コード例 #1
3
ファイル: AddUserCommand.php プロジェクト: stopfstedt/ilios
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $schoolId = $input->getOption('schoolId');
     if (!$schoolId) {
         $schoolTitles = [];
         foreach ($this->schoolManager->findBy([], ['title' => 'ASC']) as $school) {
             $schoolTitles[$school->getTitle()] = $school->getId();
         }
         $helper = $this->getHelper('question');
         $question = new ChoiceQuestion("What is this user's primary school?", array_keys($schoolTitles));
         $question->setErrorMessage('School %s is invalid.');
         $schoolTitle = $helper->ask($input, $output, $question);
         $schoolId = $schoolTitles[$schoolTitle];
     }
     $school = $this->schoolManager->findOneBy(['id' => $schoolId]);
     if (!$school) {
         throw new \Exception("School with id {$schoolId} could not be found.");
     }
     $userRecord = ['firstName' => $input->getOption('firstName'), 'lastName' => $input->getOption('lastName'), 'email' => $input->getOption('email'), 'telephoneNumber' => $input->getOption('telephoneNumber'), 'campusId' => $input->getOption('campusId'), 'username' => $input->getOption('username'), 'password' => $input->getOption('password')];
     $userRecord = $this->fillUserRecord($userRecord, $input, $output);
     $user = $this->userManager->findOneBy(['campusId' => $userRecord['campusId']]);
     if ($user) {
         throw new \Exception('User #' . $user->getId() . " with campus id {$userRecord['campusId']} already exists.");
     }
     $user = $this->userManager->findOneBy(['email' => $userRecord['email']]);
     if ($user) {
         throw new \Exception('User #' . $user->getId() . " with email address {$userRecord['email']} already exists.");
     }
     $table = new Table($output);
     $table->setHeaders(array('Campus ID', 'First', 'Last', 'Email', 'Username', 'Phone Number'))->setRows(array([$userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['username'], $userRecord['telephoneNumber']]));
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion("<question>Do you wish to add this user to Ilios in {$school->getTitle()}?</question>\n", true);
     if ($helper->ask($input, $output, $question)) {
         $user = $this->userManager->create();
         $user->setFirstName($userRecord['firstName']);
         $user->setLastName($userRecord['lastName']);
         $user->setEmail($userRecord['email']);
         $user->setCampusId($userRecord['campusId']);
         $user->setAddedViaIlios(true);
         $user->setEnabled(true);
         $user->setSchool($school);
         $user->setUserSyncIgnore(false);
         $this->userManager->update($user);
         $authentication = $this->authenticationManager->create();
         $authentication->setUsername($userRecord['username']);
         $user->setAuthentication($authentication);
         $encodedPassword = $this->encoder->encodePassword($user, $userRecord['password']);
         $authentication->setPasswordBcrypt($encodedPassword);
         $this->authenticationManager->update($authentication);
         $output->writeln('<info>Success! New user #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
     } else {
         $output->writeln('<comment>Canceled.</comment>');
     }
 }
コード例 #2
0
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $applicationId = $request->server->get('Shib-Application-ID');
     if (!$applicationId) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $userId = $request->server->get($this->userIdAttribute);
     if (!$userId) {
         $msg = "No '{$this->userIdAttribute}' found for authenticated user.";
         $logVars = [];
         $shibProperties = ['Shib-Session-ID', 'Shib-Authentication-Instant', 'Shib-Authentication-Method', 'Shib-Session-Index'];
         foreach ($shibProperties as $key) {
             $logVars[$key] = $request->server->get($key);
         }
         $logVars['HTTP_REFERER'] = $request->server->get('HTTP_REFERER');
         $logVars['REMOTE_ADDR'] = $request->server->get('REMOTE_ADDR');
         $this->logger->error($msg, ['server variables' => var_export($logVars, true)]);
         throw new \Exception($msg);
     }
     /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
     $authEntity = $this->authManager->findOneBy(array('username' => $userId));
     if ($authEntity) {
         $user = $authEntity->getUser();
         if ($user->isEnabled()) {
             $jwt = $this->jwtManager->createJwtFromUser($user);
             return $this->createSuccessResponseFromJWT($jwt);
         }
     }
     return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
 }
コード例 #3
0
 /**
  * Login a user using a username and password
  * to bind against an LDAP server
  * @param Request $request
  *
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $username = $request->request->get('username');
     $password = $request->request->get('password');
     $code = JsonResponse::HTTP_OK;
     $errors = [];
     if (!$username) {
         $errors[] = 'missingUsername';
         $code = JsonResponse::HTTP_BAD_REQUEST;
     }
     if (!$password) {
         $errors[] = 'missingPassword';
         $code = JsonResponse::HTTP_BAD_REQUEST;
     }
     if ($username && $password) {
         $authEntity = $this->authManager->findAuthenticationByUsername($username);
         if ($authEntity) {
             $user = $authEntity->getUser();
             if ($user->isEnabled()) {
                 $passwordValid = $this->checkLdapPassword($username, $password);
                 if ($passwordValid) {
                     $jwt = $this->jwtManager->createJwtFromUser($user);
                     return $this->createSuccessResponseFromJWT($jwt);
                 }
             }
         }
         $errors[] = 'badCredentials';
         $code = JsonResponse::HTTP_UNAUTHORIZED;
     }
     return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), $code);
 }
コード例 #4
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $now = new DateTime();
     $userId = $input->getArgument('userId');
     $user = $this->userManager->findOneBy(['id' => $userId]);
     if (!$user) {
         throw new \Exception("No user with id #{$userId} was found.");
     }
     $authentication = $user->getAuthentication();
     if (!$authentication) {
         $authentication = $this->authenticationManager->create();
         $authentication->setUser($user);
     }
     $authentication->setInvalidateTokenIssuedBefore($now);
     $this->authenticationManager->update($authentication);
     $output->writeln('Success!');
     $output->writeln('All the tokens for ' . $user->getFirstAndLastName() . ' issued before Today at ' . $now->format('g:i:s A e') . ' have been invalidated.');
 }
コード例 #5
0
 /**
  * Update users to the new password encoding when they login
  * @param  AuthenticationEntityInterface $authEntity
  * @param  string         $password
  */
 protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password)
 {
     if ($authEntity->isLegacyAccount()) {
         //we have to have a valid token to update the user because the audit log requires it
         $authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider');
         $authenticatedToken->setAuthenticated(true);
         $this->tokenStorage->setToken($authenticatedToken);
         $authEntity->setPasswordSha256(null);
         $encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password);
         $authEntity->setPasswordBcrypt($encodedPassword);
         $this->authManager->update($authEntity);
     }
 }
コード例 #6
0
ファイル: SyncUserCommand.php プロジェクト: stopfstedt/ilios
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $userId = $input->getArgument('userId');
     $user = $this->userManager->findOneBy(['id' => $userId]);
     if (!$user) {
         throw new \Exception("No user with id #{$userId} was found.");
     }
     $userRecord = $this->directory->findByCampusId($user->getCampusId());
     if (!$userRecord) {
         $output->writeln('<error>Unable to find ' . $user->getCampusId() . ' in the directory.');
         return;
     }
     $table = new Table($output);
     $table->setHeaders(array('Record', 'Campus ID', 'First', 'Last', 'Email', 'Phone Number'))->setRows(array(['Ilios User', $user->getCampusId(), $user->getFirstName(), $user->getLastName(), $user->getEmail(), $user->getPhone()], ['Directory User', $userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['telephoneNumber']]));
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion('<question>Do you wish to update this Ilios User with the data ' . 'from the Directory User? </question>' . "\n", true);
     if ($helper->ask($input, $output, $question)) {
         $user->setFirstName($userRecord['firstName']);
         $user->setLastName($userRecord['lastName']);
         $user->setEmail($userRecord['email']);
         $user->setPhone($userRecord['telephoneNumber']);
         $authentication = $user->getAuthentication();
         if (!$authentication) {
             $authentication = $this->authenticationManager->create();
             $authentication->setUser($user);
         }
         $authentication->setUsername($userRecord['username']);
         $this->authenticationManager->update($authentication, false);
         $this->userManager->update($user);
         $output->writeln('<info>User updated successfully!</info>');
     } else {
         $output->writeln('<comment>Update canceled.</comment>');
     }
 }
コード例 #7
0
 /**
  * Authenticate a user from shibboleth
  *
  * If the user is not yet logged in send a redirect Request
  * If the user is logged in, but no account exists send an error
  * If the user is authenticated send a JWT
  * @param Request $request
  *
  * @throws \Exception when the shibboleth attributes do not contain a value for the configured user id attribute
  * @return JsonResponse
  */
 public function login(Request $request)
 {
     $service = $request->query->get('service');
     $ticket = $request->query->get('ticket');
     if (!$ticket) {
         return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
     }
     $userId = $this->casManager->getUserId($service, $ticket);
     if (!$userId) {
         $msg = "No user found for authenticated user.";
         $this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
         throw new \Exception($msg);
     }
     /* @var \Ilios\CoreBundle\Entity\AuthenticationInterface $authEntity */
     $authEntity = $this->authManager->findOneBy(array('username' => $userId));
     if ($authEntity) {
         $user = $authEntity->getUser();
         if ($user->isEnabled()) {
             $jwt = $this->jwtManager->createJwtFromUser($user);
             return $this->createSuccessResponseFromJWT($jwt);
         }
     }
     return new JsonResponse(array('status' => 'noAccountExists', 'userId' => $userId, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
 }
コード例 #8
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $campusId = $input->getArgument('campusId');
     $user = $this->userManager->findOneBy(['campusId' => $campusId]);
     if ($user) {
         throw new \Exception('User #' . $user->getId() . " with campus id {$campusId} already exists.");
     }
     $schoolId = $input->getArgument('schoolId');
     $school = $this->schoolManager->findOneBy(['id' => $schoolId]);
     if (!$school) {
         throw new \Exception("School with id {$schoolId} could not be found.");
     }
     $userRecord = $this->directory->findByCampusId($campusId);
     if (!$userRecord) {
         $output->writeln("<error>Unable to find campus ID {$campusId} in the directory.</error>");
         return;
     }
     $table = new Table($output);
     $table->setHeaders(array('Campus ID', 'First', 'Last', 'Email', 'Username', 'Phone Number'))->setRows(array([$userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['username'], $userRecord['telephoneNumber']]));
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion("<question>Do you wish to add this user to Ilios?</question>\n", true);
     if ($helper->ask($input, $output, $question)) {
         $user = $this->userManager->create();
         $user->setFirstName($userRecord['firstName']);
         $user->setLastName($userRecord['lastName']);
         $user->setEmail($userRecord['email']);
         $user->setCampusId($userRecord['campusId']);
         $user->setAddedViaIlios(true);
         $user->setEnabled(true);
         $user->setSchool($school);
         $user->setUserSyncIgnore(false);
         $this->userManager->update($user);
         $authentication = $this->authenticationManager->create();
         $authentication->setUser($user);
         $authentication->setUsername($userRecord['username']);
         $this->authenticationManager->update($authentication);
         $output->writeln('<info>Success! New user #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
     } else {
         $output->writeln('<comment>Canceled.</comment>');
     }
 }
コード例 #9
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $filter = $input->getArgument('filter');
     $schoolId = $input->getArgument('schoolId');
     $school = $this->schoolManager->findOneBy(['id' => $schoolId]);
     if (!$school) {
         throw new \Exception("School with id {$schoolId} could not be found.");
     }
     $output->writeln("<info>Searching for new students to add to " . $school->getTitle() . ".</info>");
     $students = $this->directory->findByLdapFilter($filter);
     if (!$students) {
         $output->writeln("<error>{$filter} returned no results.</error>");
         return;
     }
     $output->writeln('<info>Found ' . count($students) . ' students in the directory.</info>');
     $campusIds = $this->userManager->getAllCampusIds();
     $newStudents = array_filter($students, function (array $arr) use($campusIds) {
         return !in_array($arr['campusId'], $campusIds);
     });
     if (!count($newStudents) > 0) {
         $output->writeln("<info>There are no new students to add.</info>");
         return;
     }
     $output->writeln('<info>There are ' . count($newStudents) . ' new students to be added to ' . $school->getTitle() . '.</info>');
     $rows = array_map(function (array $arr) {
         return [$arr['campusId'], $arr['firstName'], $arr['lastName'], $arr['email']];
     }, $newStudents);
     $table = new Table($output);
     $table->setHeaders(array('Campus ID', 'First', 'Last', 'Email'))->setRows($rows);
     $table->render();
     $helper = $this->getHelper('question');
     $output->writeln('');
     $question = new ConfirmationQuestion('<question>Do you wish to add these students to ' . $school->getTitle() . '? </question>' . "\n", true);
     if ($helper->ask($input, $output, $question)) {
         $studentRole = $this->userRoleManager->findOneBy(array('title' => 'Student'));
         foreach ($newStudents as $userRecord) {
             if (empty($userRecord['email'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no email address.</error>');
                 continue;
             }
             if (empty($userRecord['campusId'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no campus ID.</error>');
                 continue;
             }
             if (empty($userRecord['username'])) {
                 $output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no username.</error>');
                 continue;
             }
             $user = $this->userManager->create();
             $user->setFirstName($userRecord['firstName']);
             $user->setLastName($userRecord['lastName']);
             $user->setEmail($userRecord['email']);
             $user->setCampusId($userRecord['campusId']);
             $user->setAddedViaIlios(true);
             $user->setEnabled(true);
             $user->setSchool($school);
             $user->setUserSyncIgnore(false);
             $user->addRole($studentRole);
             $this->userManager->update($user);
             $authentication = $this->authenticationManager->create();
             $authentication->setUser($user);
             $authentication->setUsername($userRecord['username']);
             $this->authenticationManager->update($authentication, false);
             $studentRole->addUser($user);
             $this->userRoleManager->update($studentRole);
             $output->writeln('<info>Success! New student #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
         }
     } else {
         $output->writeln('<comment>Update canceled.</comment>');
     }
 }
コード例 #10
0
 /**
  * {@inheritdoc}
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $output->writeln('<info>Starting User Sync Process.</info>');
     $this->userManager->resetExaminedFlagForAllUsers();
     $this->pendingUserUpdateManager->removeAllPendingUserUpdates();
     $campusIds = $this->userManager->getAllCampusIds(false, false);
     $output->writeln('<info>Attempting to update the ' . count($campusIds) . ' enabled and non sync ignored users in the system.</info>');
     $output->writeln('<info>Searching the directory for users.</info>');
     $allUserRecords = $this->directory->findByCampusIds($campusIds);
     if (!$allUserRecords) {
         $output->writeln('<error>[E] Unable to find any users in the directory.</error>');
     }
     $totalRecords = count($allUserRecords);
     $output->writeln("<info>Found {$totalRecords} records in the directory.</info>");
     $updated = 0;
     $chunks = array_chunk($allUserRecords, 500);
     foreach ($chunks as $userRecords) {
         foreach ($userRecords as $recordArray) {
             $users = $this->userManager->findBy(['campusId' => $recordArray['campusId'], 'enabled' => true, 'userSyncIgnore' => false]);
             if (count($users) == 0) {
                 //this shouldn't happen unless the user gets updated between
                 //listing all the IDs and getting results back from
                 //the directory
                 $output->writeln('<error>[E] Unable to find an enabled sync active user with ' . 'campus ID ' . $recordArray['campusId'] . '.</error>');
                 continue;
             }
             if (count($users) > 1) {
                 $output->writeln('<error>[E] Multiple accounts exist for the same ' . 'campus ID (' . $recordArray['campusId'] . ').  ' . 'None of them will be updated.</error>');
                 /* @var UserInterface $user */
                 foreach ($users as $user) {
                     $user->setExamined(true);
                     $this->userManager->update($user, false);
                 }
                 continue;
             }
             $user = $users[0];
             $update = false;
             $fixSmallThings = true;
             $output->writeln('<info>[I] Comparing User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' (' . $user->getEmail() . ') ' . 'to directory user by campus ID ' . $user->getCampusId() . '.</info>');
             if (!$this->validateDirectoryRecord($recordArray, $output)) {
                 $user->setExamined(true);
                 $this->userManager->update($user, false);
                 //don't do anything else with invalid directory data
                 continue;
             }
             if ($user->getEmail() != $recordArray['email']) {
                 if (strtolower($user->getEmail()) == strtolower($recordArray['email'])) {
                     $update = true;
                     $output->writeln('  <comment>[I] Updating email from "' . $user->getEmail() . '" to "' . $recordArray['email'] . '" since the only difference was the case.</comment>');
                     $user->setEmail($recordArray['email']);
                 } else {
                     $fixSmallThings = false;
                     $output->writeln('  <comment>[I] Email address "' . $user->getEmail() . '" differs from "' . $recordArray['email'] . '" logging for further action.</comment>');
                     $pendingUpdate = $this->pendingUserUpdateManager->create();
                     $pendingUpdate->setUser($user);
                     $pendingUpdate->setProperty('email');
                     $pendingUpdate->setValue($recordArray['email']);
                     $pendingUpdate->setType('emailMismatch');
                     $this->pendingUserUpdateManager->update($pendingUpdate, false);
                 }
             }
             if ($fixSmallThings && $user->getFirstName() != $recordArray['firstName']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating first name from "' . $user->getFirstName() . '" to "' . $recordArray['firstName'] . '".</comment>');
                 $user->setFirstName($recordArray['firstName']);
             }
             if ($fixSmallThings && $user->getLastName() != $recordArray['lastName']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating last name from "' . $user->getLastName() . '" to "' . $recordArray['lastName'] . '".</comment>');
                 $user->setLastName($recordArray['lastName']);
             }
             if ($fixSmallThings && $user->getPhone() != $recordArray['telephoneNumber']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating phone number from "' . $user->getPhone() . '" to "' . $recordArray['telephoneNumber'] . '".</comment>');
                 $user->setPhone($recordArray['telephoneNumber']);
             }
             $authentication = $user->getAuthentication();
             if (!$authentication) {
                 $output->writeln('  <comment>[I] User had no authentication data, creating it now.</comment>');
                 $authentication = $this->authenticationManager->create();
                 $authentication->setUser($user);
             }
             if ($fixSmallThings && $authentication->getUsername() != $recordArray['username']) {
                 $update = true;
                 $output->writeln('  <comment>[I] Updating username from "' . $authentication->getUsername() . '" to "' . $recordArray['username'] . '".</comment>');
                 $authentication->setUsername($recordArray['username']);
                 $this->authenticationManager->update($authentication, false);
             }
             if ($update) {
                 $updated++;
             }
             $user->setExamined(true);
             $this->userManager->update($user, false);
         }
         $this->em->flush();
         $this->em->clear();
     }
     $output->writeln('<info>Searching for users who were not examined during the sync process.</info>');
     $unsyncedUsers = $this->userManager->findBy(['examined' => false, 'enabled' => true, 'userSyncIgnore' => false], ['lastName' => ' ASC', 'firstName' => 'ASC']);
     $output->writeln('<info>Found ' . count($unsyncedUsers) . ' unexamined users.</info>');
     foreach ($unsyncedUsers as $user) {
         $output->writeln('<comment>[I] User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' ' . $user->getEmail() . ' not found in the directory.  Logged for further study.</comment>');
         $update = $this->pendingUserUpdateManager->create();
         $update->setUser($user);
         $update->setType('missingFromDirectory');
         $this->pendingUserUpdateManager->update($update, false);
     }
     $this->em->flush();
     $output->writeln("<info>Completed sync process {$totalRecords} users found in the directory; " . "{$updated} users updated.</info>");
 }