/**
* Fetches all existing TYPO3 users related to the given LDAP/AD users.
*
* @param array $ldapUsers List of LDAP/AD users
* @return array
*/
public function fetchTypo3Users($ldapUsers)
{
// Populate an array of TYPO3 users records corresponding to the LDAP users
// If a given LDAP user has no associated user in TYPO3, a fresh record
// will be created so that $ldapUsers[i] <=> $typo3Users[i]
$typo3UserPid = Configuration::getPid($this->configuration['users']['mapping']);
$typo3Users = Authentication::getTypo3Users($ldapUsers, $this->configuration['users']['mapping'], $this->userTable, $typo3UserPid);
return $typo3Users;
}
/**
* Gets the LDAP and TYPO3 user groups for a given user.
*
* @param array $ldapUser LDAP user data
* @param array $configuration LDAP configuration
* @param string $groupTable Name of the group table (should normally be either "be_groups" or "fe_groups")
* @return array|NULL Array of groups or NULL if required LDAP groups are missing
* @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException
*/
public static function getUserGroups(array $ldapUser, array $configuration = NULL, $groupTable = '')
{
if ($configuration === NULL) {
$configuration = static::$config;
}
if (empty($groupTable)) {
if (isset(static::$authenticationService)) {
$groupTable = static::$authenticationService->authInfo['db_groups']['table'];
} else {
if (TYPO3_MODE === 'BE') {
$groupTable = 'be_groups';
} else {
$groupTable = 'fe_groups';
}
}
}
// User is valid only if exist in TYPO3.
// Get LDAP groups from LDAP user.
$typo3_groups = array();
$ldapGroups = static::getLdapGroups($ldapUser);
unset($ldapGroups['count']);
/** @var \TYPO3\CMS\Extbase\Domain\Model\BackendUserGroup[]|\TYPO3\CMS\Extbase\Domain\Model\FrontendUserGroup[] $requiredLDAPGroups */
$requiredLDAPGroups = Configuration::getValue('requiredLDAPGroups');
if (count($ldapGroups) === 0) {
if (count($requiredLDAPGroups) > 0) {
return NULL;
}
} else {
// Get pid from group mapping
$typo3GroupPid = Configuration::getPid($configuration['groups']['mapping']);
$typo3GroupsTemp = static::getTypo3Groups($ldapGroups, $groupTable, $typo3GroupPid);
if (count($requiredLDAPGroups) > 0) {
$hasRequired = FALSE;
$groupUids = array();
foreach ($typo3GroupsTemp as $typo3Group) {
$groupUids[] = $typo3Group['uid'];
}
foreach ($requiredLDAPGroups as $group) {
if (in_array($group->getUid(), $groupUids)) {
$hasRequired = TRUE;
break;
}
}
if (!$hasRequired) {
return NULL;
}
}
if (Configuration::getValue('IfGroupExist') && count($typo3GroupsTemp) === 0) {
return array();
}
$i = 0;
foreach ($typo3GroupsTemp as $typo3Group) {
if (Configuration::getValue('GroupsNotSynchronize') && !$typo3Group['uid']) {
// Groups should not get synchronized and the current group is invalid
continue;
}
if (Configuration::getValue('GroupsNotSynchronize')) {
$typo3_groups[] = $typo3Group;
} elseif (!$typo3Group['uid']) {
$newGroup = Typo3GroupRepository::add($groupTable, $typo3Group);
$typo3_group_merged = static::merge($ldapGroups[$i], $newGroup, $configuration['groups']['mapping']);
Typo3GroupRepository::update($groupTable, $typo3_group_merged);
$typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']);
$typo3_groups[] = $typo3Group[0];
} else {
// Restore group that may have been previously deleted
$typo3Group['deleted'] = 0;
$typo3_group_merged = static::merge($ldapGroups[$i], $typo3Group, $configuration['groups']['mapping']);
Typo3GroupRepository::update($groupTable, $typo3_group_merged);
$typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']);
$typo3_groups[] = $typo3Group[0];
}
$i++;
}
}
// Hook for processing the groups
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'] as $className) {
/** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface */
$postProcessor = GeneralUtility::getUserObj($className);
if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface) {
$postProcessor->getUserGroups($groupTable, $ldapUser, $typo3_groups);
} else {
throw new \RuntimeException('Processor ' . get_class($postProcessor) . ' must implement the \\Causal\\IgLdapSsoAuth\\Utility\\GetGroupsProcessorInterface interface', 1431340191);
}
}
}
return $typo3_groups;
}
/**
* Returns the LDAP user groups with information merged with local TYPO3 user groups.
*
* @param \Causal\IgLdapSsoAuth\Domain\Model\Configuration $configuration
* @param string $mode
* @return array
*/
protected function getAvailableUserGroups(\Causal\IgLdapSsoAuth\Domain\Model\Configuration $configuration, $mode)
{
$userGroups = array();
$config = $mode === 'be' ? Configuration::getBackendConfiguration() : Configuration::getFrontendConfiguration();
$ldapGroups = array();
if (!empty($config['groups']['basedn'])) {
$filter = Configuration::replaceFilterMarkers($config['groups']['filter']);
$attributes = Configuration::getLdapAttributes($config['groups']['mapping']);
$ldapGroups = Ldap::getInstance()->search($config['groups']['basedn'], $filter, $attributes);
unset($ldapGroups['count']);
}
// Populate an array of TYPO3 group records corresponding to the LDAP groups
// If a given LDAP group has no associated group in TYPO3, a fresh record
// will be created so that $ldapGroups[i] <=> $typo3Groups[i]
$typo3GroupPid = Configuration::getPid($config['groups']['mapping']);
$table = $mode === 'be' ? 'be_groups' : 'fe_groups';
$typo3Groups = Authentication::getTypo3Groups($ldapGroups, $table, $typo3GroupPid);
foreach ($ldapGroups as $index => $ldapGroup) {
$userGroup = Authentication::merge($ldapGroup, $typo3Groups[$index], $config['groups']['mapping']);
// Attempt to free memory by unsetting fields which are unused in the view
$keepKeys = array('uid', 'pid', 'deleted', 'title', 'tx_igldapssoauth_dn');
$keys = array_keys($userGroup);
foreach ($keys as $key) {
if (!in_array($key, $keepKeys)) {
unset($userGroup[$key]);
}
}
$userGroups[] = $userGroup;
}
return $userGroups;
}
