/**
* @inheritdoc
*/
function __invoke(TokenRequestEventInterface $event)
{
// If other listener has granted access, we don`t need to authenticate
if (false === $event->isAccessGranted()) {
/** @var Application $app */
$app = $event->getApp();
$parameters = $event->getParameters();
$vars = ['{username}' => $parameters->getAuthUsername(), '{host}' => $this->host];
$rdn = $this->format($this->rdn, $vars);
$filter = $this->format($this->filter, $vars);
$app->getLogger()->info(sprintf('Checking LDAP authentication, user: "******", scope: "%s", rdn: "%s"', $parameters->getAuthUsername(), $parameters->getScope(), $rdn));
if (false === ($connection = @ldap_connect($this->host))) {
$message = 'Could not connect to LDAP server';
$app->getLogger()->error($message);
throw new ListenerAccessException($message);
}
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
if (false === @ldap_bind($connection, $rdn, $parameters->getAuthPassword())) {
$app->getLogger()->error(sprintf("Authentication failed for user '%s'", $parameters->getAuthUsername()));
$app->getLogger()->error(ldap_error($connection));
$event->setAccessDenied();
ldap_close($connection);
} else {
if (false === ($result = @ldap_search($connection, $rdn, $filter, ['uid']))) {
$app->getLogger()->error(ldap_error($connection));
$event->setAccessDenied();
} else {
$entries = ldap_get_entries($connection, $result);
ldap_unbind($connection);
ldap_close($connection);
if (isset($entries['count']) && $entries['count'] > 0) {
$app->getLogger()->info(sprintf("Authentication success for user '%s'", $parameters->getAuthUsername()));
$event->setAccessGranted();
} else {
$app->getLogger()->error(sprintf("Authentication failed for user '%s'", $parameters->getAuthUsername()));
$event->setAccessDenied();
}
}
}
}
}
/**
* @inheritdoc
*/
function __invoke(TokenRequestEventInterface $event)
{
if (false === $event->isAccessGranted()) {
/** @var Application $app */
$app = $event->getApp();
$parameters = $event->getParameters();
$app->getLogger()->info(sprintf('Checking YAML authentication, user: "******", scope: "%s"', $parameters->getAuthUsername(), $parameters->getScope()));
foreach ($this->users as $user) {
if ($user['username'] === $parameters->getAuthUsername() && $user['password'] === $parameters->getAuthPassword()) {
$app->getLogger()->debug(sprintf('User found: %s', isset($user['access']) ? json_encode($user['access']) : "[ALL RIGHTS]"));
if (null === ($scope = $event->getParameters()->getScope())) {
// no scope to validate
$event->setAccessGranted();
return;
} else {
if (isset($user['access'])) {
foreach ($user['access'] as $access) {
$type = isset($access['type']) ? $access['type'] : null;
$name = isset($access['name']) ? $access['name'] : null;
$actions = isset($access['actions']) ? $access['actions'] : [];
if ($scope->isValid($type, $name, $actions)) {
$event->setAccessGranted();
return;
}
}
} else {
// no limits on account
$event->setAccessGranted();
return;
}
}
$event->setAccessDenied();
}
}
}
}
