set on user attributes
* try to take it from initialized authclient instance.
*/
$userTableIdAttribute = $this->getUserTableIdAttribute();
if ($authClient !== null) {
$userTableIdAttribute = $authClient->getUserTableIdAttribute();
}
// Disable not longer existing users
foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) {
if ($user->status !== User::STATUS_DISABLED && !in_array($user->getAttribute($userTableIdAttribute), $ids)) {
$user->status = User::STATUS_DISABLED;
$user->save();
Yii::warning('Disabled user ' . $user->username . ' (' . $user->id . ') - Not found in LDAP!');
}
}
}
/**
* Login user
*
* @param User $user
* @param \yii\authclient\BaseClient $authClient
* @return Response the current response object
*/
protected function login($user, $authClient)
{
$redirectUrl = ['/user/auth/login'];
if ($user->status == User::STATUS_ENABLED) {
$duration = 0;
if ($authClient instanceof \humhub\modules\user\authclient\BaseFormAuth) {
if ($authClient->login->rememberMe) {
$duration = Yii::$app->getModule('user')->loginRememberMeDuration;
}
}
AuthClientHelpers::updateUser($authClient, $user);
if (Yii::$app->user->login($user, $duration)) {
Yii::$app->user->setCurrentAuthClient($authClient);
$url = Yii::$app->user->returnUrl;
}
} elseif ($user->status == User::STATUS_DISABLED) {
Yii::$app->session->setFlash('error', 'Your account is disabled!');
} elseif ($user->status == User::STATUS_NEED_APPROVAL) {
Yii::$app->session->setFlash('error', 'Your account is not approved yet!');
} else {
Yii::$app->session->setFlash('error', 'Unknown user status!');
}
if (Yii::$app->request->getIsAjax()) {
return $this->htmlRedirect($redirectUrl);
}
return $this->redirect($redirectUrl);
}
