/** * Fetches all existing TYPO3 users related to the given LDAP/AD users. * * @param array $ldapUsers List of LDAP/AD users * @return array */ public function fetchTypo3Users($ldapUsers) { // Populate an array of TYPO3 users records corresponding to the LDAP users // If a given LDAP user has no associated user in TYPO3, a fresh record // will be created so that $ldapUsers[i] <=> $typo3Users[i] $typo3UserPid = Configuration::getPid($this->configuration['users']['mapping']); $typo3Users = Authentication::getTypo3Users($ldapUsers, $this->configuration['users']['mapping'], $this->userTable, $typo3UserPid); return $typo3Users; }
/** * Gets the LDAP and TYPO3 user groups for a given user. * * @param array $ldapUser LDAP user data * @param array $configuration LDAP configuration * @param string $groupTable Name of the group table (should normally be either "be_groups" or "fe_groups") * @return array|NULL Array of groups or NULL if required LDAP groups are missing * @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException */ public static function getUserGroups(array $ldapUser, array $configuration = NULL, $groupTable = '') { if ($configuration === NULL) { $configuration = static::$config; } if (empty($groupTable)) { if (isset(static::$authenticationService)) { $groupTable = static::$authenticationService->authInfo['db_groups']['table']; } else { if (TYPO3_MODE === 'BE') { $groupTable = 'be_groups'; } else { $groupTable = 'fe_groups'; } } } // User is valid only if exist in TYPO3. // Get LDAP groups from LDAP user. $typo3_groups = array(); $ldapGroups = static::getLdapGroups($ldapUser); unset($ldapGroups['count']); /** @var \TYPO3\CMS\Extbase\Domain\Model\BackendUserGroup[]|\TYPO3\CMS\Extbase\Domain\Model\FrontendUserGroup[] $requiredLDAPGroups */ $requiredLDAPGroups = Configuration::getValue('requiredLDAPGroups'); if (count($ldapGroups) === 0) { if (count($requiredLDAPGroups) > 0) { return NULL; } } else { // Get pid from group mapping $typo3GroupPid = Configuration::getPid($configuration['groups']['mapping']); $typo3GroupsTemp = static::getTypo3Groups($ldapGroups, $groupTable, $typo3GroupPid); if (count($requiredLDAPGroups) > 0) { $hasRequired = FALSE; $groupUids = array(); foreach ($typo3GroupsTemp as $typo3Group) { $groupUids[] = $typo3Group['uid']; } foreach ($requiredLDAPGroups as $group) { if (in_array($group->getUid(), $groupUids)) { $hasRequired = TRUE; break; } } if (!$hasRequired) { return NULL; } } if (Configuration::getValue('IfGroupExist') && count($typo3GroupsTemp) === 0) { return array(); } $i = 0; foreach ($typo3GroupsTemp as $typo3Group) { if (Configuration::getValue('GroupsNotSynchronize') && !$typo3Group['uid']) { // Groups should not get synchronized and the current group is invalid continue; } if (Configuration::getValue('GroupsNotSynchronize')) { $typo3_groups[] = $typo3Group; } elseif (!$typo3Group['uid']) { $newGroup = Typo3GroupRepository::add($groupTable, $typo3Group); $typo3_group_merged = static::merge($ldapGroups[$i], $newGroup, $configuration['groups']['mapping']); Typo3GroupRepository::update($groupTable, $typo3_group_merged); $typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']); $typo3_groups[] = $typo3Group[0]; } else { // Restore group that may have been previously deleted $typo3Group['deleted'] = 0; $typo3_group_merged = static::merge($ldapGroups[$i], $typo3Group, $configuration['groups']['mapping']); Typo3GroupRepository::update($groupTable, $typo3_group_merged); $typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']); $typo3_groups[] = $typo3Group[0]; } $i++; } } // Hook for processing the groups if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'] as $className) { /** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface */ $postProcessor = GeneralUtility::getUserObj($className); if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface) { $postProcessor->getUserGroups($groupTable, $ldapUser, $typo3_groups); } else { throw new \RuntimeException('Processor ' . get_class($postProcessor) . ' must implement the \\Causal\\IgLdapSsoAuth\\Utility\\GetGroupsProcessorInterface interface', 1431340191); } } } return $typo3_groups; }
/** * Returns the LDAP user groups with information merged with local TYPO3 user groups. * * @param \Causal\IgLdapSsoAuth\Domain\Model\Configuration $configuration * @param string $mode * @return array */ protected function getAvailableUserGroups(\Causal\IgLdapSsoAuth\Domain\Model\Configuration $configuration, $mode) { $userGroups = array(); $config = $mode === 'be' ? Configuration::getBackendConfiguration() : Configuration::getFrontendConfiguration(); $ldapGroups = array(); if (!empty($config['groups']['basedn'])) { $filter = Configuration::replaceFilterMarkers($config['groups']['filter']); $attributes = Configuration::getLdapAttributes($config['groups']['mapping']); $ldapGroups = Ldap::getInstance()->search($config['groups']['basedn'], $filter, $attributes); unset($ldapGroups['count']); } // Populate an array of TYPO3 group records corresponding to the LDAP groups // If a given LDAP group has no associated group in TYPO3, a fresh record // will be created so that $ldapGroups[i] <=> $typo3Groups[i] $typo3GroupPid = Configuration::getPid($config['groups']['mapping']); $table = $mode === 'be' ? 'be_groups' : 'fe_groups'; $typo3Groups = Authentication::getTypo3Groups($ldapGroups, $table, $typo3GroupPid); foreach ($ldapGroups as $index => $ldapGroup) { $userGroup = Authentication::merge($ldapGroup, $typo3Groups[$index], $config['groups']['mapping']); // Attempt to free memory by unsetting fields which are unused in the view $keepKeys = array('uid', 'pid', 'deleted', 'title', 'tx_igldapssoauth_dn'); $keys = array_keys($userGroup); foreach ($keys as $key) { if (!in_array($key, $keepKeys)) { unset($userGroup[$key]); } } $userGroups[] = $userGroup; } return $userGroups; }