icingaweb2/application/forms/Config/Resource/LdapResourceForm.php

<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */

namespace Icinga\Forms\Config\Resource;

use Exception;
use Icinga\Web\Form;
use Icinga\Data\ConfigObject;
use Icinga\Data\ResourceFactory;
use Icinga\Protocol\Ldap\Connection;

/**
 * Form class for adding/modifying ldap resources
 */
class LdapResourceForm extends Form
{
    /**
     * Initialize this form
     */
    public function init()
    {
        $this->setName('form_config_resource_ldap');
    }

    /**
     * @see Form::createElements()
     */
    public function createElements(array $formData)
    {
        $this->addElement(
            'text',
            'name',
            array(
                'required'      => true,
                'label'         => $this->translate('Resource Name'),
                'description'   => $this->translate('The unique name of this resource')
            )
        );
        $this->addElement(
            'text',
            'hostname',
            array(
                'required'      => true,
                'label'         => $this->translate('Host'),
                'description'   => $this->translate(
                    'The hostname or address of the LDAP server to use for authentication'
                ),
                'value'         => 'localhost'
            )
        );
        $this->addElement(
            'number',
            'port',
            array(
                'required'      => true,
                'label'         => $this->translate('Port'),
                'description'   => $this->translate('The port of the LDAP server to use for authentication'),
                'value'         => 389
            )
        );
        $this->addElement(
            'select',
            'encryption',
            array(
                'required'      => true,
                'autosubmit'    => true,
                'label'         => $this->translate('Encryption'),
                'description'   => $this->translate(
                    'Whether to encrypt communication. Choose STARTTLS or LDAPS for encrypted communication or'
                    . ' none for unencrypted communication'
                ),
                'multiOptions'  => array(
                    'none'                  => $this->translate('None', 'resource.ldap.encryption'),
                    Connection::STARTTLS    => 'STARTTLS',
                    Connection::LDAPS       => 'LDAPS'
                )
            )
        );

        if (isset($formData['encryption']) && $formData['encryption'] !== 'none') {
            // TODO(jom): Do not show this checkbox unless the connection is actually failing due to certificate errors
            $this->addElement(
                'checkbox',
                'reqcert',
                array(
                    'required'      => true,
                    'label'         => $this->translate('Require Certificate'),
                    'description'   => $this->translate(
                        'When checked, the LDAP server must provide a valid and known (trusted) certificate.'
                    ),
                    'value'         => 1
                )
            );
        }

        $this->addElement(
            'text',
            'root_dn',
            array(
                'required'      => true,
                'label'         => $this->translate('Root DN'),
                'description'   => $this->translate(
                    'Only the root and its child nodes will be accessible on this resource.'
                )
            )
        );
        $this->addElement(
            'text',
            'bind_dn',
            array(
                'required'      => true,
                'label'         => $this->translate('Bind DN'),
                'description'   => $this->translate('The user dn to use for querying the ldap server')
            )
        );
        $this->addElement(
            'password',
            'bind_pw',
            array(
                'required'          => true,
                'renderPassword'    => true,
                'label'             => $this->translate('Bind Password'),
                'description'       => $this->translate('The password to use for querying the ldap server')
            )
        );

        return $this;
    }

    /**
     * Validate that the current configuration points to a valid resource
     *
     * @see Form::onSuccess()
     */
    public function onSuccess()
    {
        if (false === static::isValidResource($this)) {
            return false;
        }
    }

    /**
     * Validate the resource configuration by trying to connect with it
     *
     * @param   Form    $form   The form to fetch the configuration values from
     *
     * @return  bool            Whether validation succeeded or not
     */
    public static function isValidResource(Form $form)
    {
        try {
            $resource = ResourceFactory::createResource(new ConfigObject($form->getValues()));
            if (false === $resource->testCredentials(
                $form->getElement('bind_dn')->getValue(),
                $form->getElement('bind_pw')->getValue()
                )
            ) {
                throw new Exception(); // TODO: Get the exact error message
            }
        } catch (Exception $e) {
            $msg = $form->translate('Connectivity validation failed, connection to the given resource not possible.');
            if (($error = $e->getMessage())) {
                $msg .= ' (' . $error . ')';
            }

            $form->addError($msg);
            return false;
        }

        return true;
    }
}
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`<?php`
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL 2015-02-04 10:46:36 +01:00			`/* Icinga Web 2 \| (c) 2013-2015 Icinga Development Team \| GPLv2+ */`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00
Rename namespace Icinga\Form to Icinga\Forms refs #7553 2014-11-14 10:57:14 +01:00			`namespace Icinga\Forms\Config\Resource;`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00
			`use Exception;`
			`use Icinga\Web\Form;`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`use Icinga\Data\ConfigObject;`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`use Icinga\Data\ResourceFactory;`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`use Icinga\Protocol\Ldap\Connection;`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00
			`/**`
			`* Form class for adding/modifying ldap resources`
			`*/`
			`class LdapResourceForm extends Form`
			`{`
			`/**`
			`* Initialize this form`
			`*/`
			`public function init()`
			`{`
			`$this->setName('form_config_resource_ldap');`
			`}`

			`/**`
			`* @see Form::createElements()`
			`*/`
			`public function createElements(array $formData)`
			`{`
Add some redundancy to get more implicitness Although this commit does not seem reasonable at first the "big" picture proves its necessity! refs #7163 2014-09-29 11:20:39 +02:00			`$this->addElement(`
			`'text',`
			`'name',`
			`array(`
			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Resource Name'),`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'description' => $this->translate('The unique name of this resource')`
Add some redundancy to get more implicitness Although this commit does not seem reasonable at first the "big" picture proves its necessity! refs #7163 2014-09-29 11:20:39 +02:00			`)`
			`);`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'text',`
			`'hostname',`
			`array(`
			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Host'),`
			`'description' => $this->translate(`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'The hostname or address of the LDAP server to use for authentication'`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`),`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'value' => 'localhost'`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
			`$this->addElement(`
Leave it up to Icinga\Web\Form to instantiate our own form elements 2014-11-14 10:15:11 +01:00			`'number',`
			`'port',`
			`array(`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Port'),`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'description' => $this->translate('The port of the LDAP server to use for authentication'),`
Leave it up to Icinga\Web\Form to instantiate our own form elements 2014-11-14 10:15:11 +01:00			`'value' => 389`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`)`
			`);`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`$this->addElement(`
			`'select',`
Use encryption instead of connection for the encryption setting of a LDAP resource 2015-03-13 00:02:18 +01:00			`'encryption',`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`array(`
			`'required' => true,`
			`'autosubmit' => true,`
Use encryption instead of connection for the encryption setting of a LDAP resource 2015-03-13 00:02:18 +01:00			`'label' => $this->translate('Encryption'),`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`'description' => $this->translate(`
Fix SSL, TLS vs LDAPS, STARTTLS in the LDAP resource form 2015-03-13 00:00:21 +01:00			`'Whether to encrypt communication. Choose STARTTLS or LDAPS for encrypted communication or'`
Write none instead of plaintext for unencrypted LDAP resources 2015-03-13 00:47:23 +01:00			`. ' none for unencrypted communication'`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`),`
			`'multiOptions' => array(`
LdapResourceForm: Translate "None" with a context as it's ambiguous 2015-03-13 08:53:08 +01:00			`'none' => $this->translate('None', 'resource.ldap.encryption'),`
List STARTTLS before LDAPS ... ... when choosing encryption for a LDAP resource. 2015-03-13 00:03:01 +01:00			`Connection::STARTTLS => 'STARTTLS',`
			`Connection::LDAPS => 'LDAPS'`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`)`
			`)`
			`);`

Write none instead of plaintext for unencrypted LDAP resources 2015-03-13 00:47:23 +01:00			`if (isset($formData['encryption']) && $formData['encryption'] !== 'none') {`
Make SSL/TLS configurable for LDAP resources refs #7771 2015-03-12 15:17:19 +01:00			`// TODO(jom): Do not show this checkbox unless the connection is actually failing due to certificate errors`
			`$this->addElement(`
			`'checkbox',`
			`'reqcert',`
			`array(`
			`'required' => true,`
			`'label' => $this->translate('Require Certificate'),`
			`'description' => $this->translate(`
			`'When checked, the LDAP server must provide a valid and known (trusted) certificate.'`
			`),`
			`'value' => 1`
			`)`
			`);`
			`}`

Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`$this->addElement(`
			`'text',`
			`'root_dn',`
			`array(`
			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Root DN'),`
			`'description' => $this->translate(`
			`'Only the root and its child nodes will be accessible on this resource.'`
			`)`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
			`$this->addElement(`
			`'text',`
			`'bind_dn',`
			`array(`
			`'required' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Bind DN'),`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'description' => $this->translate('The user dn to use for querying the ldap server')`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`
			`$this->addElement(`
			`'password',`
			`'bind_pw',`
			`array(`
			`'required' => true,`
			`'renderPassword' => true,`
Replace t() and mt() with translate() in the application's forms refs #7551 2015-01-19 11:26:23 +01:00			`'label' => $this->translate('Bind Password'),`
Revert "LdapResourceForm: Validate the host field and do not require a port" This reverts commit a34d6026b31a112922508e01f8aad46df47fd162. refs #7990 2015-03-11 08:00:20 +01:00			`'description' => $this->translate('The password to use for querying the ldap server')`
Form::createElements() should add elements instead of returning them In case createElements() would still return the elements while requiring the caller to add them to the form all form dependent configurations get lost. (displaygroups, belongTo, ...) Wizards or parent forms can still retrieve only input relevant fields by just calling createElements() and getElements(). refs #5525 2014-09-03 12:21:31 +02:00			`)`
			`);`

			`return $this;`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`}`

			`/**`
			`* Validate that the current configuration points to a valid resource`
			`*`
			`* @see Form::onSuccess()`
			`*/`
Remove $request parameter from Form::onSuccess and Form::onRequest fixes #7552 2014-11-14 14:59:12 +01:00			`public function onSuccess()`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`{`
Make isValid* calls of configuration forms being static This allows a more flexible usage as there is no need to access instance formdata when validating such configuration. 2014-09-29 11:02:45 +02:00			`if (false === static::isValidResource($this)) {`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`return false;`
			`}`
			`}`

			`/**`
			`* Validate the resource configuration by trying to connect with it`
			`*`
			`* @param Form $form The form to fetch the configuration values from`
			`*`
			`* @return bool Whether validation succeeded or not`
			`*/`
Make isValid* calls of configuration forms being static This allows a more flexible usage as there is no need to access instance formdata when validating such configuration. 2014-09-29 11:02:45 +02:00			`public static function isValidResource(Form $form)`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`{`
			`try {`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`$resource = ResourceFactory::createResource(new ConfigObject($form->getValues()));`
Fix that ldap auth validation does not send a BIND request 2014-09-29 11:22:43 +02:00			`if (false === $resource->testCredentials(`
			`$form->getElement('bind_dn')->getValue(),`
			`$form->getElement('bind_pw')->getValue()`
			`)`
			`) {`
Show exception message when LDAP connection validation fails, if any 2015-03-12 14:45:16 +01:00			`throw new Exception(); // TODO: Get the exact error message`
Fix that ldap auth validation does not send a BIND request 2014-09-29 11:22:43 +02:00			`}`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`} catch (Exception $e) {`
Show exception message when LDAP connection validation fails, if any 2015-03-12 14:45:16 +01:00			`$msg = $form->translate('Connectivity validation failed, connection to the given resource not possible.');`
			`if (($error = $e->getMessage())) {`
			`$msg .= ' (' . $error . ')';`
			`}`

			`$form->addError($msg);`
Rename ResourceForm and make it use handleRequest() & Co. refs #5525 2014-09-02 15:39:21 +02:00			`return false;`
			`}`

			`return true;`
			`}`
			`}`