1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<?php
namespace Wallabag\UserBundle;
use FR3D\LdapBundle\Hydrator\HydratorInterface;
use FOS\UserBundle\FOSUserEvents;
use FOS\UserBundle\Event\UserEvent;
class LdapHydrator implements HydratorInterface
{
private $userManager;
private $eventDispatcher;
private $attributesMap;
private $enabledAttribute;
private $ldapBaseDn;
private $ldapAdminFilter;
private $ldapDriver;
public function __construct(
$user_manager,
$event_dispatcher,
array $attributes_map,
$ldap_base_dn,
$ldap_admin_filter,
$ldap_driver
) {
$this->userManager = $user_manager;
$this->eventDispatcher = $event_dispatcher;
$this->attributesMap = array(
'setUsername' => $attributes_map[0],
'setEmail' => $attributes_map[1],
'setName' => $attributes_map[2],
);
$this->enabledAttribute = $attributes_map[3];
$this->ldapBaseDn = $ldap_base_dn;
$this->ldapAdminFilter = $ldap_admin_filter;
$this->ldapDriver = $ldap_driver;
}
public function hydrate(array $ldapEntry)
{
$user = $this->userManager->findUserBy(array('dn' => $ldapEntry['dn']));
if (!$user) {
$user = $this->userManager->createUser();
$user->setDn($ldapEntry['dn']);
$user->setPassword('');
$user->setSalt('');
$this->updateUserFields($user, $ldapEntry);
$event = new UserEvent($user);
$this->eventDispatcher->dispatch(FOSUserEvents::USER_CREATED, $event);
$this->userManager->reloadUser($user);
} else {
$this->updateUserFields($user, $ldapEntry);
}
return $user;
}
private function updateUserFields($user, $ldapEntry)
{
foreach ($this->attributesMap as $key => $value) {
if (is_array($ldapEntry[$value])) {
$ldap_value = $ldapEntry[$value][0];
} else {
$ldap_value = $ldapEntry[$value];
}
call_user_func([$user, $key], $ldap_value);
}
if ($this->enabledAttribute !== null) {
$user->setEnabled($ldapEntry[$this->enabledAttribute]);
} else {
$user->setEnabled(true);
}
if ($this->isAdmin($user)) {
$user->addRole('ROLE_SUPER_ADMIN');
} else {
$user->removeRole('ROLE_SUPER_ADMIN');
}
$this->userManager->updateUser($user, true);
}
private function isAdmin($user)
{
if ($this->ldapAdminFilter === null) {
return false;
}
$escaped_username = ldap_escape($user->getUsername(), '', LDAP_ESCAPE_FILTER);
$filter = sprintf($this->ldapAdminFilter, $escaped_username);
$entries = $this->ldapDriver->search($this->ldapBaseDn, $filter);
return $entries['count'] == 1;
}
}
|