From 2b9e9bf2b3a93292ee42fd37b001b7c4e7f3ec01 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Wed, 31 May 2017 18:11:37 +0200 Subject: [PATCH] User: split the username into localpart and domain (if given) --- .../Authentication/User/UserBackend.php | 51 +++++++++++++++++++ library/Icinga/User.php | 40 +++++++++++---- 2 files changed, 81 insertions(+), 10 deletions(-) diff --git a/library/Icinga/Authentication/User/UserBackend.php b/library/Icinga/Authentication/User/UserBackend.php index 186cb3679..69492aa9c 100644 --- a/library/Icinga/Authentication/User/UserBackend.php +++ b/library/Icinga/Authentication/User/UserBackend.php @@ -231,4 +231,55 @@ class UserBackend implements ConfigAwareFactory $backend->setName($name); return $backend; } + + /** + * Return whether the given backend is responsible for authenticating the given user (based on their domains) + * + * @param UserBackendInterface $backend + * @param User $user + * + * @return bool + */ + public static function isBackendResponsibleForUser(UserBackendInterface $backend, User $user) + { + $backendDomain = static::getBackendDomain($backend); + $userDomain = $user->getDomain(); + + if ($userDomain === null) { + // The user logs in as "jdoe", not as "jdoe@example.com" and there's no default domain. + // The backend is only responsible if its domain is also missing. + return $backendDomain === null; + } else { + // The user logs in as "jdoe@example.com" or "jdoe" with a default domain being configured. + return strtolower($userDomain) === strtolower($backendDomain); + } + } + + /** + * Get the domain the given backend is responsible for (fall back to the default domain if any) + * + * @param UserBackendInterface $backend + * + * @return string|null + */ + public static function getBackendDomain(UserBackendInterface $backend) + { + $backendDomain = Config::app('authentication')->get($backend->getName(), 'domain'); + return $backendDomain === null ? Config::app()->get('authentication', 'default_domain') : $backendDomain; + } + + /** + * Get the user from the given username without its domain and the backend as fully assembled {@link User} object + * + * @param string $localUsername + * @param UserBackendInterface $backend + * + * @return User + */ + public static function getUserFromBackend($localUsername, UserBackendInterface $backend) + { + $user = new User($localUsername); + $user->setDomain(static::getBackendDomain($backend)); + return $user->setDefaultDomainIfNeeded(); + } } diff --git a/library/Icinga/User.php b/library/Icinga/User.php index 738df109e..cb42c1b6c 100644 --- a/library/Icinga/User.php +++ b/library/Icinga/User.php @@ -17,13 +17,6 @@ use Icinga\Web\Navigation\Navigation; */ class User { - /** - * Username - * - * @var string - */ - protected $username; - /** * Firstname * @@ -45,6 +38,13 @@ class User */ protected $email; + /** + * {@link username} without {@link domain} + * + * @var string + */ + protected $localUsername; + /** * Domain * @@ -279,7 +279,7 @@ class User */ public function getUsername() { - return $this->username; + return $this->domain === null ? $this->localUsername : $this->localUsername . '@' . $this->domain; } /** @@ -289,7 +289,18 @@ class User */ public function setUsername($name) { - $this->username = $name; + $parts = explode('\\', $name, 2); + if (count($parts) === 2) { + list($this->domain, $this->localUsername) = $parts; + } else { + $parts = explode('@', $name, 2); + if (count($parts) === 2) { + list($this->localUsername, $this->domain) = $parts; + } else { + $this->localUsername = $name; + $this->domain = null; + } + } } /** @@ -354,7 +365,7 @@ class User if (filter_var($mail, FILTER_VALIDATE_EMAIL)) { $this->email = $mail; } else { - throw new InvalidArgumentException("Invalid mail given for user $this->username: $mail"); + throw new InvalidArgumentException('Invalid mail given for user ' . $this->getUsername() . ': $mail'); } } @@ -378,6 +389,15 @@ class User return $this->domain; } + /** + * Get the local username, ie. the username without its domain + * + * @return string + */ + public function getLocalUsername() + { + return $this->localUsername; + } /** * Set additional information about user