/**
* Refresh ldap users
*
* New users (found in ldap) will be automatically created if all required fiélds are set.
* Profile fields which are bind to LDAP will automatically updated.
*/
public function syncUsers()
{
if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) {
return;
}
$userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter');
$baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn');
$userCollection = $this->getLdap()->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB);
$authClient = null;
$ids = [];
foreach ($userCollection as $attributes) {
$authClient = new static();
$authClient->setUserAttributes($attributes);
$attributes = $authClient->getUserAttributes();
$user = AuthClientHelpers::getUserByAuthClient($authClient);
if ($user === null) {
if (!AuthClientHelpers::createUser($authClient)) {
Yii::warning('Could not automatically create LDAP user ' . $attributes['email'] . ' - check required attributes!');
}
} else {
AuthClientHelpers::updateUser($authClient, $user);
}
$ids[] = $attributes['id'];
}
/**
* Since userTableAttribute can be automatically set on user attributes
* try to take it from initialized authclient instance.
*/
$userTableIdAttribute = $this->getUserTableIdAttribute();
if ($authClient !== null) {
$userTableIdAttribute = $authClient->getUserTableIdAttribute();
}
// Disable not longer existing users
foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) {
if ($user->status !== User::STATUS_DISABLED && !in_array($user->getAttribute($userTableIdAttribute), $ids)) {
$user->status = User::STATUS_DISABLED;
$user->save();
Yii::warning('Disabled user ' . $user->username . ' (' . $user->id . ') - Not found in LDAP!');
}
}
}
/**
* Handle successful authentication
*
* @param \yii\authclient\BaseClient $authClient
* @return Response
*/
public function onAuthSuccess(\yii\authclient\BaseClient $authClient)
{
$attributes = $authClient->getUserAttributes();
// User already logged in - Add new authclient to existing user
if (!Yii::$app->user->isGuest) {
AuthClientHelpers::storeAuthClientForUser($authClient, Yii::$app->user->getIdentity());
return $this->redirect(['/user/account/connected-accounts']);
}
// Login existing user
$user = AuthClientHelpers::getUserByAuthClient($authClient);
if ($user !== null) {
return $this->login($user, $authClient);
}
if (!$authClient instanceof ApprovalBypass && !Yii::$app->getModule('user')->settings->get('auth.anonymousRegistration')) {
Yii::$app->session->setFlash('error', Yii::t('UserModule.base', "You're not registered."));
return $this->redirect(['/user/auth/login']);
}
// Check if E-Mail is given
if (!isset($attributes['email'])) {
Yii::$app->session->setFlash('error', "Missing E-Mail Attribute from AuthClient.");
return $this->redirect(['/user/auth/login']);
}
if (!isset($attributes['id'])) {
Yii::$app->session->setFlash('error', "Missing ID AuthClient Attribute from AuthClient.");
return $this->redirect(['/user/auth/login']);
}
// Check if e-mail is already taken
if (User::findOne(['email' => $attributes['email']]) !== null) {
Yii::$app->session->setFlash('error', Yii::t('UserModule.base', 'User with the same email already exists but isn\'t linked to you. Login using your email first to link it.'));
return $this->redirect(['/user/auth/login']);
}
// Try automatically create user & login user
$user = AuthClientHelpers::createUser($authClient);
if ($user !== null) {
return $this->login($user, $authClient);
}
// Make sure we normalized user attributes before put it in session (anonymous functions)
$authClient->setNormalizeUserAttributeMap([]);
// Store authclient in session - for registration controller
Yii::$app->session->set('authClient', $authClient);
// Start registration process
return $this->redirect(['/user/registration']);
}
