function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query, LdapConnectionInterface $connection) { $groups = new LdapObjectCollection(); $groups->add(new LdapObject(['name' => 'Foo', 'dn' => 'cn=Foo,dc=example,dc=local'])); $groups->add(new LdapObject(['guid' => '291d8444-9d5b-4b0a-a6d7-853408f704d5', 'dn' => 'cn=Bar,dc=example,dc=local'])); $groups->add(new LdapObject(['sid' => 'S-1-5-18', 'dn' => 'cn=LocalSys,dc=example,dc=local'])); $groups->add(new LdapObject(['name' => 'Just a DN', 'dn' => 'cn=Stuff,dc=example,dc=local'])); $roleMap = ['ROLE_AWESOME' => ['foo'], 'ROLE_ADMIN' => ['291d8444-9d5b-4b0a-a6d7-853408f704d5'], 'ROLE_DN' => ['cn=Stuff,dc=example,dc=local'], 'ROLE_SID' => ['S-1-5-18']]; $attrMap = ['username' => 'username', 'accountNonLocked' => 'locked', 'accountNonExpired' => 'accountExpirationDate', 'enabled' => 'disabled', 'credentialsNonExpired' => 'passwordMustChange', 'guid' => 'guid', 'groups' => 'groups', 'stringRepresentation' => 'username']; $config = new DomainConfiguration('foo.bar'); $filter = new ADFilterBuilder(); $ldapObject = new LdapObject($this->attr, ['user'], ['user'], 'user'); $query->getSingleResult()->willReturn($ldapObject); $query->getResult()->willReturn($groups); $query->getArrayResult()->willReturn([['name' => 'foo'], ['name' => 'bar']]); $qb->from(LdapObjectType::USER)->willReturn($qb); $qb->from('group')->willReturn($qb); $qb->select(["username", "locked", "accountExpirationDate", "disabled", "passwordMustChange", "guid", "groups", "username"])->willReturn($qb); $qb->select(["name", "sid", "guid"])->willReturn($qb); $qb->select('name')->willReturn($qb); $qb->where(['username' => 'foo'])->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $qb->filter()->willReturn($filter); $qb->where($filter->hasMemberRecursively($this->attr['guid'], 'members'))->willReturn($qb); $ldap->buildLdapQuery()->willReturn($qb); $connection->getConfig()->willReturn($config); $ldap->getConnection()->willReturn($connection); $this->beConstructedWith($ldap, $attrMap, $roleMap, true); }
function let(LdapManager $ldap, LdapConnectionInterface $connection, RouterInterface $router, EventDispatcherInterface $dispatcher) { $this->userChecker = new LdapUserChecker(); $this->request = new Request(); $this->request->setSession(new Session()); $router->generate('login')->willReturn('/login'); $connection->getConfig()->willReturn(new DomainConfiguration('foo.bar')); $ldap->getConnection()->willReturn($connection); $ldap->getDomainContext()->willReturn('foo.bar'); $this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher); }
/** * {@inheritdoc} */ public function collect(Request $request, Response $response, \Exception $exception = null) { if (!$this->ldap) { return; } $this->data['domains'] = $this->ldap->getDomains(); $this->data['operations_by_domain'] = []; foreach ($this->data['domains'] as $domain) { $this->data['operations_by_domain'][$domain] = $this->addOperationToData(...$this->logger->getOperations($domain)); } $this->data['operations'] = $this->addOperationToData(...$this->logger->getOperations()); $this->data['errors'] = $this->addOperationToData(...$this->logger->getErrors()); }
public function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query, LdapObjectCollection $collection) { $ldap->getDomainContext()->willReturn('foo.bar'); $ldap->buildLdapQuery()->willReturn($qb); $qb->select(Argument::any())->willReturn($qb); $qb->from(Argument::any())->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $query->getResult()->WillReturn($collection); $collection->toArray()->willReturn([]); $this->resolver = new OptionsResolver(); if (Kernel::VERSION >= 2.6) { $this->resolver->setDefault('ldap_type', 'user'); } else { $this->resolver->setDefaults(['ldap_type' => 'user']); } $this->beConstructedWith($ldap); }
/** * @param \Symfony\Component\Security\Core\User\UserProviderInterface $up */ function it_should_throw_bad_credentials_if_a_specified_domain_doesnt_exist_on_user_load_or_authenticate($up) { $credentials = $this->credentials; $credentials['ldap_domain'] = 'foo.local'; $user = new LdapUser(new LdapObject(['username' => 'foo'])); $this->ldap->switchDomain('foo.local')->willThrow(new InvalidArgumentException('invalid')); $this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringCheckCredentials($credentials, $user); $this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringGetUser($credentials, $up); }
/** * Get the LDAP objects from LDAP. Optionally only get those specified by the passed values. * * @param array $values The values used to narrow the LDAP query. * @return \LdapTools\Object\LdapObjectCollection */ protected function getLdapObjectsByQuery($values = []) { if (!$this->ldapQueryBuilder) { $query = $this->ldap->buildLdapQuery()->select([$this->id, $this->labelAttribute])->from($this->type); } else { $query = clone $this->ldapQueryBuilder; } if (!empty($values)) { foreach ($values as $value) { $query->orWhere([$this->id => $value]); } } if ($this->queryCallback) { $closure = $this->queryCallback; $closure($query); } return $query->getLdapQuery()->getResult(); }
function it_should_switch_the_domain_if_the_token_has_the_ldap_domain_set() { // It first grabs a copy of the domain context, then checks against it, then checks it at the end... $this->ldap->getDomainContext()->willReturn('foo.bar', 'foo.bar', 'example.local'); $this->token->hasAttribute('ldap_domain')->willReturn(true); $this->token->getAttribute('ldap_domain')->willReturn('example.local'); $this->ldap->switchDomain('example.local')->shouldBeCalledTimes(1); $this->ldap->switchDomain('foo.bar')->shouldBeCalledTimes(1); $this->authenticate($this->token)->shouldReturnAnInstanceOf('\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken'); }
function let(LdapManager $ldap) { $logger = new LdapProfilerLogger(); // Add some log data... $addOperation = (new AddOperation())->setAttributes(['username' => 'foo', 'unicodePwd' => 'bar']); $deleteOperation = new DeleteOperation('foo'); $addLog = new LogOperation($addOperation); $addLog->setDomain('foo.bar'); $addLog->setError('fail'); $deleteLog = new LogOperation($deleteOperation); $deleteLog->setDomain('example.local'); /** @var LogOperation $log */ foreach ([$addLog, $deleteLog] as $log) { $logger->start($log->start()); $logger->end($log->stop()); } $ldap->getDomains()->willReturn(['foo.bar', 'example.local']); $this->beConstructedWith($logger, $ldap); }
/** * {@inheritdoc} */ public function configureOptions(OptionsResolver $resolver) { $ldap = $this->ldap; $resolver->setDefaults(['ldap_domain' => $this->ldap->getDomainContext(), 'ldap_attributes' => null, 'ldap_query_builder' => null, 'choice_name' => 'name', 'choice_value' => 'guid', 'choices' => [], 'choice_loader' => function (Options $options) use($ldap) { if (!interface_exists('\\Symfony\\Component\\Form\\ChoiceList\\Loader\\ChoiceLoaderInterface')) { return null; } return new LdapObjectChoiceLoader($ldap, $options['ldap_type'], $options['choice_name'], $options['choice_value'], $options['ldap_query_builder']); }, 'choice_list' => function (Options $options) use($ldap) { // Always prefer the ChoiceLoader if it exists. Fall back to the ObjectChoiceList... if (interface_exists('\\Symfony\\Component\\Form\\ChoiceList\\Loader\\ChoiceLoaderInterface')) { return null; } $legacyChoiceLoader = new LegacyLdapChoiceLoader($ldap, $options['ldap_type'], $options['choice_name'], $options['choice_value'], $options['ldap_query_builder']); $preferred = isset($options['preferred_choices']) ? $options['preferred_choices'] : []; return new LdapObjectChoiceList($legacyChoiceLoader->load(), $options['choice_name'], $preferred, null, $options['choice_value']); }]); $resolver->setRequired(['ldap_type']); $this->setAllowedTypes($resolver); }
/** * @param LdapUser $user * @return LdapObjectCollection */ protected function getGroupsForUser(LdapUser $user) { $select = $this->roleAttrMap; unset($select['members']); $query = $this->ldap->buildLdapQuery()->from($this->groupObjectType)->select(array_values($select)); if ($this->checkGroupsRecursively) { $query->where($query->filter()->hasMemberRecursively($user->getLdapGuid(), $this->roleAttrMap['members'])); } else { $query->where([$this->roleAttrMap['members'] => $user->getLdapGuid()]); } return $query->getLdapQuery()->getResult(); }
function let(UserProviderInterface $userProvider, LdapUserChecker $userChecker, LdapManager $ldap, TokenInterface $token, LdapUser $user, LdapConnectionInterface $connection, AuthenticationResponse $response, \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher) { $this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar'); $token->getUsername()->willReturn('foo'); $token->getCredentials()->willReturn('bar'); $token->hasAttribute('ldap_domain')->willReturn(false); $token->getAttributes()->willReturn([]); $token->getUser()->willReturn($user); $userProvider->loadUserByUsername('foo')->willReturn($user); $connection->getConfig()->willReturn(new DomainConfiguration('foo.bar')); $connection->execute($this->operation)->willReturn($response); $response->isAuthenticated()->willReturn(true); $ldap->getConnection()->willReturn($connection); $ldap->getDomainContext()->willReturn('foo.bar'); $user->getUsername()->willReturn('foo'); $user->getRoles()->willReturn(['ROLE_USER']); $user->isAccountNonLocked()->willReturn(true); $user->isEnabled()->willReturn(true); $user->isAccountNonExpired()->willReturn(true); $user->isCredentialsNonExpired()->willReturn(true); $this->beConstructedWith('restricted', true, $userProvider, new LdapUserChecker(), $ldap, $dispatcher); }
/** * {@inheritdoc} */ public function warmUp($cacheDir) { $domain = $this->ldap->getDomainContext(); foreach ($this->config->getDomainConfiguration() as $domainConfig) { $this->ldap->switchDomain($domainConfig->getDomainName()); $schemaFactory = $this->ldap->getSchemaFactory(); $parser = $this->ldap->getSchemaParser(); $schema = empty($domainConfig->getSchemaName()) ? $domainConfig->getLdapType() : $domainConfig->getSchemaName(); $ldapObjects = $parser->parseAll($schema); $this->cacheAllLdapSchemaObjects($schemaFactory, ...$ldapObjects); } $this->ldap->switchDomain($domain); }
/** * @param \ReflectionProperty $property * @param LdapObjectAnnotation $annotation * @param $entity * @return LdapObject|LdapObjectCollection|null */ protected function queryLdapForObjects(\ReflectionProperty $property, LdapObjectAnnotation $annotation, $entity) { $query = $this->ldap->buildLdapQuery()->select($this->getLdapAttributesToSelect($annotation))->from($annotation->type); $values = $property->getValue($entity); // A single LdapObject type... if (is_string($values) && !empty($values)) { $query->where([$annotation->id => $values]); // A LdapObjectCollection type... } elseif (is_array($values) && !empty($values)) { foreach ($values as $value) { $query->orWhere([$annotation->id => $value]); } // A currently null/empty value? } else { return null; } if ($annotation->collection) { $results = $query->getLdapQuery()->getResult(); } else { $results = $query->getLdapQuery()->getOneOrNullResult(); } return $results; }
function let(Reader $reader, LdapManager $ldap, LifecycleEventArgs $eventArgs, ObjectManager $om, ClassMetadata $metadata, LdapObjectSchemaFactory $schemaFactory, LdapConnectionInterface $connection, LdapObjectSchema $schema, LdapQueryBuilder $qb, LdapQuery $query, $entity) { $rc = new \ReflectionClass('Doctrine\\Common\\Persistence\\Event\\LifecycleEventArgs'); if ($rc->hasMethod('getObjectManager')) { $eventArgs->getObjectManager()->willReturn($om); $eventArgs->getObject()->willReturn($entity); } else { $eventArgs->getEntityManager()->willReturn($om); $eventArgs->getEntity()->willReturn($entity); } $om->getClassMetadata(Argument::any())->willReturn($metadata); $this->config = new DomainConfiguration('foo.bar'); $connection->getConfig()->willReturn($this->config); $ldap->getDomainContext()->willReturn('foo.bar'); $ldap->getSchemaFactory()->willReturn($schemaFactory); $ldap->getConnection()->willReturn($connection); $ldap->buildLdapQuery()->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $this->beConstructedWith($reader, $ldap); }
/** * If the passed domain is not the current context, then switch back to it. * * @param string $domain */ protected function switchDomainBackIfNeeded($domain) { if ($domain !== $this->ldap->getDomainContext()) { $this->ldap->switchDomain($domain); } }
public function let(LdapManager $ldap, LdapQueryBuilder $qb, LdapQuery $query) { $ldap->buildLdapQuery()->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $this->beConstructedWith($ldap, LdapObjectType::USER); }