From 59c4f8d056ad6eb03a6d95655e725ed82f20e42f Mon Sep 17 00:00:00 2001
From: Matthias Jentsch <matthias.jentsch@netways.de>
Date: Wed, 15 Jul 2015 19:35:25 +0200
Subject: [PATCH] Use Inspection API in User Backend Form

refs #9630
---
 .../Config/UserBackend/LdapBackendForm.php    | 26 ++++-----
 .../Authentication/User/LdapUserBackend.php   | 53 ++++++++++++++++---
 2 files changed, 56 insertions(+), 23 deletions(-)

diff --git a/application/forms/Config/UserBackend/LdapBackendForm.php b/application/forms/Config/UserBackend/LdapBackendForm.php
index 9151134c3..6427fbf34 100644
--- a/application/forms/Config/UserBackend/LdapBackendForm.php
+++ b/application/forms/Config/UserBackend/LdapBackendForm.php
@@ -4,6 +4,8 @@
 namespace Icinga\Forms\Config\UserBackend;
 
 use Exception;
+use Icinga\Authentication\User\LdapUserBackend;
+use Icinga\Data\Inspection;
 use Icinga\Web\Form;
 use Icinga\Data\ConfigObject;
 use Icinga\Data\ResourceFactory;
@@ -184,22 +186,16 @@ class LdapBackendForm extends Form
      */
     public static function isValidUserBackend(Form $form)
     {
-        try {
-            $ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
-            $ldapUserBackend->assertAuthenticationPossible();
-        } catch (AuthenticationException $e) {
-            if (($previous = $e->getPrevious()) !== null) {
-                $form->addError($previous->getMessage());
-            } else {
-                $form->addError($e->getMessage());
-            }
-
-            return false;
-        } catch (Exception $e) {
-            $form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
-            return false;
+        /**
+         * @var $result Inspection
+         */
+        $result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect();
+        if ($result->hasError()) {
+            $form->addError($result->getError());
         }
 
-        return true;
+        // TODO: display diagnostics in $result->toArray() to the user
+
+        return ! $result->hasError();
     }
 }
diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index c6efd0673..ecaa08ef4 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -5,6 +5,8 @@ namespace Icinga\Authentication\User;
 
 use DateTime;
 use Icinga\Data\ConfigObject;
+use Icinga\Data\Inspectable;
+use Icinga\Data\Inspection;
 use Icinga\Exception\AuthenticationException;
 use Icinga\Exception\ProgrammingError;
 use Icinga\Repository\LdapRepository;
@@ -13,7 +15,7 @@ use Icinga\Protocol\Ldap\LdapException;
 use Icinga\Protocol\Ldap\Expression;
 use Icinga\User;
 
-class LdapUserBackend extends LdapRepository implements UserBackendInterface
+class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
 {
     /**
      * The base DN to use for a query
@@ -315,24 +317,32 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
      *  <li>The specified userClass has the property specified by userNameAttribute</li>
      * </ul>
      *
+     * @param   Inspection  $info           Optional inspection to fill with diagnostic info
+     *
      * @throws  AuthenticationException     When authentication is not possible
      */
-    public function assertAuthenticationPossible()
+    public function assertAuthenticationPossible(Inspection $insp = null)
     {
+        if (! isset($insp)) {
+            $insp = new Inspection('');
+        }
         try {
             $result = $this->select()->fetchRow();
         } catch (LdapException $e) {
             throw new AuthenticationException('Connection not possible.', $e);
         }
+        $insp->write('Connection possible.');
 
+        $msg = sprintf(
+            'objects with objectClass "%s" in DN "%s" (Filter: %s)',
+            $this->userClass,
+            $this->baseDn ?: $this->ds->getDn(),
+            $this->filter ?: 'None'
+        );
         if ($result === false) {
-            throw new AuthenticationException(
-                'No objects with objectClass "%s" in DN "%s" found. (Filter: %s)',
-                $this->userClass,
-                $this->baseDn ?: $this->ds->getDn(),
-                $this->filter ?: 'None'
-            );
+            throw new AuthenticationException('No ' . $msg . 'found');
         }
+        $insp->write($msg . ' exist');
 
         if (! isset($result->user_name)) {
             throw new AuthenticationException(
@@ -377,4 +387,31 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
             );
         }
     }
+
+    /**
+     * Inspect if this LDAP User Backend is working as expected
+     *
+     * @return  Inspection  Inspection result
+     */
+    public function inspect()
+    {
+        $result = new Inspection('Ldap User Backend');
+
+        // inspect the used connection to get more diagnostic info in case the connection is not working
+        $result->write($this->ds->inspect());
+
+        try {
+            $this->assertAuthenticationPossible($result);
+            $result->write('User count: ' . $this->select()->count());
+        } catch (AuthenticationException $e) {
+            if (($previous = $e->getPrevious()) !== null) {
+                $result->error($previous->getMessage());
+            } else {
+                $result->error($e->getMessage());
+            }
+        } catch (Exception $e) {
+            $result->error(sprintf('Unable to validate authentication: %s', $e->getMessage()));
+        }
+        return $result;
+    }
 }