/**
* Create or update user information
* @param array() $userInfoArr the user related information
* @return array() create result. return detail information
*/
public static function editUser($userInfoArr, $pageActionType)
{
$resultInfo = array();
$actionType = BugfreeModel::ACTION_OPEN;
$oldRecordAttributs = array();
if (!empty($userInfoArr['id'])) {
$user = self::loadModel($userInfoArr['id']);
if (isset($userInfoArr['realname']) && self::isRealnameExisted($userInfoArr['id'], $userInfoArr['realname'])) {
$userInfoArr['realname'] = $userInfoArr['realname'] . '[' . $userInfoArr['username'] . ']';
}
$oldRecordAttributs = $user->attributes;
$actionType = BugfreeModel::ACTION_EDIT;
$user->attributes = $userInfoArr;
if (!empty($userInfoArr['change_password']) && CommonService::$TrueFalseStatus['TRUE'] == $userInfoArr['change_password']) {
$user->scenario = 'password';
}
} else {
$user = new TestUser();
$user->attributes = $userInfoArr;
if (TestUser::$Authmode['ldap'] == $_POST['TestUser']['authmode']) {
$ldap = new LdapService(Yii::app()->params->ldap['user'], Yii::app()->params->ldap['pass']);
if (empty($userInfoArr['username'])) {
$resultInfo['status'] = CommonService::$ApiResult['FAIL'];
$resultInfo['detail']['id'] = Yii::t('TestUser', 'username can not be blank');
return $resultInfo;
}
$ldapUserInfo = $ldap->search($userInfoArr['username']);
if (empty($ldapUserInfo)) {
$resultInfo['status'] = CommonService::$ApiResult['FAIL'];
$resultInfo['detail']['id'] = Yii::t('TestUser', 'Domain Account not found');
return $resultInfo;
}
if (self::isRealnameExisted(0, $ldapUserInfo['realname'])) {
$ldapUserInfo['realname'] = $ldapUserInfo['realname'] . '[' . $ldapUserInfo['username'] . ']';
}
$user->attributes = $ldapUserInfo;
$user->password = time();
}
$user->is_dropped = CommonService::$TrueFalseStatus['FALSE'];
$user->email_flag = CommonService::$TrueFalseStatus['TRUE'];
$user->wangwang_flag = CommonService::$TrueFalseStatus['FALSE'];
}
if (!self::isUserEditable($user->id, $pageActionType)) {
$resultInfo['status'] = CommonService::$ApiResult['FAIL'];
$resultInfo['detail']['id'] = Yii::t('Common', 'Required URL not found or permission denied.');
return $resultInfo;
}
if ($user->save()) {
$newRecord = self::loadModel($user->id);
$addActionResult = AdminActionService::addActionNotes('test_user', $actionType, $newRecord, $oldRecordAttributs);
$resultInfo['status'] = CommonService::$ApiResult['SUCCESS'];
$resultInfo['detail'] = array('id' => $user->id);
return $resultInfo;
} else {
$resultInfo['status'] = CommonService::$ApiResult['FAIL'];
$resultInfo['detail'] = $user->getErrors();
}
return $resultInfo;
}
/**
* Create or Update a User for authentication for use with ldap.
*
* @param array $credentials
*
* @return \Cartalyst\Sentry\Users\Eloquent\User
*/
public function createOrUpdateLdapUser(array $credentials)
{
$loginAttribute = $this->config->setPrefix('cartalyst.sentry')->get('users.login_attribute');
$username = $credentials[$loginAttribute];
$password = $credentials['password'];
// If a user is found, update their password to match active-directory
$user = $this->model->where('username', $username)->first();
if ($user) {
$this->sentry->updatePasswordById($user->id, $password);
} else {
// If a user is not found in the database, create their web account
$ldapUser = $this->ldap->user($username);
$fullName = explode(',', $ldapUser->name);
$lastName = array_key_exists(0, $fullName) ? $fullName[0] : null;
$firstName = array_key_exists(1, $fullName) ? $fullName[1] : null;
$data = ['email' => $ldapUser->email ? $ldapUser->email : $username, 'username' => $username, 'password' => $password, 'last_name' => (string) $lastName, 'first_name' => (string) $firstName, 'activated' => 1];
// Default all group
$roles = ['all'];
if (in_array($ldapUser->group, config('maintenance.groups.ldap.administrators'))) {
$roles[] = 'administrators';
} else {
if (in_array($ldapUser->group, config('maintenance.groups.ldap.workers'))) {
$roles[] = 'workers';
} else {
$roles[] = 'client';
}
}
$user = $this->sentry->createUser($data, $roles);
}
return $user;
}
/**
* authenticate
* if user account is not existed, register it automatically
* if ladp connect failed, use the database data to validate
* after each ldap validation, update the user information to database
*
*/
public function authenticate()
{
$user = TestUser::model()->findByAttributes(array('username' => $this->username));
if ($user == null) {
$this->errorCode = self::ERROR_USER_NOT_FOUND;
} else {
if (CommonService::$TrueFalseStatus['TRUE'] == $user->is_dropped) {
$this->errorCode = self::ERROR_USER_DISABLED;
return !$this->errorCode;
}
if (TestUser::$Authmode['ldap'] == $user->authmode) {
$ldap = new LdapService($this->username, $this->password);
$userInfoArr = $ldap->search();
if (LdapService::ERROR_LDAP_MISS == $ldap->errorCode) {
$this->errorCode = self::ERROR_LDAP_MISS;
} else {
if (LdapService::ERROR_CONNECT == $ldap->errorCode || LdapService::ERROR_BIND == $ldap->errorCode) {
if (md5($this->password) !== $user->password) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->_id = $user->id;
$this->username = $user->username;
$this->setState('realname', $user->realname);
$this->setState('username', $user->username);
$this->errorCode = self::ERROR_NONE;
}
} else {
if (LdapService::ERROR_NONE == $ldap->errorCode) {
if (empty($userInfoArr)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$userInfo = $userInfoArr;
$userInfo['id'] = $user->id;
$userInfo['password'] = $this->password;
$result = TestUserService::editUser($userInfo, TestUserService::LDAP_UPDATE_USER);
if (CommonService::$ApiResult['SUCCESS'] == $result['status']) {
$userNew = TestUser::model()->findByPk($user->id);
$newRealName = $userNew['realname'];
$this->_id = $user->id;
$this->errorCode = self::ERROR_NONE;
$this->setState('realname', $newRealName);
$this->setState('username', $user->username);
} else {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}
}
}
}
}
} else {
if (md5($this->password) !== $user->password) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->_id = $user->id;
$this->username = $user->username;
$this->setState('realname', $user->realname);
$this->setState('username', $user->username);
$this->errorCode = self::ERROR_NONE;
}
}
}
return !$this->errorCode;
}
