public static function beforeLogin($params, &$response)
{
$oldIgnoreAcl = \GO::setIgnoreAclPermissions(true);
$ia = new Authenticator();
if ($ia->setCredentials($params['username'], $params['password'])) {
if ($ia->imapAuthenticate()) {
if (!$ia->user) {
\GO::debug("IMAPAUTH: Group-Office user doesn't exist.");
if (!isset($params['first_name'])) {
$response['needCompleteProfile'] = true;
$response['success'] = false;
$response['feedback'] = \GO::t('pleaseCompleteProfile', 'imapauth');
return false;
} else {
//user doesn't exist. create it now
$user = new \GO\Base\Model\User();
$user->email = $ia->email;
$user->username = $ia->goUsername;
$user->password = $ia->imapPassword;
$user->first_name = $params['first_name'];
$user->middle_name = $params['middle_name'];
$user->last_name = $params['last_name'];
try {
if (!$user->save()) {
throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors()));
}
if (!empty($ia->config['groups'])) {
$user->addToGroups($ia->config['groups']);
}
$ia->user = $user;
$user->checkDefaultModels();
//todo testen of deze regel nodig is om e-mail account aan te maken voor nieuwe gebruiker
$ia->createEmailAccount($user, $ia->config, $ia->imapUsername, $ia->imapPassword);
} catch (\Exception $e) {
\GO::debug('IMAPAUTH: Failed creating user ' . $ia->goUsername . ' and e-mail ' . $ia->email . 'Exception: ' . $e->getMessage(), E_USER_WARNING);
}
}
}
} else {
$response['feedback'] = GO::t('badLogin') . ' (IMAP)';
return false;
}
}
\GO::setIgnoreAclPermissions($oldIgnoreAcl);
}
/**
*
* @param \GO\Base\Ldap\Record $user
* @param type $password
* @return \GO\Base\Model\User
*/
public function syncUserWithLdapRecord(\GO\Base\Ldap\Record $record, $password = null)
{
//disable password validation because we can't control the external passwords
\GO::config()->password_validate = false;
$attr = $this->getUserAttributes($record);
if (!empty($attr['exclude'])) {
\GO::debug("LDAPAUTH: User is excluded from LDAP by mapping!");
return false;
}
unset($attr['exclude']);
try {
$user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']);
if ($user) {
\GO::debug("LDAPAUTH: Group-Office user already exists.");
if (isset($password) && !$user->checkPassword($password)) {
\GO::debug('LDAPAUTH: LDAP password has been changed. Updating Group-Office database');
$user->password = $password;
}
if (empty(\GO::config()->ldap_auth_dont_update_profiles)) {
//never update the e-mail address because the user
//can't change it to something invalid.
if ($this->validateUserEmail($record, $user->email)) {
unset($attr['email']);
}
$user->setAttributes($attr);
$user->cutAttributeLengths();
\GO::debug('LDAPAUTH: updating user profile');
\GO::debug($attr);
$this->_updateContact($user, $attr);
} else {
\GO::debug('LDAPAUTH: Profile updating from LDAP is disabled');
}
if (!$user->save()) {
throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors()));
}
} else {
\GO::debug("LDAPAUTH: Group-Office user does not exist. Attempting to create it.");
\GO::debug($attr);
$user = new \GO\Base\Model\User();
$user->setAttributes($attr);
$user->cutAttributeLengths();
$user->password = $password;
if (!$user->save()) {
throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors()));
}
if (!empty(\GO::config()->ldap_groups)) {
$user->addToGroups(explode(',', \GO::config()->ldap_groups));
}
$this->_updateContact($user, $attr);
$user->checkDefaultModels();
}
} catch (\Exception $e) {
\GO::debug('LDAPAUTH: Failed creating user ' . $attr['username'] . ' Exception: ' . $e->getMessage(), E_USER_WARNING);
return false;
}
return $user;
}
