/** * Synchronizes a user. * * @param string $userdn * @param $username * @return array|FALSE */ public static function synchroniseUser($userdn, $username = NULL) { // User is valid. Get it from DN. $ldapUser = static::getLdapUser($userdn); if ($ldapUser === NULL) { return FALSE; } if (!$username) { $userAttribute = Configuration::getUsernameAttribute(static::$config['users']['filter']); $username = $ldapUser[$userAttribute][0]; } // Get user pid from user mapping. $typo3_users_pid = Configuration::getPid(static::$config['users']['mapping']); // Get TYPO3 user from username, DN and pid. $typo3_user = static::getTypo3User($username, $userdn, $typo3_users_pid); if ($typo3_user === NULL) { // Non-existing local users are not allowed to authenticate return FALSE; } // Get LDAP and TYPO3 user groups for user // First reset the LDAP groups static::$ldapGroups = NULL; $typo3_groups = static::getUserGroups($ldapUser); if ($typo3_groups === NULL) { // Required LDAP groups are missing static::$lastAuthenticationDiagnostic = 'Missing required LDAP groups.'; return FALSE; } if (Configuration::getValue('IfUserExist') && !$typo3_user['uid']) { return FALSE; // User does not exist in TYPO3. } elseif (!$typo3_user['uid'] && (!empty($typo3_groups) || !Configuration::getValue('DeleteUserIfNoTYPO3Groups'))) { // Insert new user: use TCA configuration to override default values $table = static::$authenticationService->authInfo['db_user']['table']; if (is_array($GLOBALS['TCA'][$table]['columns'])) { foreach ($GLOBALS['TCA'][$table]['columns'] as $column => $columnConfig) { if (isset($columnConfig['config']['default'])) { $defaultValue = $columnConfig['config']['default']; $typo3_user[$column] = $defaultValue; } } } $typo3_user['username'] = Typo3UserRepository::setUsername($typo3_user['username']); $typo3_user = Typo3UserRepository::add($table, $typo3_user); } if (!empty($typo3_user['uid'])) { $typo3_user['deleted'] = 0; $typo3_user['endtime'] = 0; $typo3_user['password'] = Typo3UserRepository::setRandomPassword(); if (empty($typo3_groups) && Configuration::getValue('DeleteUserIfNoTYPO3Groups')) { $typo3_user['deleted'] = 1; $typo3_user['endtime'] = $GLOBALS['EXEC_TIME']; } // Delete user if no LDAP groups found. if (Configuration::getValue('DeleteUserIfNoLDAPGroups') && !static::$ldapGroups) { $typo3_user['deleted'] = 1; $typo3_user['endtime'] = $GLOBALS['EXEC_TIME']; } // Set groups to user. $typo3_user = Typo3UserRepository::setUserGroups($typo3_user, $typo3_groups); // Merge LDAP user with TYPO3 user from mapping. if ($typo3_user) { $typo3_user = static::merge($ldapUser, $typo3_user, static::$config['users']['mapping']); if (Configuration::getValue('forceLowerCaseUsername')) { // Possible enhancement: use \TYPO3\CMS\Core\Charset\CharsetConverter::conv_case instead $typo3_user['username'] = strtolower($typo3_user['username']); } // Update TYPO3 user. Typo3UserRepository::update(static::$authenticationService->authInfo['db_user']['table'], $typo3_user); $typo3_user['tx_igldapssoauth_from'] = 'LDAP'; } } else { $typo3_user = FALSE; } return $typo3_user; }
/** * Imports a given user to the TYPO3 database. * * @param array $user Local user information * @param array $ldapUser LDAP user information * @param string $restoreBehavior How to restore users (only for update) * @return array Modified user data * @throws ImportUsersException */ public function import($user, $ldapUser, $restoreBehavior = 'both') { // Store the extra data for later restore and remove it if (isset($user['__extraData'])) { $extraData = $user['__extraData']; unset($user['__extraData']); } if (empty($user['uid'])) { // Set other necessary information for a new user // First make sure to be acting in the right context Configuration::setMode($this->context); $user['username'] = Typo3UserRepository::setUsername($user['username']); $user['password'] = Typo3UserRepository::setRandomPassword(); $typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable); if ($typo3Groups === NULL) { // Required LDAP groups are missing: quit! return $user; } $user = Typo3UserRepository::setUserGroups($user, $typo3Groups); $user = Typo3UserRepository::add($this->userTable, $user); $this->usersAdded++; } else { // Restore user that may have been previously deleted or disabled, depending on chosen behavior // (default to both undelete and re-enable) switch ($restoreBehavior) { case 'enable': $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0; break; case 'undelete': $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0; break; case 'nothing': break; default: $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['enablecolumns']['disabled']] = 0; $user[$GLOBALS['TCA'][$this->userTable]['ctrl']['delete']] = 0; } $typo3Groups = Authentication::getUserGroups($ldapUser, $this->configuration, $this->groupTable); $user = Typo3UserRepository::setUserGroups($user, $typo3Groups === NULL ? array() : $typo3Groups); $success = Typo3UserRepository::update($this->userTable, $user); if ($success) { $this->usersUpdated++; } } // Restore the extra data and trigger a signal if (isset($extraData)) { $user['__extraData'] = $extraData; // Hook for processing the extra data if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['extraDataProcessing'] as $className) { /** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface */ $postProcessor = GeneralUtility::getUserObj($className); if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\ExtraDataProcessorInterface) { $postProcessor->processExtraData($this->userTable, $user); } else { throw new ImportUsersException(sprintf('Invalid post-processing class %s. It must implement the \\Causal\\IgLdapSsoAuth\\Utility\\ExtraDataProcessorInterface interface', $className), 1414136057); } } } } return $user; }