protected function execute(InputInterface $input, OutputInterface $output) { $login = $input->getArgument('login'); $user = $this->usersManagerApi->getUser($login); if (!UserMapper::isUserLdapUser($user)) { throw new Exception("User '{$login}' is not an LDAP user. To regenerate this user's token_auth, change the user's password."); } if (!$this->userMapper->isRandomTokenAuthGenerationEnabled()) { throw new Exception("Random token_auth generation is disabled in [LoginLdap] config. This means any changes made by this " . "command will be overwritten when the user logs in. Aborting."); } $newPassword = $this->userMapper->generateRandomPassword(); $this->usersManagerApi->updateUser($login, $newPassword, $email = false, $alias = false, $isPasswordHash = true); $user = $this->usersManagerApi->getUser($login); $this->writeSuccessMessage($output, array("token_auth for '{$login}' regenerated successfully, new token_auth = '{$user['token_auth']}'")); }
/** * Creates a UserMapper instance configured using INI options. * * @return UserMapper */ public static function makeConfigured() { $result = new UserMapper(); $uidField = Config::getLdapUserIdField(); if (!empty($uidField)) { $result->setLdapUserIdField($uidField); } $lastNameField = Config::getLdapLastNameField(); if (!empty($lastNameField)) { $result->setLdapLastNameField($lastNameField); } $firstNameField = Config::getLdapFirstNameField(); if (!empty($firstNameField)) { $result->setLdapFirstNameField($firstNameField); } $aliasField = Config::getLdapAliasField(); if (!empty($aliasField)) { $result->setLdapAliasField($aliasField); } $mailField = Config::getLdapMailField(); if (!empty($mailField)) { $result->setLdapMailField($mailField); } $userPasswordField = Config::getLdapPasswordField(); if (!empty($userPasswordField)) { $result->setLdapUserPasswordField($userPasswordField); } $userEmailSuffix = Config::getLdapUserEmailSuffix(); if (!empty($userEmailSuffix)) { $result->setUserEmailSuffix($userEmailSuffix); } $isRandomTokenAuthGenerationEnabled = Config::isRandomTokenAuthGenerationEnabled(); if (!empty($isRandomTokenAuthGenerationEnabled)) { $result->setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerationEnabled); } $appendUserEmailSuffixToUsername = Config::shouldAppendUserEmailSuffixToUsername(); if (!empty($appendUserEmailSuffixToUsername)) { $result->setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername); } Log::debug("UserMapper::%s: configuring with uidField = %s, aliasField = %s firstNameField = %s, lastNameField = %s" . " mailField = %s, ldapUserPasswordField = %s, userEmailSuffix = %s, isRandomTokenAuthGenerationEnabled = %s", __FUNCTION__, $uidField, $aliasField, $firstNameField, $lastNameField, $mailField, $userPasswordField, $userEmailSuffix, $isRandomTokenAuthGenerationEnabled); return $result; }
/** * Creates a UserMapper instance configured using INI options. * * @return UserMapper */ public static function makeConfigured() { $result = new UserMapper(); $uidField = Config::getLdapUserIdField(); if (!empty($uidField)) { $result->setLdapUserIdField($uidField); } $lastNameField = Config::getLdapLastNameField(); if (!empty($lastNameField)) { $result->setLdapLastNameField($lastNameField); } $firstNameField = Config::getLdapFirstNameField(); if (!empty($firstNameField)) { $result->setLdapFirstNameField($firstNameField); } $aliasField = Config::getLdapAliasField(); if (!empty($aliasField)) { $result->setLdapAliasField($aliasField); } $mailField = Config::getLdapMailField(); if (!empty($mailField)) { $result->setLdapMailField($mailField); } $userPasswordField = Config::getLdapPasswordField(); if (!empty($userPasswordField)) { $result->setLdapUserPasswordField($userPasswordField); } $userEmailSuffix = Config::getLdapUserEmailSuffix(); if (!empty($userEmailSuffix)) { $result->setUserEmailSuffix($userEmailSuffix); } $isRandomTokenAuthGenerationEnabled = Config::isRandomTokenAuthGenerationEnabled(); if (!empty($isRandomTokenAuthGenerationEnabled)) { $result->setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerationEnabled); } $appendUserEmailSuffixToUsername = Config::shouldAppendUserEmailSuffixToUsername(); if (!empty($appendUserEmailSuffixToUsername)) { $result->setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername); } return $result; }
private function isUserLdapUser($login) { $user = Access::doAsSuperUser(function () use($login) { return UsersManagerAPI::getInstance()->getUser($login); }); return UserMapper::isUserLdapUser($user); }
/** * Creates a new {@link LdapUsers} instance using config.ini.php values. * * @return LdapUsers */ public static function makeConfigured() { $result = new LdapUsers(); $result->setLdapServers(Config::getConfiguredLdapServers()); $usernameSuffix = Config::getLdapUserEmailSuffix(); if (!empty($usernameSuffix)) { $result->setAuthenticationUsernameSuffix($usernameSuffix); } $requiredMemberOf = Config::getRequiredMemberOf(); if (!empty($requiredMemberOf)) { $result->setAuthenticationRequiredMemberOf($requiredMemberOf); } $memberOfField = Config::getRequiredMemberOfField(); if (!empty($memberOfField)) { $result->setAuthenticationMemberOfField($memberOfField); } $filter = Config::getLdapUserFilter(); if (!empty($filter)) { $result->setAuthenticationLdapFilter($filter); } $timeoutSecs = Config::getLdapNetworkTimeout(); if (!empty($timeoutSecs)) { $result->setLdapNetworkTimeout($timeoutSecs); } $result->setLdapUserMapper(UserMapper::makeConfigured()); Log::debug("LdapUsers::%s: configuring with userEmailSuffix = %s, requiredMemberOf = %s, filter = %s, timeoutSecs = %s", __FUNCTION__, $usernameSuffix, $requiredMemberOf, $filter, $timeoutSecs); return $result; }
/** * Creates a UserSynchronizer using INI configuration. * * @return UserSynchronizer */ public static function makeConfigured() { $result = new UserSynchronizer(); $result->setUserMapper(UserMapper::makeConfigured()); $result->setUsersManagerApi(UsersManagerAPI::getInstance()); $result->setUserModel(new UserModel()); if (Config::isAccessSynchronizationEnabled()) { $result->setUserAccessMapper(UserAccessMapper::makeConfigured()); Log::debug("UserSynchronizer::%s(): Using UserAccessMapper when synchronizing users.", __FUNCTION__); } else { Log::debug("UserSynchronizer::%s(): LDAP access synchronization not enabled.", __FUNCTION__); } $defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo(); if (!empty($defaultSitesWithViewAccess)) { $siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) { return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess); }); if (empty($siteIds)) { Log::warning("UserSynchronizer::%s(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", __FUNCTION__); } $result->setNewUserDefaultSitesWithViewAccess($siteIds); } Log::debug("UserSynchronizer::%s: configuring with defaultSitesWithViewAccess = %s", __FUNCTION__, $defaultSitesWithViewAccess); return $result; }
private function assertUserMapperHasCorrectDefaultPropertyValues(UserMapper $userMapper) { $this->assertEquals('uid', $userMapper->getLdapUserIdField()); $this->assertEquals('sn', $userMapper->getLdapLastNameField()); $this->assertEquals('givenname', $userMapper->getLdapFirstNameField()); $this->assertEquals('cn', $userMapper->getLdapAliasField()); $this->assertEquals('mail', $userMapper->getLdapMailField()); $this->assertEquals('userpassword', $userMapper->getLdapUserPasswordField()); $this->assertEquals('@mydomain.com', $userMapper->getUserEmailSuffix()); }
/** * Creates a new {@link LdapUsers} instance using config.ini.php values. * * @return LdapUsers */ public static function makeConfigured() { $result = new LdapUsers(); $result->setLdapServers(Config::getConfiguredLdapServers()); $usernameSuffix = Config::getLdapUserEmailSuffix(); if (!empty($usernameSuffix)) { $result->setAuthenticationUsernameSuffix($usernameSuffix); } $requiredMemberOf = Config::getRequiredMemberOf(); if (!empty($requiredMemberOf)) { $result->setAuthenticationRequiredMemberOf($requiredMemberOf); } $memberOfField = Config::getRequiredMemberOfField(); if (!empty($memberOfField)) { $result->setAuthenticationMemberOfField($memberOfField); } $filter = Config::getLdapUserFilter(); if (!empty($filter)) { $result->setAuthenticationLdapFilter($filter); } $timeoutSecs = Config::getLdapNetworkTimeout(); if (!empty($timeoutSecs)) { $result->setLdapNetworkTimeout($timeoutSecs); } $result->setLdapUserMapper(UserMapper::makeConfigured()); return $result; }
/** * Creates a UserSynchronizer using INI configuration. * * @return UserSynchronizer */ public static function makeConfigured() { $result = new UserSynchronizer(); $result->setUserMapper(UserMapper::makeConfigured()); $result->setUsersManagerApi(UsersManagerAPI::getInstance()); $result->setUserModel(new UserModel()); /** @var LoggerInterface $logger */ $logger = StaticContainer::get('Psr\\Log\\LoggerInterface'); if (Config::isAccessSynchronizationEnabled()) { $result->setUserAccessMapper(UserAccessMapper::makeConfigured()); $logger->debug("UserSynchronizer::{func}(): Using UserAccessMapper when synchronizing users.", array('func' => __FUNCTION__)); } else { $logger->debug("UserSynchronizer::{func}(): LDAP access synchronization not enabled.", array('func' => __FUNCTION__)); } $defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo(); if (!empty($defaultSitesWithViewAccess)) { $siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) { return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess); }); if (empty($siteIds)) { $logger->warning("UserSynchronizer::{func}(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", array('func' => __FUNCTION__)); } $result->setNewUserDefaultSitesWithViewAccess($siteIds); } $logger->debug("UserSynchronizer::{func}: configuring with defaultSitesWithViewAccess = {sites}", array('func' => __FUNCTION__, 'sites' => $defaultSitesWithViewAccess)); return $result; }