/**
* Login a user using a username and password
* to bind against an LDAP server
* @param Request $request
*
* @return JsonResponse
*/
public function login(Request $request)
{
$username = $request->request->get('username');
$password = $request->request->get('password');
$errors = [];
if (!$username) {
$errors[] = 'missingUsername';
}
if (!$password) {
$errors[] = 'missingPassword';
}
if ($username && $password) {
$authEntity = $this->authManager->findAuthenticationByUsername($username);
if ($authEntity) {
$user = $authEntity->getUser();
$passwordValid = $this->checkLdapPassword($username, $password);
if ($passwordValid) {
$jwt = $this->jwtManager->createJwtFromUser($user);
return $this->createSuccessResponseFromJWT($jwt);
}
}
$errors[] = 'badCredentials';
}
return new JsonResponse(array('status' => 'error', 'errors' => $errors, 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$now = new DateTime();
$userId = $input->getArgument('userId');
$user = $this->userManager->findUserBy(['id' => $userId]);
if (!$user) {
throw new \Exception("No user with id #{$userId} was found.");
}
$authentication = $user->getAuthentication();
if (!$authentication) {
$authentication = $this->authenticationManager->createAuthentication();
$authentication->setUser($user);
}
$authentication->setInvalidateTokenIssuedBefore($now);
$this->authenticationManager->updateAuthentication($authentication);
$output->writeln('Success!');
$output->writeln('All the tokens for ' . $user->getFirstAndLastName() . ' issued before Today at ' . $now->format('g:i:s A e') . ' have been invalidated.');
}
/**
* Authenticate a user from shibboleth
*
* If the user is not yet logged in send a redirect Request
* If the user is logged in, but no account exists send an error
* If the user is authenticated send a JWT
* @param Request $request
*
* @throws \Exception when the shibboleth attributes do not contain an eppn
* @return JsonResponse
*/
public function login(Request $request)
{
$applicationId = $request->server->get('Shib-Application-ID');
if (!$applicationId) {
return new JsonResponse(array('status' => 'redirect', 'errors' => [], 'jwt' => null), JsonResponse::HTTP_OK);
}
$eppn = $request->server->get('eppn');
if (!$eppn) {
$msg = "No 'eppn' found for authenticated user.";
$this->logger->error($msg, ['server vars' => var_export($_SERVER, true)]);
throw new \Exception($msg);
}
$authEntity = $this->authManager->findAuthenticationBy(array('username' => $eppn));
if (!$authEntity) {
return new JsonResponse(array('status' => 'noAccountExists', 'eppn' => $eppn, 'errors' => [], 'jwt' => null), JsonResponse::HTTP_BAD_REQUEST);
}
$jwt = $this->jwtManager->createJwtFromUser($authEntity->getUser());
return $this->createSuccessResponseFromJWT($jwt);
}
/**
* Update users to the new password encoding when they login
* @param AuthenticationEntityInterface $authEntity
* @param string $password
*/
protected function updateLegacyPassword(AuthenticationEntityInterface $authEntity, $password)
{
if ($authEntity->isLegacyAccount()) {
//we have to have a valid token to update the user because the audit log requires it
$authenticatedToken = new PreAuthenticatedToken($authEntity->getUser(), 'fakekey', 'fakeProvider');
$authenticatedToken->setAuthenticated(true);
$this->tokenStorage->setToken($authenticatedToken);
$authEntity->setPasswordSha256(null);
$encodedPassword = $this->encoder->encodePassword($authEntity->getUser(), $password);
$authEntity->setPasswordBcrypt($encodedPassword);
$this->authManager->updateAuthentication($authEntity);
}
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$userId = $input->getArgument('userId');
$user = $this->userManager->findUserBy(['id' => $userId]);
if (!$user) {
throw new \Exception("No user with id #{$userId} was found.");
}
$userRecord = $this->directory->findByCampusId($user->getCampusId());
if (!$userRecord) {
$output->writeln('<error>Unable to find ' . $user->getCampusId() . ' in the directory.');
return;
}
$table = new Table($output);
$table->setHeaders(array('Record', 'Campus ID', 'First', 'Last', 'Email', 'Phone Number'))->setRows(array(['Ilios User', $user->getCampusId(), $user->getFirstName(), $user->getLastName(), $user->getEmail(), $user->getPhone()], ['Directory User', $userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['telephoneNumber']]));
$table->render();
$helper = $this->getHelper('question');
$output->writeln('');
$question = new ConfirmationQuestion('<question>Do you wish to update this Ilios User with the data ' . 'from the Directory User? </question>' . "\n", true);
if ($helper->ask($input, $output, $question)) {
$user->setFirstName($userRecord['firstName']);
$user->setLastName($userRecord['lastName']);
$user->setEmail($userRecord['email']);
$user->setPhone($userRecord['telephoneNumber']);
$authentication = $user->getAuthentication();
if (!$authentication) {
$authentication = $this->authenticationManager->createAuthentication();
$authentication->setUser($user);
}
$authentication->setUsername($userRecord['username']);
$this->authenticationManager->updateAuthentication($authentication, false);
$this->userManager->updateUser($user);
$output->writeln('<info>User updated successfully!</info>');
} else {
$output->writeln('<comment>Update canceled.</comment>');
}
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$campusId = $input->getArgument('campusId');
$user = $this->userManager->findUserBy(['campusId' => $campusId]);
if ($user) {
throw new \Exception('User #' . $user->getId() . " with campus id {$campusId} already exists.");
}
$schoolId = $input->getArgument('schoolId');
$school = $this->schoolManager->findSchoolBy(['id' => $schoolId]);
if (!$school) {
throw new \Exception("School with id {$schoolId} could not be found.");
}
$userRecord = $this->directory->findByCampusId($campusId);
if (!$userRecord) {
$output->writeln("<error>Unable to find campus ID {$campusId} in the directory.</error>");
return;
}
$table = new Table($output);
$table->setHeaders(array('Campus ID', 'First', 'Last', 'Email', 'Username', 'Phone Number'))->setRows(array([$userRecord['campusId'], $userRecord['firstName'], $userRecord['lastName'], $userRecord['email'], $userRecord['username'], $userRecord['telephoneNumber']]));
$table->render();
$helper = $this->getHelper('question');
$output->writeln('');
$question = new ConfirmationQuestion("<question>Do you wish to add this user to Ilios?</question>\n", true);
if ($helper->ask($input, $output, $question)) {
$user = $this->userManager->createUser();
$user->setFirstName($userRecord['firstName']);
$user->setLastName($userRecord['lastName']);
$user->setEmail($userRecord['email']);
$user->setCampusId($userRecord['campusId']);
$user->setAddedViaIlios(true);
$user->setEnabled(true);
$user->setSchool($school);
$user->setUserSyncIgnore(false);
$this->userManager->updateUser($user);
$authentication = $this->authenticationManager->createAuthentication();
$authentication->setUser($user);
$authentication->setUsername($userRecord['username']);
$this->authenticationManager->updateAuthentication($authentication);
$output->writeln('<info>Success! New user #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
} else {
$output->writeln('<comment>Canceled.</comment>');
}
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$output->writeln('<info>Starting User Sync Process.</info>');
$this->userManager->resetExaminedFlagForAllUsers();
$this->pendingUserUpdateManager->removeAllPendingUserUpdates();
$campusIds = $this->userManager->getAllCampusIds(false, false);
$output->writeln('<info>Attempting to update the ' . count($campusIds) . ' enabled and non sync ignored users in the system.</info>');
$output->writeln('<info>Searching the directory for users.</info>');
$allUserRecords = $this->directory->findByCampusIds($campusIds);
if (!$allUserRecords) {
$output->writeln('<error>[E] Unable to find any users in the directory.</error>');
}
$totalRecords = count($allUserRecords);
$output->writeln("<info>Found {$totalRecords} records in the directory.</info>");
$updated = 0;
$chunks = array_chunk($allUserRecords, 500);
foreach ($chunks as $userRecords) {
foreach ($userRecords as $recordArray) {
$users = $this->userManager->findUsersBy(['campusId' => $recordArray['campusId'], 'enabled' => true, 'userSyncIgnore' => false]);
if (count($users) == 0) {
//this shouldn't happen unless the user gets updated between
//listing all the IDs and getting results back from
//the directory
$output->writeln('<error>[E] Unable to find an enabled sync active user with ' . 'campus ID ' . $recordArray['campusId'] . '.</error>');
continue;
}
if (count($users) > 1) {
$output->writeln('<error>[E] Multiple accounts exist for the same ' . 'campus ID (' . $recordArray['campusId'] . '). ' . 'None of them will be updated.</error>');
foreach ($users as $user) {
$user->setExamined(true);
$this->userManager->updateUser($user, false);
}
continue;
}
$user = $users[0];
$update = false;
$fixSmallThings = true;
$output->writeln('<info>[I] Comparing User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' (' . $user->getEmail() . ') ' . 'to directory user by campus ID ' . $user->getCampusId() . '.</info>');
if (!$this->validateDirectoryRecord($recordArray, $output)) {
$user->setExamined(true);
$this->userManager->updateUser($user, false);
//don't do anything else with invalid directory data
continue;
}
if ($user->getEmail() != $recordArray['email']) {
if (strtolower($user->getEmail()) == strtolower($recordArray['email'])) {
$update = true;
$output->writeln(' <comment>[I] Updating email from "' . $user->getEmail() . '" to "' . $recordArray['email'] . '" since the only difference was the case.</comment>');
$user->setEmail($recordArray['email']);
} else {
$fixSmallThings = false;
$output->writeln(' <comment>[I] Email address "' . $user->getEmail() . '" differs from "' . $recordArray['email'] . '" logging for further action.</comment>');
$pendingUpdate = $this->pendingUserUpdateManager->createPendingUserUpdate();
$pendingUpdate->setUser($user);
$pendingUpdate->setProperty('email');
$pendingUpdate->setValue($recordArray['email']);
$pendingUpdate->setType('emailMismatch');
$this->pendingUserUpdateManager->updatePendingUserUpdate($pendingUpdate, false);
}
}
if ($fixSmallThings && $user->getFirstName() != $recordArray['firstName']) {
$update = true;
$output->writeln(' <comment>[I] Updating first name from "' . $user->getFirstName() . '" to "' . $recordArray['firstName'] . '".</comment>');
$user->setFirstName($recordArray['firstName']);
}
if ($fixSmallThings && $user->getLastName() != $recordArray['lastName']) {
$update = true;
$output->writeln(' <comment>[I] Updating last name from "' . $user->getLastName() . '" to "' . $recordArray['lastName'] . '".</comment>');
$user->setLastName($recordArray['lastName']);
}
if ($fixSmallThings && $user->getPhone() != $recordArray['telephoneNumber']) {
$update = true;
$output->writeln(' <comment>[I] Updating phone number from "' . $user->getPhone() . '" to "' . $recordArray['telephoneNumber'] . '".</comment>');
$user->setPhone($recordArray['telephoneNumber']);
}
$authentication = $user->getAuthentication();
if (!$authentication) {
$output->writeln(' <comment>[I] User had no authentication data, creating it now.</comment>');
$authentication = $this->authenticationManager->createAuthentication();
$authentication->setUser($user);
}
if ($fixSmallThings && $authentication->getUsername() != $recordArray['username']) {
$update = true;
$output->writeln(' <comment>[I] Updating username from "' . $authentication->getUsername() . '" to "' . $recordArray['username'] . '".</comment>');
$authentication->setUsername($recordArray['username']);
$this->authenticationManager->updateAuthentication($authentication, false);
}
if ($update) {
$updated++;
}
$user->setExamined(true);
$this->userManager->updateUser($user, false);
}
$this->em->flush();
$this->em->clear();
}
$output->writeln('<info>Searching for users who were not examined during the sync process.</info>');
$unsyncedUsers = $this->userManager->findUsersBy(['examined' => false, 'enabled' => true, 'userSyncIgnore' => false], ['lastName' => ' ASC', 'firstName' => 'ASC']);
$output->writeln('<info>Found ' . count($unsyncedUsers) . ' unexamined users.</info>');
foreach ($unsyncedUsers as $user) {
$output->writeln('<comment>[I] User #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' ' . $user->getEmail() . ' not found in the directory. Logged for further study.</comment>');
$update = $this->pendingUserUpdateManager->createPendingUserUpdate();
$update->setUser($user);
$update->setType('missingFromDirectory');
$this->pendingUserUpdateManager->updatePendingUserUpdate($update, false);
}
$this->em->flush();
$output->writeln("<info>Completed sync process {$totalRecords} users found in the directory; " . "{$updated} users updated.</info>");
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$filter = $input->getArgument('filter');
$schoolId = $input->getArgument('schoolId');
$school = $this->schoolManager->findSchoolBy(['id' => $schoolId]);
if (!$school) {
throw new \Exception("School with id {$schoolId} could not be found.");
}
$output->writeln("<info>Searching for new students to add to " . $school->getTitle() . ".</info>");
$students = $this->directory->findByLdapFilter($filter);
if (!$students) {
$output->writeln("<error>{$filter} returned no results.</error>");
return;
}
$output->writeln('<info>Found ' . count($students) . ' students in the directory.</info>');
$campusIds = $this->userManager->getAllCampusIds();
$newStudents = array_filter($students, function (array $arr) use($campusIds) {
return !in_array($arr['campusId'], $campusIds);
});
if (!count($newStudents) > 0) {
$output->writeln("<info>There are no new students to add.</info>");
return;
}
$output->writeln('<info>There are ' . count($newStudents) . ' new students to be added to ' . $school->getTitle() . '.</info>');
$rows = array_map(function (array $arr) {
return [$arr['campusId'], $arr['firstName'], $arr['lastName'], $arr['email']];
}, $newStudents);
$table = new Table($output);
$table->setHeaders(array('Campus ID', 'First', 'Last', 'Email'))->setRows($rows);
$table->render();
$helper = $this->getHelper('question');
$output->writeln('');
$question = new ConfirmationQuestion('<question>Do you wish to add these students to ' . $school->getTitle() . '? </question>' . "\n", true);
if ($helper->ask($input, $output, $question)) {
$studentRole = $this->userRoleManager->findUserRoleBy(array('title' => 'Student'));
foreach ($newStudents as $userRecord) {
if (empty($userRecord['email'])) {
$output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no email address.</error>');
continue;
}
if (empty($userRecord['campusId'])) {
$output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no campus ID.</error>');
continue;
}
if (empty($userRecord['username'])) {
$output->writeln('<error>Unable to add student ' . var_export($userRecord, true) . ' they have no username.</error>');
continue;
}
$user = $this->userManager->createUser();
$user->setFirstName($userRecord['firstName']);
$user->setLastName($userRecord['lastName']);
$user->setEmail($userRecord['email']);
$user->setCampusId($userRecord['campusId']);
$user->setAddedViaIlios(true);
$user->setEnabled(true);
$user->setSchool($school);
$user->setUserSyncIgnore(false);
$user->addRole($studentRole);
$this->userManager->updateUser($user);
$authentication = $this->authenticationManager->createAuthentication();
$authentication->setUser($user);
$authentication->setUsername($userRecord['username']);
$this->authenticationManager->updateAuthentication($authentication, false);
$studentRole->addUser($user);
$this->userRoleManager->updateUserRole($studentRole);
$output->writeln('<info>Success! New student #' . $user->getId() . ' ' . $user->getFirstAndLastName() . ' created.</info>');
}
} else {
$output->writeln('<comment>Update canceled.</comment>');
}
}