public function authenticate(TokenInterface $token)
{
$ldapUserCredentials = $token->getLDAPUserCredentials();
$ldapConnection = $this->ldapService->getConnection();
if ($ldapConnection) {
$ldapBind = $this->ldapService->bind($ldapConnection, $ldapUserCredentials['username'], $ldapUserCredentials['password']);
if (true === $ldapBind) {
$ldapEntry = $this->ldapService->read($ldapConnection, "uid=" . $ldapUserCredentials['username'] . "," . $this->ldapService->getDn(), "(objectclass=*)", array('ou', 'sn', 'cn', 'mail'));
if (is_array($ldapEntry) && isset($ldapEntry['count']) && $ldapEntry['count']) {
$ldapUserObject = $ldapEntry[0];
$user = $this->entityLibrary->get('User')->findOneByUsername($ldapUserCredentials['username']);
if (!$user) {
$roleGeneral = $this->entityLibrary->get('Role')->findOneByName('ROLE_GENERAL');
$groupGeneral = $this->entityLibrary->get('UserGroup')->findOneByName('General');
$user = new User();
$user->setName($ldapUserObject['cn'][0] . ' ' . $ldapUserObject['sn'][0]);
$user->setEmail($ldapUserObject['mail'][0]);
$user->setUsername($ldapUserCredentials['username']);
$user->setSalt(uniqid());
$user->addRole($roleGeneral);
$user->addUserGroup($groupGeneral);
$this->entityLibrary->get('User')->save($user);
}
$authenticatedToken = new LDAPToken($user->getRoles());
$authenticatedToken->setUser($user);
$authenticatedToken->setLDAPUserCredentials($ldapUserCredentials);
return $authenticatedToken;
}
}
throw new AuthenticationException('The LDAP credentials are not found.');
}
throw new AuthenticationException('The LDAP authentication failed.');
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$currentRoute = $request->attributes->get('_route');
if (!$this->session->has('LDAP_LOGIN_CALLBACK')) {
if (in_array($currentRoute, $this->allowedRoutes)) {
$this->session->set('LDAP_LOGIN_CALLBACK', $this->kernel->getParameter('rheck_ldap_firewall.default_url'));
} else {
$this->session->set('LDAP_LOGIN_CALLBACK', $currentRoute);
}
}
if (in_array($currentRoute, $this->allowedRoutes)) {
return;
}
if (!$this->session->has('LDAP_LOGIN')) {
$loginUrl = $this->router->generate($this->kernel->getParameter('rheck_ldap_firewall.login_url'));
$event->setResponse(RedirectResponse::create($loginUrl));
return;
}
$ldapUserCredentials = $this->session->get('LDAP_LOGIN');
$token = new LDAPToken();
$token->setUser('ldap_proxy_user');
$token->setLDAPUserCredentials($ldapUserCredentials);
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
} catch (AuthenticationException $failed) {
$this->session->set('LDAP_LOGIN_ERROR', 'Some error was occurred! Can\'t connect to LDAP.');
$event->setResponse(RedirectResponse::create($this->router->generate('_rheck_ldap_login')));
} catch (\Exception $e) {
$this->session->set('LDAP_LOGIN_ERROR', 'Invalid credentials.');
$event->setResponse(RedirectResponse::create($this->router->generate('_rheck_ldap_login')));
}
}
