function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query, LdapConnectionInterface $connection)
{
$groups = new LdapObjectCollection();
$groups->add(new LdapObject(['name' => 'Foo', 'dn' => 'cn=Foo,dc=example,dc=local']));
$groups->add(new LdapObject(['guid' => '291d8444-9d5b-4b0a-a6d7-853408f704d5', 'dn' => 'cn=Bar,dc=example,dc=local']));
$groups->add(new LdapObject(['sid' => 'S-1-5-18', 'dn' => 'cn=LocalSys,dc=example,dc=local']));
$groups->add(new LdapObject(['name' => 'Just a DN', 'dn' => 'cn=Stuff,dc=example,dc=local']));
$roleMap = ['ROLE_AWESOME' => ['foo'], 'ROLE_ADMIN' => ['291d8444-9d5b-4b0a-a6d7-853408f704d5'], 'ROLE_DN' => ['cn=Stuff,dc=example,dc=local'], 'ROLE_SID' => ['S-1-5-18']];
$attrMap = ['username' => 'username', 'accountNonLocked' => 'locked', 'accountNonExpired' => 'accountExpirationDate', 'enabled' => 'disabled', 'credentialsNonExpired' => 'passwordMustChange', 'guid' => 'guid', 'groups' => 'groups', 'stringRepresentation' => 'username'];
$config = new DomainConfiguration('foo.bar');
$filter = new ADFilterBuilder();
$ldapObject = new LdapObject($this->attr, ['user'], ['user'], 'user');
$query->getSingleResult()->willReturn($ldapObject);
$query->getResult()->willReturn($groups);
$query->getArrayResult()->willReturn([['name' => 'foo'], ['name' => 'bar']]);
$qb->from(LdapObjectType::USER)->willReturn($qb);
$qb->from('group')->willReturn($qb);
$qb->select(["username", "locked", "accountExpirationDate", "disabled", "passwordMustChange", "guid", "groups", "username"])->willReturn($qb);
$qb->select(["name", "sid", "guid"])->willReturn($qb);
$qb->select('name')->willReturn($qb);
$qb->where(['username' => 'foo'])->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$qb->filter()->willReturn($filter);
$qb->where($filter->hasMemberRecursively($this->attr['guid'], 'members'))->willReturn($qb);
$ldap->buildLdapQuery()->willReturn($qb);
$connection->getConfig()->willReturn($config);
$ldap->getConnection()->willReturn($connection);
$this->beConstructedWith($ldap, $attrMap, $roleMap, true);
}
function let(LdapManager $ldap, LdapConnectionInterface $connection, RouterInterface $router, EventDispatcherInterface $dispatcher)
{
$this->userChecker = new LdapUserChecker();
$this->request = new Request();
$this->request->setSession(new Session());
$router->generate('login')->willReturn('/login');
$connection->getConfig()->willReturn(new DomainConfiguration('foo.bar'));
$ldap->getConnection()->willReturn($connection);
$ldap->getDomainContext()->willReturn('foo.bar');
$this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher);
}
/**
* {@inheritdoc}
*/
public function collect(Request $request, Response $response, \Exception $exception = null)
{
if (!$this->ldap) {
return;
}
$this->data['domains'] = $this->ldap->getDomains();
$this->data['operations_by_domain'] = [];
foreach ($this->data['domains'] as $domain) {
$this->data['operations_by_domain'][$domain] = $this->addOperationToData(...$this->logger->getOperations($domain));
}
$this->data['operations'] = $this->addOperationToData(...$this->logger->getOperations());
$this->data['errors'] = $this->addOperationToData(...$this->logger->getErrors());
}
public function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query, LdapObjectCollection $collection)
{
$ldap->getDomainContext()->willReturn('foo.bar');
$ldap->buildLdapQuery()->willReturn($qb);
$qb->select(Argument::any())->willReturn($qb);
$qb->from(Argument::any())->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$query->getResult()->WillReturn($collection);
$collection->toArray()->willReturn([]);
$this->resolver = new OptionsResolver();
if (Kernel::VERSION >= 2.6) {
$this->resolver->setDefault('ldap_type', 'user');
} else {
$this->resolver->setDefaults(['ldap_type' => 'user']);
}
$this->beConstructedWith($ldap);
}
/**
* @param \Symfony\Component\Security\Core\User\UserProviderInterface $up
*/
function it_should_throw_bad_credentials_if_a_specified_domain_doesnt_exist_on_user_load_or_authenticate($up)
{
$credentials = $this->credentials;
$credentials['ldap_domain'] = 'foo.local';
$user = new LdapUser(new LdapObject(['username' => 'foo']));
$this->ldap->switchDomain('foo.local')->willThrow(new InvalidArgumentException('invalid'));
$this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringCheckCredentials($credentials, $user);
$this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringGetUser($credentials, $up);
}
/**
* Get the LDAP objects from LDAP. Optionally only get those specified by the passed values.
*
* @param array $values The values used to narrow the LDAP query.
* @return \LdapTools\Object\LdapObjectCollection
*/
protected function getLdapObjectsByQuery($values = [])
{
if (!$this->ldapQueryBuilder) {
$query = $this->ldap->buildLdapQuery()->select([$this->id, $this->labelAttribute])->from($this->type);
} else {
$query = clone $this->ldapQueryBuilder;
}
if (!empty($values)) {
foreach ($values as $value) {
$query->orWhere([$this->id => $value]);
}
}
if ($this->queryCallback) {
$closure = $this->queryCallback;
$closure($query);
}
return $query->getLdapQuery()->getResult();
}
function it_should_switch_the_domain_if_the_token_has_the_ldap_domain_set()
{
// It first grabs a copy of the domain context, then checks against it, then checks it at the end...
$this->ldap->getDomainContext()->willReturn('foo.bar', 'foo.bar', 'example.local');
$this->token->hasAttribute('ldap_domain')->willReturn(true);
$this->token->getAttribute('ldap_domain')->willReturn('example.local');
$this->ldap->switchDomain('example.local')->shouldBeCalledTimes(1);
$this->ldap->switchDomain('foo.bar')->shouldBeCalledTimes(1);
$this->authenticate($this->token)->shouldReturnAnInstanceOf('\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken');
}
function let(LdapManager $ldap)
{
$logger = new LdapProfilerLogger();
// Add some log data...
$addOperation = (new AddOperation())->setAttributes(['username' => 'foo', 'unicodePwd' => 'bar']);
$deleteOperation = new DeleteOperation('foo');
$addLog = new LogOperation($addOperation);
$addLog->setDomain('foo.bar');
$addLog->setError('fail');
$deleteLog = new LogOperation($deleteOperation);
$deleteLog->setDomain('example.local');
/** @var LogOperation $log */
foreach ([$addLog, $deleteLog] as $log) {
$logger->start($log->start());
$logger->end($log->stop());
}
$ldap->getDomains()->willReturn(['foo.bar', 'example.local']);
$this->beConstructedWith($logger, $ldap);
}
/**
* {@inheritdoc}
*/
public function configureOptions(OptionsResolver $resolver)
{
$ldap = $this->ldap;
$resolver->setDefaults(['ldap_domain' => $this->ldap->getDomainContext(), 'ldap_attributes' => null, 'ldap_query_builder' => null, 'choice_name' => 'name', 'choice_value' => 'guid', 'choices' => [], 'choice_loader' => function (Options $options) use($ldap) {
if (!interface_exists('\\Symfony\\Component\\Form\\ChoiceList\\Loader\\ChoiceLoaderInterface')) {
return null;
}
return new LdapObjectChoiceLoader($ldap, $options['ldap_type'], $options['choice_name'], $options['choice_value'], $options['ldap_query_builder']);
}, 'choice_list' => function (Options $options) use($ldap) {
// Always prefer the ChoiceLoader if it exists. Fall back to the ObjectChoiceList...
if (interface_exists('\\Symfony\\Component\\Form\\ChoiceList\\Loader\\ChoiceLoaderInterface')) {
return null;
}
$legacyChoiceLoader = new LegacyLdapChoiceLoader($ldap, $options['ldap_type'], $options['choice_name'], $options['choice_value'], $options['ldap_query_builder']);
$preferred = isset($options['preferred_choices']) ? $options['preferred_choices'] : [];
return new LdapObjectChoiceList($legacyChoiceLoader->load(), $options['choice_name'], $preferred, null, $options['choice_value']);
}]);
$resolver->setRequired(['ldap_type']);
$this->setAllowedTypes($resolver);
}
/**
* @param LdapUser $user
* @return LdapObjectCollection
*/
protected function getGroupsForUser(LdapUser $user)
{
$select = $this->roleAttrMap;
unset($select['members']);
$query = $this->ldap->buildLdapQuery()->from($this->groupObjectType)->select(array_values($select));
if ($this->checkGroupsRecursively) {
$query->where($query->filter()->hasMemberRecursively($user->getLdapGuid(), $this->roleAttrMap['members']));
} else {
$query->where([$this->roleAttrMap['members'] => $user->getLdapGuid()]);
}
return $query->getLdapQuery()->getResult();
}
function let(UserProviderInterface $userProvider, LdapUserChecker $userChecker, LdapManager $ldap, TokenInterface $token, LdapUser $user, LdapConnectionInterface $connection, AuthenticationResponse $response, \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher)
{
$this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar');
$token->getUsername()->willReturn('foo');
$token->getCredentials()->willReturn('bar');
$token->hasAttribute('ldap_domain')->willReturn(false);
$token->getAttributes()->willReturn([]);
$token->getUser()->willReturn($user);
$userProvider->loadUserByUsername('foo')->willReturn($user);
$connection->getConfig()->willReturn(new DomainConfiguration('foo.bar'));
$connection->execute($this->operation)->willReturn($response);
$response->isAuthenticated()->willReturn(true);
$ldap->getConnection()->willReturn($connection);
$ldap->getDomainContext()->willReturn('foo.bar');
$user->getUsername()->willReturn('foo');
$user->getRoles()->willReturn(['ROLE_USER']);
$user->isAccountNonLocked()->willReturn(true);
$user->isEnabled()->willReturn(true);
$user->isAccountNonExpired()->willReturn(true);
$user->isCredentialsNonExpired()->willReturn(true);
$this->beConstructedWith('restricted', true, $userProvider, new LdapUserChecker(), $ldap, $dispatcher);
}
/**
* {@inheritdoc}
*/
public function warmUp($cacheDir)
{
$domain = $this->ldap->getDomainContext();
foreach ($this->config->getDomainConfiguration() as $domainConfig) {
$this->ldap->switchDomain($domainConfig->getDomainName());
$schemaFactory = $this->ldap->getSchemaFactory();
$parser = $this->ldap->getSchemaParser();
$schema = empty($domainConfig->getSchemaName()) ? $domainConfig->getLdapType() : $domainConfig->getSchemaName();
$ldapObjects = $parser->parseAll($schema);
$this->cacheAllLdapSchemaObjects($schemaFactory, ...$ldapObjects);
}
$this->ldap->switchDomain($domain);
}
/**
* @param \ReflectionProperty $property
* @param LdapObjectAnnotation $annotation
* @param $entity
* @return LdapObject|LdapObjectCollection|null
*/
protected function queryLdapForObjects(\ReflectionProperty $property, LdapObjectAnnotation $annotation, $entity)
{
$query = $this->ldap->buildLdapQuery()->select($this->getLdapAttributesToSelect($annotation))->from($annotation->type);
$values = $property->getValue($entity);
// A single LdapObject type...
if (is_string($values) && !empty($values)) {
$query->where([$annotation->id => $values]);
// A LdapObjectCollection type...
} elseif (is_array($values) && !empty($values)) {
foreach ($values as $value) {
$query->orWhere([$annotation->id => $value]);
}
// A currently null/empty value?
} else {
return null;
}
if ($annotation->collection) {
$results = $query->getLdapQuery()->getResult();
} else {
$results = $query->getLdapQuery()->getOneOrNullResult();
}
return $results;
}
function let(Reader $reader, LdapManager $ldap, LifecycleEventArgs $eventArgs, ObjectManager $om, ClassMetadata $metadata, LdapObjectSchemaFactory $schemaFactory, LdapConnectionInterface $connection, LdapObjectSchema $schema, LdapQueryBuilder $qb, LdapQuery $query, $entity)
{
$rc = new \ReflectionClass('Doctrine\\Common\\Persistence\\Event\\LifecycleEventArgs');
if ($rc->hasMethod('getObjectManager')) {
$eventArgs->getObjectManager()->willReturn($om);
$eventArgs->getObject()->willReturn($entity);
} else {
$eventArgs->getEntityManager()->willReturn($om);
$eventArgs->getEntity()->willReturn($entity);
}
$om->getClassMetadata(Argument::any())->willReturn($metadata);
$this->config = new DomainConfiguration('foo.bar');
$connection->getConfig()->willReturn($this->config);
$ldap->getDomainContext()->willReturn('foo.bar');
$ldap->getSchemaFactory()->willReturn($schemaFactory);
$ldap->getConnection()->willReturn($connection);
$ldap->buildLdapQuery()->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$this->beConstructedWith($reader, $ldap);
}
/**
* If the passed domain is not the current context, then switch back to it.
*
* @param string $domain
*/
protected function switchDomainBackIfNeeded($domain)
{
if ($domain !== $this->ldap->getDomainContext()) {
$this->ldap->switchDomain($domain);
}
}
public function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query)
{
$ldap->buildLdapQuery()->willReturn($qb);
$qb->getLdapQuery()->willReturn($query);
$this->beConstructedWith($ldap, LdapObjectType::USER);
}
