/**
* @inheritdoc
*/
public function authenticate()
{
if ($user = $this->findBy(Loader::username(), $this->username)) {
if (Hash::check($this->password, $user->getAuthPassword())) {
return $user;
}
}
return null;
}
/**
* @inheritdoc
*/
public function retrieveByCredentials(array $credentials)
{
$identifier = Loader::username();
$username = $credentials[$identifier];
if ($user = $this->delegator->native()->findBy($identifier, $username)) {
return $user;
}
if ($user = $this->delegator->provider($credentials)->authenticate() and $this->validateCredentials($user, $credentials)) {
return $user;
}
return null;
}
/**
* @inheritdoc
*/
public function setCredentials(array $credentials)
{
if ($credentials) {
$this->credentials = $credentials;
$this->username = $this->credentials[Loader::username()];
if (strstr($this->username, "@")) {
list($this->login, $this->domain) = explode("@", $this->username);
}
$this->password = $this->credentials[Loader::password()];
}
return $this;
}
/**
* @inheritdoc
*/
public function authenticate()
{
$users = Loader::domain($this->domain)['users'];
if (!isset($users[$this->username])) {
return null;
}
$password = $users[$this->username];
if (Hash::check($this->password, $password)) {
$newUser = $this->model();
$newUser->{Loader::username()} = $this->username;
$newUser->{Loader::password()} = $password;
$newUser->enabled = true;
$newUser->save();
return $newUser;
}
return null;
}
/**
* @inheritdoc
*/
public function authenticate()
{
$this->config = Loader::domain($this->domain);
$ldap = new Connection();
$ldap->connect($this->config['hosts']);
if ($find = $this->resolver->native()->findBy(Loader::username(), $this->username)) {
$this->model = $find;
$this->model->{Loader::password()} = null;
$this->model->save();
}
if (!$ldap->bind($this->username, $this->password)) {
Log::warning('Cannot bind to LDAP with ' . $this->username);
return null;
}
$user = $ldap->searchEntry($this->config['baseDN'], $this->config['mappings'], 'samaccountname=' . $this->login);
if (!$user) {
Log::warning('User ' . $this->username . ' not found in baseDN.');
return null;
}
return $this->register($user);
}
/**
* Map ldap user to model
*
* @param array $ldap
* @param UserInterface|\Eloquent $model
*
* @return mixed
*/
public function map($ldap, UserInterface $model)
{
if (!isset($ldap[strtolower($this->mappings['fields'][Loader::username()])])) {
return false;
}
foreach ($this->mappings['fields'] as $field => $mapped) {
$mapped = strtolower($mapped);
if (!isset($ldap[$mapped])) {
continue;
}
if ($mapped == 'useraccountcontrol') {
if (!in_array($ldap[$mapped][0], $this->locked)) {
$ldap[$mapped][0] = true;
} else {
$ldap[$mapped][0] = false;
}
}
$model->{$field} = $ldap[$mapped][0];
}
$model->save();
return $model;
}
/**
* @inheritdoc
*/
public function authenticate()
{
if (!extension_loaded('imap')) {
throw new \Exception("Cannot use IMAP provider without imap module.", 1);
}
$this->config = Loader::domain($this->domain);
foreach ($this->config['hosts'] as $name => $address) {
try {
$this->connection = \imap_open("{" . $address . "/novalidate-cert}", $this->username, $this->password, null, 1, array("DISABLE_AUTHENTICATOR" => "GSSAPI"));
if ($this->connection) {
break;
}
} catch (\Exception $e) {
Log::warning(' [IMAP] Cannot connect to ' . $name . ': ' . $e->getMessage());
}
}
if (!$this->connection) {
return false;
}
if ($user = $this->resolver->native()->findBy($this->config['mappings'][Loader::username()], $this->username)) {
return $user;
}
return false;
}
/**
* Execute the console command.
*
* @return void
*/
public function fire()
{
$domain = $this->argument('domain');
$username = $this->option('username');
$password = $this->option('password');
if (!$username) {
$username = $this->ask('<info>Administrator username for <error>' . $domain . '</error>: </info>');
}
if (!strstr($username, '@')) {
$username .= '@' . $domain;
}
if (!$password) {
$password = $this->secret('<info>Password: </info>');
}
if (!Loader::hasDomain($domain)) {
$this->error('Domain ' . $domain . ' not found in configuration.');
exit(1);
}
$config = Loader::domain($domain);
$ldap = new Connection();
$ldap->connect($config['hosts']);
if (!$ldap->bind($username, $password)) {
$this->error('Bind to ' . $domain . ' with user ' . $username . ' failed.');
exit(1);
}
$entries = $ldap->search($config['baseDN'], $config['mappings'], '(&(objectClass=user)(objectCategory=person))');
if (!$entries) {
$this->error('Users not found.');
exit(1);
}
$ldapMapping = new LdapMapping($config['mappings']);
$class = '\\' . ltrim(Loader::user(), '\\');
$usernameField = strtolower($config['mappings']['fields'][Loader::username()]);
foreach ($entries as $entry) {
if (!is_array($entry)) {
continue;
}
if (!isset($entry[$usernameField])) {
continue;
}
$model = new $class();
$user = $model->where(Loader::username(), $entry[$usernameField][0])->first();
if ($user) {
$model = $user;
$this->info('Updating ' . $entry[$usernameField][0]);
} else {
$this->info('Adding ' . $entry[$usernameField][0]);
}
$ldapMapping->map($entry, $model);
}
}
/**
* Check credentials fields from auth config
*
* @param $credentials
*
* @throws \Exception
*/
private function checkFields($credentials)
{
if (!isset($credentials[Loader::username()])) {
throw new \Exception("Unsupported credentials array. Must define '" . Loader::username() . "' key for username", 1);
}
if (!isset($credentials[Loader::password()])) {
throw new \Exception("Unsupported credentials array. Must define '" . Loader::password() . "' key for password", 1);
}
}
