public static function beforeLogin($params, &$response) { $oldIgnoreAcl = \GO::setIgnoreAclPermissions(true); $ia = new Authenticator(); if ($ia->setCredentials($params['username'], $params['password'])) { if ($ia->imapAuthenticate()) { if (!$ia->user) { \GO::debug("IMAPAUTH: Group-Office user doesn't exist."); if (!isset($params['first_name'])) { $response['needCompleteProfile'] = true; $response['success'] = false; $response['feedback'] = \GO::t('pleaseCompleteProfile', 'imapauth'); return false; } else { //user doesn't exist. create it now $user = new \GO\Base\Model\User(); $user->email = $ia->email; $user->username = $ia->goUsername; $user->password = $ia->imapPassword; $user->first_name = $params['first_name']; $user->middle_name = $params['middle_name']; $user->last_name = $params['last_name']; try { if (!$user->save()) { throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors())); } if (!empty($ia->config['groups'])) { $user->addToGroups($ia->config['groups']); } $ia->user = $user; $user->checkDefaultModels(); //todo testen of deze regel nodig is om e-mail account aan te maken voor nieuwe gebruiker $ia->createEmailAccount($user, $ia->config, $ia->imapUsername, $ia->imapPassword); } catch (\Exception $e) { \GO::debug('IMAPAUTH: Failed creating user ' . $ia->goUsername . ' and e-mail ' . $ia->email . 'Exception: ' . $e->getMessage(), E_USER_WARNING); } } } } else { $response['feedback'] = GO::t('badLogin') . ' (IMAP)'; return false; } } \GO::setIgnoreAclPermissions($oldIgnoreAcl); }
/** * Create a new user * * When creating a user we also need to create a lot of default models and * set permissions for this user. This function creates the user with permissions * and the right models in one go. * * @param array $attributes * @param array $groups array of group names array('Internal','Some group'); * @param array $modulePermissionLevels array('calendar'=>1,'projects'=>4) * @return User */ public static function newInstance($attributes, $groups = array(), $modulePermissionLevels = array()) { $user = new User(); $user->setAttributes($attributes); $user->save(); $user->addToGroups($groups); foreach ($modulePermissionLevels as $module => $permissionLevel) { GO::modules()->{$module}->acl->addUser($user->id, $permissionLevel); } $user->checkDefaultModels(); return $user; }
/** * * @param \GO\Base\Ldap\Record $user * @param type $password * @return \GO\Base\Model\User */ public function syncUserWithLdapRecord(\GO\Base\Ldap\Record $record, $password = null) { //disable password validation because we can't control the external passwords \GO::config()->password_validate = false; $attr = $this->getUserAttributes($record); if (!empty($attr['exclude'])) { \GO::debug("LDAPAUTH: User is excluded from LDAP by mapping!"); return false; } unset($attr['exclude']); try { $user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']); if ($user) { \GO::debug("LDAPAUTH: Group-Office user already exists."); if (isset($password) && !$user->checkPassword($password)) { \GO::debug('LDAPAUTH: LDAP password has been changed. Updating Group-Office database'); $user->password = $password; } if (empty(\GO::config()->ldap_auth_dont_update_profiles)) { //never update the e-mail address because the user //can't change it to something invalid. if ($this->validateUserEmail($record, $user->email)) { unset($attr['email']); } $user->setAttributes($attr); $user->cutAttributeLengths(); \GO::debug('LDAPAUTH: updating user profile'); \GO::debug($attr); $this->_updateContact($user, $attr); } else { \GO::debug('LDAPAUTH: Profile updating from LDAP is disabled'); } if (!$user->save()) { throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors())); } } else { \GO::debug("LDAPAUTH: Group-Office user does not exist. Attempting to create it."); \GO::debug($attr); $user = new \GO\Base\Model\User(); $user->setAttributes($attr); $user->cutAttributeLengths(); $user->password = $password; if (!$user->save()) { throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors())); } if (!empty(\GO::config()->ldap_groups)) { $user->addToGroups(explode(',', \GO::config()->ldap_groups)); } $this->_updateContact($user, $attr); $user->checkDefaultModels(); } } catch (\Exception $e) { \GO::debug('LDAPAUTH: Failed creating user ' . $attr['username'] . ' Exception: ' . $e->getMessage(), E_USER_WARNING); return false; } return $user; }