Get the Ldap Connection object. By default it will get the connection of the domain currently in context. To get
a different domain connection pass the domain name as a parameter.
| public getConnection ( null | string $domain = null ) : LdapTools\Connection\LdapConnectionInterface | ||
| $domain | null | string | |
| return | LdapTools\Connection\LdapConnectionInterface | |
/**
* @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider
* @param \LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUserChecker $userChecker
* @param \LdapTools\LdapManager $ldap
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
* @param \LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUser $user
* @param \LdapTools\Connection\LdapConnectionInterface $connection
* @param \LdapTools\Operation\AuthenticationResponse $response
* @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher
*/
function let($userProvider, $userChecker, $ldap, $token, $user, $connection, $response, $dispatcher)
{
$this->userProvider = $userProvider;
$this->userChecker = $userChecker;
$this->ldap = $ldap;
$this->token = $token;
$this->user = $user;
$this->connection = $connection;
$this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar');
$this->response = $response;
$this->dispatcher = $dispatcher;
$token->getUsername()->willReturn('foo');
$token->getCredentials()->willReturn('bar');
$token->hasAttribute('ldap_domain')->willReturn(false);
$token->getAttributes()->willReturn([]);
$this->userProvider->loadUserByUsername('foo')->willReturn($user);
$this->connection->getConfig()->willReturn(new DomainConfiguration('foo.bar'));
$this->connection->execute($this->operation)->willReturn($this->response);
$this->response->isAuthenticated()->willReturn(true);
$this->ldap->getConnection()->willReturn($this->connection);
$this->ldap->getDomainContext()->willReturn('foo.bar');
$this->user->getUsername()->willReturn('foo');
$this->user->getRoles()->willReturn(['ROLE_USER']);
$this->user->isAccountNonLocked()->willReturn(true);
$this->user->isEnabled()->willReturn(true);
$this->user->isAccountNonExpired()->willReturn(true);
$this->user->isCredentialsNonExpired()->willReturn(true);
$this->beConstructedWith('restricted', true, $this->userProvider, new LdapUserChecker(), $this->ldap, $this->dispatcher);
}
/**
* @param \LdapTools\LdapManager $ldap
* @param \LdapTools\Query\LdapQueryBuilder $qb
* @param \LdapTools\Query\LdapQuery $query
* @param \LdapTools\Connection\LdapConnectionInterface $connection
*/
function let($ldap, $qb, $query, $connection)
{
$groups = new LdapObjectCollection();
$groups->add(new LdapObject(['name' => 'Foo', 'dn' => 'cn=Foo,dc=example,dc=local']));
$groups->add(new LdapObject(['guid' => '291d8444-9d5b-4b0a-a6d7-853408f704d5', 'dn' => 'cn=Bar,dc=example,dc=local']));
$groups->add(new LdapObject(['sid' => 'S-1-5-18', 'dn' => 'cn=LocalSys,dc=example,dc=local']));
$groups->add(new LdapObject(['name' => 'Just a DN', 'dn' => 'cn=Stuff,dc=example,dc=local']));
$roleMap = ['ROLE_AWESOME' => ['foo'], 'ROLE_ADMIN' => ['291d8444-9d5b-4b0a-a6d7-853408f704d5'], 'ROLE_DN' => ['cn=Stuff,dc=example,dc=local'], 'ROLE_SID' => ['S-1-5-18']];
$attrMap = ['username' => 'username', 'accountNonLocked' => 'locked', 'accountNonExpired' => 'accountExpirationDate', 'enabled' => 'disabled', 'credentialsNonExpired' => 'passwordMustChange', 'guid' => 'guid', 'groups' => 'groups', 'stringRepresentation' => 'username'];
$this->ldap = $ldap;
$this->qb = $qb;
$this->query = $query;
$this->connection = $connection;
$this->config = new DomainConfiguration('foo.bar');
$this->filter = new ADFilterBuilder();
$this->ldapObject = new LdapObject($this->attr, ['user'], ['user'], 'user');
$query->getSingleResult()->willReturn($this->ldapObject);
$query->getResult()->willReturn($groups);
$query->getArrayResult()->willReturn([['name' => 'foo'], ['name' => 'bar']]);
$qb->from(LdapObjectType::USER)->willReturn($qb);
$qb->from('group')->willReturn($qb);
$qb->select(["username", "locked", "accountExpirationDate", "disabled", "passwordMustChange", "guid", "groups", "username"])->willReturn($qb);
$qb->select(["name", "sid", "guid"])->willReturn($qb);
$qb->select('name')->willReturn($qb);
$qb->where(['username' => 'foo'])->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$qb->filter()->willReturn($this->filter);
$qb->where($this->filter->hasMemberRecursively($this->attr['guid'], 'members'))->willReturn($qb);
$this->ldap->buildLdapQuery()->willReturn($qb);
$connection->getConfig()->willReturn($this->config);
$this->ldap->getConnection()->willReturn($connection);
$this->beConstructedWith($ldap, $attrMap, $roleMap, true);
}
function let(LdapManager $ldap, LdapConnectionInterface $connection, RouterInterface $router, EventDispatcherInterface $dispatcher)
{
$this->userChecker = new LdapUserChecker();
$this->request = new Request();
$this->request->setSession(new Session());
$router->generate('login')->willReturn('/login');
$connection->getConfig()->willReturn(new DomainConfiguration('foo.bar'));
$ldap->getConnection()->willReturn($connection);
$ldap->getDomainContext()->willReturn('foo.bar');
$this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher);
}
/**
* @param LdapObjectAnnotation $annotation
* @return array
*/
protected function getLdapAttributesToSelect(LdapObjectAnnotation $annotation)
{
$attributes = $annotation->attributes;
if (empty($attributes)) {
$schemaFactory = $this->ldap->getSchemaFactory();
$schema = $schemaFactory->get($this->ldap->getConnection()->getConfig()->getSchemaName(), $annotation->type);
$attributes = $schema->getAttributesToSelect();
}
if (!in_array($annotation->id, $attributes)) {
$attributes[] = $annotation->id;
}
return $attributes;
}
/**
* @param UserInterface $user
* @param TokenInterface $token
* @return UsernamePasswordToken
*/
protected function doAuthentication(UserInterface $user, TokenInterface $token)
{
$auth = (new AuthenticationOperation())->setUsername($user->getUsername())->setPassword($token->getCredentials());
/** @var AuthenticationResponse $response */
$response = $this->ldap->getConnection()->execute($auth);
if (!$response->isAuthenticated()) {
$this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType());
throw new BadCredentialsException($response->getErrorMessage(), $response->getErrorCode());
}
$this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token));
$newToken = new UsernamePasswordToken($user, null, $this->providerKey, $user->getRoles());
$newToken->setAttributes($token->getAttributes());
return $newToken;
}
/**
* @param \LdapTools\LdapManager $ldap
* @param \LdapTools\Connection\LdapConnectionInterface $connection
* @param \Symfony\Component\Routing\RouterInterface $router
* @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher
*/
function let($ldap, $connection, $router, $dispatcher)
{
$this->ldap = $ldap;
$this->router = $router;
$this->userChecker = new LdapUserChecker();
$this->connection = $connection;
$this->config = new DomainConfiguration('foo.bar');
$this->request = new Request();
$this->request->setSession(new Session());
$this->dispatcher = $dispatcher;
$this->router->generate('login')->willReturn('/login');
$this->connection->getConfig()->willReturn($this->config);
$this->ldap->getConnection()->willReturn($this->connection);
$this->ldap->getDomainContext()->willReturn('foo.bar');
$this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher);
}
function let(Reader $reader, LdapManager $ldap, LifecycleEventArgs $eventArgs, ObjectManager $om, ClassMetadata $metadata, LdapObjectSchemaFactory $schemaFactory, LdapConnectionInterface $connection, LdapObjectSchema $schema, LdapQueryBuilder $qb, LdapQuery $query, $entity)
{
$rc = new \ReflectionClass('Doctrine\\Common\\Persistence\\Event\\LifecycleEventArgs');
if ($rc->hasMethod('getObjectManager')) {
$eventArgs->getObjectManager()->willReturn($om);
$eventArgs->getObject()->willReturn($entity);
} else {
$eventArgs->getEntityManager()->willReturn($om);
$eventArgs->getEntity()->willReturn($entity);
}
$om->getClassMetadata(Argument::any())->willReturn($metadata);
$this->config = new DomainConfiguration('foo.bar');
$connection->getConfig()->willReturn($this->config);
$ldap->getDomainContext()->willReturn('foo.bar');
$ldap->getSchemaFactory()->willReturn($schemaFactory);
$ldap->getConnection()->willReturn($connection);
$ldap->buildLdapQuery()->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$this->beConstructedWith($reader, $ldap);
}
function let(UserProviderInterface $userProvider, LdapUserChecker $userChecker, LdapManager $ldap, TokenInterface $token, LdapUser $user, LdapConnectionInterface $connection, AuthenticationResponse $response, \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher)
{
$this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar');
$token->getUsername()->willReturn('foo');
$token->getCredentials()->willReturn('bar');
$token->hasAttribute('ldap_domain')->willReturn(false);
$token->getAttributes()->willReturn([]);
$token->getUser()->willReturn($user);
$userProvider->loadUserByUsername('foo')->willReturn($user);
$connection->getConfig()->willReturn(new DomainConfiguration('foo.bar'));
$connection->execute($this->operation)->willReturn($response);
$response->isAuthenticated()->willReturn(true);
$ldap->getConnection()->willReturn($connection);
$ldap->getDomainContext()->willReturn('foo.bar');
$user->getUsername()->willReturn('foo');
$user->getRoles()->willReturn(['ROLE_USER']);
$user->isAccountNonLocked()->willReturn(true);
$user->isEnabled()->willReturn(true);
$user->isAccountNonExpired()->willReturn(true);
$user->isCredentialsNonExpired()->willReturn(true);
$this->beConstructedWith('restricted', true, $userProvider, new LdapUserChecker(), $ldap, $dispatcher);
}
/**
* {@inheritdoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
$domain = $this->ldap->getDomainContext();
try {
$this->switchDomainIfNeeded($credentials);
/** @var \LdapTools\Operation\AuthenticationResponse $response */
$response = $this->ldap->getConnection()->execute(new AuthenticationOperation($user->getUsername(), $credentials['password']));
if (!$response->isAuthenticated()) {
$this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType());
throw new CustomUserMessageAuthenticationException($response->getErrorMessage(), [], $response->getErrorCode());
}
// No way to get the token from the Guard, need to create one to pass...
$token = new UsernamePasswordToken($user, $credentials['password'], 'ldap-tools', $user->getRoles());
$token->setAttribute('ldap_domain', isset($credentials['ldap_domain']) ? $credentials['ldap_domain'] : '');
$this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token));
} catch (\Exception $e) {
$this->hideOrThrow($e);
} finally {
$this->domain = $this->ldap->getDomainContext();
$this->switchDomainBackIfNeeded($domain);
}
return true;
}
