/** * Validate user against LDAP and then generate a session */ public function create_login_session(array $tokens, $clientip = null) { // Validate user against LDAP $ldapuser = $this->ldap_authenticate($tokens); if (!$ldapuser) { // we could also return an error message here return false; } // LDAP authentication handled, we don't need the password any longer unset($tokens['password']); $tokens['authtype'] = 'LDAP'; // If user is already in DB we can just log in // catch: this will create a person object $session = midgardmvc_core_services_authentication_sessionauth::create_login_session($tokens, $clientip); if ($session) { // check if the logged in user has a person object // if not, then create it and assign the new person to the user object $user = midgardmvc_core::get_instance()->authentication->get_user(); if ($user) { $person = new midgard_person($user->person); if ($person) { return true; } } // @todo: verify if we ever get here actually because we should not $persons = $this->get_persons($ldapuser, $user->person); if (count($persons) == 0) { $person = $this->create_person($ldapuser, $tokens); if ($person) { $user->set_person($person); $user->update(); } } return true; } // Otherwise we need to create the necessary Midgard account if (!$this->create_account($ldapuser, $tokens)) { midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('midgard account creation failed', 'midgardmvc_core')); return false; } // ..and log in return midgardmvc_core_services_authentication_sessionauth::create_login_session($tokens, $clientip); }
/** * Validate user against LDAP and then generate a session */ protected function create_login_session(array $tokens, $clientip = null) { // Validate user against LDAP $ldapuser = $this->ldap_authenticate($tokens); if (!$ldapuser) { return false; } // LDAP authentication handled, we don't need the password any longer unset($tokens['password']); $tokens['authtype'] = 'LDAP'; // If user is already in DB we can just log in if (parent::create_login_session($tokens, $clientip)) { return true; } // Otherwise we need to create the necessary Midgard account if (!$this->create_account($ldapuser, $tokens)) { midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('midgard account creation failed', 'midgardmvc_core')); return false; } // ..and log in return parent::create_login_session($tokens, $clientip); }