Use Inspection API in User Backend Form

refs #9630
2015-07-15 19:35:25 +02:00 · 2015-07-15 19:35:25 +02:00 · 59c4f8d056
parent cf8b760ade
commit 59c4f8d056
2 changed files with 56 additions and 23 deletions
--- a/application/forms/Config/UserBackend/LdapBackendForm.php
+++ b/application/forms/Config/UserBackend/LdapBackendForm.php
@ -4,6 +4,8 @@
 namespace Icinga\Forms\Config\UserBackend;

 use Exception;
+use Icinga\Authentication\User\LdapUserBackend;
+use Icinga\Data\Inspection;
 use Icinga\Web\Form;
 use Icinga\Data\ConfigObject;
 use Icinga\Data\ResourceFactory;
@ -184,22 +186,16 @@ class LdapBackendForm extends Form
     */
    public static function isValidUserBackend(Form $form)
    {
-        try {
-            $ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
-            $ldapUserBackend->assertAuthenticationPossible();
-        } catch (AuthenticationException $e) {
-            if (($previous = $e->getPrevious()) !== null) {
-                $form->addError($previous->getMessage());
-            } else {
-                $form->addError($e->getMessage());
-            }
-
-            return false;
-        } catch (Exception $e) {
-            $form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
-            return false;
+        /**
+         * @var $result Inspection
+         */
+        $result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect();
+        if ($result->hasError()) {
+            $form->addError($result->getError());
        }

-        return true;
+        // TODO: display diagnostics in $result->toArray() to the user
+
+        return ! $result->hasError();
    }
 }
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@ -5,6 +5,8 @@ namespace Icinga\Authentication\User;

 use DateTime;
 use Icinga\Data\ConfigObject;
+use Icinga\Data\Inspectable;
+use Icinga\Data\Inspection;
 use Icinga\Exception\AuthenticationException;
 use Icinga\Exception\ProgrammingError;
 use Icinga\Repository\LdapRepository;
@ -13,7 +15,7 @@ use Icinga\Protocol\Ldap\LdapException;
 use Icinga\Protocol\Ldap\Expression;
 use Icinga\User;

-class LdapUserBackend extends LdapRepository implements UserBackendInterface
+class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
 {
    /**
     * The base DN to use for a query
@ -315,24 +317,32 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
     *  <li>The specified userClass has the property specified by userNameAttribute</li>
     * </ul>
     *
+     * @param   Inspection  $info           Optional inspection to fill with diagnostic info
+     *
     * @throws  AuthenticationException     When authentication is not possible
     */
-    public function assertAuthenticationPossible()
+    public function assertAuthenticationPossible(Inspection $insp = null)
    {
+        if (! isset($insp)) {
+            $insp = new Inspection('');
+        }
        try {
            $result = $this->select()->fetchRow();
        } catch (LdapException $e) {
            throw new AuthenticationException('Connection not possible.', $e);
        }
+        $insp->write('Connection possible.');

+        $msg = sprintf(
+            'objects with objectClass "%s" in DN "%s" (Filter: %s)',
+            $this->userClass,
+            $this->baseDn ?: $this->ds->getDn(),
+            $this->filter ?: 'None'
+        );
        if ($result === false) {
-            throw new AuthenticationException(
-                'No objects with objectClass "%s" in DN "%s" found. (Filter: %s)',
-                $this->userClass,
-                $this->baseDn ?: $this->ds->getDn(),
-                $this->filter ?: 'None'
-            );
+            throw new AuthenticationException('No ' . $msg . 'found');
        }
+        $insp->write($msg . ' exist');

        if (! isset($result->user_name)) {
            throw new AuthenticationException(
@ -377,4 +387,31 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
            );
        }
    }
+
+    /**
+     * Inspect if this LDAP User Backend is working as expected
+     *
+     * @return  Inspection  Inspection result
+     */
+    public function inspect()
+    {
+        $result = new Inspection('Ldap User Backend');
+
+        // inspect the used connection to get more diagnostic info in case the connection is not working
+        $result->write($this->ds->inspect());
+
+        try {
+            $this->assertAuthenticationPossible($result);
+            $result->write('User count: ' . $this->select()->count());
+        } catch (AuthenticationException $e) {
+            if (($previous = $e->getPrevious()) !== null) {
+                $result->error($previous->getMessage());
+            } else {
+                $result->error($e->getMessage());
+            }
+        } catch (Exception $e) {
+            $result->error(sprintf('Unable to validate authentication: %s', $e->getMessage()));
+        }
+        return $result;
+    }
 }