/** * Refresh ldap users * * New users (found in ldap) will be automatically created if all required fiƩlds are set. * Profile fields which are bind to LDAP will automatically updated. */ public function syncUsers() { if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) { return; } $userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter'); $baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'); $userCollection = $this->getLdap()->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB); $authClient = null; $ids = []; foreach ($userCollection as $attributes) { $authClient = new static(); $authClient->setUserAttributes($attributes); $attributes = $authClient->getUserAttributes(); $user = AuthClientHelpers::getUserByAuthClient($authClient); if ($user === null) { if (!AuthClientHelpers::createUser($authClient)) { Yii::warning('Could not automatically create LDAP user ' . $attributes['email'] . ' - check required attributes!'); } } else { AuthClientHelpers::updateUser($authClient, $user); } $ids[] = $attributes['id']; } /** * Since userTableAttribute can be automatically set on user attributes * try to take it from initialized authclient instance. */ $userTableIdAttribute = $this->getUserTableIdAttribute(); if ($authClient !== null) { $userTableIdAttribute = $authClient->getUserTableIdAttribute(); } // Disable not longer existing users foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) { if ($user->status !== User::STATUS_DISABLED && !in_array($user->getAttribute($userTableIdAttribute), $ids)) { $user->status = User::STATUS_DISABLED; $user->save(); Yii::warning('Disabled user ' . $user->username . ' (' . $user->id . ') - Not found in LDAP!'); } } }
/** * Login user * * @param User $user * @param \yii\authclient\BaseClient $authClient * @return Response the current response object */ protected function login($user, $authClient) { $redirectUrl = ['/user/auth/login']; if ($user->status == User::STATUS_ENABLED) { $duration = 0; if ($authClient instanceof \humhub\modules\user\authclient\BaseFormAuth) { if ($authClient->login->rememberMe) { $duration = Yii::$app->getModule('user')->loginRememberMeDuration; } } AuthClientHelpers::updateUser($authClient, $user); if (Yii::$app->user->login($user, $duration)) { Yii::$app->user->setCurrentAuthClient($authClient); $url = Yii::$app->user->returnUrl; } } elseif ($user->status == User::STATUS_DISABLED) { Yii::$app->session->setFlash('error', 'Your account is disabled!'); } elseif ($user->status == User::STATUS_NEED_APPROVAL) { Yii::$app->session->setFlash('error', 'Your account is not approved yet!'); } else { Yii::$app->session->setFlash('error', 'Unknown user status!'); } if (Yii::$app->request->getIsAjax()) { return $this->htmlRedirect($redirectUrl); } return $this->redirect($redirectUrl); }