src/Wallabag/UserBundle/LdapHydrator.php

   1 <?php
   2
   3 namespace Wallabag\UserBundle;
   4
   5 use FR3D\LdapBundle\Hydrator\HydratorInterface;
   6 use FOS\UserBundle\FOSUserEvents;
   7 use FOS\UserBundle\Event\UserEvent;
   8
   9 class LdapHydrator implements HydratorInterface
  10 {
  11     private $userManager;
  12     private $eventDispatcher;
  13     private $attributesMap;
  14     private $enabledAttribute;
  15     private $ldapBaseDn;
  16     private $ldapAdminFilter;
  17     private $ldapDriver;
  18
  19     public function __construct(
  20       $user_manager,
  21       $event_dispatcher,
  22       array $attributes_map,
  23       $ldap_base_dn,
  24       $ldap_admin_filter,
  25       $ldap_driver
  26     ) {
  27         $this->userManager = $user_manager;
  28         $this->eventDispatcher = $event_dispatcher;
  29
  30         $this->attributesMap = array(
  31         'setUsername' => $attributes_map[0],
  32         'setEmail' => $attributes_map[1],
  33         'setName' => $attributes_map[2],
  34       );
  35         $this->enabledAttribute = $attributes_map[3];
  36
  37         $this->ldapBaseDn = $ldap_base_dn;
  38         $this->ldapAdminFilter = $ldap_admin_filter;
  39         $this->ldapDriver = $ldap_driver;
  40     }
  41
  42     public function hydrate(array $ldapEntry)
  43     {
  44         $user = $this->userManager->findUserBy(array('dn' => $ldapEntry['dn']));
  45
  46         if (!$user) {
  47             $user = $this->userManager->createUser();
  48             $user->setDn($ldapEntry['dn']);
  49             $user->setPassword('');
  50             $user->setSalt('');
  51             $this->updateUserFields($user, $ldapEntry);
  52
  53             $event = new UserEvent($user);
  54             $this->eventDispatcher->dispatch(FOSUserEvents::USER_CREATED, $event);
  55
  56             $this->userManager->reloadUser($user);
  57         } else {
  58             $this->updateUserFields($user, $ldapEntry);
  59         }
  60
  61         return $user;
  62     }
  63
  64     private function updateUserFields($user, $ldapEntry)
  65     {
  66         foreach ($this->attributesMap as $key => $value) {
  67             if (is_array($ldapEntry[$value])) {
  68                 $ldap_value = $ldapEntry[$value][0];
  69             } else {
  70                 $ldap_value = $ldapEntry[$value];
  71             }
  72
  73             call_user_func([$user, $key], $ldap_value);
  74         }
  75
  76         if ($this->enabledAttribute !== null) {
  77             $user->setEnabled($ldapEntry[$this->enabledAttribute]);
  78         } else {
  79             $user->setEnabled(true);
  80         }
  81
  82         if ($this->isAdmin($user)) {
  83             $user->addRole('ROLE_SUPER_ADMIN');
  84         } else {
  85             $user->removeRole('ROLE_SUPER_ADMIN');
  86         }
  87
  88         $this->userManager->updateUser($user, true);
  89     }
  90
  91     private function isAdmin($user)
  92     {
  93         if ($this->ldapAdminFilter === null) {
  94             return false;
  95         }
  96
  97         $escaped_username = ldap_escape($user->getUsername(), '', LDAP_ESCAPE_FILTER);
  98         $filter = sprintf($this->ldapAdminFilter, $escaped_username);
  99         $entries = $this->ldapDriver->search($this->ldapBaseDn, $filter);
 100
 101         return $entries['count'] == 1;
 102     }
 103 }