public function authenticate($ps_username, $ps_password = '', $pa_options = null)
{
$vo_bind = $this->bindToDirectory($ps_username, $ps_password);
if (!$vo_bind) {
if (ldap_get_option($this->getLinkIdentifier(), 0x32, $extended_error)) {
$vs_bind_rdn = $this->getProcessedConfigValue("ldap_bind_rdn_format", $ps_username, "", "");
caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($this->getLinkIdentifier()) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate");
}
return false;
}
// check group membership
if (!$this->hasRequiredGroupMembership($ps_username)) {
return false;
}
// user role and group membership syncing with directory
$this->syncWithDirectory($ps_username);
return true;
}
/**
* Upload a local file to a GitHub repository
* @param string $ps_user GitHub username
* @param string $ps_token access token. Global account password can be used here but it's recommended to create a personal access token instead.
* @param string $ps_owner The repository owner
* @param string $ps_repo repository name
* @param string $ps_git_path path for the file destination inside the repository, e.g. "/exports/from_collectiveaccess/export.xml."
* @param string $ps_local_filepath file to upload as absolute local path. Note that the file must be loaded in memory to be committed to GitHub.
* @param string $ps_branch branch to commit to. defaults to 'master'
* @param bool $pb_update_on_conflict Determines what happens if file already exists in GitHub repository.
* true means the file is updated in place for. false means we abort. default is true
* @param string $ps_commit_msg commit message
* @return bool success state
*/
function caUploadFileToGitHub($ps_user, $ps_token, $ps_owner, $ps_repo, $ps_git_path, $ps_local_filepath, $ps_branch = 'master', $pb_update_on_conflict = true, $ps_commit_msg = null)
{
// check mandatory params
if (!$ps_user || !$ps_token || !$ps_owner || !$ps_repo || !$ps_git_path || !$ps_local_filepath) {
caLogEvent('DEBG', "Invalid parameters for GitHub file upload. Check your configuration!", 'caUploadFileToGitHub');
return false;
}
if (!$ps_commit_msg) {
$ps_commit_msg = 'Commit created by CollectiveAccess on ' . date('c');
}
$o_client = new \Github\Client();
$o_client->authenticate($ps_user, $ps_token);
$vs_content = @file_get_contents($ps_local_filepath);
try {
$o_client->repositories()->contents()->create($ps_owner, $ps_repo, $ps_git_path, $vs_content, $ps_commit_msg, $ps_branch);
} catch (Github\Exception\RuntimeException $e) {
switch ($e->getCode()) {
case 401:
caLogEvent('DEBG', "Could not authenticate with GitHub. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub');
break;
case 422:
if ($pb_update_on_conflict) {
try {
$va_content = $o_client->repositories()->contents()->show($ps_owner, $ps_repo, $ps_git_path);
if (isset($va_content['sha'])) {
$o_client->repositories()->contents()->update($ps_owner, $ps_repo, $ps_git_path, $vs_content, $ps_commit_msg, $va_content['sha'], $ps_branch);
}
return true;
// overwrite was successful if there was no exception in above statement
} catch (Github\Exception\RuntimeException $ex) {
caLogEvent('DEBG', "Could not update exiting file in GitHub. Error message was: " . $ex->getMessage() . " - Code was: " . $ex->getCode(), 'caUploadFileToGitHub');
break;
}
} else {
caLogEvent('DEBG', "Could not upload file to GitHub. It looks like a file already exists at {$ps_git_path}.", 'caUploadFileToGitHub');
}
break;
default:
caLogEvent('DEBG', "Could not upload file to GitHub. A generic error occurred. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub');
break;
}
return false;
} catch (Github\Exception\ValidationFailedException $e) {
caLogEvent('DEBG', "Could not upload file to GitHub. The parameter validation failed. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub');
return false;
} catch (Exception $e) {
caLogEvent('DEBG', "Could not upload file to GitHub. A generic error occurred. Error message was: " . $e->getMessage() . " - Code was: " . $e->getCode(), 'caUploadFileToGitHub');
return false;
}
return true;
}
public function optimizeIndex($pn_tablenum)
{
/* optimize */
$vs_post_xml = '<optimize />';
$vo_http_client = new Zend_Http_Client();
$vo_http_client->setUri($this->ops_search_solr_url . "/" . $this->opo_datamodel->getTableName($pn_tablenum) . "/update");
try {
$vo_http_client->setRawData($vs_post_xml)->setEncType('text/xml')->request('POST');
$vo_http_response = $vo_http_client->request();
} catch (Exception $e) {
// Optimize error
caLogEvent('ERR', _t('Index optimize failed: %1', $e->getMessage()), 'Solr->optimizeIndex()');
}
}
public function flushContentBuffer()
{
foreach (WLPlugSearchEngineElasticSearch::$s_doc_content_buffer as $vs_key => $va_doc_content_buffer) {
$va_post_json = array();
$va_key = explode('/', $vs_key);
foreach ($va_doc_content_buffer as $vs_field_name => $va_field_content) {
foreach ($va_field_content as $vs_field_content) {
$va_post_json[$vs_field_name][] = $vs_field_content;
}
}
if (!isset($va_doc_content_buffer[$va_key[0] . "." . $va_key[1]])) {
/* add pk */
$va_post_json[$va_key[1]] = $va_key[2];
}
// Output created on and modified on timestamps
$qr_res = $this->opo_db->query("\n\t\t\t\tSELECT ccl.log_id, ccl.log_datetime, ccl.changetype, ccl.user_id\n\t\t\t\tFROM ca_change_log ccl\n\t\t\t\tWHERE\n\t\t\t\t\t(ccl.logged_table_num = ?) AND (ccl.logged_row_id = ?)\n\t\t\t\t\tAND\n\t\t\t\t\t(ccl.changetype <> 'D')\n\t\t\t", $this->opo_datamodel->getTableNum($va_key[0]), (int) $va_key[2]);
while ($qr_res->nextRow()) {
// We "fake" the <table>.<primary key> value here to be the log_id of the change log entry to ensure that the log entry
// document has a different unique key than the entry for the actual record. If we didn't do this then we'd overwrite
// the indexing for the record itself with indexing for successful log entries. Since the SearchEngine is looking for
// just the primary key, sans table name, it's ok to do this hack.
$va_post_json[$va_key[0] . "." . $va_key[1]] = $qr_res->get('log_id');
$va_post_json[$va_key[1]] = $va_key[2];
if ($qr_res->get('changetype') == 'I') {
$va_post_json["created"] = date("c", $qr_res->get('log_datetime'));
$va_post_json["created_user_id"] = $qr_res->get('user_id');
} else {
$va_post_json["modified"] = date("c", $qr_res->get('log_datetime'));
$va_post_json["modified_user_id"] = $qr_res->get('user_id');
}
}
$vo_http_client = new Zend_Http_Client();
$vo_http_client->setUri($this->ops_elasticsearch_base_url . "/" . $this->ops_elasticsearch_index_name . "/" . $va_key[0] . "/" . $va_key[2]);
try {
$vo_http_client->setRawData(json_encode($va_post_json))->setEncType('text/json')->request('POST');
$vo_http_response = $vo_http_client->request();
if ($vo_http_response->getStatus() != 200) {
caLogEvent('ERR', _t('Indexing commit failed for %1; response was %2; request was %3', $vs_key, $vo_http_response->getBody(), json_encode($va_post_json)), 'ElasticSearch->flushContentBuffer()');
}
} catch (Exception $e) {
caLogEvent('ERR', _t('Indexing commit failed for %1 with Exception: %2', $vs_key, $e->getMessage()), 'ElasticSearch->flushContentBuffer()');
}
}
$this->opa_doc_content_buffer = array();
WLPlugSearchEngineElasticSearch::$s_doc_content_buffer = array();
}
public static function authenticate($ps_username, $ps_password = '', $pa_options = null)
{
$po_auth_config = Configuration::load(Configuration::load()->get('authentication_config'));
if (!function_exists("ldap_connect")) {
throw new OpenLDAPException(_t("PHP's LDAP module is required for LDAP authentication!"));
}
if (!$ps_username) {
return false;
}
// ldap config
$vs_ldaphost = $po_auth_config->get("ldap_host");
$vs_ldapport = $po_auth_config->get("ldap_port");
$vs_base_dn = $po_auth_config->get("ldap_base_dn");
$vs_user_ou = $po_auth_config->get("ldap_user_ou");
$vs_bind_rdn = self::postProcessLDAPConfigValue("ldap_bind_rdn_format", $ps_username, $vs_user_ou, $vs_base_dn);
$va_default_roles = $po_auth_config->get("ldap_users_default_roles");
if (!is_array($va_default_roles)) {
$va_default_roles = array();
}
$va_default_groups = $po_auth_config->get("ldap_users_default_groups");
if (!is_array($va_default_groups)) {
$va_default_groups = array();
}
$vo_ldap = ldap_connect($vs_ldaphost, $vs_ldapport);
ldap_set_option($vo_ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$vo_ldap) {
return false;
}
$vs_bind_rdn_filter = self::postProcessLDAPConfigValue("ldap_bind_rdn_filter", $ps_username, $vs_user_ou, $vs_base_dn);
if (strlen($vs_bind_rdn_filter) > 0) {
$vo_dn_search_results = ldap_search($vo_ldap, $vs_base_dn, $vs_bind_rdn_filter);
$va_dn_search_results = ldap_get_entries($vo_ldap, $vo_dn_search_results);
if (isset($va_dn_search_results[0]['dn'])) {
$vs_bind_rdn = $va_dn_search_results[0]['dn'];
}
}
// log in
$vo_bind = @ldap_bind($vo_ldap, $vs_bind_rdn, $ps_password);
if (!$vo_bind) {
// wrong credentials
if (ldap_get_option($vo_ldap, 0x32, $extended_error)) {
caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($vo_ldap) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate");
}
ldap_unbind($vo_ldap);
return false;
}
// check group membership
if (!self::isMemberinAtLeastOneGroup($ps_username, $vo_ldap)) {
ldap_unbind($vo_ldap);
return false;
}
// user role and group membership syncing with directory
$t_user = new ca_users();
if ($t_user->load($ps_username)) {
// don't try to sync roles for non-existing users (the first auth call is before the user is actually created)
if ($po_auth_config->get('ldap_sync_user_roles')) {
$va_expected_roles = array_merge($va_default_roles, self::getRolesToAddFromDirectory($ps_username, $vo_ldap));
foreach ($va_expected_roles as $vs_role) {
if (!$t_user->hasUserRole($vs_role)) {
$t_user->addRoles($vs_role);
}
}
foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) {
if (!in_array($va_role_info['code'], $va_expected_roles)) {
$t_user->removeRoles($vn_id);
}
}
}
if ($po_auth_config->get('ldap_sync_user_groups')) {
$va_expected_groups = array_merge($va_default_groups, self::getGroupsToAddFromDirectory($ps_username, $vo_ldap));
foreach ($va_expected_groups as $vs_group) {
if (!$t_user->inGroup($vs_group)) {
$t_user->addToGroups($vs_group);
}
}
foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) {
if (!in_array($va_group_info['code'], $va_expected_groups)) {
$t_user->removeFromGroups($vn_id);
}
}
}
}
ldap_unbind($vo_ldap);
return true;
}
