Example #1
0
 /**
  * Login a user using a username and password
  * to bind against an LDAP server
  * @param Request $request
  *
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $username = $request->request->get('username');
     $password = $request->request->get('password');
     $errors = [];
     if (!$username) {
         $errors[] = 'missingUsername';
     }
     if (!$password) {
         $errors[] = 'missingPassword';
     }
     if ($username && $password) {
         $authEntity = $this->authManager->findAuthenticationByUsername($username);
         if ($authEntity) {
             $user = $authEntity->getUser();
             $passwordValid = $this->checkLdapPassword($username, $password);
             if ($passwordValid) {
                 $jwt = $this->jwtManager->createJwtFromUser($user);
                 return $this->createSuccessResponseFromJWT($jwt);
             }
         }
         $errors[] = 'badCredentials';
     }
     return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
 }
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $now = new DateTime();
     $userId = $input->getArgument('userId');
     $user = $this->userManager->findUserBy(['id' => $userId]);
     if (!$user) {
         throw new \Exception("No user with id #{$userId} was found.");
     }
     $authentication = $user->getAuthentication();
     if (!$authentication) {
         $authentication = $this->authenticationManager->createAuthentication();
         $authentication->setUser($user);
     }
     $authentication->setInvalidateTokenIssuedBefore($now);
     $this->authenticationManager->updateAuthentication($authentication);
     $output->writeln('Success!');
     $output->writeln('All the tokens for ' . $user->getFirstAndLastName() . ' issued before Today at ' . $now->format('g:i:s A e') . ' have been invalidated.');
 }
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain an eppn
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $applicationId = $request->server->get('Shib-Application-ID');
     if (!$applicationId) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $eppn = $request->server->get('eppn');
     if (!$eppn) {
         $msg = "No 'eppn' found for authenticated user.";
         $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
         throw new \Exception($msg);
     }
     $authEntity = $this->authManager->findAuthenticationBy(array('username' => $eppn));
     if (!$authEntity) {
         return new JsonResponse(array('status' => 'noAccountExists', 'eppn' => $eppn, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
     }
     $jwt = $this->jwtManager->createJwtFromUser($authEntity->getUser());
     return $this->createSuccessResponseFromJWT($jwt);
 }
Example #4
0
 /**
  * Update users to the new password encoding when they login
  * @param  AuthenticationEntityInterface $authEntity
  * @param  string         $password
  */
 protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password)
 {
     if ($authEntity->isLegacyAccount()) {
         //we have to have a valid token to update the user because the audit log requires it
         $authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider');
         $authenticatedToken->setAuthenticated(true);
         $this->tokenStorage->setToken($authenticatedToken);
         $authEntity->setPasswordSha256(null);
         $encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password);
         $authEntity->setPasswordBcrypt($encodedPassword);
         $this->authManager->updateAuthentication($authEntity);
     }
 }
Example #5
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $userId = $input->getArgument('userId');
     $user = $this->userManager->findUserBy(['id' => $userId]);
     if (!$user) {
         throw new \Exception("No user with id #{$userId} was found.");
     }
     $userRecord = $this->directory->findByCampusId($user->getCampusId());
     if (!$userRecord) {
         $output->writeln('<error>Unable to find ' . $user->getCampusId() . ' in the directory.');
         return;
     }
     $table = new Table($output);
     $table->setHeaders(array('Record', 'Campus ID', 'First', 'Last', 'Email', 'Phone Number'))->setRows(array(['Ilios User', $user->getCampusId(), $user->getFirstName(), $user->getLastName(), $user->getEmail(), $user->getPhone()], ['Directory User', $userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['telephoneNumber']]));
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion('<question>Do you wish to update this Ilios User with the data ' . 'from the Directory User? </question>' . "\n", true);
     if ($helper->ask($input, $output, $question)) {
         $user->setFirstName($userRecord['firstName']);
         $user->setLastName($userRecord['lastName']);
         $user->setEmail($userRecord['email']);
         $user->setPhone($userRecord['telephoneNumber']);
         $authentication = $user->getAuthentication();
         if (!$authentication) {
             $authentication = $this->authenticationManager->createAuthentication();
             $authentication->setUser($user);
         }
         $authentication->setUsername($userRecord['username']);
         $this->authenticationManager->updateAuthentication($authentication, false);
         $this->userManager->updateUser($user);
         $output->writeln('<info>User updated successfully!</info>');
     } else {
         $output->writeln('<comment>Update canceled.</comment>');
     }
 }
Example #6
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $campusId = $input->getArgument('campusId');
     $user = $this->userManager->findUserBy(['campusId' => $campusId]);
     if ($user) {
         throw new \Exception('User #' . $user->getId() . " with campus id {$campusId} already exists.");
     }
     $schoolId = $input->getArgument('schoolId');
     $school = $this->schoolManager->findSchoolBy(['id' => $schoolId]);
     if (!$school) {
         throw new \Exception("School with id {$schoolId} could not be found.");
     }
     $userRecord = $this->directory->findByCampusId($campusId);
     if (!$userRecord) {
         $output->writeln("<error>Unable to find campus ID {$campusId} in the directory.</error>");
         return;
     }
     $table = new Table($output);
     $table->setHeaders(array('Campus ID', 'First', 'Last', 'Email', 'Username', 'Phone Number'))->setRows(array([$userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['username'], $userRecord['telephoneNumber']]));
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion("<question>Do you wish to add this user to Ilios?</question>\n", true);
     if ($helper->ask($input, $output, $question)) {
         $user = $this->userManager->createUser();
         $user->setFirstName($userRecord['firstName']);
         $user->setLastName($userRecord['lastName']);
         $user->setEmail($userRecord['email']);
         $user->setCampusId($userRecord['campusId']);
         $user->setAddedViaIlios(true);
         $user->setEnabled(true);
         $user->setSchool($school);
         $user->setUserSyncIgnore(false);
         $this->userManager->updateUser($user);
         $authentication = $this->authenticationManager->createAuthentication();
         $authentication->setUser($user);
         $authentication->setUsername($userRecord['username']);
         $this->authenticationManager->updateAuthentication($authentication);
         $output->writeln('<info>Success! New user #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
     } else {
         $output->writeln('<comment>Canceled.</comment>');
     }
 }
Example #7
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $output->writeln('<info>Starting User Sync Process.</info>');
     $this->userManager->resetExaminedFlagForAllUsers();
     $this->pendingUserUpdateManager->removeAllPendingUserUpdates();
     $campusIds = $this->userManager->getAllCampusIds(false, false);
     $output->writeln('<info>Attempting to update the ' . count($campusIds) . ' enabled and non sync ignored users in the system.</info>');
     $output->writeln('<info>Searching the directory for users.</info>');
     $allUserRecords = $this->directory->findByCampusIds($campusIds);
     if (!$allUserRecords) {
         $output->writeln('<error>[E] Unable to find any users in the directory.</error>');
     }
     $totalRecords = count($allUserRecords);
     $output->writeln("<info>Found {$totalRecords} records in the directory.</info>");
     $updated = 0;
     $chunks = array_chunk($allUserRecords, 500);
     foreach ($chunks as $userRecords) {
         foreach ($userRecords as $recordArray) {
             $users = $this->userManager->findUsersBy(['campusId' => $recordArray['campusId'], 'enabled' => true, 'userSyncIgnore' => false]);
             if (count($users) == 0) {
                 //this shouldn't happen unless the user gets updated between
                 //listing all the IDs and getting results back from
                 //the directory
                 $output->writeln('<error>[E] Unable to find an enabled sync active user with ' . 'campus ID ' . $recordArray['campusId'] . '.</error>');
                 continue;
             }
             if (count($users) > 1) {
                 $output->writeln('<error>[E] Multiple accounts exist for the same ' . 'campus ID (' . $recordArray['campusId'] . ').  ' . 'None of them will be updated.</error>');
                 foreach ($users as $user) {
                     $user->setExamined(true);
                     $this->userManager->updateUser($user, false);
                 }
                 continue;
             }
             $user = $users[0];
             $update = false;
             $fixSmallThings = true;
             $output->writeln('<info>[I] Comparing User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' (' . $user->getEmail() . ') ' . 'to directory user by campus ID ' . $user->getCampusId() . '.</info>');
             if (!$this->validateDirectoryRecord($recordArray, $output)) {
                 $user->setExamined(true);
                 $this->userManager->updateUser($user, false);
                 //don't do anything else with invalid directory data
                 continue;
             }
             if ($user->getEmail() != $recordArray['email']) {
                 if (strtolower($user->getEmail()) == strtolower($recordArray['email'])) {
                     $update = true;
                     $output->writeln('  <comment>[I] Updating email from "' . $user->getEmail() . '" to "' . $recordArray['email'] . '" since the only difference was the case.</comment>');
                     $user->setEmail($recordArray['email']);
                 } else {
                     $fixSmallThings = false;
                     $output->writeln('  <comment>[I] Email address "' . $user->getEmail() . '" differs from "' . $recordArray['email'] . '" logging for further action.</comment>');
                     $pendingUpdate = $this->pendingUserUpdateManager->createPendingUserUpdate();
                     $pendingUpdate->setUser($user);
                     $pendingUpdate->setProperty('email');
                     $pendingUpdate->setValue($recordArray['email']);
                     $pendingUpdate->setType('emailMismatch');
                     $this->pendingUserUpdateManager->updatePendingUserUpdate($pendingUpdate, false);
                 }
             }
             if ($fixSmallThings && $user->getFirstName() != $recordArray['firstName']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating first name from "' . $user->getFirstName() . '" to "' . $recordArray['firstName'] . '".</comment>');
                 $user->setFirstName($recordArray['firstName']);
             }
             if ($fixSmallThings && $user->getLastName() != $recordArray['lastName']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating last name from "' . $user->getLastName() . '" to "' . $recordArray['lastName'] . '".</comment>');
                 $user->setLastName($recordArray['lastName']);
             }
             if ($fixSmallThings && $user->getPhone() != $recordArray['telephoneNumber']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating phone number from "' . $user->getPhone() . '" to "' . $recordArray['telephoneNumber'] . '".</comment>');
                 $user->setPhone($recordArray['telephoneNumber']);
             }
             $authentication = $user->getAuthentication();
             if (!$authentication) {
                 $output->writeln('  <comment>[I] User had no authentication data, creating it now.</comment>');
                 $authentication = $this->authenticationManager->createAuthentication();
                 $authentication->setUser($user);
             }
             if ($fixSmallThings && $authentication->getUsername() != $recordArray['username']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating username from "' . $authentication->getUsername() . '" to "' . $recordArray['username'] . '".</comment>');
                 $authentication->setUsername($recordArray['username']);
                 $this->authenticationManager->updateAuthentication($authentication, false);
             }
             if ($update) {
                 $updated++;
             }
             $user->setExamined(true);
             $this->userManager->updateUser($user, false);
         }
         $this->em->flush();
         $this->em->clear();
     }
     $output->writeln('<info>Searching for users who were not examined during the sync process.</info>');
     $unsyncedUsers = $this->userManager->findUsersBy(['examined' => false, 'enabled' => true, 'userSyncIgnore' => false], ['lastName' => ' ASC', 'firstName' => 'ASC']);
     $output->writeln('<info>Found ' . count($unsyncedUsers) . ' unexamined users.</info>');
     foreach ($unsyncedUsers as $user) {
         $output->writeln('<comment>[I] User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' ' . $user->getEmail() . ' not found in the directory.  Logged for further study.</comment>');
         $update = $this->pendingUserUpdateManager->createPendingUserUpdate();
         $update->setUser($user);
         $update->setType('missingFromDirectory');
         $this->pendingUserUpdateManager->updatePendingUserUpdate($update, false);
     }
     $this->em->flush();
     $output->writeln("<info>Completed sync process {$totalRecords} users found in the directory; " . "{$updated} users updated.</info>");
 }
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $filter = $input->getArgument('filter');
     $schoolId = $input->getArgument('schoolId');
     $school = $this->schoolManager->findSchoolBy(['id' => $schoolId]);
     if (!$school) {
         throw new \Exception("School with id {$schoolId} could not be found.");
     }
     $output->writeln("<info>Searching for new students to add to " . $school->getTitle() . ".</info>");
     $students = $this->directory->findByLdapFilter($filter);
     if (!$students) {
         $output->writeln("<error>{$filter} returned no results.</error>");
         return;
     }
     $output->writeln('<info>Found ' . count($students) . ' students in the directory.</info>');
     $campusIds = $this->userManager->getAllCampusIds();
     $newStudents = array_filter($students, function (array $arr) use($campusIds) {
         return !in_array($arr['campusId'], $campusIds);
     });
     if (!count($newStudents) > 0) {
         $output->writeln("<info>There are no new students to add.</info>");
         return;
     }
     $output->writeln('<info>There are ' . count($newStudents) . ' new students to be added to ' . $school->getTitle() . '.</info>');
     $rows = array_map(function (array $arr) {
         return [$arr['campusId'], $arr['firstName'], $arr['lastName'], $arr['email']];
     }, $newStudents);
     $table = new Table($output);
     $table->setHeaders(array('Campus ID', 'First', 'Last', 'Email'))->setRows($rows);
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion('<question>Do you wish to add these students to ' . $school->getTitle() . '? </question>' . "\n", true);
     if ($helper->ask($input, $output, $question)) {
         $studentRole = $this->userRoleManager->findUserRoleBy(array('title' => 'Student'));
         foreach ($newStudents as $userRecord) {
             if (empty($userRecord['email'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no email address.</error>');
                 continue;
             }
             if (empty($userRecord['campusId'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no campus ID.</error>');
                 continue;
             }
             if (empty($userRecord['username'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no username.</error>');
                 continue;
             }
             $user = $this->userManager->createUser();
             $user->setFirstName($userRecord['firstName']);
             $user->setLastName($userRecord['lastName']);
             $user->setEmail($userRecord['email']);
             $user->setCampusId($userRecord['campusId']);
             $user->setAddedViaIlios(true);
             $user->setEnabled(true);
             $user->setSchool($school);
             $user->setUserSyncIgnore(false);
             $user->addRole($studentRole);
             $this->userManager->updateUser($user);
             $authentication = $this->authenticationManager->createAuthentication();
             $authentication->setUser($user);
             $authentication->setUsername($userRecord['username']);
             $this->authenticationManager->updateAuthentication($authentication, false);
             $studentRole->addUser($user);
             $this->userRoleManager->updateUserRole($studentRole);
             $output->writeln('<info>Success! New student #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
         }
     } else {
         $output->writeln('<comment>Update canceled.</comment>');
     }
 }