/** * Refresh ldap users * * New users (found in ldap) will be automatically created if all required fiƩlds are set. * Profile fields which are bind to LDAP will automatically updated. */ public function syncUsers() { if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) { return; } $userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter'); $baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'); $userCollection = $this->getLdap()->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB); $authClient = null; $ids = []; foreach ($userCollection as $attributes) { $authClient = new static(); $authClient->setUserAttributes($attributes); $attributes = $authClient->getUserAttributes(); $user = AuthClientHelpers::getUserByAuthClient($authClient); if ($user === null) { if (!AuthClientHelpers::createUser($authClient)) { Yii::warning('Could not automatically create LDAP user ' . $attributes['email'] . ' - check required attributes!'); } } else { AuthClientHelpers::updateUser($authClient, $user); } $ids[] = $attributes['id']; } /** * Since userTableAttribute can be automatically set on user attributes * try to take it from initialized authclient instance. */ $userTableIdAttribute = $this->getUserTableIdAttribute(); if ($authClient !== null) { $userTableIdAttribute = $authClient->getUserTableIdAttribute(); } // Disable not longer existing users foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) { if ($user->status !== User::STATUS_DISABLED && !in_array($user->getAttribute($userTableIdAttribute), $ids)) { $user->status = User::STATUS_DISABLED; $user->save(); Yii::warning('Disabled user ' . $user->username . ' (' . $user->id . ') - Not found in LDAP!'); } } }
/** * Handle successful authentication * * @param \yii\authclient\BaseClient $authClient * @return Response */ public function onAuthSuccess(\yii\authclient\BaseClient $authClient) { $attributes = $authClient->getUserAttributes(); // User already logged in - Add new authclient to existing user if (!Yii::$app->user->isGuest) { AuthClientHelpers::storeAuthClientForUser($authClient, Yii::$app->user->getIdentity()); return $this->redirect(['/user/account/connected-accounts']); } // Login existing user $user = AuthClientHelpers::getUserByAuthClient($authClient); if ($user !== null) { return $this->login($user, $authClient); } if (!$authClient instanceof ApprovalBypass && !Yii::$app->getModule('user')->settings->get('auth.anonymousRegistration')) { Yii::$app->session->setFlash('error', Yii::t('UserModule.base', "You're not registered.")); return $this->redirect(['/user/auth/login']); } // Check if E-Mail is given if (!isset($attributes['email'])) { Yii::$app->session->setFlash('error', "Missing E-Mail Attribute from AuthClient."); return $this->redirect(['/user/auth/login']); } if (!isset($attributes['id'])) { Yii::$app->session->setFlash('error', "Missing ID AuthClient Attribute from AuthClient."); return $this->redirect(['/user/auth/login']); } // Check if e-mail is already taken if (User::findOne(['email' => $attributes['email']]) !== null) { Yii::$app->session->setFlash('error', Yii::t('UserModule.base', 'User with the same email already exists but isn\'t linked to you. Login using your email first to link it.')); return $this->redirect(['/user/auth/login']); } // Try automatically create user & login user $user = AuthClientHelpers::createUser($authClient); if ($user !== null) { return $this->login($user, $authClient); } // Make sure we normalized user attributes before put it in session (anonymous functions) $authClient->setNormalizeUserAttributeMap([]); // Store authclient in session - for registration controller Yii::$app->session->set('authClient', $authClient); // Start registration process return $this->redirect(['/user/registration']); }