/**
* Synchronizes a user.
*
* @param string $userdn
* @param $username
* @return array|FALSE
*/
public static function synchroniseUser($userdn, $username = NULL)
{
// User is valid. Get it from DN.
$ldapUser = static::getLdapUser($userdn);
if ($ldapUser === NULL) {
return FALSE;
}
if (!$username) {
$userAttribute = Configuration::getUsernameAttribute(static::$config['users']['filter']);
$username = $ldapUser[$userAttribute][0];
}
// Get user pid from user mapping.
$typo3_users_pid = Configuration::getPid(static::$config['users']['mapping']);
// Get TYPO3 user from username, DN and pid.
$typo3_user = static::getTypo3User($username, $userdn, $typo3_users_pid);
if ($typo3_user === NULL) {
// Non-existing local users are not allowed to authenticate
return FALSE;
}
// Get LDAP and TYPO3 user groups for user
// First reset the LDAP groups
static::$ldapGroups = NULL;
$typo3_groups = static::getUserGroups($ldapUser);
if ($typo3_groups === NULL) {
// Required LDAP groups are missing
static::$lastAuthenticationDiagnostic = 'Missing required LDAP groups.';
return FALSE;
}
if (Configuration::getValue('IfUserExist') && !$typo3_user['uid']) {
return FALSE;
// User does not exist in TYPO3.
} elseif (!$typo3_user['uid'] && (!empty($typo3_groups) || !Configuration::getValue('DeleteUserIfNoTYPO3Groups'))) {
// Insert new user: use TCA configuration to override default values
$table = static::$authenticationService->authInfo['db_user']['table'];
if (is_array($GLOBALS['TCA'][$table]['columns'])) {
foreach ($GLOBALS['TCA'][$table]['columns'] as $column => $columnConfig) {
if (isset($columnConfig['config']['default'])) {
$defaultValue = $columnConfig['config']['default'];
$typo3_user[$column] = $defaultValue;
}
}
}
$typo3_user['username'] = Typo3UserRepository::setUsername($typo3_user['username']);
$typo3_user = Typo3UserRepository::add($table, $typo3_user);
}
if (!empty($typo3_user['uid'])) {
$typo3_user['deleted'] = 0;
$typo3_user['endtime'] = 0;
$typo3_user['password'] = Typo3UserRepository::setRandomPassword();
if (empty($typo3_groups) && Configuration::getValue('DeleteUserIfNoTYPO3Groups')) {
$typo3_user['deleted'] = 1;
$typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
}
// Delete user if no LDAP groups found.
if (Configuration::getValue('DeleteUserIfNoLDAPGroups') && !static::$ldapGroups) {
$typo3_user['deleted'] = 1;
$typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
}
// Set groups to user.
$typo3_user = Typo3UserRepository::setUserGroups($typo3_user, $typo3_groups);
// Merge LDAP user with TYPO3 user from mapping.
if ($typo3_user) {
$typo3_user = static::merge($ldapUser, $typo3_user, static::$config['users']['mapping']);
if (Configuration::getValue('forceLowerCaseUsername')) {
// Possible enhancement: use \TYPO3\CMS\Core\Charset\CharsetConverter::conv_case instead
$typo3_user['username'] = strtolower($typo3_user['username']);
}
// Update TYPO3 user.
Typo3UserRepository::update(static::$authenticationService->authInfo['db_user']['table'], $typo3_user);
$typo3_user['tx_igldapssoauth_from'] = 'LDAP';
}
} else {
$typo3_user = FALSE;
}
return $typo3_user;
}
/**
* Imports a given user to the TYPO3 database.
*
* @param array $user Local user information
* @param array $ldapUser LDAP user information
* @param string $restoreBehavior How to restore users (only for update)
* @return array Modified user data
* @throws ImportUsersException
*/
public function import($user, $ldapUser, $restoreBehavior = 'both')
{
// Store the extra data for later restore and remove it
if (isset($user['__extraData'])) {
$extraData = $user['__extraData'];
unset($user['__extraData']);
}
if (empty($user['uid'])) {
// Set other necessary information for a new user
// First make sure to be acting in the right context
Configuration::setMode($this->context);
$user['username'] = Typo3UserRepository::setUsername($user['username']);
$user['password'] = Typo3UserRepository::setRandomPassword();
$typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable);
if ($typo3Groups === NULL) {
// Required LDAP groups are missing: quit!
return $user;
}
$user = Typo3UserRepository::setUserGroups($user, $typo3Groups);
$user = Typo3UserRepository::add($this->userTable, $user);
$this->usersAdded++;
} else {
// Restore user that may have been previously deleted or disabled, depending on chosen behavior
// (default to both undelete and re-enable)
switch ($restoreBehavior) {
case 'enable':
$user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0;
break;
case 'undelete':
$user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0;
break;
case 'nothing':
break;
default:
$user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0;
$user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0;
}
$typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable);
$user = Typo3UserRepository::setUserGroups($user, $typo3Groups === NULL ? array() : $typo3Groups);
$success = Typo3UserRepository::update($this->userTable, $user);
if ($success) {
$this->usersUpdated++;
}
}
// Restore the extra data and trigger a signal
if (isset($extraData)) {
$user['__extraData'] = $extraData;
// Hook for processing the extra data
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'] as $className) {
/** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface */
$postProcessor = GeneralUtility::getUserObj($className);
if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface) {
$postProcessor->processExtraData($this->userTable, $user);
} else {
throw new ImportUsersException(sprintf('Invalid post-processing class %s. It must implement the \\Causal\\IgLdapSsoAuth\\Utility\\ExtraDataProcessorInterface interface', $className), 1414136057);
}
}
}
}
return $user;
}
