]>
Commit | Line | Data |
---|---|---|
3b68f6ca IB |
1 | <?php |
2 | ||
3 | namespace Wallabag\UserBundle; | |
4 | ||
5 | use FR3D\LdapBundle\Hydrator\HydratorInterface; | |
6 | use FOS\UserBundle\FOSUserEvents; | |
7 | use FOS\UserBundle\Event\UserEvent; | |
8 | ||
9 | class LdapHydrator implements HydratorInterface | |
10 | { | |
11 | private $userManager; | |
12 | private $eventDispatcher; | |
13 | private $attributesMap; | |
14 | private $enabledAttribute; | |
15 | private $ldapBaseDn; | |
16 | private $ldapAdminFilter; | |
17 | private $ldapDriver; | |
18 | ||
19 | public function __construct( | |
20 | $user_manager, | |
21 | $event_dispatcher, | |
22 | array $attributes_map, | |
23 | $ldap_base_dn, | |
24 | $ldap_admin_filter, | |
25 | $ldap_driver | |
26 | ) { | |
27 | $this->userManager = $user_manager; | |
28 | $this->eventDispatcher = $event_dispatcher; | |
29 | ||
30 | $this->attributesMap = array( | |
31 | 'setUsername' => $attributes_map[0], | |
32 | 'setEmail' => $attributes_map[1], | |
33 | 'setName' => $attributes_map[2], | |
34 | ); | |
35 | $this->enabledAttribute = $attributes_map[3]; | |
36 | ||
37 | $this->ldapBaseDn = $ldap_base_dn; | |
38 | $this->ldapAdminFilter = $ldap_admin_filter; | |
39 | $this->ldapDriver = $ldap_driver; | |
40 | } | |
41 | ||
42 | public function hydrate(array $ldapEntry) | |
43 | { | |
44 | $user = $this->userManager->findUserBy(array('dn' => $ldapEntry['dn'])); | |
45 | ||
46 | if (!$user) { | |
47 | $user = $this->userManager->createUser(); | |
48 | $user->setDn($ldapEntry['dn']); | |
49 | $user->setPassword(''); | |
50 | $user->setSalt(''); | |
51 | $this->updateUserFields($user, $ldapEntry); | |
52 | ||
53 | $event = new UserEvent($user); | |
54 | $this->eventDispatcher->dispatch(FOSUserEvents::USER_CREATED, $event); | |
55 | ||
56 | $this->userManager->reloadUser($user); | |
57 | } else { | |
58 | $this->updateUserFields($user, $ldapEntry); | |
59 | } | |
60 | ||
61 | return $user; | |
62 | } | |
63 | ||
64 | private function updateUserFields($user, $ldapEntry) | |
65 | { | |
66 | foreach ($this->attributesMap as $key => $value) { | |
67 | if (is_array($ldapEntry[$value])) { | |
68 | $ldap_value = $ldapEntry[$value][0]; | |
69 | } else { | |
70 | $ldap_value = $ldapEntry[$value]; | |
71 | } | |
72 | ||
73 | call_user_func([$user, $key], $ldap_value); | |
74 | } | |
75 | ||
76 | if ($this->enabledAttribute !== null) { | |
77 | $user->setEnabled($ldapEntry[$this->enabledAttribute]); | |
78 | } else { | |
79 | $user->setEnabled(true); | |
80 | } | |
81 | ||
82 | if ($this->isAdmin($user)) { | |
83 | $user->addRole('ROLE_SUPER_ADMIN'); | |
84 | } else { | |
85 | $user->removeRole('ROLE_SUPER_ADMIN'); | |
86 | } | |
87 | ||
88 | $this->userManager->updateUser($user, true); | |
89 | } | |
90 | ||
91 | private function isAdmin($user) | |
92 | { | |
93 | if ($this->ldapAdminFilter === null) { | |
94 | return false; | |
95 | } | |
96 | ||
97 | $escaped_username = ldap_escape($user->getUsername(), '', LDAP_ESCAPE_FILTER); | |
98 | $filter = sprintf($this->ldapAdminFilter, $escaped_username); | |
99 | $entries = $this->ldapDriver->search($this->ldapBaseDn, $filter); | |
100 | ||
101 | return $entries['count'] == 1; | |
102 | } | |
103 | } |