/**
* Gets the user adapter for the user specified. Creates a new user
* adapter if one doesnt already exist for the user.
*
* @param array|string $user Either a username string or array of credentials including JUser ID and domain.
* @param string $type Type of adapter (e.g. ldap, xml, federated).
* @param array $options An array of optional options including isNew.
*
* @return SHUserAdapter Object to user adapter.
*
* @since 2.0
* @throws Exception
*/
public static function getUserAdapter($user, $type = null, $options = array())
{
if (is_array($user)) {
$username = strtolower(JArrayHelper::getValue($user, 'username', null, 'string'));
$credentials = $user;
} else {
$username = strtolower((string) $user);
$credentials = array('username' => $username);
}
if (empty($username)) {
throw new RuntimeException(JText::_('LIB_SHFACTORY_ERR_2121'), 2121);
}
if (!isset(self::$adapters[$username])) {
$config = self::getConfig();
// Check if this user is in the blacklist
if ($blacklist = (array) json_decode($config->get('user.blacklist'))) {
if (in_array($username, $blacklist)) {
throw new RuntimeException(JText::sprintf('LIB_SHFACTORY_ERR_2125', $username), 2125);
}
}
// Attempts to get the user linking entry to determine domain and type of user
//TODO: allow multiple domains from links
if ($links = SHAdapterMap::getUser($username)) {
if ((bool) $config->get('user.usedomain', true)) {
if (!isset($credentials['domain'])) {
// Attempt to get the domain for this user
$credentials['domain'] = $links[0]['domain'];
}
} else {
unset($credentials['domain']);
}
if (!isset($credentials['type']) && is_null($type)) {
// Attempt to get the User Adapter name
$type = $links[0]['adapter'];
}
}
if (is_null($type)) {
// Get the default/primary user adapter type from the database
$type = $config->get('user.type', 'Default');
}
// Camel case friendly for class name
$type = ucfirst(strtolower($type));
$class = "SHUserAdapters{$type}";
if (class_exists($class)) {
// Create the adapter (note: remember to unset if using multiple adapters!)
self::$adapters[$username] = new $class($credentials, null, $options);
} else {
throw new RuntimeException(JText::sprintf('LIB_SHFACTORY_ERR_2123', $class), 2123);
}
} else {
// Update credentials if required
if ($password = JArrayHelper::getValue($user, 'password', false)) {
self::$adapters[$username]->updateCredential($password, $options);
}
}
return self::$adapters[$username];
}
/**
* Returns if the current or specified user was authenticated
* via LDAP.
*
* @param JUser|integer|array $user Optional user id (if null then uses current user).
*
* @return boolean True if user is Ldap authenticated or False otherwise.
*
* @since 2.0
* @deprecated [2.1] Use SHAdapterMap::getUser instead.
*/
public static function isUserLdap($user = null)
{
// This is inefficient but has to be done to prevent issues with numeric usernames
if (!($id = JUserHelper::getUserId($user))) {
$id = $user;
}
if ($links = SHAdapterMap::getUser($id, true)) {
if (strtolower($links[0]['adapter']) === 'ldap') {
return true;
}
}
return false;
}
/**
* Entry point for the script.
*
* @return void
*
* @since 2.0
*/
public function doExecute()
{
// Setup some stats
$failed = 0;
$success = 0;
$errors = array();
// It appears we have to tell the system we are running with the site otherwise bad things happen
JFactory::getApplication('site');
$this->out(JText::_('CLI_SHMANIC_LDAP_INFO_13001'));
// Get all the valid configurations
if (!($configs = SHLdapHelper::getConfig())) {
// Failed to find any Ldap configs
$this->out(JText::_('CLI_SHMANIC_LDAP_ERR_13003'));
$this->close(1);
}
// Check if only a single config was found
if ($configs instanceof JRegistry) {
/*
* To make things easier, we pretend we returned multiple Ldap configs
* by casting the single entry into an array.
*/
$configs = array($configs);
}
$count = count($configs);
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13002', $count))->out();
// Loop around each LDAP configuration
foreach ($configs as $config) {
try {
// Get a new Ldap object
$ldap = new SHLdap($config);
// Bind with the proxy user
if (!$ldap->authenticate(SHLdap::AUTH_PROXY)) {
// Something is wrong with this LDAP configuration - cannot bind to proxy user
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13011', $ldap->info), 13011);
unset($ldap);
continue;
}
// Get all the Ldap users in the directory
if (!($result = $ldap->search(null, $ldap->allUserFilter, array('dn', $ldap->keyUid)))) {
// Failed to search for all users in the directory
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13012', $ldap->getErrorMsg()), 13012);
unset($ldap);
continue;
}
// Loop around each Ldap user
for ($i = 0; $i < $result->countEntries(); ++$i) {
// Get the Ldap username (case insensitive)
if (!($username = strtolower($result->getValue($i, $ldap->keyUid, 0)))) {
continue;
}
try {
// Check if this user is in the blacklist
if ($blacklist = (array) json_decode(SHFactory::getConfig()->get('user.blacklist'))) {
if (in_array($username, $blacklist)) {
throw new RuntimeException(JText::_('CLI_SHMANIC_LDAP_ERR_13025'), 13025);
}
}
// Create the new user adapter
$adapter = new SHUserAdaptersLdap(array('username' => $username), $config);
// Get the Ldap DN
if (!($dn = $adapter->getId(false))) {
continue;
}
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13020', $username));
// Get the Ldap user attributes
$source = $adapter->getAttributes();
// Get the core mandatory J! user fields
$username = $adapter->getUid();
$fullname = $adapter->getFullname();
$email = $adapter->getEmail();
if (empty($fullname)) {
// Full name doesnt exist; use the username instead
$fullname = $username;
}
if (empty($email)) {
// Email doesnt exist; cannot proceed
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13022'), 13022);
}
// Create the user array to enable creating a JUser object
$user = array('fullname' => $fullname, 'username' => $username, 'password_clear' => null, 'email' => $email);
// Create a JUser object from the Ldap user
$options = array('adapter' => &$adapter);
$instance = SHUserHelper::getUser($user, $options);
if ($instance === false) {
// Failed to get the user either due to save error or autoregister
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13024'), 13024);
}
// Fire the Ldap specific on Sync feature
$sync = SHLdapHelper::triggerEvent('onLdapSync', array(&$instance, $options));
// Check if the synchronise was successfully and report
if ($sync !== false) {
// Even if the sync does not need a save, do it anyway as Cron efficiency doesnt matter too much
SHUserHelper::save($instance);
// Update the user map linker
SHAdapterMap::setUser($adapter, $instance->id);
// Above should throw an exception on error so therefore we can report success
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13029', $username));
++$success;
} else {
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13026'), 13026);
}
unset($adapter);
} catch (Exception $e) {
unset($adapter);
++$failed;
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13028', $username, $e->getMessage()), $e->getCode());
}
}
} catch (Exception $e) {
$errors[] = new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13004'), 13004);
}
}
// Print out some results and stats
$this->out()->out()->out(JText::_('CLI_SHMANIC_LDAP_INFO_13032'))->out();
$this->out(JText::_('CLI_SHMANIC_LDAP_INFO_13038'));
foreach ($errors as $error) {
if ($error instanceof Exception) {
$this->out(' ' . $error->getCode() . ': ' . $error->getMessage());
} else {
$this->out(' ' . (string) $error);
}
}
$this->out()->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13034', $success));
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13036', $failed));
$this->out()->out('============================');
}
/**
* Method is called on user login failure.
*
* @param array $response The authentication response.
*
* @return void
*
* @since 2.0
*/
public function onUserLoginFailure($response)
{
if ($username = JArrayHelper::getValue($response, 'username', false, 'string')) {
// Check if the user exists in the J! database
if ($id = JUserHelper::getUserId($username)) {
// Check if the attempted login was an adapter user, if so then fire the event
if ($userLink = SHAdapterMap::getUser($id, true)) {
SHAdapterEventHelper::triggerEvent($userLink[0]['adapter'], 'onUserLoginFailure', array($response));
}
}
}
}
