/** * Performs an authentication attempt * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed. * @return Zend_Auth_Result */ public function authenticate() { $config = new Zend_Config_Ini('../application/configs/config.ini', 'production'); $log_path = $config->ldap->log_path; $admins = explode(',', $config->ldap->admin_accounts); $options = $config->ldap->toArray(); unset($options['log_path']); unset($options['admin_accounts']); try { // first check local DB with parent class $result = parent::authenticate(); $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; } catch (Exception $e) { throw $e; } if ($result->isValid() !== true) { try { $auth = Zend_Auth::getInstance(); $adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password); $result = $auth->authenticate($adapter); // log the result if a log path has been defined in config.ini if ($log_path) { $messages = $result->getMessages(); $logger = new Zend_Log(); $logger->addWriter(new Zend_Log_Writer_Stream($log_path)); $filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG); $logger->addFilter($filter); foreach ($messages as $i => $message) { if ($i-- > 1) { // $messages[2] and up are log messages $message = str_replace("\n", "\n ", $message); $logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG); } } } // if authentication was successfull and user is not already in OPUS DB // register user as publisher to OPUS database try { $account = new Opus_Account(null, null, $this->_login); } catch (Exception $ex) { if ($result->isValid() === true) { $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; $account = new Opus_Account(); $account->setLogin($this->_login); $account->setPassword($this->_password); $account->store(); $roles = Opus_Role::getAll(); // look for the publisher role in OPUS DB foreach ($roles as $role) { if ($role->getDisplayName() === 'publisher') { $publisherId = $role->getId(); } if ($role->getDisplayName() === 'administrator') { $adminId = $role->getId(); } } if ($publisherId > 0) { $accessRole = new Opus_Role($publisherId); } else { // if there is no publisher role in DB, create it $accessRole = new Opus_Role(); $accessRole->setName('publisher'); // the publisher role needs publish access! $privilege = new Opus_Privilege(); $privilege->setPrivilege('publish'); $accessRole->addPrivilege($privilege); $accessRole->store(); } if ($adminId > 0) { $adminRole = new Opus_Role($adminId); } else { // if there is no publisher role in DB, create it $adminRole = new Opus_Role(); $adminRole->setName('administrator'); // the publisher role needs publish access! $adminprivilege = new Opus_Privilege(); $adminprivilege->setPrivilege('administrate'); $adminRole->addPrivilege($adminprivilege); $adminRole->store(); } if (in_array($this->_login, $admins) === true) { $account->addRole($adminRole); } else { $account->addRole($accessRole); } $account->store(); } } } catch (Zend_Auth_Adapter_Exception $e) { throw $e; } } return $result; }
/** * Login user. * * @param string $login * @param string $password * * TODO should be possible to be just 'guest' (see also enableSecurity) */ public function loginUser($login, $password) { $adapter = new Opus_Security_AuthAdapter(); $adapter->setCredentials($login, $password); $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); $this->assertTrue($auth->hasIdentity()); $config = Zend_Registry::get('Zend_Config'); if ($config->security) { Application_Security_AclProvider::init(); } }