|
<?php |
|
|
|
namespace Kanboard\Core\Ldap; |
|
|
|
use LogicException; |
|
use Kanboard\Core\Security\Role; |
|
use Kanboard\User\LdapUserProvider; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class User |
|
{ |
|
|
|
|
|
|
|
|
|
|
|
|
|
protected $query; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected $group; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function __construct(Query $query, Group $group = null) |
|
{ |
|
$this->query = $query; |
|
$this->group = $group; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static function getUser(Client $client, $username) |
|
{ |
|
$self = new static(new Query($client), new Group(new Query($client))); |
|
return $self->find($self->getLdapUserPattern($username)); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function find($query) |
|
{ |
|
$this->query->execute($this->getBaseDn(), $query, $this->getAttributes()); |
|
$user = null; |
|
|
|
if ($this->query->hasResult()) { |
|
$user = $this->build(); |
|
} |
|
|
|
return $user; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function getGroups(Entry $entry) |
|
{ |
|
$userattr = ''; |
|
if ('username' == $this->getGroupUserAttribute()) { |
|
$userattr = $entry->getFirstValue($this->getAttributeUsername()); |
|
} else if ('dn' == $this->getGroupUserAttribute()) { |
|
$userattr = $entry->getDn(); |
|
} |
|
$groupIds = array(); |
|
|
|
if (! empty($userattr) && $this->group !== null && $this->hasGroupUserFilter()) { |
|
$groups = $this->group->find(sprintf($this->getGroupUserFilter(), $userattr)); |
|
|
|
foreach ($groups as $group) { |
|
$groupIds[] = $group->getExternalId(); |
|
} |
|
} else { |
|
$groupIds = $entry->getAll($this->getAttributeGroup()); |
|
} |
|
|
|
return $groupIds; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function getRole(array $groupIds) |
|
{ |
|
if (! $this->hasGroupsConfigured()) { |
|
return null; |
|
} |
|
|
|
if (LDAP_USER_DEFAULT_ROLE_MANAGER) { |
|
$role = Role::APP_MANAGER; |
|
} else { |
|
$role = Role::APP_USER; |
|
} |
|
|
|
foreach ($groupIds as $groupId) { |
|
$groupId = strtolower($groupId); |
|
|
|
if ($groupId === strtolower($this->getGroupAdminDn())) { |
|
$role = Role::APP_ADMIN; |
|
break; |
|
} |
|
|
|
if ($groupId === strtolower($this->getGroupManagerDn())) { |
|
$role = Role::APP_MANAGER; |
|
} |
|
} |
|
|
|
return $role; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function build() |
|
{ |
|
$entry = $this->query->getEntries()->getFirstEntry(); |
|
$groupIds = $this->getGroups($entry); |
|
|
|
return new LdapUserProvider( |
|
$entry->getDn(), |
|
$entry->getFirstValue($this->getAttributeUsername()), |
|
$entry->getFirstValue($this->getAttributeName()), |
|
$entry->getFirstValue($this->getAttributeEmail()), |
|
$this->getRole($groupIds), |
|
$groupIds, |
|
$entry->getFirstValue($this->getAttributePhoto()), |
|
$entry->getFirstValue($this->getAttributeLanguage()) |
|
); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributes() |
|
{ |
|
return array_values(array_filter(array( |
|
$this->getAttributeUsername(), |
|
$this->getAttributeName(), |
|
$this->getAttributeEmail(), |
|
$this->getAttributeGroup(), |
|
$this->getAttributePhoto(), |
|
$this->getAttributeLanguage(), |
|
))); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributeUsername() |
|
{ |
|
if (! LDAP_USER_ATTRIBUTE_USERNAME) { |
|
throw new LogicException('LDAP username attribute empty, check the parameter LDAP_USER_ATTRIBUTE_USERNAME'); |
|
} |
|
|
|
return strtolower(LDAP_USER_ATTRIBUTE_USERNAME); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributeName() |
|
{ |
|
if (! LDAP_USER_ATTRIBUTE_FULLNAME) { |
|
throw new LogicException('LDAP full name attribute empty, check the parameter LDAP_USER_ATTRIBUTE_FULLNAME'); |
|
} |
|
|
|
return strtolower(LDAP_USER_ATTRIBUTE_FULLNAME); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributeEmail() |
|
{ |
|
if (! LDAP_USER_ATTRIBUTE_EMAIL) { |
|
throw new LogicException('LDAP email attribute empty, check the parameter LDAP_USER_ATTRIBUTE_EMAIL'); |
|
} |
|
|
|
return strtolower(LDAP_USER_ATTRIBUTE_EMAIL); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributeGroup() |
|
{ |
|
return strtolower(LDAP_USER_ATTRIBUTE_GROUPS); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributePhoto() |
|
{ |
|
return strtolower(LDAP_USER_ATTRIBUTE_PHOTO); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAttributeLanguage() |
|
{ |
|
return strtolower(LDAP_USER_ATTRIBUTE_LANGUAGE); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getGroupUserFilter() |
|
{ |
|
return LDAP_GROUP_USER_FILTER; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getGroupUserAttribute() |
|
{ |
|
return LDAP_GROUP_USER_ATTRIBUTE; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function hasGroupUserFilter() |
|
{ |
|
return $this->getGroupUserFilter() !== '' && $this->getGroupUserFilter() !== null; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function hasGroupsConfigured() |
|
{ |
|
return $this->getGroupAdminDn() || $this->getGroupManagerDn(); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getGroupAdminDn(): string |
|
{ |
|
return strtolower(LDAP_GROUP_ADMIN_DN); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getGroupManagerDn(): string |
|
{ |
|
return LDAP_GROUP_MANAGER_DN; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getBaseDn() |
|
{ |
|
return LDAP_USER_BASE_DN; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getLdapUserPattern($username, $filter = LDAP_USER_FILTER) |
|
{ |
|
if (! $filter) { |
|
throw new LogicException('LDAP user filter empty, check the parameter LDAP_USER_FILTER'); |
|
} |
|
|
|
return str_replace('%s', $username, $filter); |
|
} |
|
} |
|
|