public function authenticate($ps_username, $ps_password = '', $pa_options = null) { $vo_bind = $this->bindToDirectory($ps_username, $ps_password); if (!$vo_bind) { if (ldap_get_option($this->getLinkIdentifier(), 0x32, $extended_error)) { $vs_bind_rdn = $this->getProcessedConfigValue("ldap_bind_rdn_format", $ps_username, "", ""); caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($this->getLinkIdentifier()) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate"); } return false; } // check group membership if (!$this->hasRequiredGroupMembership($ps_username)) { return false; } // user role and group membership syncing with directory $this->syncWithDirectory($ps_username); return true; }
/** * Upload a local file to a GitHub repository * @param string $ps_user GitHub username * @param string $ps_token access token. Global account password can be used here but it's recommended to create a personal access token instead. * @param string $ps_owner The repository owner * @param string $ps_repo repository name * @param string $ps_git_path path for the file destination inside the repository, e.g. "/exports/from_collectiveaccess/export.xml." * @param string $ps_local_filepath file to upload as absolute local path. Note that the file must be loaded in memory to be committed to GitHub. * @param string $ps_branch branch to commit to. defaults to 'master' * @param bool $pb_update_on_conflict Determines what happens if file already exists in GitHub repository. * true means the file is updated in place for. false means we abort. default is true * @param string $ps_commit_msg commit message * @return bool success state */ function caUploadFileToGitHub($ps_user, $ps_token, $ps_owner, $ps_repo, $ps_git_path, $ps_local_filepath, $ps_branch = 'master', $pb_update_on_conflict = true, $ps_commit_msg = null) { // check mandatory params if (!$ps_user || !$ps_token || !$ps_owner || !$ps_repo || !$ps_git_path || !$ps_local_filepath) { caLogEvent('DEBG', "Invalid parameters for GitHub file upload. Check your configuration!", 'caUploadFileToGitHub'); return false; } if (!$ps_commit_msg) { $ps_commit_msg = 'Commit created by CollectiveAccess on ' . date('c'); } $o_client = new \Github\Client(); $o_client->authenticate($ps_user, $ps_token); $vs_content = @file_get_contents($ps_local_filepath); try { $o_client->repositories()->contents()->create($ps_owner, $ps_repo, $ps_git_path, $vs_content, $ps_commit_msg, $ps_branch); } catch (Github\Exception\RuntimeException $e) { switch ($e->getCode()) { case 401: caLogEvent('DEBG', "Could not authenticate with GitHub. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub'); break; case 422: if ($pb_update_on_conflict) { try { $va_content = $o_client->repositories()->contents()->show($ps_owner, $ps_repo, $ps_git_path); if (isset($va_content['sha'])) { $o_client->repositories()->contents()->update($ps_owner, $ps_repo, $ps_git_path, $vs_content, $ps_commit_msg, $va_content['sha'], $ps_branch); } return true; // overwrite was successful if there was no exception in above statement } catch (Github\Exception\RuntimeException $ex) { caLogEvent('DEBG', "Could not update exiting file in GitHub. Error message was: " . $ex->getMessage() . " - Code was: " . $ex->getCode(), 'caUploadFileToGitHub'); break; } } else { caLogEvent('DEBG', "Could not upload file to GitHub. It looks like a file already exists at {$ps_git_path}.", 'caUploadFileToGitHub'); } break; default: caLogEvent('DEBG', "Could not upload file to GitHub. A generic error occurred. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub'); break; } return false; } catch (Github\Exception\ValidationFailedException $e) { caLogEvent('DEBG', "Could not upload file to GitHub. The parameter validation failed. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub'); return false; } catch (Exception $e) { caLogEvent('DEBG', "Could not upload file to GitHub. A generic error occurred. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub'); return false; } return true; }
public function optimizeIndex($pn_tablenum) { /* optimize */ $vs_post_xml = '<optimize />'; $vo_http_client = new Zend_Http_Client(); $vo_http_client->setUri($this->ops_search_solr_url . "/" . $this->opo_datamodel->getTableName($pn_tablenum) . "/update"); try { $vo_http_client->setRawData($vs_post_xml)->setEncType('text/xml')->request('POST'); $vo_http_response = $vo_http_client->request(); } catch (Exception $e) { // Optimize error caLogEvent('ERR', _t('Index optimize failed: %1', $e->getMessage()), 'Solr->optimizeIndex()'); } }
public function flushContentBuffer() { foreach (WLPlugSearchEngineElasticSearch::$s_doc_content_buffer as $vs_key => $va_doc_content_buffer) { $va_post_json = array(); $va_key = explode('/', $vs_key); foreach ($va_doc_content_buffer as $vs_field_name => $va_field_content) { foreach ($va_field_content as $vs_field_content) { $va_post_json[$vs_field_name][] = $vs_field_content; } } if (!isset($va_doc_content_buffer[$va_key[0] . "." . $va_key[1]])) { /* add pk */ $va_post_json[$va_key[1]] = $va_key[2]; } // Output created on and modified on timestamps $qr_res = $this->opo_db->query("\n\t\t\t\tSELECT ccl.log_id, ccl.log_datetime, ccl.changetype, ccl.user_id\n\t\t\t\tFROM ca_change_log ccl\n\t\t\t\tWHERE\n\t\t\t\t\t(ccl.logged_table_num = ?) AND (ccl.logged_row_id = ?)\n\t\t\t\t\tAND\n\t\t\t\t\t(ccl.changetype <> 'D')\n\t\t\t", $this->opo_datamodel->getTableNum($va_key[0]), (int) $va_key[2]); while ($qr_res->nextRow()) { // We "fake" the <table>.<primary key> value here to be the log_id of the change log entry to ensure that the log entry // document has a different unique key than the entry for the actual record. If we didn't do this then we'd overwrite // the indexing for the record itself with indexing for successful log entries. Since the SearchEngine is looking for // just the primary key, sans table name, it's ok to do this hack. $va_post_json[$va_key[0] . "." . $va_key[1]] = $qr_res->get('log_id'); $va_post_json[$va_key[1]] = $va_key[2]; if ($qr_res->get('changetype') == 'I') { $va_post_json["created"] = date("c", $qr_res->get('log_datetime')); $va_post_json["created_user_id"] = $qr_res->get('user_id'); } else { $va_post_json["modified"] = date("c", $qr_res->get('log_datetime')); $va_post_json["modified_user_id"] = $qr_res->get('user_id'); } } $vo_http_client = new Zend_Http_Client(); $vo_http_client->setUri($this->ops_elasticsearch_base_url . "/" . $this->ops_elasticsearch_index_name . "/" . $va_key[0] . "/" . $va_key[2]); try { $vo_http_client->setRawData(json_encode($va_post_json))->setEncType('text/json')->request('POST'); $vo_http_response = $vo_http_client->request(); if ($vo_http_response->getStatus() != 200) { caLogEvent('ERR', _t('Indexing commit failed for %1; response was %2; request was %3', $vs_key, $vo_http_response->getBody(), json_encode($va_post_json)), 'ElasticSearch->flushContentBuffer()'); } } catch (Exception $e) { caLogEvent('ERR', _t('Indexing commit failed for %1 with Exception: %2', $vs_key, $e->getMessage()), 'ElasticSearch->flushContentBuffer()'); } } $this->opa_doc_content_buffer = array(); WLPlugSearchEngineElasticSearch::$s_doc_content_buffer = array(); }
public static function authenticate($ps_username, $ps_password = '', $pa_options = null) { $po_auth_config = Configuration::load(Configuration::load()->get('authentication_config')); if (!function_exists("ldap_connect")) { throw new OpenLDAPException(_t("PHP's LDAP module is required for LDAP authentication!")); } if (!$ps_username) { return false; } // ldap config $vs_ldaphost = $po_auth_config->get("ldap_host"); $vs_ldapport = $po_auth_config->get("ldap_port"); $vs_base_dn = $po_auth_config->get("ldap_base_dn"); $vs_user_ou = $po_auth_config->get("ldap_user_ou"); $vs_bind_rdn = self::postProcessLDAPConfigValue("ldap_bind_rdn_format", $ps_username, $vs_user_ou, $vs_base_dn); $va_default_roles = $po_auth_config->get("ldap_users_default_roles"); if (!is_array($va_default_roles)) { $va_default_roles = array(); } $va_default_groups = $po_auth_config->get("ldap_users_default_groups"); if (!is_array($va_default_groups)) { $va_default_groups = array(); } $vo_ldap = ldap_connect($vs_ldaphost, $vs_ldapport); ldap_set_option($vo_ldap, LDAP_OPT_PROTOCOL_VERSION, 3); if (!$vo_ldap) { return false; } $vs_bind_rdn_filter = self::postProcessLDAPConfigValue("ldap_bind_rdn_filter", $ps_username, $vs_user_ou, $vs_base_dn); if (strlen($vs_bind_rdn_filter) > 0) { $vo_dn_search_results = ldap_search($vo_ldap, $vs_base_dn, $vs_bind_rdn_filter); $va_dn_search_results = ldap_get_entries($vo_ldap, $vo_dn_search_results); if (isset($va_dn_search_results[0]['dn'])) { $vs_bind_rdn = $va_dn_search_results[0]['dn']; } } // log in $vo_bind = @ldap_bind($vo_ldap, $vs_bind_rdn, $ps_password); if (!$vo_bind) { // wrong credentials if (ldap_get_option($vo_ldap, 0x32, $extended_error)) { caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($vo_ldap) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate"); } ldap_unbind($vo_ldap); return false; } // check group membership if (!self::isMemberinAtLeastOneGroup($ps_username, $vo_ldap)) { ldap_unbind($vo_ldap); return false; } // user role and group membership syncing with directory $t_user = new ca_users(); if ($t_user->load($ps_username)) { // don't try to sync roles for non-existing users (the first auth call is before the user is actually created) if ($po_auth_config->get('ldap_sync_user_roles')) { $va_expected_roles = array_merge($va_default_roles, self::getRolesToAddFromDirectory($ps_username, $vo_ldap)); foreach ($va_expected_roles as $vs_role) { if (!$t_user->hasUserRole($vs_role)) { $t_user->addRoles($vs_role); } } foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) { if (!in_array($va_role_info['code'], $va_expected_roles)) { $t_user->removeRoles($vn_id); } } } if ($po_auth_config->get('ldap_sync_user_groups')) { $va_expected_groups = array_merge($va_default_groups, self::getGroupsToAddFromDirectory($ps_username, $vo_ldap)); foreach ($va_expected_groups as $vs_group) { if (!$t_user->inGroup($vs_group)) { $t_user->addToGroups($vs_group); } } foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) { if (!in_array($va_group_info['code'], $va_expected_groups)) { $t_user->removeFromGroups($vn_id); } } } } ldap_unbind($vo_ldap); return true; }