icingaweb2/application/forms/Config/Authentication/LdapBackendForm.php

<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}

namespace Icinga\Form\Config\Authentication;

use Exception;
use Icinga\Web\Form;
use Icinga\Web\Request;
use Icinga\Data\ResourceFactory;
use Icinga\Exception\AuthenticationException;
use Icinga\Authentication\Backend\LdapUserBackend;

/**
 * Form class for adding/modifying LDAP authentication backends
 */
class LdapBackendForm extends Form
{
    /**
     * The ldap resource names the user can choose from
     *
     * @var array
     */
    protected $resources;

    /**
     * Initialize this form
     */
    public function init()
    {
        $this->setName('form_config_authbackend_ldap');
    }

    /**
     * Set the resource names the user can choose from
     *
     * @param   array   $resources      The resources to choose from
     *
     * @return  self
     */
    public function setResources(array $resources)
    {
        $this->resources = $resources;
        return $this;
    }

    /**
     * @see Form::createElements()
     */
    public function createElements(array $formData)
    {
        $this->addElement(
            'text',
            'name',
            array(
                'required'      => true,
                'label'         => t('Backend Name'),
                'description'   => t('The name of this authentication backend')
            )
        );
        $this->addElement(
            'select',
            'resource',
            array(
                'required'      => true,
                'label'         => t('LDAP Resource'),
                'description'   => t('The resource to use for authenticating with this provider'),
                'multiOptions'  => false === empty($this->resources)
                    ? array_combine($this->resources, $this->resources)
                    : array()
            )
        );
        $this->addElement(
            'text',
            'user_class',
            array(
                'required'      => true,
                'label'         => t('LDAP User Object Class'),
                'description'   => t('The object class used for storing users on the ldap server'),
                'value'         => 'inetOrgPerson'
            )
        );
        $this->addElement(
            'text',
            'user_name_attribute',
            array(
                'required'      => true,
                'label'         => t('LDAP User Name Attribute'),
                'description'   => t('The attribute name used for storing the user name on the ldap server'),
                'value'         => 'uid'
            )
        );
        $this->addElement(
            'hidden',
            'backend',
            array(
                'required'  => true,
                'value'     => 'ldap'
            )
        );
        $this->addElement(
            'text',
            'base_dn',
            array(
                'required'      => false,
                'label'         => t('Base DN'),
                'description'   => t('The path where users can be found on the ldap server. ' .
                    ' Leave empty to select all users available on the specified resource.')
            )
        );
        return $this;
    }

    /**
     * Validate that the selected resource is a valid ldap authentication backend
     *
     * @see Form::onSuccess()
     */
    public function onSuccess(Request $request)
    {
        if (false === static::isValidAuthenticationBackend($this)) {
            return false;
        }
    }

    /**
     * Validate the configuration by creating a backend and requesting the user count
     *
     * @param   Form    $form   The form to fetch the configuration values from
     *
     * @return  bool            Whether validation succeeded or not
     */
    public static function isValidAuthenticationBackend(Form $form)
    {
        try {
            $ldapUserBackend = new LdapUserBackend(
                ResourceFactory::createResource(ResourceFactory::getResourceConfig($form->getValue('resource'))),
                $form->getElement('user_class')->getValue(),
                $form->getElement('user_name_attribute')->getValue(),
                $form->getElement('base_dn')->getValue()
            );
            $ldapUserBackend->assertAuthenticationPossible();
        } catch (AuthenticationException $e) {
            $form->addError($e->getMessage());
            return false;
        } catch (Exception $e) {
            $form->addError(sprintf(t('Unable to validate authentication: %s'), $e->getMessage()));
            return false;
        }
        return true;
    }

    /**
     * Return the configuration for the chosen resource
     *
     * @return  Zend_Config
     */
    public function getResourceConfig()
    {
        return ResourceFactory::getResourceConfig($this->getValue('resource'));
    }
}
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`<?php`
			`// {{{ICINGA_LICENSE_HEADER}}}`
			`// {{{ICINGA_LICENSE_HEADER}}}`

			`namespace Icinga\Form\Config\Authentication;`

Fix coding style 2014-08-11 10:43:54 +02:00			`use Exception;`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`use Icinga\Web\Form;`
Fix LdapBackendFormTest refs #5525 2014-09-09 10:36:42 +02:00			`use Icinga\Web\Request;`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`use Icinga\Data\ResourceFactory;`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`use Icinga\Exception\AuthenticationException;`
Fix coding style 2014-08-11 10:43:54 +02:00			`use Icinga\Authentication\Backend\LdapUserBackend;`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
			`/**`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* Form class for adding/modifying LDAP authentication backends`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`*/`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`class LdapBackendForm extends Form`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`{`
			`/**`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* The ldap resource names the user can choose from`
Fix coding style 2014-08-11 10:43:54 +02:00			`*`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`* @var array`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`*/`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`protected $resources;`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00
Do not overwrite __construct() in forms, there's init() for that purpose refs #5525 2014-08-11 10:39:13 +02:00			`/**`
			`* Initialize this form`
			`*/`
			`public function init()`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`{`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$this->setName('form_config_authbackend_ldap');`
			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`/**`
			`* Set the resource names the user can choose from`
			`*`
			`* @param array $resources The resources to choose from`
			`*`
			`* @return self`
			`*/`
			`public function setResources(array $resources)`
			`{`
			`$this->resources = $resources;`
			`return $this;`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00
Fix coding style 2014-08-11 10:43:54 +02:00			`/**`
			`* @see Form::createElements()`
			`*/`
LdapBackendForm: replace create with createElements and getResources with __construct refs #5525 2014-07-29 12:21:58 +02:00			`public function createElements(array $formData)`
			`{`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'text',`
			`'name',`
			`array(`
			`'required' => true,`
			`'label' => t('Backend Name'),`
			`'description' => t('The name of this authentication backend')`
Add icons to config forms 2013-10-23 12:25:51 +02:00			`)`
			`);`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'select',`
			`'resource',`
			`array(`
			`'required' => true,`
			`'label' => t('LDAP Resource'),`
			`'description' => t('The resource to use for authenticating with this provider'),`
			`'multiOptions' => false === empty($this->resources)`
			`? array_combine($this->resources, $this->resources)`
			`: array()`
			`)`
			`);`
			`$this->addElement(`
			`'text',`
			`'user_class',`
			`array(`
			`'required' => true,`
			`'label' => t('LDAP User Object Class'),`
			`'description' => t('The object class used for storing users on the ldap server'),`
			`'value' => 'inetOrgPerson'`
			`)`
			`);`
			`$this->addElement(`
			`'text',`
			`'user_name_attribute',`
			`array(`
			`'required' => true,`
			`'label' => t('LDAP User Name Attribute'),`
			`'description' => t('The attribute name used for storing the user name on the ldap server'),`
			`'value' => 'uid'`
			`)`
			`);`
			`$this->addElement(`
			`'hidden',`
			`'backend',`
			`array(`
			`'required' => true,`
			`'value' => 'ldap'`
			`)`
			`);`
Move optional base_dn to end of form 2014-10-14 14:44:31 +02:00			`$this->addElement(`
			`'text',`
			`'base_dn',`
			`array(`
			`'required' => false,`
			`'label' => t('Base DN'),`
			`'description' => t('The path where users can be found on the ldap server. ' .`
			`' Leave empty to select all users available on the specified resource.')`
			`)`
			`);`
Fix createElements() not returning self where applicable refs #5525 2014-09-09 13:24:39 +02:00			`return $this;`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`}`

Configure fixes, regression test for 4606 The configure routine still has to be improved, right now unused authentication backends are commented out refs #4491 refs #4606 refs #4640 2013-08-27 14:37:22 +02:00			`/**`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* Validate that the selected resource is a valid ldap authentication backend`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`*`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`* @see Form::onSuccess()`
Configure fixes, regression test for 4606 The configure routine still has to be improved, right now unused authentication backends are commented out refs #4491 refs #4606 refs #4640 2013-08-27 14:37:22 +02:00			`*/`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`public function onSuccess(Request $request)`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`{`
Make isValid* calls of configuration forms being static This allows a more flexible usage as there is no need to access instance formdata when validating such configuration. 2014-09-29 11:02:45 +02:00			`if (false === static::isValidAuthenticationBackend($this)) {`
Icingaweb shoul work without optional extensions when they are not used When optional classes and php extensions like pgsql and additonal Zend-Pdos are actually required by creating a new resource or authentication backend, perform a check and display a warning instead of just throwing an exception. refs #4788 2014-04-28 16:45:37 +02:00			`return false;`
			`}`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`}`

			`/**`
			`* Validate the configuration by creating a backend and requesting the user count`
			`*`
			`* @param Form $form The form to fetch the configuration values from`
			`*`
			`* @return bool Whether validation succeeded or not`
			`*/`
Make isValid* calls of configuration forms being static This allows a more flexible usage as there is no need to access instance formdata when validating such configuration. 2014-09-29 11:02:45 +02:00			`public static function isValidAuthenticationBackend(Form $form)`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`{`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`try {`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$ldapUserBackend = new LdapUserBackend(`
Fix backend validation of LdapBackendForm 2014-10-14 14:44:51 +02:00			`ResourceFactory::createResource(ResourceFactory::getResourceConfig($form->getValue('resource'))),`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$form->getElement('user_class')->getValue(),`
Add `base_dn' directive to LDAP backend config 2014-10-09 10:10:09 +02:00			`$form->getElement('user_name_attribute')->getValue(),`
			`$form->getElement('base_dn')->getValue()`
Icingaweb shoul work without optional extensions when they are not used When optional classes and php extensions like pgsql and additonal Zend-Pdos are actually required by creating a new resource or authentication backend, perform a check and display a warning instead of just throwing an exception. refs #4788 2014-04-28 16:45:37 +02:00			`);`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`$ldapUserBackend->assertAuthenticationPossible();`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`} catch (AuthenticationException $e) {`
			`$form->addError($e->getMessage());`
			`return false;`
Adjust authentication backend forms to suit.. some form implementation refs #5525 2014-08-29 15:16:13 +02:00			`} catch (Exception $e) {`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00			`$form->addError(sprintf(t('Unable to validate authentication: %s'), $e->getMessage()));`
Split up authentication form, logic connectivity check refs #4606 refs #4622 refs #4602 refs #4546 2013-08-26 16:56:23 +02:00			`return false;`
			`}`
Refactor authentication config form tests and fix auth backend validation refs #6011 fixes #5712 2014-04-16 11:50:58 +02:00			`return true;`
Add controller to handle resource configuration Add the controller, forms and views to handle the resource configuration. refs #4786 2013-11-06 19:02:30 +01:00			`}`
Let the form decide where to get the resource configuration from refs #7163 2014-09-29 11:06:16 +02:00
			`/**`
			`* Return the configuration for the chosen resource`
			`*`
			`* @return Zend_Config`
			`*/`
			`public function getResourceConfig()`
			`{`
			`return ResourceFactory::getResourceConfig($this->getValue('resource'));`
			`}`
Implement Authentication form - Allow creation of authentication providers - Allow modification of authentication providers - Allow reordering of authentication providers refs #3777 2013-08-16 16:24:12 +02:00			`}`