Fix documentation and code style in the LdapUserBackend

This commit is contained in:
Johannes Meyer 2015-02-06 16:32:26 +01:00
parent c49f723f05
commit 8b94e4c701
1 changed files with 30 additions and 27 deletions

View File

@ -5,6 +5,7 @@ namespace Icinga\Authentication\Backend;
use Icinga\User;
use Icinga\Authentication\UserBackend;
use Icinga\Protocol\Ldap\Query;
use Icinga\Protocol\Ldap\Connection;
use Icinga\Exception\AuthenticationException;
use Icinga\Protocol\Ldap\Exception as LdapException;
@ -15,7 +16,7 @@ class LdapUserBackend extends UserBackend
* Connection to the LDAP server
*
* @var Connection
**/
*/
protected $conn;
protected $baseDn;
@ -36,7 +37,9 @@ class LdapUserBackend extends UserBackend
}
/**
* @return \Icinga\Protocol\Ldap\Query
* Create a query to select all usernames
*
* @return Query
*/
protected function selectUsers()
{
@ -49,15 +52,15 @@ class LdapUserBackend extends UserBackend
}
/**
* Create query
* Create a query filtered by the given username
*
* @param string $username
*
* @return \Icinga\Protocol\Ldap\Query
**/
* @return Query
*/
protected function selectUser($username)
{
return $this->selectUsers()->where(
return $this->selectUsers()->setUsePagedResults(false)->where(
$this->userNameAttribute,
str_replace('*', '', $username)
);
@ -68,7 +71,7 @@ class LdapUserBackend extends UserBackend
*
* Try to bind to the backend and query all available users to check if:
* <ul>
* <li>User connection credentials are correct and the bind is possible</li>
* <li>Connection credentials are correct and the bind is possible</li>
* <li>At least one user exists</li>
* <li>The specified userClass has the property specified by userNameAttribute</li>
* </ul>
@ -78,13 +81,12 @@ class LdapUserBackend extends UserBackend
public function assertAuthenticationPossible()
{
try {
$q = $this->conn->select()->setBase($this->baseDn)->from($this->userClass);
$result = $q->fetchRow();
$result = $this->selectUsers()->fetchRow();
} catch (LdapException $e) {
throw new AuthenticationException('Connection not possible.', $e);
}
if (! isset($result)) {
if ($result === null) {
throw new AuthenticationException(
'No objects with objectClass="%s" in DN="%s" found.',
$this->userClass,
@ -139,17 +141,16 @@ class LdapUserBackend extends UserBackend
}
/**
* Test whether the given user exists
* Return whether the given user exists
*
* @param User $user
*
* @return bool
* @throws AuthenticationException
*/
public function hasUser(User $user)
{
$username = $user->getUsername();
$entry = $this->conn->fetchOne($this->selectUser($username));
$entry = $this->selectUser($username)->fetchOne();
if (is_array($entry)) {
return in_array(strtolower($username), array_map('strtolower', $entry));
@ -159,16 +160,15 @@ class LdapUserBackend extends UserBackend
}
/**
* Authenticate the given user and return true on success, false on failure and null on error
* Return whether the given user credentials are valid
*
* @param User $user
* @param string $password
* @param boolean $healthCheck Perform additional health checks to generate more useful exceptions in case
* of a configuration or backend error
* @param boolean $healthCheck Assert that authentication is possible at all
*
* @return bool True when the authentication was successful, false when the username
* or password was invalid
* @throws AuthenticationException When an error occurred during authentication and authentication is not possible
* @return bool
*
* @throws AuthenticationException In case an error occured or the health check has failed
*/
public function authenticate(User $user, $password, $healthCheck = true)
{
@ -176,7 +176,6 @@ class LdapUserBackend extends UserBackend
try {
$this->assertAuthenticationPossible();
} catch (AuthenticationException $e) {
// Authentication not possible
throw new AuthenticationException(
'Authentication against backend "%s" not possible.',
$this->getName(),
@ -184,24 +183,27 @@ class LdapUserBackend extends UserBackend
);
}
}
if (! $this->hasUser($user)) {
return false;
}
try {
$userDn = $this->conn->fetchDN($this->selectUser($user->getUsername()));
$authenticated = $this->conn->testCredentials(
$userDn,
$password
);
if ($authenticated) {
$groups = $this->getGroups($userDn);
if ($groups !== null) {
$user->setGroups($groups);
}
}
return $authenticated;
} catch (LdapException $e) {
// Error during authentication of this specific user
throw new AuthenticationException(
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
$user->getUsername(),
@ -238,6 +240,7 @@ class LdapUserBackend extends UserBackend
$users[] = $row->{$this->userNameAttribute};
}
}
return $users;
}
}