public static function setUser(SHUserAdapter $adapter, $JUser) { if (is_numeric($JUser)) { $id = $JUser; } elseif ($JUser instanceof JUser) { $id = $JUser->id; } else { //TODO: lang string throw new RuntimeException('Invalid User ID', 101); } $link = null; // Check if we can retrieve link from cache if (isset(self::$userCache[$adapter->loginuser]) && is_array(self::$userCache[$adapter->loginuser])) { foreach (self::$userCache[$adapter->loginuser] as $links) { if ($links['joomla_id'] === $id) { $link = self::$userCache[$adapter->loginuser]; break; } } } if (empty($link)) { $link = self::lookupFromJoomlaId(self::TYPE_USER, $id); } if ($link) { // Check if we actually need to update if ($link[0]['adapter'] == $adapter->getName() && $link[0]['domain'] == $adapter->getDomain() && $link[0]['username'] == $adapter->getId(false) && $link[0]['joomla_id'] == $id) { return; } // Commit the link update self::update($link[0]['id'], $adapter->getName(), $adapter->getDomain(), $adapter->getId(false), $id); } else { // Commit the link insert self::insert(self::TYPE_USER, $adapter->getName(), $adapter->getDomain(), $adapter->getId(false), $id); } unset(self::$userCache['U_' . $adapter->loginuser]); unset(self::$userCache['I_' . $id]); }
/** * Called after a user LDAP read to gather extra ldap attribute values that * were not included in the initial read. * * @param SHUserAdapter $adapter The current user adapter. * @param array &$attributes Discovered User Ldap attribute keys=>values. * @param array $options Array holding options. * * @return void * * @since 2.0 */ public function onLdapAfterRead($adapter, &$attributes, $options = array()) { if (!$this->doSetup()) { return; } $details = array(); $return = array(); $groups = array(); /* Firstly, we need to check if there are any initial groups discovered * if a forward lookup is being used. If not then we need to find these * initial groups first. */ if ($this->lookup_type === self::LOOKUP_FORWARD) { /* * Attempt to do a forward lookup if the Ldap user group attributes are * not present. Though in most cases, they should be present. */ if (!isset($attributes[$this->memberof_attribute])) { // We cannot get any more information if there is no source user DN if (is_null($adapter->getId(false))) { return false; } // Add to the user attribute request for an Ldap read $details[] = $this->memberof_attribute; $return = $details; } else { if (!count($attributes[$this->memberof_attribute])) { // There are no groups to process for this user (or the parameter was set incorrectly) return true; } // Yes we have groups already, we just need to check for recursion if required laters $groups = $attributes[$this->memberof_attribute]; } } else { // Attempt to do a reverse lookup $return[] = $this->member_attribute; // The following will only execute if the attributes doesnt have what is required for reverse lookup if (!isset($attributes[$this->member_dn]) || is_null($this->member_dn)) { // We cannot get any more information if there is no source user DN if (is_null($adapter->getId(false))) { return false; } // This will indicate another ldap read later $details[] = $this->member_dn; } } // Lets get our result ready $return = array_fill_keys($return, null); $result = null; if (count($details)) { // Get our ldap user attributes and check we have a valid result $result = $adapter->client->read($adapter->getId(false), null, $details); } if (!count($groups)) { // Need to process first level user groups from the ldap result if ($this->lookup_type === self::LOOKUP_FORWARD) { // Forward lookup: all we need is the user group values $groups = $result->getAttribute(0, $this->memberof_attribute, array()); } else { // Reverse lookup: have to find the groups with the user dn present $lookupValue = is_null($result) ? $attributes[$this->member_dn][0] : $result->getValue(0, $this->member_dn, 0); // Build the search filter for this $search = $this->member_attribute . '=' . $lookupValue; $search = SHLDAPHelper::buildFilter(array($search)); // Find all the groups that have this user present as a member if (($reverse = $adapter->client->search(null, $search, array('dn'))) !== false) { for ($i = 0; $i < $reverse->countEntries(); ++$i) { // Extract the group distinguished name from the result $groups[] = $reverse->getDN($i); } } } } // Need to process the recursion using the initial groups as a basis if ($this->recursion && count($groups)) { // Check if the Adapter is LDAP based if ($adapter::getType('LDAP')) { $outcome = array(); if ($this->lookup_type === self::LOOKUP_REVERSE) { // We need to override the lookup attribute for reverse recursion self::getRecursiveGroups($adapter->client, $groups, $this->recursion_depth, $outcome, 'dn', $this->member_attribute); } else { self::getRecursiveGroups($adapter->client, $groups, $this->recursion_depth, $outcome, $this->memberof_attribute, $this->dn_attribute); } // We need to merge them back together without duplicates $groups = array_unique(array_merge($groups, $outcome)); } } // Lets store the groups $groups = array_values($groups); $attributes[$this->lookup_type === self::LOOKUP_FORWARD ? $this->memberof_attribute : $this->member_attribute] = $groups; return true; }