/**
* Method to get the field input markup.
*
* @return string The field input markup.
*
* @since 1.6
*/
protected function getInput()
{
$html = array();
$attr = '';
// Initialize some field attributes.
$attr .= $this->element['class'] ? ' class="' . (string) $this->element['class'] . '"' : '';
$attr .= (string) $this->element['disabled'] == 'true' ? ' disabled="disabled"' : '';
$attr .= $this->element['size'] ? ' size="' . (int) $this->element['size'] . '"' : '';
// Initialize JavaScript field attributes.
$attr .= $this->element['onchange'] ? ' onchange="' . (string) $this->element['onchange'] . '"' : '';
// Get some field values from the form.
$id = (int) $this->form->getValue('id');
$db = JFactory::getDbo();
$table = SHFactory::getConfig()->get('ldap:table', '#__sh_ldap_config');
$query = $db->getQuery(true);
// Build the query for the ordering list
$query->select('ordering AS value')->select('name AS text')->select($db->quoteName('id'))->from($db->quoteName($table))->order($db->quoteName('ordering'));
if ((string) $this->element['readonly'] == 'true') {
// Create a read-only list (no name) with a hidden input to store the value.
$html[] = JHtml::_('list.ordering', '', (string) $query, trim($attr), $this->value, $id ? 0 : 1);
$html[] = '<input type="hidden" name="' . $this->name . '" value="' . $this->value . '"/>';
} else {
// Create a regular list.
$html[] = JHtml::_('list.ordering', $this->name, (string) $query, trim($attr), $this->value, $id ? 0 : 1);
}
return implode($html);
}
public function testConfigInvalidSource()
{
$this->setExpectedException('InvalidArgumentException', 'LIB_SHLDAPHELPER_ERR_10601', 10601);
// Change it to a invalid LDAP config source
$platform = SHFactory::getConfig('file', array('file' => static::PLATFORM_CONFIG_FILE, 'namespace' => 'single'));
$platform->set('ldap.config', 84);
SHLdapHelper::getConfig(null, $platform);
}
/**
* Constructor
*
* @param object &$subject The object to observe
* @param array $config An array that holds the plugin configuration
*
* @since 2.0
*/
public function __construct(&$subject, $config = array())
{
parent::__construct($subject, $config);
$this->loadLanguage();
$this->templateName = $this->params->get('template_name', 'default');
$this->templateBase = $this->params->get('template_base', JPATH_PLUGINS . '/ldap/creation/templates');
$this->domain = SHFactory::getConfig()->get('ldap.defaultconfig');
}
/**
* Initialises and imports the Shmanic platform and project libraries.
* This is fired on application initialise typically by the CMS.
*
* @return void
*
* @since 2.0
*/
public function onAfterInitialise()
{
// Check if the Shmanic platform has already been imported
if (!defined('SHPATH_PLATFORM')) {
$platform = JPATH_PLATFORM . '/shmanic/import.php';
if (!file_exists($platform)) {
// Failed to find the import file
return false;
}
// Shmanic Platform import
if (!(include_once $platform)) {
// Failed to import the Shmanic platform
return false;
}
}
// Import the logging method
SHLog::import($this->params->get('log_group', 'shlog'));
// Container to store project specific import results
$results = array();
// Use the default SQL configuration
$config = SHFactory::getConfig();
// Get all the importable projects
if ($imports = json_decode($config->get('platform.import'))) {
foreach ($imports as $project) {
// Attempts to import the specified project
$results[] = shImport(trim($project));
}
}
// Fire the onAfterInitialise for all the registered imports/projects
JDispatcher::getInstance()->trigger('onSHPlaformInitialise');
if (in_array(false, $results, true)) {
// One of the specific projects failed to import
return false;
}
// Everything imported successfully
return true;
}
/**
* Returns all the Ldap configured IDs and names in an associative array
* where [id] => [name].
*
* @param JRegistry $registry Platform configuration.
*
* @return Array Array of configured IDs
*
* @since 2.0
*/
public static function getConfigIDs($registry = null)
{
// Get the Ldap configuration from the factory
$registry = is_null($registry) ? SHFactory::getConfig() : $registry;
// Get the Ldap configuration source (e.g. sql | plugin | file)
$source = (int) $registry->get('ldap.config', self::CONFIG_SQL);
if ($source === self::CONFIG_SQL) {
// Get the database table using the sh_ldap_config as default
$table = $registry->get('ldap.table', '#__sh_ldap_config');
// Get the global JDatabase object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
// Do the SQL query
$query->select($db->quoteName('id'))->select($db->quoteName('name'))->from($db->quoteName($table))->where($db->quoteName('enabled') . ' >= ' . $db->quote('1'));
$db->setQuery($query);
// Execute the query
$results = $db->loadAssocList('id', 'name');
return $results;
} elseif ($source === self::CONFIG_FILE) {
// Grab the LDAP configuration file path from the registry and include it
if ($file = $registry->get('ldap.file', JPATH_CONFIGURATION . '/ldap.php')) {
@(include_once $file);
}
// Lets find all classes in the LDAP configuration file
$classes = array_values(preg_grep('/(' . self::CONFIG_PREFIX . '){1}\\w*/i', get_declared_classes()));
if (!empty($classes)) {
$namespaces = $classes;
// Retrieve the namespaces from the classes
foreach ($namespaces as &$namespace) {
$namespace = str_ireplace(self::CONFIG_PREFIX, '', $namespace);
}
return $namespaces;
}
// There are no namespaces, there return an array with one null element
return array(null);
}
}
/**
* This method handles the user adapter authorisation and reports
* back to the subject. This method is also used for single sign on.
*
* There is no custom logging in the authentication.
*
* @param array $response Authentication response object from onUserAuthenticate()
* @param array $options Array of extra options
*
* @return JAuthenticationResponse Authentication response object
*
* @since 2.0
*/
public function onUserAuthorisation($response, $options = array())
{
// Create a new authentication response
$retResponse = new JAuthenticationResponse();
// Check if some other authentication system is dealing with this request
if (!empty($response->type) && strtoupper($response->type) !== self::AUTH_TYPE) {
return $retResponse;
}
// Check the Shmanic platform has been imported
if (!$this->_checkPlatform()) {
// Failed to import the platform
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('PLG_AUTHENTICATION_SHADAPTER_ERR_12601');
return false;
}
$response->type = self::AUTH_TYPE;
/*
* Attempt to authorise with User Adapter. This method will automatically detect
* the correct configuration (if multiple ones are specified) and return a
* SHUserAdapter object. If this method returns false, then the authorise was
* unsuccessful - basically the user was not found or configuration was
* bad.
*/
try {
// Setup user adapter injecting the domain from SSO if specified
$credentials = array('username' => $response->username);
if (isset($options['domain'])) {
$credentials['domain'] = $options['domain'];
}
$adapter = SHFactory::getUserAdapter($credentials);
// Get the authorising user dn
$id = $adapter->getId(false);
} catch (Exception $e) {
// Configuration or authorisation failure
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
return;
}
try {
// Let's get the user attributes
$attributes = $adapter->getAttributes();
if (!is_array($attributes) || !count($attributes)) {
// No attributes therefore error
throw new Exception(JText::_('PLG_AUTHENTICATION_SHADAPTER_ERR_12611'), 12611);
}
} catch (Exception $e) {
// Error getting user attributes.
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('PLG_AUTHENTICATION_SHADAPTER_ERR_12611');
// Process a error log
SHLog::add($e, 12622, JLog::ERROR, 'auth');
return false;
}
// Set the required Joomla specific user fields with the returned User Adapter Attributes
$response->username = $adapter->getUid();
$response->fullname = $adapter->getFullname();
$response->email = $adapter->getEmail();
// The adapter type needs to be set before returning the response
$response->type = $adapter->getType();
if (SHFactory::getConfig()->get('user.nullpassword')) {
// Do not store password in Joomla database
$response->password_clear = '';
}
/*
* Everything appears to be a success and therefore we shall log the user login
* then report back to the subject.
*/
SHLog::add(JText::sprintf('PLG_AUTHENTICATION_SHADAPTER_INFO_12612', $response->username), 12612, JLog::INFO, 'auth');
$retResponse->status = JAuthentication::STATUS_SUCCESS;
unset($adapter);
return $retResponse;
}
/**
* Loads the profile XML and passes it to the form to load the fields (excluding data).
*
* @param JForm $form The form to be altered.
* @param array $data The associated data for the form.
*
* @return boolean
*
* @since 2.0
*/
public function onContentPrepareForm($form, $data)
{
// Check if the profile parameter is enabled
if (!$this->use_profile)
{
return true;
}
if (!($form instanceof JForm))
{
$this->_subject->setError('JERROR_NOT_A_FORM');
return false;
}
// Check we are manipulating a valid form
if (!in_array($form->getName(), $this->permittedForms))
{
return true;
}
$showForm = true;
$domain = null;
// Check if this user should have a profile
if ($userId = isset($data->id) ? $data->id : 0)
{
if (SHLdapHelper::isUserLdap($userId))
{
$domain = SHUserHelper::getDomainParam($data);
}
else
{
$showForm = false;
}
}
elseif (!JFactory::getUser()->guest)
{
/*
* Sometimes the $data variable is not populated even when an edit is required.
* This means we have to check the form post data directly for the user ID.
* We do not worry about frontend registrations as we check for guest.
* If there is no form posted then this could be a backend registration.
*/
if ($inForm = JFactory::getApplication()->input->get('jform', false, 'array'))
{
$id = SHUtilArrayhelper::getValue($inForm, 'id', 0, 'int');
if ($id === 0)
{
// Ask all plugins if there is a plugin willing to deal with user creation for ldap
if (count($results = SHFactory::getDispatcher('ldap')->trigger('askUserCreation')))
{
// Due to being unaware of the domain for this new user, we are forced to use the default domain
$domain = SHFactory::getConfig()->get('ldap.defaultconfig');
}
else
{
// LDAP creation not enabled
$showForm = false;
}
}
else
{
if (SHLdapHelper::isUserLdap($id))
{
// Existing ldap user
$domain = SHUserHelper::getDomainParam($id);
}
else
{
// Existing non-ldap user
$showForm = false;
}
}
}
}
if ($showForm)
{
// We have to launch the getxmlfields to correctly include languages
$this->getXMLFields($domain);
// Get the File and Path for the Profile XML
$file = $this->getXMLFileName($domain);
$xmlPath = $this->profile_base . '/' . $file . '.xml';
// Load in the profile XML file to the form
if (($xml = JFactory::getXML($xmlPath, true)) && ($form->load($xml, false, false)))
{
// Successfully loaded in the XML
return true;
}
}
}
/**
* Method to get a JDatabaseQuery object for retrieving the data set from a database.
*
* @return JDatabaseQuery A JDatabaseQuery object to retrieve the data set.
*
* @since 2.0
*/
public function getListQuery()
{
// Create a new query object.
$db = $this->getDbo();
$query = $db->getQuery(true);
// Select the required fields from the table.
$query->select($db->escape($this->getState('list.select', 'a.*')));
$query->from($db->quoteName(SHFactory::getConfig()->get('ldap.table', '#__sh_ldap_config')) . ' AS a');
// Filter the items over the search string if set.
$search = $this->getState('filter.search');
if (!empty($search)) {
if (stripos($search, 'id:') === 0) {
$query->where($db->quoteName('a.id') . ' = ' . $db->quote((int) substr($search, 3)));
} else {
// Note: * we use an escape so no quote required *
$search = $db->quote('%' . $db->escape($search, true) . '%');
$query->where('(' . $db->quoteName('name') . ' LIKE ' . $search . ')');
}
}
// Add the list ordering clause.
$query->order($db->escape($this->getState('list.ordering', 'ordering')) . ' ' . $db->escape($this->getState('list.direction', 'ASC')));
return $query;
}
/**
* Constructor
*
* @param object &$db Database object
*
* @since 2.0
*/
public function __construct(&$db)
{
$this->table = SHFactory::getConfig()->get('ldap.table', '#__sh_ldap_config');
parent::__construct($this->table, 'id', $db);
}
/**
* This method returns a user object. If options['autoregister'] is true,
* and if the user doesn't exist, then it'll be created.
*
* @param array $user Holds the user data.
* @param array &$options Array holding options (remember, autoregister, group).
*
* @return JUser A JUser object containing the user.
*
* @since 1.0
* @throws Exception
*/
public static function getUser(array $user, &$options = array())
{
$instance = JUser::getInstance();
if (isset($options['adapter']))
{
// Tell the getUser to store the auth_type and auth_config based on whats inside the adapter
$options['type'] = isset($options['type']) ? $options['type'] : $options['adapter']::getType();
$options['domain'] = isset($options['domain']) ? $options['domain'] : $options['adapter']->getDomain();
}
// Check if the user already exists in the database
if ($id = intval(JUserHelper::getUserId($user['username'])))
{
$instance->load($id);
// Inject the type and domain into this object if they are set
if (isset($options['type']))
{
if ($instance->getParam(self::PARAM_AUTH_TYPE) != $options['type'])
{
$options['change'] = true;
$instance->setParam(self::PARAM_AUTH_TYPE, $options['type']);
}
}
if (isset($options['domain']))
{
if ($instance->getParam(self::PARAM_AUTH_DOMAIN) != $options['domain'])
{
$options['change'] = true;
$instance->setParam(self::PARAM_AUTH_DOMAIN, $options['domain']);
}
}
return $instance;
}
// ** The remainder of this method is for new users only **
$config = SHFactory::getConfig();
// Deal with auto registration flags
$autoRegister = (int) $config->get('user.autoregister', 1);
if ($autoRegister === 0 || $autoRegister === 1)
{
// Inherited Auto-registration
$options['autoregister'] = isset($options['autoregister']) ? $options['autoregister'] : $autoRegister;
}
else
{
// Override Auto-registration
$options['autoregister'] = ($autoRegister === 2) ? 1 : 0;
}
// Deal with the default group
jimport('joomla.application.component.helper');
$comUsers = JComponentHelper::getParams('com_users', true);
if ($comUsers === false)
{
// Check if there is a default set in the SHConfig
$defaultUserGroup = $config->get('user.defaultgroup', 2);
}
else
{
// Respect Joomla's default user group
$defaultUserGroup = $comUsers->get('new_usertype', 2);
}
// Setup the user fields for this new user
$instance->set('id', 0);
$instance->set('name', $user['fullname']);
$instance->set('username', $user['username']);
$instance->set('password_clear', $user['password_clear']);
$instance->set('email', $user['email']);
$instance->set('usertype', 'depreciated');
$instance->set('groups', array($defaultUserGroup));
// Set the User Adapter parameters
if (isset($options['type']))
{
$instance->setParam(self::PARAM_AUTH_TYPE, $options['type']);
}
if (isset($options['domain']))
{
$instance->setParam(self::PARAM_AUTH_DOMAIN, $options['domain']);
}
// If autoregister is set, register the user
if ($options['autoregister'])
{
if (!self::save($instance))
{
// Failed to save the user to the database
throw new Exception(JText::sprintf('LIB_SHUSERHELPER_ERR_10501', $user['username'], $instance->getError()), 10501);
}
}
else
{
// We don't want to proceed if autoregister is not enabled
throw new Exception(JText::sprintf('LIB_SHUSERHELPER_ERR_10502', $user['username']), 10502);
}
return $instance;
}
/**
* Returns whether SSO is allowed to perform actions in the current session.
*
* @return integer True if session is enabled or False if SSO disabled.
*
* @since 1.0
*/
public static function status()
{
$config = SHFactory::getConfig();
$behaviour = (int) $config->get('sso.behaviour', 1);
$status = JFactory::getSession()->get(self::SESSION_STATUS_KEY, false);
if ($status === false) {
$status = self::STATUS_ENABLE;
}
$status = (int) $status;
if ($status === self::STATUS_BYPASS_DISABLE) {
if ($behaviour !== 1) {
// Manual bypass is activated
return self::STATUS_BYPASS_DISABLE;
}
} elseif ($behaviour === 2 || $behaviour === 0) {
$formLogin = true;
// Get the login tasks and check if username can be null to sso
$tasks = json_decode($config->get('sso.logintasks', '[]'));
$usernameField = $config->get('sso.checkusernull', true);
// Check if the URL contains this key and the value assigned to it
$input = new JInput();
$task = $input->get('task', false);
if (!in_array($task, $tasks) || !JSession::checkToken() || $usernameField && $input->get('username', null)) {
$formLogin = false;
}
if ($status === self::STATUS_LOGOUT_DISABLE) {
// Logout bypass is activated
if (!$formLogin) {
return self::STATUS_LOGOUT_DISABLE;
}
} elseif ($status === self::STATUS_ENABLE) {
if ($behaviour === 0 && !$formLogin) {
return self::STATUS_BEHAVIOUR_DISABLED;
}
}
}
// Default to SSO enabled
return self::STATUS_ENABLE;
}
/**
* Entry point for the script.
*
* @return void
*
* @since 2.0
*/
public function doExecute()
{
// Setup some stats
$failed = 0;
$success = 0;
$errors = array();
// It appears we have to tell the system we are running with the site otherwise bad things happen
JFactory::getApplication('site');
$this->out(JText::_('CLI_SHMANIC_LDAP_INFO_13001'));
// Get all the valid configurations
if (!($configs = SHLdapHelper::getConfig())) {
// Failed to find any Ldap configs
$this->out(JText::_('CLI_SHMANIC_LDAP_ERR_13003'));
$this->close(1);
}
// Check if only a single config was found
if ($configs instanceof JRegistry) {
/*
* To make things easier, we pretend we returned multiple Ldap configs
* by casting the single entry into an array.
*/
$configs = array($configs);
}
$count = count($configs);
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13002', $count))->out();
// Loop around each LDAP configuration
foreach ($configs as $config) {
try {
// Get a new Ldap object
$ldap = new SHLdap($config);
// Bind with the proxy user
if (!$ldap->authenticate(SHLdap::AUTH_PROXY)) {
// Something is wrong with this LDAP configuration - cannot bind to proxy user
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13011', $ldap->info), 13011);
unset($ldap);
continue;
}
// Get all the Ldap users in the directory
if (!($result = $ldap->search(null, $ldap->allUserFilter, array('dn', $ldap->keyUid)))) {
// Failed to search for all users in the directory
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13012', $ldap->getErrorMsg()), 13012);
unset($ldap);
continue;
}
// Loop around each Ldap user
for ($i = 0; $i < $result->countEntries(); ++$i) {
// Get the Ldap username (case insensitive)
if (!($username = strtolower($result->getValue($i, $ldap->keyUid, 0)))) {
continue;
}
try {
// Check if this user is in the blacklist
if ($blacklist = (array) json_decode(SHFactory::getConfig()->get('user.blacklist'))) {
if (in_array($username, $blacklist)) {
throw new RuntimeException(JText::_('CLI_SHMANIC_LDAP_ERR_13025'), 13025);
}
}
// Create the new user adapter
$adapter = new SHUserAdaptersLdap(array('username' => $username), $config);
// Get the Ldap DN
if (!($dn = $adapter->getId(false))) {
continue;
}
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13020', $username));
// Get the Ldap user attributes
$source = $adapter->getAttributes();
// Get the core mandatory J! user fields
$username = $adapter->getUid();
$fullname = $adapter->getFullname();
$email = $adapter->getEmail();
if (empty($fullname)) {
// Full name doesnt exist; use the username instead
$fullname = $username;
}
if (empty($email)) {
// Email doesnt exist; cannot proceed
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13022'), 13022);
}
// Create the user array to enable creating a JUser object
$user = array('fullname' => $fullname, 'username' => $username, 'password_clear' => null, 'email' => $email);
// Create a JUser object from the Ldap user
$options = array('adapter' => &$adapter);
$instance = SHUserHelper::getUser($user, $options);
if ($instance === false) {
// Failed to get the user either due to save error or autoregister
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13024'), 13024);
}
// Fire the Ldap specific on Sync feature
$sync = SHLdapHelper::triggerEvent('onLdapSync', array(&$instance, $options));
// Check if the synchronise was successfully and report
if ($sync !== false) {
// Even if the sync does not need a save, do it anyway as Cron efficiency doesnt matter too much
SHUserHelper::save($instance);
// Update the user map linker
SHAdapterMap::setUser($adapter, $instance->id);
// Above should throw an exception on error so therefore we can report success
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13029', $username));
++$success;
} else {
throw new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13026'), 13026);
}
unset($adapter);
} catch (Exception $e) {
unset($adapter);
++$failed;
$errors[] = new Exception(JText::sprintf('CLI_SHMANIC_LDAP_ERR_13028', $username, $e->getMessage()), $e->getCode());
}
}
} catch (Exception $e) {
$errors[] = new Exception(JText::_('CLI_SHMANIC_LDAP_ERR_13004'), 13004);
}
}
// Print out some results and stats
$this->out()->out()->out(JText::_('CLI_SHMANIC_LDAP_INFO_13032'))->out();
$this->out(JText::_('CLI_SHMANIC_LDAP_INFO_13038'));
foreach ($errors as $error) {
if ($error instanceof Exception) {
$this->out(' ' . $error->getCode() . ': ' . $error->getMessage());
} else {
$this->out(' ' . (string) $error);
}
}
$this->out()->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13034', $success));
$this->out(JText::sprintf('CLI_SHMANIC_LDAP_INFO_13036', $failed));
$this->out()->out('============================');
}
/**
* TODO: move to a SHPlatform specific test in the future
*/
public function testSHPlatformFactoryBadConfig()
{
$this->setExpectedException('RuntimeException', 'LIB_SHPLATFORM_ERR_1121', 1121);
$platform = SHFactory::getConfig('file', array('file' => static::PLATFORM_CONFIG_FILE, 'namespace' => 'asdas'));
}
/**
* Returns all the Ldap configured IDs and names in an associative array
* where [id] => [name].
*
* @param JRegistry $registry Platform configuration.
*
* @return Array Array of configured IDs
*
* @since 2.0
*/
public static function getConfigIDs($registry = null)
{
// Get the Ldap configuration from the factory
$registry = (is_null($registry)) ? SHFactory::getConfig() : $registry;
// Get the Ldap configuration source (e.g. sql | plugin | file)
$source = (int) $registry->get('ldap.config', self::CONFIG_SQL);
if ($source === self::CONFIG_SQL)
{
// Get the database table using the sh_ldap_config as default
$table = $registry->get('ldap.table', '#__sh_ldap_config');
// Get the global JDatabase object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
// Do the SQL query
$query->select($db->quoteName('id'))
->select($db->quoteName('name'))
->from($db->quoteName($table))
->where($db->quoteName('enabled') . ' >= ' . $db->quote('1'));
$db->setQuery($query);
// Execute the query
$results = $db->loadAssocList('id', 'name');
return $results;
}
elseif ($source === self::CONFIG_FILE)
{
// Generate the namesapce
if ($namespaces = $registry->get('ldap.namespaces', false))
{
// Split multiple namespaces
$namespaces = explode(';', $namespaces);
return $namespaces;
}
// There are no namespaces, there return an array with one null element
return array(null);
}
}
/**
* Find the correct Ldap parameters based on the authorised and configuration
* specified. If found then return the successful Ldap object.
*
* Note: you can use SHLdap::lastUserDn for the user DN instead of rechecking again.
*
* @param integer|string $id Optional configuration record ID.
* @param Array $authorised Optional authorisation/authentication options (authenticate, username, password).
* @param JRegistry $registry Optional override for platform configuration registry.
*
* @return SHLdap An Ldap object on successful authorisation or False on error.
*
* @since 2.0
* @throws InvalidArgumentException Invalid configurations
* @throws SHExceptionStacked User or configuration issues (may not be important)
*/
public static function getInstance($id = null, array $authorised = array(), JRegistry $registry = null)
{
// Get the platform registry config from the factory if required
$registry = is_null($registry) ? SHFactory::getConfig() : $registry;
// Get the optional authentication/authorisation options
$authenticate = SHUtilArrayhelper::getValue($authorised, 'authenticate', self::AUTH_NONE);
$username = SHUtilArrayhelper::getValue($authorised, 'username', null);
$password = SHUtilArrayhelper::getValue($authorised, 'password', null);
// Get all the Ldap configs that are enabled and available
$configs = SHLdapHelper::getConfig($id, $registry);
// Check if only one configuration result was found
if ($configs instanceof JRegistry)
{
// Wrap this around an array so we can use the same code below
$configs = array($configs);
}
// Keep a record of any exceptions called and only log them after
$errors = array();
// Loop around each of the Ldap configs until one authenticates
foreach ($configs as $config)
{
try
{
// Get a new SHLdap object
$ldap = new SHLdap($config);
// Check if the authenticate/authentication is successful
if ($ldap->authenticate($authenticate, $username, $password))
{
// This is the correct configuration so return the new client
return $ldap;
}
}
catch (Exception $e)
{
// Add the error to the stack
$errors[] = $e;
}
unset($ldap);
}
// Failed to find any configs to match
if (count($errors) > 1)
{
// More than one config caused issues, use the stacked exception
throw new SHExceptionStacked(JText::_('LIB_SHLDAP_ERR_10411'), 10411, $errors);
}
else
{
// Just rethrow the one exception
throw $errors[0];
}
}
/**
* Calls the logoutRemoteUser method within SSO plug-in if the user
* was logged on with SSO.
*
* @return void
*
* @since 2.0
*/
public function logout()
{
$session = JFactory::getSession();
$app = JFactory::getApplication();
// Get the SSO plug-in name from login if we used SSO
if ($class = $session->get(SHSsoHelper::SESSION_PLUGIN_KEY, false)) {
// Lets disable SSO until the user requests login
SHSsoHelper::disable();
$router = $app->getRouter();
// We need to add a callback on the router to tell the routed page we just logged out from SSO
$router->setVar('ssologoutkey', SHFactory::getConfig()->get('sso.bypasskey', 'nosso'));
$router->setVar('ssologoutval', $session->get(SHSsoHelper::SESSION_STATUS_KEY, SHSsoHelper::STATUS_ENABLE));
$router->attachBuildRule('SHSso::logoutRouterRule');
$index = array_search($class, $this->_observers);
// Ensure the SSO plug-in is still available
if ($index !== false && method_exists($this->_observers[$index], 'logoutRemoteUser')) {
$this->_observers[$index]->logoutRemoteUser();
}
}
}
* @copyright Copyright (C) 2011-2013 Shaun Maunder. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('JPATH_PLATFORM') or die;
if (!defined('SHPATH_PLATFORM')) {
// Load the platform
require_once JPATH_PLATFORM . '/shmanic/import.php';
}
if (!defined('SHLDAP_VERSION')) {
// Define the JMapMyLDAP version
define('SHLDAP_VERSION', SHFactory::getConfig()->get('ldap.version'));
}
// Load the global Ldap language file
JFactory::getLanguage()->load('shmanic_ldap', JPATH_ROOT);
// Push the reqcert setting if defined
if ($reqcert = (int) SHFactory::getConfig()->get('ldap.reqcert', 0)) {
if ($reqcert === 1) {
putenv('LDAPTLS_REQCERT=never');
} elseif ($reqcert === 2) {
putenv('LDAPTLS_REQCERT=allow');
} elseif ($reqcert === 3) {
putenv('LDAPTLS_REQCERT=try');
} elseif ($reqcert === 4) {
putenv('LDAPTLS_REQCERT=hard');
}
}
// Setup and get the Ldap dispatcher
$dispatcher = SHFactory::getDispatcher('ldap');
// Start the LDAP event debugger only if global jdebug is switched on
if (defined('JDEBUG') && JDEBUG && class_exists('SHLdapEventDebug')) {
new SHLdapEventDebug($dispatcher);
/**
* Method for attempting single sign on.
*
* @return boolean True on successful SSO or False on failure.
*
* @since 2.0
*/
protected function _attemptSSO()
{
// Check the required SSO libraries exist
if (!(class_exists('SHSsoHelper') && class_exists('SHSso'))) {
// Error: classes missing
SHLog::add(JText::_('LIB_SHSSOMONITOR_ERR_15001'), 15001, JLog::ERROR, 'sso');
return;
}
try {
$config = SHFactory::getConfig();
// Check if SSO is disabled via the session
if (SHSsoHelper::status() !== SHSsoHelper::STATUS_ENABLE) {
// It is disabled so do not continue
return;
}
SHSsoHelper::enable();
$forceLogin = false;
$userId = JFactory::getUser()->get('id');
if ($config->get('sso.forcelogin', false)) {
if ($userId) {
// Log out current user if detect user is not equal
$forceLogin = true;
}
} else {
if ($userId) {
// User already logged in and no forcelogout
return;
}
}
/*
* Lets check the IP rule is valid before we continue -
* if the IP rule is false then SSO is not allowed here.
*/
jimport('joomla.application.input');
$input = new JInput($_SERVER);
// Get the IP address of this client
$myIp = $input->get('REMOTE_ADDR', false, 'string');
// Get a list of the IP addresses specific to the specified rule
$ipList = json_decode($config->get('sso.iplist'));
// Get the rule value
$ipRule = $config->get('sso.iprule', SHSsoHelper::RULE_ALLOW_ALL);
if (!SHSsoHelper::doIPCheck($myIp, $ipList, $ipRule)) {
if (!$forceLogin) {
// This IP isn't allowed
SHLog::add(JText::_('LIB_SHSSO_DEBUG_15004'), 15004, JLog::DEBUG, 'sso');
}
return;
}
/*
* We are going to check if we are in backend.
* If so then we need to check if sso is allowed
* to execute on the backend.
*/
if (JFactory::getApplication()->isAdmin()) {
if (!$config->get('sso.backend', false)) {
if (!$forceLogin) {
// Not allowed to SSO on backend
SHLog::add(JText::_('LIB_SHSSO_DEBUG_15006'), 15006, JLog::DEBUG, 'sso');
}
return;
}
}
// Instantiate the main SSO library for detection & authentication
$sso = new SHSso($config->get('sso.plugintype', 'sso'));
$detection = $sso->detect();
if ($detection) {
// Check the detected user is not blacklisted
$blacklist = (array) json_decode($config->get('user.blacklist'));
if (in_array($detection['username'], $blacklist)) {
SHLog::add(JText::sprintf('LIB_SHSSO_DEBUG_15007', $detection['username']), 15007, JLog::DEBUG, 'sso');
// Detected user is blacklisted
return;
}
// Check if the current logged in user matches the detection
if ($forceLogin && strtolower($detection['username']) != strtolower(JFactory::getUser()->get('username'))) {
SHLog::add(JText::sprintf('LIB_SHSSO_DEBUG_15008', $detection['username']), 15008, JLog::DEBUG, 'sso');
// Need to logout the current user
JFactory::getApplication()->logout();
}
}
// Attempt the login
return $sso->login($detection);
} catch (Exception $e) {
SHLog::add($e, 15002, JLog::ERROR, 'sso');
}
}
public function onUserBeforeSaveGroup($form, $table, $isNew)
{
$groupname = $table->title;
try {
// We want to check if this group is an existing group in an Adapter
$adapter = SHFactory::getGroupAdapter($groupname);
$adapter->getId();
// We need to gather the adapter name to call the correct dispatcher
$adapterName = $adapter::getName();
} catch (Exception $e) {
// We will assume this group doesnt exist in an Adapter
$adapterName = false;
}
if ($adapterName) {
$event = SHAdapterEventHelper::triggerEvent($adapterName, 'onGroupBeforeSave', array($groupname, $isNew));
if ($event !== false) {
try {
// Commit the changes to the Adapter if present
SHAdapterHelper::commitChanges($adapter, true, true);
//TODO: newId
SHLog::add(JText::sprintf('LIB_SHADAPTEREVENTBOUNCER_DEBUG_10986', $groupname), 10986, JLog::DEBUG, $adapterName);
return true;
} catch (Excpetion $e) {
//TODO: newId
SHLog::add($e, 10981, JLog::ERROR, $adapterName);
}
}
return $event;
} elseif ($isNew) {
// Use a default group adapter
$name = SHFactory::getConfig()->get('user.type');
// We must create and save the group as plugins may talk to adapter driver and expect a group object
if (SHAdapterEventHelper::triggerEvent($name, 'onGroupCreation', array($groupname)) === true) {
JFactory::getSession()->set('created', $groupname, SHGroupHelper::SESSION_KEY);
$event = SHAdapterEventHelper::triggerEvent($adapterName, 'onGroupBeforeSave', array($groupname, $isNew));
if ($event !== false) {
try {
// Commit the changes to the Adapter if present
$adapter = SHFactory::getGroupAdapter($groupname);
SHAdapterHelper::commitChanges($adapter, true, true);
return true;
} catch (Exception $e) {
//TODO: newId
SHLog::add($e, 10981, JLog::ERROR, $name);
}
}
return $event;
}
// Something went wrong with the group creation
return false;
}
}
