private function initLDAP($secure = true, $rdn = null, $pwd = null) { return initLDAP($secure, $rdn, $pwd, array($this, "ldapError")); }
/** * realization of authenticate() from iRestAuthModule */ public function authenticate() { //if ( ! isset($this->_userid) ) { if (true) { if (!is_null($this->getParam("userid")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) { // SAML Token auth $keys = new Default_Model_APIKeys(); $keys->filter->key->equals($this->getParam("apikey")); if (count($keys->items) === 1) { if ($this->_validateAPIKey($keys->items[0])) { $u = new Default_Model_UserCredentials(); $u->filter->researcherid->equals($this->getParam("userid"))->and($u->filter->sessionid->equals($this->getParam("sessionid"))->and($u->filter->token->equals($this->getParam("passwd")))); if (count($u->items) > 0) { $u = new Default_Model_Researchers(); $u->filter->id->equals($this->getParam("userid")); if (count($u->items) > 0) { $this->_userid = $u->items[0]->id; $this->_userGroups = $u->items[0]->actorGroups; return $this->_validateAPIKeyAuthMethod($keys->items[0], $u->items[0]); } } } } } elseif (!is_null($this->getParam("username")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) { // EGI SSO Account auth $keys = new Default_Model_APIKeys(); $keys->filter->key->equals(trim($this->getParam("apikey"))); if (count($keys->items) === 1) { if ($this->_validateAPIKey($keys->items[0])) { //$u = new Default_Model_Researchers(); //$u->filter->username->equals($this->getParam("username")); $u = new Default_Model_UserAccounts(); $u->filter->account_type->equals('egi-sso-ldap')->and($u->filter->accountid->equals($this->getParam("username"))); if (count($u->items) > 0) { $username = $this->getParam("username"); $userid = $u->items[0]->researcherid; $u = $u->items[0]->researcher; $this->_userGroups = $u->actorGroups; } else { $username = null; } if ($username !== null) { $username = "******" . $username . ",ou=people,dc=egi,dc=eu"; $password = $this->getParam('passwd'); $ds = initLDAP(true, $username, $password, 'RestResource::ldapErrorFunc'); if (is_resource($ds)) { //login info was valid ldap_close($ds); // error_log('API call authenticated'); $this->_userid = $userid; $_GET['userid'] = $userid; return $this->_validateAPIKeyAuthMethod($keys->items[0], $u); } else { error_log('API call authentication failed'); } } } } } elseif (!is_null($this->getParam("accesstoken"))) { $actor = AccessTokens::getActorByToken($this->getParam("accesstoken"), true); if ($actor !== null) { if ($actor->type === "ppl") { $this->_userid = $actor->id; $_GET['userid'] = $actor->id; return true; } } else { error_log("API call authentication failed: cannot map access token to actor (invalid token?)"); } } $this->_userid = 0; return false; } else { return $this->_userid !== 0; } }