icingaweb2/application/forms/Config/UserBackend/LdapBackendForm.php

<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */

namespace Icinga\Forms\Config\UserBackend;

use Exception;
use Icinga\Web\Form;
use Icinga\Data\ConfigObject;
use Icinga\Data\ResourceFactory;
use Icinga\Exception\AuthenticationException;
use Icinga\Authentication\User\UserBackend;

/**
 * Form class for adding/modifying LDAP user backends
 */
class LdapBackendForm extends Form
{
    /**
     * The ldap resource names the user can choose from
     *
     * @var array
     */
    protected $resources;

    /**
     * Initialize this form
     */
    public function init()
    {
        $this->setName('form_config_authbackend_ldap');
    }

    /**
     * Set the resource names the user can choose from
     *
     * @param   array   $resources      The resources to choose from
     *
     * @return  $this
     */
    public function setResources(array $resources)
    {
        $this->resources = $resources;
        return $this;
    }

    /**
     * @see Form::createElements()
     */
    public function createElements(array $formData)
    {
        $isAd = isset($formData['type']) ? $formData['type'] === 'msldap' : false;

        $this->addElement(
            'text',
            'name',
            array(
                'required'      => true,
                'label'         => $this->translate('Backend Name'),
                'description'   => $this->translate(
                    'The name of this authentication provider that is used to differentiate it from others.'
                )
            )
        );
        $this->addElement(
            'select',
            'resource',
            array(
                'required'      => true,
                'label'         => $this->translate('LDAP Connection'),
                'description'   => $this->translate(
                    'The LDAP connection to use for authenticating with this provider.'
                ),
                'multiOptions'  => false === empty($this->resources)
                    ? array_combine($this->resources, $this->resources)
                    : array()
            )
        );
        $this->addElement(
            'text',
            'user_class',
            array(
                'preserveDefault'   => true,
                'required'          => ! $isAd,
                'ignore'            => $isAd,
                'disabled'          => $isAd ?: null,
                'label'             => $this->translate('LDAP User Object Class'),
                'description'       => $this->translate('The object class used for storing users on the LDAP server.'),
                'value'             => $isAd ? 'user' : 'inetOrgPerson'
            )
        );
        $this->addElement(
            'text',
            'filter',
            array(
                'allowEmpty'    => true,
                'label'         => $this->translate('LDAP Filter'),
                'description'   => $this->translate(
                    'An additional filter to use when looking up users using the specified connection. '
                    . 'Leave empty to not to use any additional filter rules.'
                ),
                'requirement'   => $this->translate(
                    'The filter needs to be expressed as standard LDAP expression, without'
                    . ' outer parentheses. (e.g. &(foo=bar)(bar=foo) or foo=bar)'
                ),
                'validators'    => array(
                    array(
                        'Callback',
                        false,
                        array(
                            'callback'  => function ($v) {
                                return strpos($v, '(') !== 0;
                            },
                            'messages'  => array(
                                'callbackValue' => $this->translate('The filter must not be wrapped in parantheses.')
                            )
                        )
                    )
                )
            )
        );
        $this->addElement(
            'text',
            'user_name_attribute',
            array(
                'preserveDefault'   => true,
                'required'          => ! $isAd,
                'ignore'            => $isAd,
                'disabled'          => $isAd ?: null,
                'label'             => $this->translate('LDAP User Name Attribute'),
                'description'       => $this->translate(
                    'The attribute name used for storing the user name on the LDAP server.'
                ),
                'value'             => $isAd ? 'sAMAccountName' : 'uid'
            )
        );
        $this->addElement(
            'hidden',
            'backend',
            array(
                'disabled'  => true,
                'value'     => $isAd ? 'msldap' : 'ldap'
            )
        );
        $this->addElement(
            'text',
            'base_dn',
            array(
                'required'      => false,
                'label'         => $this->translate('LDAP Base DN'),
                'description'   => $this->translate(
                    'The path where users can be found on the LDAP server. Leave ' .
                    'empty to select all users available using the specified connection.'
                )
            )
        );
        return $this;
    }

    /**
     * Validate that the selected resource is a valid ldap user backend
     *
     * @see Form::onSuccess()
     */
    public function onSuccess()
    {
        if (false === static::isValidUserBackend($this)) {
            return false;
        }
    }

    /**
     * Validate the configuration by creating a backend and requesting the user count
     *
     * @param   Form    $form   The form to fetch the configuration values from
     *
     * @return  bool            Whether validation succeeded or not
     */
    public static function isValidUserBackend(Form $form)
    {
        try {
            $ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
            $ldapUserBackend->assertAuthenticationPossible();
        } catch (AuthenticationException $e) {
            if (($previous = $e->getPrevious()) !== null) {
                $form->addError($previous->getMessage());
            } else {
                $form->addError($e->getMessage());
            }

            return false;
        } catch (Exception $e) {
            $form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
            return false;
        }

        return true;
    }

    /**
     * Return the configuration for the chosen resource
     *
     * @return  ConfigObject
     *
     * @todo    Check whether it's possible to drop this (Or even all occurences!)
     */
    public function getResourceConfig()
    {
        return ResourceFactory::getResourceConfig($this->getValue('resource'));
    }
}
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`<?php`
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL 2015-02-04 10:46:36 +01:00			`/* Icinga Web 2 \| (c) 2013-2015 Icinga Development Team \| GPLv2+ */`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
ConfigController: We're configuring user backends from now on refs #8826 2015-06-02 09:58:57 +02:00			`namespace Icinga\Forms\Config\UserBackend;`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
Fix coding style 2014-08-11 10:43:54 +02:00			`use Exception;`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`use Icinga\Web\Form;`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`use Icinga\Data\ConfigObject;`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`use Icinga\Data\ResourceFactory;`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`use Icinga\Exception\AuthenticationException;`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`use Icinga\Authentication\User\UserBackend;`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
			`/**`
ConfigController: We're configuring user backends from now on refs #8826 2015-06-02 09:58:57 +02:00			`* Form class for adding/modifying LDAP user backends`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`*/`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`class LdapBackendForm extends Form`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`{`
			`/**`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* The ldap resource names the user can choose from`
Fix coding style 2014-08-11 10:43:54 +02:00			`*`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`* @var array`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`*/`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`protected $resources;`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00
Do not overwrite __construct() in forms, there's init() for that purpose refs #5525 2014-08-11 10:39:13 +02:00			`/**`
			`* Initialize this form`
			`*/`
			`public function init()`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`{`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$this->setName('form_config_authbackend_ldap');`
			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`/**`
			`* Set the resource names the user can choose from`
			`*`
			`* @param array $resources The resources to choose from`
			`*`
Use (only) "@return $this" in fluent interfaces' documentation 2015-04-07 14:23:26 +02:00			`* @return $this`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`*/`
			`public function setResources(array $resources)`
			`{`
			`$this->resources = $resources;`
			`return $this;`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
Fix coding style 2014-08-11 10:43:54 +02:00			`/**`
			`* @see Form::createElements()`
			`*/`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`public function createElements(array $formData)`
			`{`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`$isAd = isset($formData['type']) ? $formData['type'] === 'msldap' : false;`

Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'text',`
			`'name',`
			`array(`
			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Backend Name'),`
			`'description' => $this->translate(`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`'The name of this authentication provider that is used to differentiate it from others.'`
Add more detailed explanations when configuring authentication backends refs #7163 fixes #7411 2014-10-21 16:15:04 +02:00			`)`
Add icons to config forms 2013-10-23 12:25:51 +02:00			`)`
			`);`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'select',`
			`'resource',`
			`array(`
			`'required' => true,`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`'label' => $this->translate('LDAP Connection'),`
			`'description' => $this->translate(`
			`'The LDAP connection to use for authenticating with this provider.'`
			`),`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`'multiOptions' => false === empty($this->resources)`
			`? array_combine($this->resources, $this->resources)`
			`: array()`
			`)`
			`);`
			`$this->addElement(`
			`'text',`
			`'user_class',`
			`array(`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`'preserveDefault' => true,`
			`'required' => ! $isAd,`
			`'ignore' => $isAd,`
			`'disabled' => $isAd ?: null,`
			`'label' => $this->translate('LDAP User Object Class'),`
			`'description' => $this->translate('The object class used for storing users on the LDAP server.'),`
			`'value' => $isAd ? 'user' : 'inetOrgPerson'`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`$this->addElement(`
			`'text',`
			`'filter',`
			`array(`
			`'allowEmpty' => true,`
			`'label' => $this->translate('LDAP Filter'),`
			`'description' => $this->translate(`
			`'An additional filter to use when looking up users using the specified connection. '`
			`. 'Leave empty to not to use any additional filter rules.'`
			`),`
			`'requirement' => $this->translate(`
			`'The filter needs to be expressed as standard LDAP expression, without'`
			`. ' outer parentheses. (e.g. &(foo=bar)(bar=foo) or foo=bar)'`
			`),`
			`'validators' => array(`
			`array(`
			`'Callback',`
			`false,`
			`array(`
			`'callback' => function ($v) {`
			`return strpos($v, '(') !== 0;`
			`},`
			`'messages' => array(`
			`'callbackValue' => $this->translate('The filter must not be wrapped in parantheses.')`
			`)`
			`)`
			`)`
			`)`
			`)`
			`);`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'text',`
			`'user_name_attribute',`
			`array(`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`'preserveDefault' => true,`
			`'required' => ! $isAd,`
			`'ignore' => $isAd,`
			`'disabled' => $isAd ?: null,`
			`'label' => $this->translate('LDAP User Name Attribute'),`
			`'description' => $this->translate(`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`'The attribute name used for storing the user name on the LDAP server.'`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`),`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`'value' => $isAd ? 'sAMAccountName' : 'uid'`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
			`$this->addElement(`
			`'hidden',`
			`'backend',`
			`array(`
Fix that hidden elements are getting ovewritten when validating a form This works by "disabling" hidden elements which causes the browser not to submit them. Due to a bug in Zend we need to manually ensure that Form::isValid does not overwrite the value of disabled elements with null. fixes #7717 2014-11-18 15:06:36 +01:00			`'disabled' => true,`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`'value' => $isAd ? 'msldap' : 'ldap'`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
Move optional base_dn to end of form 2014-10-14 14:44:31 +02:00			`$this->addElement(`
			`'text',`
			`'base_dn',`
			`array(`
			`'required' => false,`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`'label' => $this->translate('LDAP Base DN'),`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'description' => $this->translate(`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`'The path where users can be found on the LDAP server. Leave ' .`
			`'empty to select all users available using the specified connection.'`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`)`
Move optional base_dn to end of form 2014-10-14 14:44:31 +02:00			`)`
			`);`
Fix createElements() not returning self where applicable refs #5525 2014-09-09 13:24:39 +02:00			`return $this;`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`}`

Configure fixes, regression test for 4606 The configure routine still has to be improved, right now unused authentication backends are commented out refs #4491 refs #4606 refs #4640 2013-08-27 14:37:22 +02:00			`/**`
ConfigController: We're configuring user backends from now on refs #8826 2015-06-02 09:58:57 +02:00			`* Validate that the selected resource is a valid ldap user backend`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`*`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* @see Form::onSuccess()`
Configure fixes, regression test for 4606 The configure routine still has to be improved, right now unused authentication backends are commented out refs #4491 refs #4606 refs #4640 2013-08-27 14:37:22 +02:00			`*/`
Remove $request parameter from Form::onSuccess and Form::onRequest fixes #7552 2014-11-14 14:59:12 +01:00			`public function onSuccess()`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`{`
ConfigController: We're configuring user backends from now on refs #8826 2015-06-02 09:58:57 +02:00			`if (false === static::isValidUserBackend($this)) {`
Icingaweb shoul work without optional extensions when they are not used When optional classes and php extensions like pgsql and additonal Zend-Pdos are actually required by creating a new resource or authentication backend, perform a check and display a warning instead of just throwing an exception. refs #4788 2014-04-28 16:45:37 +02:00			`return false;`
			`}`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`}`

			`/**`
			`* Validate the configuration by creating a backend and requesting the user count`
			`*`
			`* @param Form $form The form to fetch the configuration values from`
			`*`
			`* @return bool Whether validation succeeded or not`
			`*/`
ConfigController: We're configuring user backends from now on refs #8826 2015-06-02 09:58:57 +02:00			`public static function isValidUserBackend(Form $form)`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`{`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`try {`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`$ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$ldapUserBackend->assertAuthenticationPossible();`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`} catch (AuthenticationException $e) {`
LDAP-Auth backend config: Add support for custom LDAP filter rules refs #8365 2015-03-11 09:52:14 +01:00			`if (($previous = $e->getPrevious()) !== null) {`
			`$form->addError($previous->getMessage());`
			`} else {`
			`$form->addError($e->getMessage());`
			`}`

Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`return false;`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`} catch (Exception $e) {`
Using $this when not in object context, doesn't work. refs #7551 2015-01-19 13:47:53 +01:00			`$form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`return false;`
			`}`
Revert "Fix backend validation of LdapBackendForm" This reverts commit 0777848a84d63d10c5b184476845da32e92236ea. 2014-10-15 08:49:17 +02:00
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`return true;`
Add controller to handle resource configuration Add the controller, forms and views to handle the resource configuration. refs #4786 2013-11-06 19:02:30 +01:00			`}`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00
			`/**`
			`* Return the configuration for the chosen resource`
			`*`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`* @return ConfigObject`
UserBackendConfigForm: Allow to configure user backends of type msldap fixes #9355 2015-06-05 17:20:31 +02:00			`*`
			`* @todo Check whether it's possible to drop this (Or even all occurences!)`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`*/`
			`public function getResourceConfig()`
			`{`
			`return ResourceFactory::getResourceConfig($this->getValue('resource'));`
			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`}`