/**
* @inheritdoc
*/
public function validateCredentials(UserInterface $user, array $credentials)
{
$plain = $credentials[Loader::password()];
if (Hash::check($plain, $user->getAuthPassword())) {
return true;
}
if ($this->delegator->provider($credentials)->authenticate()) {
return true;
}
return null;
}
/**
* @inheritdoc
*/
public function setCredentials(array $credentials)
{
if ($credentials) {
$this->credentials = $credentials;
$this->username = $this->credentials[Loader::username()];
if (strstr($this->username, "@")) {
list($this->login, $this->domain) = explode("@", $this->username);
}
$this->password = $this->credentials[Loader::password()];
}
return $this;
}
/**
* @inheritdoc
*/
public function authenticate()
{
$users = Loader::domain($this->domain)['users'];
if (!isset($users[$this->username])) {
return null;
}
$password = $users[$this->username];
if (Hash::check($this->password, $password)) {
$newUser = $this->model();
$newUser->{Loader::username()} = $this->username;
$newUser->{Loader::password()} = $password;
$newUser->enabled = true;
$newUser->save();
return $newUser;
}
return null;
}
/**
* Map ldap user to model
*
* @param array $ldap
* @param UserInterface|\Eloquent $model
*
* @return mixed
*/
public function map($ldap, UserInterface $model)
{
if (!isset($ldap[strtolower($this->mappings['fields'][Loader::username()])])) {
return false;
}
foreach ($this->mappings['fields'] as $field => $mapped) {
$mapped = strtolower($mapped);
if (!isset($ldap[$mapped])) {
continue;
}
if ($mapped == 'useraccountcontrol') {
if (!in_array($ldap[$mapped][0], $this->locked)) {
$ldap[$mapped][0] = true;
} else {
$ldap[$mapped][0] = false;
}
}
$model->{$field} = $ldap[$mapped][0];
}
$model->save();
return $model;
}
/**
* Authenticate user
*
* @throws \Exception
* @return UserInterface|bool
*/
public function authenticate()
{
$ipAddress = Request::getClientIp();
if (!($config = Loader::ip())) {
return false;
}
isset($config['model']) ? $model = $config['model'] : ($model = 'Ip');
isset($config['ip_address_field']) ? $field = $config['ip_address_field'] : ($field = 'address');
isset($config['relation']) ? $relation = $config['relation'] : ($relation = 'user');
$class = '\\' . ltrim($model, '\\');
if (!class_exists($class)) {
throw new \Exception("Class '" . $model . "' not found for ip address authentication provider. Check config.");
}
$ipModel = new $class();
/**
* @var \Ip $ipModel
*/
if ($exists = $ipModel->where($field, $ipAddress)->first()) {
$user = $exists->{$relation};
return $user;
}
return false;
}
/**
* @inheritdoc
*/
public function authenticate()
{
if (!extension_loaded('imap')) {
throw new \Exception("Cannot use IMAP provider without imap module.", 1);
}
$this->config = Loader::domain($this->domain);
foreach ($this->config['hosts'] as $name => $address) {
try {
$this->connection = \imap_open("{" . $address . "/novalidate-cert}", $this->username, $this->password, null, 1, array("DISABLE_AUTHENTICATOR" => "GSSAPI"));
if ($this->connection) {
break;
}
} catch (\Exception $e) {
Log::warning(' [IMAP] Cannot connect to ' . $name . ': ' . $e->getMessage());
}
}
if (!$this->connection) {
return false;
}
if ($user = $this->resolver->native()->findBy($this->config['mappings'][Loader::username()], $this->username)) {
return $user;
}
return false;
}
/**
* @inheritdoc
*/
public function findByToken($identifier, $token)
{
$connections = Loader::connections();
foreach ($connections as $connection) {
if ($user = $this->findByTokenIn($connection, $identifier, $token)) {
return $user;
}
}
return null;
}
/**
* Get native provider from chain
*
* @return bool|NativeProviderInterface
*/
public function native()
{
return $this->get(Loader::native());
}
/**
* @inheritdoc
*/
public function register($user)
{
$mapping = new LdapMapping($this->config['mappings']);
$user[Loader::password()][0] = Hash::make($this->password);
return $mapping->map($user, $this->model());
}
/**
* Execute the console command.
*
* @return void
*/
public function fire()
{
$domain = $this->argument('domain');
$username = $this->option('username');
$password = $this->option('password');
if (!$username) {
$username = $this->ask('<info>Administrator username for <error>' . $domain . '</error>: </info>');
}
if (!strstr($username, '@')) {
$username .= '@' . $domain;
}
if (!$password) {
$password = $this->secret('<info>Password: </info>');
}
if (!Loader::hasDomain($domain)) {
$this->error('Domain ' . $domain . ' not found in configuration.');
exit(1);
}
$config = Loader::domain($domain);
$ldap = new Connection();
$ldap->connect($config['hosts']);
if (!$ldap->bind($username, $password)) {
$this->error('Bind to ' . $domain . ' with user ' . $username . ' failed.');
exit(1);
}
$entries = $ldap->search($config['baseDN'], $config['mappings'], '(&(objectClass=user)(objectCategory=person))');
if (!$entries) {
$this->error('Users not found.');
exit(1);
}
$ldapMapping = new LdapMapping($config['mappings']);
$class = '\\' . ltrim(Loader::user(), '\\');
$usernameField = strtolower($config['mappings']['fields'][Loader::username()]);
foreach ($entries as $entry) {
if (!is_array($entry)) {
continue;
}
if (!isset($entry[$usernameField])) {
continue;
}
$model = new $class();
$user = $model->where(Loader::username(), $entry[$usernameField][0])->first();
if ($user) {
$model = $user;
$this->info('Updating ' . $entry[$usernameField][0]);
} else {
$this->info('Adding ' . $entry[$usernameField][0]);
}
$ldapMapping->map($entry, $model);
}
}
/**
* Get default domain for authentication without domain
*
* @return string|bool
*/
private function defaultDomain()
{
foreach (Loader::domains() as $domain => $parameters) {
if (isset($parameters['default']) and $parameters['default']) {
return $domain;
}
}
return false;
}
