protected function execute(InputInterface $input, OutputInterface $output)
{
$login = $input->getArgument('login');
$user = $this->usersManagerApi->getUser($login);
if (!UserMapper::isUserLdapUser($user)) {
throw new Exception("User '{$login}' is not an LDAP user. To regenerate this user's token_auth, change the user's password.");
}
if (!$this->userMapper->isRandomTokenAuthGenerationEnabled()) {
throw new Exception("Random token_auth generation is disabled in [LoginLdap] config. This means any changes made by this " . "command will be overwritten when the user logs in. Aborting.");
}
$newPassword = $this->userMapper->generateRandomPassword();
$this->usersManagerApi->updateUser($login, $newPassword, $email = false, $alias = false, $isPasswordHash = true);
$user = $this->usersManagerApi->getUser($login);
$this->writeSuccessMessage($output, array("token_auth for '{$login}' regenerated successfully, new token_auth = '{$user['token_auth']}'"));
}
/**
* Creates a UserMapper instance configured using INI options.
*
* @return UserMapper
*/
public static function makeConfigured()
{
$result = new UserMapper();
$uidField = Config::getLdapUserIdField();
if (!empty($uidField)) {
$result->setLdapUserIdField($uidField);
}
$lastNameField = Config::getLdapLastNameField();
if (!empty($lastNameField)) {
$result->setLdapLastNameField($lastNameField);
}
$firstNameField = Config::getLdapFirstNameField();
if (!empty($firstNameField)) {
$result->setLdapFirstNameField($firstNameField);
}
$aliasField = Config::getLdapAliasField();
if (!empty($aliasField)) {
$result->setLdapAliasField($aliasField);
}
$mailField = Config::getLdapMailField();
if (!empty($mailField)) {
$result->setLdapMailField($mailField);
}
$userPasswordField = Config::getLdapPasswordField();
if (!empty($userPasswordField)) {
$result->setLdapUserPasswordField($userPasswordField);
}
$userEmailSuffix = Config::getLdapUserEmailSuffix();
if (!empty($userEmailSuffix)) {
$result->setUserEmailSuffix($userEmailSuffix);
}
$isRandomTokenAuthGenerationEnabled = Config::isRandomTokenAuthGenerationEnabled();
if (!empty($isRandomTokenAuthGenerationEnabled)) {
$result->setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerationEnabled);
}
$appendUserEmailSuffixToUsername = Config::shouldAppendUserEmailSuffixToUsername();
if (!empty($appendUserEmailSuffixToUsername)) {
$result->setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername);
}
Log::debug("UserMapper::%s: configuring with uidField = %s, aliasField = %s firstNameField = %s, lastNameField = %s" . " mailField = %s, ldapUserPasswordField = %s, userEmailSuffix = %s, isRandomTokenAuthGenerationEnabled = %s", __FUNCTION__, $uidField, $aliasField, $firstNameField, $lastNameField, $mailField, $userPasswordField, $userEmailSuffix, $isRandomTokenAuthGenerationEnabled);
return $result;
}
/**
* Creates a UserMapper instance configured using INI options.
*
* @return UserMapper
*/
public static function makeConfigured()
{
$result = new UserMapper();
$uidField = Config::getLdapUserIdField();
if (!empty($uidField)) {
$result->setLdapUserIdField($uidField);
}
$lastNameField = Config::getLdapLastNameField();
if (!empty($lastNameField)) {
$result->setLdapLastNameField($lastNameField);
}
$firstNameField = Config::getLdapFirstNameField();
if (!empty($firstNameField)) {
$result->setLdapFirstNameField($firstNameField);
}
$aliasField = Config::getLdapAliasField();
if (!empty($aliasField)) {
$result->setLdapAliasField($aliasField);
}
$mailField = Config::getLdapMailField();
if (!empty($mailField)) {
$result->setLdapMailField($mailField);
}
$userPasswordField = Config::getLdapPasswordField();
if (!empty($userPasswordField)) {
$result->setLdapUserPasswordField($userPasswordField);
}
$userEmailSuffix = Config::getLdapUserEmailSuffix();
if (!empty($userEmailSuffix)) {
$result->setUserEmailSuffix($userEmailSuffix);
}
$isRandomTokenAuthGenerationEnabled = Config::isRandomTokenAuthGenerationEnabled();
if (!empty($isRandomTokenAuthGenerationEnabled)) {
$result->setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerationEnabled);
}
$appendUserEmailSuffixToUsername = Config::shouldAppendUserEmailSuffixToUsername();
if (!empty($appendUserEmailSuffixToUsername)) {
$result->setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername);
}
return $result;
}
private function isUserLdapUser($login)
{
$user = Access::doAsSuperUser(function () use($login) {
return UsersManagerAPI::getInstance()->getUser($login);
});
return UserMapper::isUserLdapUser($user);
}
/**
* Creates a new {@link LdapUsers} instance using config.ini.php values.
*
* @return LdapUsers
*/
public static function makeConfigured()
{
$result = new LdapUsers();
$result->setLdapServers(Config::getConfiguredLdapServers());
$usernameSuffix = Config::getLdapUserEmailSuffix();
if (!empty($usernameSuffix)) {
$result->setAuthenticationUsernameSuffix($usernameSuffix);
}
$requiredMemberOf = Config::getRequiredMemberOf();
if (!empty($requiredMemberOf)) {
$result->setAuthenticationRequiredMemberOf($requiredMemberOf);
}
$memberOfField = Config::getRequiredMemberOfField();
if (!empty($memberOfField)) {
$result->setAuthenticationMemberOfField($memberOfField);
}
$filter = Config::getLdapUserFilter();
if (!empty($filter)) {
$result->setAuthenticationLdapFilter($filter);
}
$timeoutSecs = Config::getLdapNetworkTimeout();
if (!empty($timeoutSecs)) {
$result->setLdapNetworkTimeout($timeoutSecs);
}
$result->setLdapUserMapper(UserMapper::makeConfigured());
Log::debug("LdapUsers::%s: configuring with userEmailSuffix = %s, requiredMemberOf = %s, filter = %s, timeoutSecs = %s", __FUNCTION__, $usernameSuffix, $requiredMemberOf, $filter, $timeoutSecs);
return $result;
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
Log::debug("UserSynchronizer::%s(): Using UserAccessMapper when synchronizing users.", __FUNCTION__);
} else {
Log::debug("UserSynchronizer::%s(): LDAP access synchronization not enabled.", __FUNCTION__);
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
Log::warning("UserSynchronizer::%s(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", __FUNCTION__);
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
Log::debug("UserSynchronizer::%s: configuring with defaultSitesWithViewAccess = %s", __FUNCTION__, $defaultSitesWithViewAccess);
return $result;
}
private function assertUserMapperHasCorrectDefaultPropertyValues(UserMapper $userMapper)
{
$this->assertEquals('uid', $userMapper->getLdapUserIdField());
$this->assertEquals('sn', $userMapper->getLdapLastNameField());
$this->assertEquals('givenname', $userMapper->getLdapFirstNameField());
$this->assertEquals('cn', $userMapper->getLdapAliasField());
$this->assertEquals('mail', $userMapper->getLdapMailField());
$this->assertEquals('userpassword', $userMapper->getLdapUserPasswordField());
$this->assertEquals('@mydomain.com', $userMapper->getUserEmailSuffix());
}
/**
* Creates a new {@link LdapUsers} instance using config.ini.php values.
*
* @return LdapUsers
*/
public static function makeConfigured()
{
$result = new LdapUsers();
$result->setLdapServers(Config::getConfiguredLdapServers());
$usernameSuffix = Config::getLdapUserEmailSuffix();
if (!empty($usernameSuffix)) {
$result->setAuthenticationUsernameSuffix($usernameSuffix);
}
$requiredMemberOf = Config::getRequiredMemberOf();
if (!empty($requiredMemberOf)) {
$result->setAuthenticationRequiredMemberOf($requiredMemberOf);
}
$memberOfField = Config::getRequiredMemberOfField();
if (!empty($memberOfField)) {
$result->setAuthenticationMemberOfField($memberOfField);
}
$filter = Config::getLdapUserFilter();
if (!empty($filter)) {
$result->setAuthenticationLdapFilter($filter);
}
$timeoutSecs = Config::getLdapNetworkTimeout();
if (!empty($timeoutSecs)) {
$result->setLdapNetworkTimeout($timeoutSecs);
}
$result->setLdapUserMapper(UserMapper::makeConfigured());
return $result;
}
/**
* Creates a UserSynchronizer using INI configuration.
*
* @return UserSynchronizer
*/
public static function makeConfigured()
{
$result = new UserSynchronizer();
$result->setUserMapper(UserMapper::makeConfigured());
$result->setUsersManagerApi(UsersManagerAPI::getInstance());
$result->setUserModel(new UserModel());
/** @var LoggerInterface $logger */
$logger = StaticContainer::get('Psr\\Log\\LoggerInterface');
if (Config::isAccessSynchronizationEnabled()) {
$result->setUserAccessMapper(UserAccessMapper::makeConfigured());
$logger->debug("UserSynchronizer::{func}(): Using UserAccessMapper when synchronizing users.", array('func' => __FUNCTION__));
} else {
$logger->debug("UserSynchronizer::{func}(): LDAP access synchronization not enabled.", array('func' => __FUNCTION__));
}
$defaultSitesWithViewAccess = Config::getDefaultSitesToGiveViewAccessTo();
if (!empty($defaultSitesWithViewAccess)) {
$siteIds = Access::doAsSuperUser(function () use($defaultSitesWithViewAccess) {
return Site::getIdSitesFromIdSitesString($defaultSitesWithViewAccess);
});
if (empty($siteIds)) {
$logger->warning("UserSynchronizer::{func}(): new_user_default_sites_view_access INI config option has no " . "entries. Newly synchronized users will not have any access.", array('func' => __FUNCTION__));
}
$result->setNewUserDefaultSitesWithViewAccess($siteIds);
}
$logger->debug("UserSynchronizer::{func}: configuring with defaultSitesWithViewAccess = {sites}", array('func' => __FUNCTION__, 'sites' => $defaultSitesWithViewAccess));
return $result;
}
