/**
* Load thumbnail and save it's base64 in userdata
* @param Manager $ldap
* @param array $userData
* @return string|false
*/
public static function getThumbnail(Manager $ldap, array $userData)
{
$raw = $ldap->search(null, Utils::getUserLookup($userData['username']), true, array('thumbnailphoto'));
if (!$raw->current() instanceof Node) {
return false;
}
/** @var NodeAttribute[] $attrs */
$attrs = $raw->current()->getAttributes();
// Load user image
if (empty($attrs['thumbnailPhoto']) !== true && $attrs['thumbnailPhoto']->getValues()) {
$img = $attrs['thumbnailPhoto']->getValues();
return 'data:image/jpg' . ';base64,' . base64_encode($img[0]);
}
return false;
}
/**
* Asserts binding parameters
*
* @param array $params Given parameters
* @param boolean $isBound Expected hostname
* @param boolean $isAnonymous Expected port
* @param string $dn Bind dn (Default: null)
* @param string $password Bind password (Default: null)
*
* @return void
*/
protected function assertBinding($params, $isBound, $isAnonymous, $dn = null, $password = null)
{
$manager = new Manager($params, $this->driver);
$manager->connect();
$manager->bind();
$instance = $this->driver->getConnection();
$this->assertEquals($isBound, $instance->isBound());
if ($isAnonymous) {
$this->assertNull($instance->getBindDn(), 'Anonymous bind Dn');
$this->assertNull($instance->getBindPassword(), 'Anonymous bind Password');
} else {
$this->assertEquals($dn, $instance->getBindDn(), 'Privileged bind Dn');
$this->assertEquals($password, $instance->getBindPassword(), 'Privileged bind Password');
}
}
/**
* Load data as per constructor instance
*
* @param Manager $ldap
* @param array $userData
* @return array
*/
public function getUserInfo(Manager $ldap, array $userData)
{
// Load
$raw = $ldap->search(NULL, Utils::getUserLookup($userData['username']), TRUE, array_keys($this->loadInfo));
if (!$raw->current() instanceof Node) {
return array();
}
$attributes = $raw->current()->getAttributes();
// Post process & return
$return = array();
foreach ($attributes as $key => $value) {
/** @var NodeAttribute $value */
$newKey = $this->loadInfo[$key];
if ($key == 'objectSid') {
$return[$newKey] = array($this->getObjectSidFromBinary($value->getValues()[0]));
} else {
$return[$newKey] = $value->getValues();
}
if (count($return[$newKey]) === 1) {
$return[$newKey] = reset($return[$newKey]);
}
}
return $return;
}
/**
* Perform auth against ldap
*
* @param array $credentials
* @return Identity|\Nette\Security\IIdentity
* @throws \Nette\Security\AuthenticationException
*/
public function authenticate(array $credentials)
{
list($username, $password) = $credentials;
$username = call_user_func_array($this->usernameGenerator, array($this->ldap, $username));
// Auth
try {
$this->ldap->connect();
// @todo: Pullrequest to toyota, to check whether we're already connected
$this->ldap->bind($username, $password);
$data = array('username' => $username, 'fqdn' => $this->fqdn);
} catch (BindException $e) {
throw new AuthenticationException('Username or password is not valid', $e->getCode(), $e);
}
// Success handlers
foreach ($this->onSuccess as $key => $handler) {
$data[$key] = call_user_func_array($handler, array($this->ldap, $data));
}
// Allow/refuse login based on groups
$this->assertHasGroupAccess($data);
// Get & return the identity
return call_user_func_array($this->identityGenerator, array($this->ldap, $data));
}
/**
* Tests alternative binding
*
* @return void
*/
public function testAlternativeBinding()
{
$params = $this->minimal;
$params['bind_dn'] = 'default_dn';
$params['bind_password'] = '******';
$manager = new Manager($params, $this->driver);
$manager->connect();
$instance = $this->driver->getConnection();
$manager->bind();
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used');
$this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used');
$manager->bind(null, '');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used');
$this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used');
$manager->bind(null, 'alt_pass');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used');
$this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used');
$manager->bind('', 'alt_pass');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used');
$this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used');
$manager->bind('alt_dn', 'alt_pass');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs');
$this->assertEquals('alt_pass', $instance->getBindPassword(), 'Alternative password got used');
$manager->bind('alt_dn', '');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs');
$this->assertEquals('', $instance->getBindPassword(), 'Alternative password got used');
$manager->bind('alt_dn');
$this->assertTrue($instance->isBound(), 'Binding occured');
$this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs');
$this->assertEquals('', $instance->getBindPassword(), 'Default empty password got used');
}
/**
* Tests complex updates with changeset merging when saving
*
* @return void
*/
public function testSaveMergesChanges()
{
$manager = new Manager($this->minimal, $this->driver);
$manager->connect();
$manager->bind();
$entry = new Entry('test_dn', array('a' => array('a1', 'a2'), 'b' => array('b1', 'b2'), 'c' => array('c1', 'c2'), 'd' => array('d1', 'd2'), 'e' => array('e1', 'e2')));
$this->driver->getConnection()->stackResults(array($entry));
$node = new Node();
$node->setDn('test_dn');
$node->get('a', true)->add(array('a2', 'a4'));
$node->get('b', true)->add(array('b1', 'b3'));
$node->get('c', true)->add(array('c1', 'c3'));
$node->get('d', true)->add(array('d1', 'd2', 'd3', 'd4'));
$node->get('g', true)->add('g1');
$node->get('h', true)->add(array('h1', 'h2'));
$node->get('i', true)->add(array('i1', 'i2'));
$node->snapshot(false);
$node->get('a')->add(array('a1', 'a3'));
$node->removeAttribute('b');
$node->get('c')->set(array('c4', 'c5'));
$node->get('d')->remove('d2');
$node->get('d')->remove('d3');
$node->get('d')->add('d5');
$node->get('f', true)->add(array('f1', 'f2'));
$node->removeAttribute('g');
$node->get('h')->set(array('h1', 'h3'));
$node->get('i')->remove('i2');
$this->assertFalse($manager->save($node), 'Node persistence resulted in an update');
$this->assertSearchLog($this->driver->getConnection()->shiftLog(), 'test_dn', '(objectclass=*)', SearchInterface::SCOPE_BASE, null, array($entry));
$this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_add', 'test_dn', array('a' => array('a3'), 'd' => array('d5'), 'f' => array('f1', 'f2'), 'h' => array('h1', 'h3')));
$this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_del', 'test_dn', array('b' => array(), 'd' => array('d2')));
$this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_rep', 'test_dn', array('c' => array('c4', 'c5')));
$this->assertNull($this->driver->getConnection()->shiftLog(), 'All logs have been parsed');
$this->assertSnapshot($node, 'A node is snapshot after update');
}
/**
* @param Manager $ldap
* @param $groupDn
* @return Node[]|false
*/
protected function getGroupMemberOf(Manager $ldap, $groupDn)
{
return $ldap->search(null, str_replace(':group:', ldap_escape($groupDn, null, LDAP_ESCAPE_DN), self::$GroupMemberOfLookup));
}
