Merge pull request #3290 from Icinga/bugfix/missing-validate-configuration-3233

UserGroupBackendForm: add button "Validate Configuration"
2025-07-27 15:54:03 +02:00 · 2018-01-19 16:32:09 +01:00 · 2018-01-19 16:32:09 +01:00 · d9978d19a4
commit d9978d19a4
parent 0b9ae48530 7106de5aa2
3 changed files with 203 additions and 2 deletions
--- a/application/forms/Config/UserGroup/UserGroupBackendForm.php
+++ b/application/forms/Config/UserGroup/UserGroupBackendForm.php
@ -3,6 +3,11 @@
 namespace Icinga\Forms\Config\UserGroup;
 use Icinga\Authentication\UserGroup\UserGroupBackend;
 use Icinga\Data\ConfigObject;
 use Icinga\Data\Inspectable;
 use Icinga\Data\Inspection;
 use Icinga\Web\Form;
 use InvalidArgumentException;
 use Icinga\Exception\IcingaException;
 use Icinga\Exception\NotFoundError;
@ -13,6 +18,8 @@ use Icinga\Forms\ConfigForm;
 */
 class UserGroupBackendForm extends ConfigForm
 {
    protected $validatePartial = true;
    /**
     * The backend to load when displaying the form for the first time
     *
@ -20,6 +27,23 @@ class UserGroupBackendForm extends ConfigForm
     */
    protected $backendToLoad;
    /**
     * Create a user group backend by using the given form's values and return its inspection results
     *
     * Returns null for non-inspectable backends.
     *
     * @param   Form    $form
     *
     * @return  Inspection|null
     */
    public static function inspectUserBackend(Form $form)
    {
        $backend = UserGroupBackend::create(null, new ConfigObject($form->getValues()));
        if ($backend instanceof Inspectable) {
            return $backend->inspect();
        }
    }
    /**
     * Initialize this form
     */
@ -190,4 +214,87 @@ class UserGroupBackendForm extends ConfigForm
            $this->populate($data);
        }
    }
    /**
     * Run the configured backend's inspection checks and show the result, if necessary
     *
     * This will only run any validation if the user pushed the 'backend_validation' button.
     *
     * @param   array   $formData
     *
     * @return  bool
     */
    public function isValidPartial(array $formData)
    {
        if (isset($formData['backend_validation']) && parent::isValid($formData)) {
            $inspection = static::inspectUserBackend($this);
            if ($inspection !== null) {
                $join = function ($e) use (& $join) {
                    return is_string($e) ? $e : join("\n", array_map($join, $e));
                };
                $this->addElement(
                    'note',
                    'inspection_output',
                    array(
                        'order'         => 0,
                        'value'         => '<strong>' . $this->translate('Validation Log') . "</strong>\n\n"
                            . join("\n", array_map($join, $inspection->toArray())),
                        'decorators'    => array(
                            'ViewHelper',
                            array('HtmlTag', array('tag' => 'pre', 'class' => 'log-output')),
                        )
                    )
                );
                if ($inspection->hasError()) {
                    $this->warning(sprintf(
                        $this->translate('Failed to successfully validate the configuration: %s'),
                        $inspection->getError()
                    ));
                    return false;
                }
            }
            $this->info($this->translate('The configuration has been successfully validated.'));
        }
        return true;
    }
    /**
     * Add a submit button to this form and one to manually validate the configuration
     *
     * Calls parent::addSubmitButton() to add the submit button.
     *
     * @return  $this
     */
    public function addSubmitButton()
    {
        parent::addSubmitButton()
            ->getElement('btn_submit')
            ->setDecorators(array('ViewHelper'));
        $this->addElement(
            'submit',
            'backend_validation',
            array(
                'ignore'                => true,
                'label'                 => $this->translate('Validate Configuration'),
                'data-progress-label'   => $this->translate('Validation In Progress'),
                'decorators'            => array('ViewHelper')
            )
        );
        $this->addDisplayGroup(
            array('btn_submit', 'backend_validation'),
            'submit_validation',
            array(
                'decorators' => array(
                    'FormElements',
                    array('HtmlTag', array('tag' => 'div', 'class' => 'control-group form-controls'))
                )
            )
        );
        return $this;
    }
 }
--- a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
@ -3,13 +3,16 @@
 namespace Icinga\Authentication\UserGroup;
 use Exception;
 use Icinga\Data\Filter\Filter;
 use Icinga\Data\Inspectable;
 use Icinga\Data\Inspection;
 use Icinga\Exception\NotFoundError;
 use Icinga\Repository\DbRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;
-class DbUserGroupBackend extends DbRepository implements UserGroupBackendInterface
+class DbUserGroupBackend extends DbRepository implements Inspectable, UserGroupBackendInterface
 {
    /**
     * The query columns being provided
@ -300,4 +303,23 @@ class DbUserGroupBackend extends DbRepository implements UserGroupBackendInterfa
        return $groupId;
    }
    /**
     * Inspect this object to gain extended information about its health
     *
     * @return Inspection           The inspection result
     */
    public function inspect()
    {
        $insp = new Inspection('Db User Group Backend');
        $insp->write($this->ds->inspect());
        try {
            $insp->write(sprintf('%s group(s)', $this->select()->count()));
        } catch (Exception $e) {
            $insp->error(sprintf('Query failed: %s', $e->getMessage()));
        }
        return $insp;
    }
 }
--- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@ -3,10 +3,14 @@
 namespace Icinga\Authentication\UserGroup;
 use Exception;
 use Icinga\Authentication\User\UserBackend;
 use Icinga\Authentication\User\LdapUserBackend;
 use Icinga\Application\Logger;
 use Icinga\Data\ConfigObject;
 use Icinga\Data\Inspectable;
 use Icinga\Data\Inspection;
 use Icinga\Exception\AuthenticationException;
 use Icinga\Exception\ConfigurationError;
 use Icinga\Exception\ProgrammingError;
 use Icinga\Protocol\Ldap\LdapException;
@ -15,7 +19,7 @@ use Icinga\Repository\LdapRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;
-class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInterface
+class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGroupBackendInterface
 {
    /**
     * The user backend being associated with this user group backend
@ -846,4 +850,72 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
            'nested_group_search'       => '0'
        ));
    }
    /**
     * Inspect if this LDAP User Group Backend is working as expected by probing the backend
     *
     * Try to bind to the backend and fetch a single group to check if:
     * <ul>
     *  <li>Connection credentials are correct and the bind is possible</li>
     *  <li>At least one group exists</li>
     *  <li>The specified groupClass has the property specified by groupNameAttribute</li>
     * </ul>
     *
     * @return  Inspection  Inspection result
     */
    public function inspect()
    {
        $result = new Inspection('Ldap User Group Backend');
        // inspect the used connection to get more diagnostic info in case the connection is not working
        $result->write($this->ds->inspect());
        try {
            try {
                $groupQuery = $this->ds
                    ->select()
                    ->from($this->groupClass, array($this->groupNameAttribute))
                    ->setBase($this->groupBaseDn);
                if ($this->groupFilter) {
                    $groupQuery->setNativeFilter($this->groupFilter);
                }
                $res = $groupQuery->fetchRow();
            } catch (LdapException $e) {
                throw new AuthenticationException('Connection not possible', $e);
            }
            $result->write('Searching for: ' . sprintf(
                'objectClass "%s" in DN "%s" (Filter: %s)',
                $this->groupClass,
                $this->groupBaseDn ?: $this->ds->getDn(),
                $this->groupFilter ?: 'None'
            ));
            if ($res === false) {
                throw new AuthenticationException('Error, no groups found in backend');
            }
            $result->write(sprintf('%d groups found in backend', $groupQuery->count()));
            if (! isset($res->{$this->groupNameAttribute})) {
                throw new AuthenticationException(
                    'GroupNameAttribute "%s" not existing in objectClass "%s"',
                    $this->groupNameAttribute,
                    $this->groupClass
                );
            }
        } catch (AuthenticationException $e) {
            if (($previous = $e->getPrevious()) !== null) {
                $result->error($previous->getMessage());
            } else {
                $result->error($e->getMessage());
            }
        } catch (Exception $e) {
            $result->error(sprintf('Unable to validate backend: %s', $e->getMessage()));
        }
        return $result;
    }
 }