/**
* My account
*/
public function indexAction()
{
$config = Config::app()->getSection('global');
$user = $this->Auth()->getUser();
if ($user->getAdditional('backend_type') === 'db') {
try {
$userBackend = UserBackend::create($user->getAdditional('backend_name'));
} catch (ConfigurationError $e) {
$userBackend = null;
}
if ($userBackend !== null) {
$changePasswordForm = new ChangePasswordForm();
$changePasswordForm->setBackend($userBackend)->handleRequest();
$this->view->changePasswordForm = $changePasswordForm;
}
}
$form = new PreferenceForm();
$form->setPreferences($user->getPreferences());
if ($config->get('config_backend', 'ini') !== 'none') {
$form->setStore(PreferencesStore::create(new ConfigObject(array('store' => $config->get('config_backend', 'ini'), 'resource' => $config->config_resource)), $user));
}
$form->handleRequest();
$this->view->form = $form;
$this->getTabs()->activate('account');
}
/**
* Create and add elements to this form
*
* @param array $formData
*/
public function createElements(array $formData)
{
$resourceNames = $this->getLdapResourceNames();
$this->addElement('select', 'resource', array('required' => true, 'autosubmit' => true, 'label' => $this->translate('LDAP Connection'), 'description' => $this->translate('The LDAP connection to use for this backend.'), 'multiOptions' => array_combine($resourceNames, $resourceNames)));
$resource = ResourceFactory::create(isset($formData['resource']) && in_array($formData['resource'], $resourceNames) ? $formData['resource'] : $resourceNames[0]);
$userBackends = array('none' => $this->translate('None', 'usergroupbackend.ldap.user_backend'));
$userBackendNames = $this->getLdapUserBackendNames($resource);
if (!empty($userBackendNames)) {
$userBackends = array_merge($userBackends, array_combine($userBackendNames, $userBackendNames));
}
$this->addElement('select', 'user_backend', array('required' => true, 'autosubmit' => true, 'label' => $this->translate('User Backend'), 'description' => $this->translate('The user backend to link with this user group backend.'), 'multiOptions' => $userBackends));
$groupBackend = new LdapUserGroupBackend($resource);
if ($formData['type'] === 'ldap') {
$defaults = $groupBackend->getOpenLdapDefaults();
$groupConfigDisabled = $userConfigDisabled = null;
// MUST BE null, do NOT change this to false!
} else {
// $formData['type'] === 'msldap'
$defaults = $groupBackend->getActiveDirectoryDefaults();
$groupConfigDisabled = $userConfigDisabled = true;
}
$dnDisabled = null;
// MUST BE null
if (isset($formData['user_backend']) && $formData['user_backend'] !== 'none') {
$userBackend = UserBackend::create($formData['user_backend']);
$defaults->merge(array('user_base_dn' => $userBackend->getBaseDn(), 'user_class' => $userBackend->getUserClass(), 'user_name_attribute' => $userBackend->getUserNameAttribute(), 'user_filter' => $userBackend->getFilter()));
$userConfigDisabled = $dnDisabled = true;
}
$this->createGroupConfigElements($defaults, $groupConfigDisabled);
$this->createUserConfigElements($defaults, $userConfigDisabled, $dnDisabled);
}
/**
* Validate the configuration by creating a backend and requesting the user count
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidUserBackend(Form $form)
{
try {
$ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
$ldapUserBackend->assertAuthenticationPossible();
} catch (AuthenticationException $e) {
if (($previous = $e->getPrevious()) !== null) {
$form->addError($previous->getMessage());
} else {
$form->addError($e->getMessage());
}
return false;
} catch (Exception $e) {
$form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
return false;
}
return true;
}
/**
* Return the given user backend or the first match in order
*
* @param string $name The name of the backend, or null in case the first match should be returned
* @param string $interface The interface the backend should implement, no interface check if null
*
* @return UserBackendInterface
*
* @throws Zend_Controller_Action_Exception In case the given backend name is invalid
*/
protected function getUserBackend($name = null, $interface = 'Icinga\\Data\\Selectable')
{
if ($name !== null) {
$config = Config::app('authentication');
if (!$config->hasSection($name)) {
$this->httpNotFound(sprintf($this->translate('Authentication backend "%s" not found'), $name));
} else {
$backend = UserBackend::create($name, $config->getSection($name));
if ($interface && !$backend instanceof $interface) {
$interfaceParts = explode('\\', strtolower($interface));
throw new Zend_Controller_Action_Exception(sprintf($this->translate('Authentication backend "%s" is not %s'), $name, array_pop($interfaceParts)), 400);
}
}
} else {
$backends = $this->loadUserBackends($interface);
$backend = array_shift($backends);
}
return $backend;
}
/**
* Apply the given configuration on this backend
*
* @param ConfigObject $config
*
* @return $this
*
* @throws ConfigurationError In case a linked user backend does not exist or is invalid
*/
public function setConfig(ConfigObject $config)
{
if ($config->backend === 'ldap') {
$defaults = $this->getOpenLdapDefaults();
} elseif ($config->backend === 'msldap') {
$defaults = $this->getActiveDirectoryDefaults();
} else {
$defaults = new ConfigObject();
}
if ($config->user_backend && $config->user_backend !== 'none') {
$userBackend = UserBackend::create($config->user_backend);
if (!$userBackend instanceof LdapUserBackend) {
throw new ConfigurationError('User backend "%s" is not of type LDAP', $config->user_backend);
}
if ($this->ds->getHostname() !== $userBackend->getDataSource()->getHostname() || $this->ds->getPort() !== $userBackend->getDataSource()->getPort()) {
// TODO(jom): Elaborate whether it makes sense to link directories on different hosts
throw new ConfigurationError('It is required that a linked user backend refers to the ' . 'same directory as it\'s user group backend counterpart');
}
$this->setUserBackend($userBackend);
$defaults->merge(array('user_base_dn' => $userBackend->getBaseDn(), 'user_class' => $userBackend->getUserClass(), 'user_name_attribute' => $userBackend->getUserNameAttribute(), 'user_filter' => $userBackend->getFilter()));
}
return $this->setGroupBaseDn($config->base_dn)->setUserBaseDn($config->get('user_base_dn', $this->getGroupBaseDn()))->setGroupClass($config->get('group_class', $defaults->group_class))->setUserClass($config->get('user_class', $defaults->user_class))->setGroupNameAttribute($config->get('group_name_attribute', $defaults->group_name_attribute))->setUserNameAttribute($config->get('user_name_attribute', $defaults->user_name_attribute))->setGroupMemberAttribute($config->get('group_member_attribute', $defaults->group_member_attribute))->setGroupFilter($config->filter)->setUserFilter($config->user_filter);
}
/**
* Create and return the backend
*
* @return DbUserBackend|LdapUserBackend
*/
protected function createBackend()
{
$config = new ConfigObject($this->backendConfig);
$config->resource = $this->resourceConfig;
return UserBackend::create(null, $config);
}
/**
* Check whether the current user backend is valid, i.e. it's enabled, not an external user backend and whether its
* config is valid
*
* @return bool
*/
public function valid()
{
if (!$this->config->valid()) {
// Stop when there are no more backends to check
return false;
}
$backendConfig = $this->config->current();
if ((bool) $backendConfig->get('disabled', false)) {
$this->next();
return $this->valid();
}
$name = $this->key();
try {
$backend = UserBackend::create($name, $backendConfig);
} catch (ConfigurationError $e) {
Logger::error(new ConfigurationError('Can\'t create authentication backend "%s". An exception was thrown:', $name, $e));
$this->next();
return $this->valid();
}
if ($this->getSkipExternalBackends() && $backend instanceof ExternalBackend) {
$this->next();
return $this->valid();
}
$this->currentBackend = $backend;
return true;
}
/**
* Set up the user backend factory
*
* @return $this
*/
protected function setupUserBackendFactory()
{
try {
UserBackend::setConfig(Config::app('authentication'));
} catch (NotReadableError $e) {
Logger::error(new IcingaException('Cannot load user backend configuration. An exception was thrown:', $e));
}
return $this;
}
/**
* Create and add elements to this form
*
* @param array $formData
*/
public function createElements(array $formData)
{
// LdapUserGroupBackendForm requires these factories to provide valid configurations
ResourceFactory::setConfig($this->createResourceConfiguration());
UserBackend::setConfig($this->createBackendConfiguration());
$backendForm = new LdapUserGroupBackendForm();
$formData['type'] = 'ldap';
$backendForm->create($formData);
$backendForm->getElement('name')->setValue('icingaweb2');
$this->addSubForm($backendForm, 'backend_form');
$backendForm->addElement('hidden', 'resource', array('required' => true, 'value' => $this->resourceConfig['name'], 'decorators' => array('ViewHelper')));
$backendForm->addElement('hidden', 'user_backend', array('required' => true, 'value' => $this->backendConfig['name'], 'decorators' => array('ViewHelper')));
}
/**
* Return the names of all configured LDAP user backends
*
* @param LdapConnection $resource
*
* @return array
*/
protected function getLdapUserBackendNames(LdapConnection $resource)
{
$names = array();
foreach (UserBackend::getBackendConfigs() as $name => $config) {
if (in_array(strtolower($config->backend), array('ldap', 'msldap'))) {
$backendResource = ResourceFactory::create($config->resource);
if ($backendResource->getHostname() === $resource->getHostname() && $backendResource->getPort() === $resource->getPort()) {
$names[] = $name;
}
}
}
return $names;
}
/**
* Create and return the user group backend
*
* @return LdapUserGroupBackend
*/
protected function createUserGroupBackend()
{
$resourceConfig = new Config();
$resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig);
ResourceFactory::setConfig($resourceConfig);
$backendConfig = new Config();
$backendConfig->setSection($this->backendConfig['name'], array_merge($this->backendConfig, array('resource' => $this->resourceConfig['name'])));
UserBackend::setConfig($backendConfig);
if (empty($this->groupConfig)) {
$groupConfig = new ConfigObject(array('backend' => $this->backendConfig['backend'], 'resource' => $this->resourceConfig['name'], 'user_backend' => $this->backendConfig['name']));
} else {
$groupConfig = new ConfigObject($this->groupConfig);
}
$backend = UserGroupBackend::create(null, $groupConfig);
if (!$backend instanceof Selectable) {
throw new NotImplementedError('Unsupported, until #9772 has been resolved');
}
return $backend;
}
/**
* Create a user backend by using the given form's values and return its inspection results
*
* Returns null for non-inspectable backends.
*
* @param Form $form
*
* @return Inspection|null
*/
public static function inspectUserBackend(Form $form)
{
$backend = UserBackend::create(null, new ConfigObject($form->getValues()));
if ($backend instanceof Inspectable) {
return $backend->inspect();
}
}
/**
* Validate the configuration by creating a backend and requesting the user count
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidUserBackend(Form $form)
{
/**
* @var $result Inspection
*/
$result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect();
if ($result->hasError()) {
$form->addError($result->getError());
}
// TODO: display diagnostics in $result->toArray() to the user
return !$result->hasError();
}
/**
* Return the names of all users this backend currently provides
*
* @return array
*/
protected function fetchUsers()
{
$config = new ConfigObject($this->backendConfig);
$config->resource = $this->resourceConfig;
$backend = UserBackend::create(null, $config);
try {
return $backend->select(array('user_name'))->order('user_name', 'asc', true)->fetchColumn();
} catch (Exception $_) {
// No need to handle anything special here. Error means no users found.
return array();
}
}
