/** * Refresh ldap users * * New users (found in ldap) will be automatically created if all required fiélds are set. * Profile fields which are bind to LDAP will automatically updated. */ public function syncUsers() { if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) { return; } $userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter'); $baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'); $userCollection = $this->getLdap()->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB); $authClient = null; $ids = []; foreach ($userCollection as $attributes) { $authClient = new static(); $authClient->setUserAttributes($attributes); $attributes = $authClient->getUserAttributes(); $user = AuthClientHelpers::getUserByAuthClient($authClient); if ($user === null) { if (!AuthClientHelpers::createUser($authClient)) { Yii::warning('Could not automatically create LDAP user ' . $attributes['email'] . ' - check required attributes!'); } } else { AuthClientHelpers::updateUser($authClient, $user); } $ids[] = $attributes['id']; } /** * Since userTableAttribute can be automatically set on user attributes * try to take it from initialized authclient instance. */ $userTableIdAttribute = $this->getUserTableIdAttribute(); if ($authClient !== null) { $userTableIdAttribute = $authClient->getUserTableIdAttribute(); } // Disable not longer existing users foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) { if ($user->status !== User::STATUS_DISABLED && !in_array($user->getAttribute($userTableIdAttribute), $ids)) { $user->status = User::STATUS_DISABLED; $user->save(); Yii::warning('Disabled user ' . $user->username . ' (' . $user->id . ') - Not found in LDAP!'); } } }
public function actionConnectedAccounts() { if (Yii::$app->request->isPost && Yii::$app->request->get('disconnect')) { foreach (Yii::$app->user->getAuthClients() as $authClient) { if ($authClient->getId() == Yii::$app->request->get('disconnect')) { \humhub\modules\user\authclient\AuthClientHelpers::removeAuthClientForUser($authClient, Yii::$app->user->getIdentity()); } } return $this->redirect(['connected-accounts']); } $clients = []; foreach (Yii::$app->get('authClientCollection')->getClients() as $client) { if (!$client instanceof humhub\modules\user\authclient\BaseFormAuth && !$client instanceof \humhub\modules\user\authclient\interfaces\PrimaryClient) { $clients[] = $client; } } $currentAuthProviderId = ""; if (Yii::$app->user->getCurrentAuthClient() !== null) { $currentAuthProviderId = Yii::$app->user->getCurrentAuthClient()->getId(); } $activeAuthClientIds = []; foreach (Yii::$app->user->getAuthClients() as $authClient) { $activeAuthClientIds[] = $authClient->getId(); } return $this->render('connected-accounts', ['authClients' => $clients, 'currentAuthProviderId' => $currentAuthProviderId, 'activeAuthClientIds' => $activeAuthClientIds]); }
/** * Returns the Profile as CForm */ public function getFormDefinition() { $definition = array(); $definition['elements'] = array(); $syncAttributes = []; if ($this->user !== null) { $syncAttributes = \humhub\modules\user\authclient\AuthClientHelpers::getSyncAttributesByUser($this->user); } $safeAttributes = $this->safeAttributes(); foreach (ProfileFieldCategory::find()->orderBy('sort_order')->all() as $profileFieldCategory) { $category = array('type' => 'form', 'title' => Yii::t($profileFieldCategory->getTranslationCategory(), $profileFieldCategory->title), 'elements' => array()); foreach (ProfileField::find()->orderBy('sort_order')->where(['profile_field_category_id' => $profileFieldCategory->id])->all() as $profileField) { $profileField->editable = true; if (!in_array($profileField->internal_name, $safeAttributes)) { if ($profileField->visible && $this->scenario != 'registration') { $profileField->editable = false; } else { continue; } } // Dont allow editing of ldap syned fields - will be overwritten on next ldap sync. if (in_array($profileField->internal_name, $syncAttributes)) { $profileField->editable = false; } $fieldDefinition = $profileField->fieldType->getFieldFormDefinition(); $category['elements'] = array_merge($category['elements'], $fieldDefinition); $profileField->fieldType->loadDefaults($this); } $definition['elements']['category_' . $profileFieldCategory->id] = $category; } return $definition; }
public function getAuthClients() { if ($this->_authClients === null) { $this->_authClients = AuthClientHelpers::getAuthClientsByUser($this->getIdentity()); } return $this->_authClients; }
/** * Registers users * * @return boolean state */ public function register(\yii\authclient\ClientInterface $authClient = null) { $this->models['User']->language = Yii::$app->language; if ($this->enableUserApproval) { $this->models['User']->status = User::STATUS_NEED_APPROVAL; $this->models['User']->registrationGroupId = $this->models['GroupUser']->group_id; } if ($this->models['User']->save()) { // Save User Profile $this->models['Profile']->user_id = $this->models['User']->id; $this->models['Profile']->save(); if ($this->models['GroupUser']->validate()) { $this->models['GroupUser']->user_id = $this->models['User']->id; $this->models['GroupUser']->save(); } if ($this->enablePasswordForm) { // Save User Password $this->models['Password']->user_id = $this->models['User']->id; $this->models['Password']->setPassword($this->models['Password']->newPassword); $this->models['Password']->save(); } if ($authClient !== null) { \humhub\modules\user\authclient\AuthClientHelpers::storeAuthClientForUser($authClient, $this->models['User']); $authClient->trigger(\humhub\modules\user\authclient\BaseClient::EVENT_CREATE_USER, new \yii\web\UserEvent(['identity' => $this->models['User']])); } return true; } return false; }
/** * Login user * * @param User $user * @param \yii\authclient\BaseClient $authClient * @return Response the current response object */ protected function login($user, $authClient) { $redirectUrl = ['/user/auth/login']; if ($user->status == User::STATUS_ENABLED) { $duration = 0; if ($authClient instanceof \humhub\modules\user\authclient\BaseFormAuth) { if ($authClient->login->rememberMe) { $duration = Yii::$app->getModule('user')->loginRememberMeDuration; } } AuthClientHelpers::updateUser($authClient, $user); if (Yii::$app->user->login($user, $duration)) { Yii::$app->user->setCurrentAuthClient($authClient); $url = Yii::$app->user->returnUrl; } } elseif ($user->status == User::STATUS_DISABLED) { Yii::$app->session->setFlash('error', 'Your account is disabled!'); } elseif ($user->status == User::STATUS_NEED_APPROVAL) { Yii::$app->session->setFlash('error', 'Your account is not approved yet!'); } else { Yii::$app->session->setFlash('error', 'Unknown user status!'); } if (Yii::$app->request->getIsAjax()) { return $this->htmlRedirect($redirectUrl); } return $this->redirect($redirectUrl); }