/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$admins = explode(',', $config->ldap->admin_accounts);
$options = $config->ldap->toArray();
unset($options['log_path']);
unset($options['admin_accounts']);
try {
// first check local DB with parent class
$result = parent::authenticate();
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
} catch (Exception $e) {
throw $e;
}
if ($result->isValid() !== true) {
try {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
$result = $auth->authenticate($adapter);
// log the result if a log path has been defined in config.ini
if ($log_path) {
$messages = $result->getMessages();
$logger = new Zend_Log();
$logger->addWriter(new Zend_Log_Writer_Stream($log_path));
$filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
$logger->addFilter($filter);
foreach ($messages as $i => $message) {
if ($i-- > 1) {
// $messages[2] and up are log messages
$message = str_replace("\n", "\n ", $message);
$logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
}
}
}
// if authentication was successfull and user is not already in OPUS DB
// register user as publisher to OPUS database
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
if ($result->isValid() === true) {
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
$account = new Opus_Account();
$account->setLogin($this->_login);
$account->setPassword($this->_password);
$account->store();
$roles = Opus_Role::getAll();
// look for the publisher role in OPUS DB
foreach ($roles as $role) {
if ($role->getDisplayName() === 'publisher') {
$publisherId = $role->getId();
}
if ($role->getDisplayName() === 'administrator') {
$adminId = $role->getId();
}
}
if ($publisherId > 0) {
$accessRole = new Opus_Role($publisherId);
} else {
// if there is no publisher role in DB, create it
$accessRole = new Opus_Role();
$accessRole->setName('publisher');
// the publisher role needs publish access!
$privilege = new Opus_Privilege();
$privilege->setPrivilege('publish');
$accessRole->addPrivilege($privilege);
$accessRole->store();
}
if ($adminId > 0) {
$adminRole = new Opus_Role($adminId);
} else {
// if there is no publisher role in DB, create it
$adminRole = new Opus_Role();
$adminRole->setName('administrator');
// the publisher role needs publish access!
$adminprivilege = new Opus_Privilege();
$adminprivilege->setPrivilege('administrate');
$adminRole->addPrivilege($adminprivilege);
$adminRole->store();
}
if (in_array($this->_login, $admins) === true) {
$account->addRole($adminRole);
} else {
$account->addRole($accessRole);
}
$account->store();
}
}
} catch (Zend_Auth_Adapter_Exception $e) {
throw $e;
}
}
return $result;
}
/**
* Login user.
*
* @param string $login
* @param string $password
*
* TODO should be possible to be just 'guest' (see also enableSecurity)
*/
public function loginUser($login, $password)
{
$adapter = new Opus_Security_AuthAdapter();
$adapter->setCredentials($login, $password);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
$this->assertTrue($auth->hasIdentity());
$config = Zend_Registry::get('Zend_Config');
if ($config->security) {
Application_Security_AclProvider::init();
}
}
