tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-26 23:34:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix documentation and code style in the LdapUserBackend

Browse Source
This commit is contained in:
Johannes Meyer 2015-02-06 16:32:26 +01:00
parent c49f723f05
commit 8b94e4c701
1 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
library/Icinga/Authentication/Backend/LdapUserBackend.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Authentication\Backend;
use Icinga\User; use Icinga\User;
use Icinga\Authentication\UserBackend; use Icinga\Authentication\UserBackend;
use Icinga\Protocol\Ldap\Query;
use Icinga\Protocol\Ldap\Connection; use Icinga\Protocol\Ldap\Connection;
use Icinga\Exception\AuthenticationException; use Icinga\Exception\AuthenticationException;
use Icinga\Protocol\Ldap\Exception as LdapException; use Icinga\Protocol\Ldap\Exception as LdapException;
@ -15,7 +16,7 @@ class LdapUserBackend extends UserBackend
* Connection to the LDAP server * Connection to the LDAP server
* *
* @var Connection * @var Connection
**/ */
protected $conn; protected $conn;
protected $baseDn; protected $baseDn;
@ -36,7 +37,9 @@ class LdapUserBackend extends UserBackend
} }
/** /**
* @return \Icinga\Protocol\Ldap\Query * Create a query to select all usernames
*
* @return Query
*/ */
protected function selectUsers() protected function selectUsers()
{ {
@ -49,18 +52,18 @@ class LdapUserBackend extends UserBackend
} }
/** /**
* Create query * Create a query filtered by the given username
* *
* @param string $username * @param string $username
* *
* @return \Icinga\Protocol\Ldap\Query * @return Query
**/ */
protected function selectUser($username) protected function selectUser($username)
{ {
return $this->selectUsers()->where( return $this->selectUsers()->setUsePagedResults(false)->where(
$this->userNameAttribute, $this->userNameAttribute,
str_replace('*', '', $username) str_replace('*', '', $username)
); );
} }
/** /**
@ -68,23 +71,22 @@ class LdapUserBackend extends UserBackend
* *
* Try to bind to the backend and query all available users to check if: * Try to bind to the backend and query all available users to check if:
* <ul> * <ul>
* <li>User connection credentials are correct and the bind is possible</li> * <li>Connection credentials are correct and the bind is possible</li>
* <li>At least one user exists</li> * <li>At least one user exists</li>
* <li>The specified userClass has the property specified by userNameAttribute</li> * <li>The specified userClass has the property specified by userNameAttribute</li>
* </ul> * </ul>
* *
* @throws AuthenticationException When authentication is not possible * @throws AuthenticationException When authentication is not possible
*/ */
public function assertAuthenticationPossible() public function assertAuthenticationPossible()
{ {
try { try {
$q = $this->conn->select()->setBase($this->baseDn)->from($this->userClass); $result = $this->selectUsers()->fetchRow();
$result = $q->fetchRow();
} catch (LdapException $e) { } catch (LdapException $e) {
throw new AuthenticationException('Connection not possible.', $e); throw new AuthenticationException('Connection not possible.', $e);
} }
if (! isset($result)) { if ($result === null) {
throw new AuthenticationException( throw new AuthenticationException(
'No objects with objectClass="%s" in DN="%s" found.', 'No objects with objectClass="%s" in DN="%s" found.',
$this->userClass, $this->userClass,
@ -139,17 +141,16 @@ class LdapUserBackend extends UserBackend
} }
/** /**
* Test whether the given user exists * Return whether the given user exists
* *
* @param User $user * @param User $user
* *
* @return bool * @return bool
* @throws AuthenticationException
*/ */
public function hasUser(User $user) public function hasUser(User $user)
{ {
$username = $user->getUsername(); $username = $user->getUsername();
$entry = $this->conn->fetchOne($this->selectUser($username)); $entry = $this->selectUser($username)->fetchOne();
if (is_array($entry)) { if (is_array($entry)) {
return in_array(strtolower($username), array_map('strtolower', $entry)); return in_array(strtolower($username), array_map('strtolower', $entry));
@ -159,16 +160,15 @@ class LdapUserBackend extends UserBackend
} }
/** /**
* Authenticate the given user and return true on success, false on failure and null on error * Return whether the given user credentials are valid
* *
* @param User $user * @param User $user
* @param string $password * @param string $password
* @param boolean $healthCheck Perform additional health checks to generate more useful exceptions in case * @param boolean $healthCheck Assert that authentication is possible at all
* of a configuration or backend error
* *
* @return bool True when the authentication was successful, false when the username * @return bool
* or password was invalid *
* @throws AuthenticationException When an error occurred during authentication and authentication is not possible * @throws AuthenticationException In case an error occured or the health check has failed
*/ */
public function authenticate(User $user, $password, $healthCheck = true) public function authenticate(User $user, $password, $healthCheck = true)
{ {
@ -176,7 +176,6 @@ class LdapUserBackend extends UserBackend
try { try {
$this->assertAuthenticationPossible(); $this->assertAuthenticationPossible();
} catch (AuthenticationException $e) { } catch (AuthenticationException $e) {
// Authentication not possible
throw new AuthenticationException( throw new AuthenticationException(
'Authentication against backend "%s" not possible.', 'Authentication against backend "%s" not possible.',
$this->getName(), $this->getName(),
@ -184,24 +183,27 @@ class LdapUserBackend extends UserBackend
); );
} }
} }
if (! $this->hasUser($user)) { if (! $this->hasUser($user)) {
return false; return false;
} }
try { try {
$userDn = $this->conn->fetchDN($this->selectUser($user->getUsername())); $userDn = $this->conn->fetchDN($this->selectUser($user->getUsername()));
$authenticated = $this->conn->testCredentials( $authenticated = $this->conn->testCredentials(
$userDn, $userDn,
$password $password
); );
if ($authenticated) { if ($authenticated) {
$groups = $this->getGroups($userDn); $groups = $this->getGroups($userDn);
if ($groups !== null) { if ($groups !== null) {
$user->setGroups($groups); $user->setGroups($groups);
} }
} }
return $authenticated; return $authenticated;
} catch (LdapException $e) { } catch (LdapException $e) {
// Error during authentication of this specific user
throw new AuthenticationException( throw new AuthenticationException(
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:', 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
$user->getUsername(), $user->getUsername(),
@ -238,6 +240,7 @@ class LdapUserBackend extends UserBackend
$users[] = $row->{$this->userNameAttribute}; $users[] = $row->{$this->userNameAttribute};
} }
} }
return $users; return $users;
} }
} }