Fix documentation and code style in the LdapUserBackend
This commit is contained in:
Johannes Meyer
parent
c49f723f05
commit
8b94e4c701
|
|
@ -5,6 +5,7 @@ namespace Icinga\Authentication\Backend;
|
|||
|
||||
use Icinga\User;
|
||||
use Icinga\Authentication\UserBackend;
|
||||
use Icinga\Protocol\Ldap\Query;
|
||||
use Icinga\Protocol\Ldap\Connection;
|
||||
use Icinga\Exception\AuthenticationException;
|
||||
use Icinga\Protocol\Ldap\Exception as LdapException;
|
||||
|
|
@ -15,7 +16,7 @@ class LdapUserBackend extends UserBackend
|
|||
* Connection to the LDAP server
|
||||
*
|
||||
* @var Connection
|
||||
**/
|
||||
*/
|
||||
protected $conn;
|
||||
|
||||
protected $baseDn;
|
||||
|
|
@ -36,7 +37,9 @@ class LdapUserBackend extends UserBackend
|
|||
}
|
||||
|
||||
/**
|
||||
* @return \Icinga\Protocol\Ldap\Query
|
||||
* Create a query to select all usernames
|
||||
*
|
||||
* @return Query
|
||||
*/
|
||||
protected function selectUsers()
|
||||
{
|
||||
|
|
@ -49,18 +52,18 @@ class LdapUserBackend extends UserBackend
|
|||
}
|
||||
|
||||
/**
|
||||
* Create query
|
||||
* Create a query filtered by the given username
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $username
|
||||
*
|
||||
* @return \Icinga\Protocol\Ldap\Query
|
||||
**/
|
||||
* @return Query
|
||||
*/
|
||||
protected function selectUser($username)
|
||||
{
|
||||
return $this->selectUsers()->where(
|
||||
$this->userNameAttribute,
|
||||
str_replace('*', '', $username)
|
||||
);
|
||||
return $this->selectUsers()->setUsePagedResults(false)->where(
|
||||
$this->userNameAttribute,
|
||||
str_replace('*', '', $username)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -68,23 +71,22 @@ class LdapUserBackend extends UserBackend
|
|||
*
|
||||
* Try to bind to the backend and query all available users to check if:
|
||||
* <ul>
|
||||
* <li>User connection credentials are correct and the bind is possible</li>
|
||||
* <li>Connection credentials are correct and the bind is possible</li>
|
||||
* <li>At least one user exists</li>
|
||||
* <li>The specified userClass has the property specified by userNameAttribute</li>
|
||||
* </ul>
|
||||
*
|
||||
* @throws AuthenticationException When authentication is not possible
|
||||
* @throws AuthenticationException When authentication is not possible
|
||||
*/
|
||||
public function assertAuthenticationPossible()
|
||||
{
|
||||
try {
|
||||
$q = $this->conn->select()->setBase($this->baseDn)->from($this->userClass);
|
||||
$result = $q->fetchRow();
|
||||
$result = $this->selectUsers()->fetchRow();
|
||||
} catch (LdapException $e) {
|
||||
throw new AuthenticationException('Connection not possible.', $e);
|
||||
}
|
||||
|
||||
if (! isset($result)) {
|
||||
if ($result === null) {
|
||||
throw new AuthenticationException(
|
||||
'No objects with objectClass="%s" in DN="%s" found.',
|
||||
$this->userClass,
|
||||
|
|
@ -139,17 +141,16 @@ class LdapUserBackend extends UserBackend
|
|||
}
|
||||
|
||||
/**
|
||||
* Test whether the given user exists
|
||||
* Return whether the given user exists
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $user
|
||||
*
|
||||
* @return bool
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public function hasUser(User $user)
|
||||
{
|
||||
$username = $user->getUsername();
|
||||
$entry = $this->conn->fetchOne($this->selectUser($username));
|
||||
$entry = $this->selectUser($username)->fetchOne();
|
||||
|
||||
if (is_array($entry)) {
|
||||
return in_array(strtolower($username), array_map('strtolower', $entry));
|
||||
|
|
@ -159,16 +160,15 @@ class LdapUserBackend extends UserBackend
|
|||
}
|
||||
|
||||
/**
|
||||
* Authenticate the given user and return true on success, false on failure and null on error
|
||||
* Return whether the given user credentials are valid
|
||||
*
|
||||
* @param User $user
|
||||
* @param string $password
|
||||
* @param boolean $healthCheck Perform additional health checks to generate more useful exceptions in case
|
||||
* of a configuration or backend error
|
||||
* @param boolean $healthCheck Assert that authentication is possible at all
|
||||
*
|
||||
* @return bool True when the authentication was successful, false when the username
|
||||
* or password was invalid
|
||||
* @throws AuthenticationException When an error occurred during authentication and authentication is not possible
|
||||
* @return bool
|
||||
*
|
||||
* @throws AuthenticationException In case an error occured or the health check has failed
|
||||
*/
|
||||
public function authenticate(User $user, $password, $healthCheck = true)
|
||||
{
|
||||
|
|
@ -176,7 +176,6 @@ class LdapUserBackend extends UserBackend
|
|||
try {
|
||||
$this->assertAuthenticationPossible();
|
||||
} catch (AuthenticationException $e) {
|
||||
// Authentication not possible
|
||||
throw new AuthenticationException(
|
||||
'Authentication against backend "%s" not possible.',
|
||||
$this->getName(),
|
||||
|
|
@ -184,24 +183,27 @@ class LdapUserBackend extends UserBackend
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (! $this->hasUser($user)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
try {
|
||||
$userDn = $this->conn->fetchDN($this->selectUser($user->getUsername()));
|
||||
$authenticated = $this->conn->testCredentials(
|
||||
$userDn,
|
||||
$password
|
||||
);
|
||||
|
||||
if ($authenticated) {
|
||||
$groups = $this->getGroups($userDn);
|
||||
if ($groups !== null) {
|
||||
$user->setGroups($groups);
|
||||
}
|
||||
}
|
||||
|
||||
return $authenticated;
|
||||
} catch (LdapException $e) {
|
||||
// Error during authentication of this specific user
|
||||
throw new AuthenticationException(
|
||||
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
|
||||
$user->getUsername(),
|
||||
|
|
@ -238,6 +240,7 @@ class LdapUserBackend extends UserBackend
|
|||
$users[] = $row->{$this->userNameAttribute};
|
||||
}
|
||||
}
|
||||
|
||||
return $users;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue