Get the Ldap Connection object. By default it will get the connection of the domain currently in context. To get
a different domain connection pass the domain name as a parameter.
public getConnection ( null | string $domain = null ) : LdapTools\Connection\LdapConnectionInterface | ||
$domain | null | string | |
return | LdapTools\Connection\LdapConnectionInterface |
/** * @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider * @param \LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUserChecker $userChecker * @param \LdapTools\LdapManager $ldap * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUser $user * @param \LdapTools\Connection\LdapConnectionInterface $connection * @param \LdapTools\Operation\AuthenticationResponse $response * @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher */ function let($userProvider, $userChecker, $ldap, $token, $user, $connection, $response, $dispatcher) { $this->userProvider = $userProvider; $this->userChecker = $userChecker; $this->ldap = $ldap; $this->token = $token; $this->user = $user; $this->connection = $connection; $this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar'); $this->response = $response; $this->dispatcher = $dispatcher; $token->getUsername()->willReturn('foo'); $token->getCredentials()->willReturn('bar'); $token->hasAttribute('ldap_domain')->willReturn(false); $token->getAttributes()->willReturn([]); $this->userProvider->loadUserByUsername('foo')->willReturn($user); $this->connection->getConfig()->willReturn(new DomainConfiguration('foo.bar')); $this->connection->execute($this->operation)->willReturn($this->response); $this->response->isAuthenticated()->willReturn(true); $this->ldap->getConnection()->willReturn($this->connection); $this->ldap->getDomainContext()->willReturn('foo.bar'); $this->user->getUsername()->willReturn('foo'); $this->user->getRoles()->willReturn(['ROLE_USER']); $this->user->isAccountNonLocked()->willReturn(true); $this->user->isEnabled()->willReturn(true); $this->user->isAccountNonExpired()->willReturn(true); $this->user->isCredentialsNonExpired()->willReturn(true); $this->beConstructedWith('restricted', true, $this->userProvider, new LdapUserChecker(), $this->ldap, $this->dispatcher); }
/** * @param \LdapTools\LdapManager $ldap * @param \LdapTools\Query\LdapQueryBuilder $qb * @param \LdapTools\Query\LdapQuery $query * @param \LdapTools\Connection\LdapConnectionInterface $connection */ function let($ldap, $qb, $query, $connection) { $groups = new LdapObjectCollection(); $groups->add(new LdapObject(['name' => 'Foo', 'dn' => 'cn=Foo,dc=example,dc=local'])); $groups->add(new LdapObject(['guid' => '291d8444-9d5b-4b0a-a6d7-853408f704d5', 'dn' => 'cn=Bar,dc=example,dc=local'])); $groups->add(new LdapObject(['sid' => 'S-1-5-18', 'dn' => 'cn=LocalSys,dc=example,dc=local'])); $groups->add(new LdapObject(['name' => 'Just a DN', 'dn' => 'cn=Stuff,dc=example,dc=local'])); $roleMap = ['ROLE_AWESOME' => ['foo'], 'ROLE_ADMIN' => ['291d8444-9d5b-4b0a-a6d7-853408f704d5'], 'ROLE_DN' => ['cn=Stuff,dc=example,dc=local'], 'ROLE_SID' => ['S-1-5-18']]; $attrMap = ['username' => 'username', 'accountNonLocked' => 'locked', 'accountNonExpired' => 'accountExpirationDate', 'enabled' => 'disabled', 'credentialsNonExpired' => 'passwordMustChange', 'guid' => 'guid', 'groups' => 'groups', 'stringRepresentation' => 'username']; $this->ldap = $ldap; $this->qb = $qb; $this->query = $query; $this->connection = $connection; $this->config = new DomainConfiguration('foo.bar'); $this->filter = new ADFilterBuilder(); $this->ldapObject = new LdapObject($this->attr, ['user'], ['user'], 'user'); $query->getSingleResult()->willReturn($this->ldapObject); $query->getResult()->willReturn($groups); $query->getArrayResult()->willReturn([['name' => 'foo'], ['name' => 'bar']]); $qb->from(LdapObjectType::USER)->willReturn($qb); $qb->from('group')->willReturn($qb); $qb->select(["username", "locked", "accountExpirationDate", "disabled", "passwordMustChange", "guid", "groups", "username"])->willReturn($qb); $qb->select(["name", "sid", "guid"])->willReturn($qb); $qb->select('name')->willReturn($qb); $qb->where(['username' => 'foo'])->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $qb->filter()->willReturn($this->filter); $qb->where($this->filter->hasMemberRecursively($this->attr['guid'], 'members'))->willReturn($qb); $this->ldap->buildLdapQuery()->willReturn($qb); $connection->getConfig()->willReturn($this->config); $this->ldap->getConnection()->willReturn($connection); $this->beConstructedWith($ldap, $attrMap, $roleMap, true); }
function let(LdapManager $ldap, LdapConnectionInterface $connection, RouterInterface $router, EventDispatcherInterface $dispatcher) { $this->userChecker = new LdapUserChecker(); $this->request = new Request(); $this->request->setSession(new Session()); $router->generate('login')->willReturn('/login'); $connection->getConfig()->willReturn(new DomainConfiguration('foo.bar')); $ldap->getConnection()->willReturn($connection); $ldap->getDomainContext()->willReturn('foo.bar'); $this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher); }
/** * @param LdapObjectAnnotation $annotation * @return array */ protected function getLdapAttributesToSelect(LdapObjectAnnotation $annotation) { $attributes = $annotation->attributes; if (empty($attributes)) { $schemaFactory = $this->ldap->getSchemaFactory(); $schema = $schemaFactory->get($this->ldap->getConnection()->getConfig()->getSchemaName(), $annotation->type); $attributes = $schema->getAttributesToSelect(); } if (!in_array($annotation->id, $attributes)) { $attributes[] = $annotation->id; } return $attributes; }
/** * @param UserInterface $user * @param TokenInterface $token * @return UsernamePasswordToken */ protected function doAuthentication(UserInterface $user, TokenInterface $token) { $auth = (new AuthenticationOperation())->setUsername($user->getUsername())->setPassword($token->getCredentials()); /** @var AuthenticationResponse $response */ $response = $this->ldap->getConnection()->execute($auth); if (!$response->isAuthenticated()) { $this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType()); throw new BadCredentialsException($response->getErrorMessage(), $response->getErrorCode()); } $this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token)); $newToken = new UsernamePasswordToken($user, null, $this->providerKey, $user->getRoles()); $newToken->setAttributes($token->getAttributes()); return $newToken; }
/** * @param \LdapTools\LdapManager $ldap * @param \LdapTools\Connection\LdapConnectionInterface $connection * @param \Symfony\Component\Routing\RouterInterface $router * @param \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher */ function let($ldap, $connection, $router, $dispatcher) { $this->ldap = $ldap; $this->router = $router; $this->userChecker = new LdapUserChecker(); $this->connection = $connection; $this->config = new DomainConfiguration('foo.bar'); $this->request = new Request(); $this->request->setSession(new Session()); $this->dispatcher = $dispatcher; $this->router->generate('login')->willReturn('/login'); $this->connection->getConfig()->willReturn($this->config); $this->ldap->getConnection()->willReturn($this->connection); $this->ldap->getDomainContext()->willReturn('foo.bar'); $this->beConstructedWith(true, $this->userChecker, $ldap, $router, $dispatcher); }
function let(Reader $reader, LdapManager $ldap, LifecycleEventArgs $eventArgs, ObjectManager $om, ClassMetadata $metadata, LdapObjectSchemaFactory $schemaFactory, LdapConnectionInterface $connection, LdapObjectSchema $schema, LdapQueryBuilder $qb, LdapQuery $query, $entity) { $rc = new \ReflectionClass('Doctrine\\Common\\Persistence\\Event\\LifecycleEventArgs'); if ($rc->hasMethod('getObjectManager')) { $eventArgs->getObjectManager()->willReturn($om); $eventArgs->getObject()->willReturn($entity); } else { $eventArgs->getEntityManager()->willReturn($om); $eventArgs->getEntity()->willReturn($entity); } $om->getClassMetadata(Argument::any())->willReturn($metadata); $this->config = new DomainConfiguration('foo.bar'); $connection->getConfig()->willReturn($this->config); $ldap->getDomainContext()->willReturn('foo.bar'); $ldap->getSchemaFactory()->willReturn($schemaFactory); $ldap->getConnection()->willReturn($connection); $ldap->buildLdapQuery()->willReturn($qb); $qb->getLdapQuery()->willReturn($query); $this->beConstructedWith($reader, $ldap); }
function let(UserProviderInterface $userProvider, LdapUserChecker $userChecker, LdapManager $ldap, TokenInterface $token, LdapUser $user, LdapConnectionInterface $connection, AuthenticationResponse $response, \Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher) { $this->operation = (new AuthenticationOperation())->setUsername('foo')->setPassword('bar'); $token->getUsername()->willReturn('foo'); $token->getCredentials()->willReturn('bar'); $token->hasAttribute('ldap_domain')->willReturn(false); $token->getAttributes()->willReturn([]); $token->getUser()->willReturn($user); $userProvider->loadUserByUsername('foo')->willReturn($user); $connection->getConfig()->willReturn(new DomainConfiguration('foo.bar')); $connection->execute($this->operation)->willReturn($response); $response->isAuthenticated()->willReturn(true); $ldap->getConnection()->willReturn($connection); $ldap->getDomainContext()->willReturn('foo.bar'); $user->getUsername()->willReturn('foo'); $user->getRoles()->willReturn(['ROLE_USER']); $user->isAccountNonLocked()->willReturn(true); $user->isEnabled()->willReturn(true); $user->isAccountNonExpired()->willReturn(true); $user->isCredentialsNonExpired()->willReturn(true); $this->beConstructedWith('restricted', true, $userProvider, new LdapUserChecker(), $ldap, $dispatcher); }
/** * {@inheritdoc} */ public function checkCredentials($credentials, UserInterface $user) { $domain = $this->ldap->getDomainContext(); try { $this->switchDomainIfNeeded($credentials); /** @var \LdapTools\Operation\AuthenticationResponse $response */ $response = $this->ldap->getConnection()->execute(new AuthenticationOperation($user->getUsername(), $credentials['password'])); if (!$response->isAuthenticated()) { $this->userChecker->checkLdapErrorCode($user, $response->getErrorCode(), $this->ldap->getConnection()->getConfig()->getLdapType()); throw new CustomUserMessageAuthenticationException($response->getErrorMessage(), [], $response->getErrorCode()); } // No way to get the token from the Guard, need to create one to pass... $token = new UsernamePasswordToken($user, $credentials['password'], 'ldap-tools', $user->getRoles()); $token->setAttribute('ldap_domain', isset($credentials['ldap_domain']) ? $credentials['ldap_domain'] : ''); $this->dispatcher->dispatch(LdapLoginEvent::SUCCESS, new LdapLoginEvent($user, $token)); } catch (\Exception $e) { $this->hideOrThrow($e); } finally { $this->domain = $this->ldap->getDomainContext(); $this->switchDomainBackIfNeeded($domain); } return true; }