Home Explore Help
Sign In
dima
/
balticrest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8967e8d364
Branches Tags
balticrest
/
vendor
/
symfony
/
security-core
/
Authentication
/
Provider
/
LdapBindAuthenticationProvider.php

LdapBindAuthenticationProvider.php 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Component\Security\Core\Authentication\Provider;
    13. 

  13. 

  14. use Symfony\Component\Ldap\Exception\ConnectionException;
    15. 

  15. use Symfony\Component\Ldap\LdapInterface;
    16. 

  16. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
    17. 

  17. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
    18. 

  18. use Symfony\Component\Security\Core\Exception\LogicException;
    19. 

  19. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
    20. 

  20. use Symfony\Component\Security\Core\User\UserCheckerInterface;
    21. 

  21. use Symfony\Component\Security\Core\User\UserInterface;
    22. 

  22. use Symfony\Component\Security\Core\User\UserProviderInterface;
    23. 

  23. 

  24. /**
    25. 

  25.  * LdapBindAuthenticationProvider authenticates a user against an LDAP server.
    26. 

  26.  *
    27. 

  27.  * The only way to check user credentials is to try to connect the user with its
    28. 

  28.  * credentials to the ldap.
    29. 

  29.  *
    30. 

  30.  * @author Charles Sarrazin <charles@sarraz.in>
    31. 

  31.  */
    32. 

  32. class LdapBindAuthenticationProvider extends UserAuthenticationProvider
    33. 

  33. {
    34. 

  34.     private $userProvider;
    35. 

  35.     private $ldap;
    36. 

  36.     private $dnString;
    37. 

  37.     private $queryString;
    38. 

  38.     private $searchDn;
    39. 

  39.     private $searchPassword;
    40. 

  40. 

  41.     public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, string $providerKey, LdapInterface $ldap, string $dnString = '{username}', bool $hideUserNotFoundExceptions = true, string $searchDn = '', string $searchPassword = '')
    42. 

  42.     {
    43. 

  43.         parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
    44. 

  44. 

  45.         $this->userProvider = $userProvider;
    46. 

  46.         $this->ldap = $ldap;
    47. 

  47.         $this->dnString = $dnString;
    48. 

  48.         $this->searchDn = $searchDn;
    49. 

  49.         $this->searchPassword = $searchPassword;
    50. 

  50.     }
    51. 

  51. 

  52.     /**
    53. 

  53.      * Set a query string to use in order to find a DN for the username.
    54. 

  54.      */
    55. 

  55.     public function setQueryString(string $queryString)
    56. 

  56.     {
    57. 

  57.         $this->queryString = $queryString;
    58. 

  58.     }
    59. 

  59. 

  60.     /**
    61. 

  61.      * {@inheritdoc}
    62. 

  62.      */
    63. 

  63.     protected function retrieveUser(string $username, UsernamePasswordToken $token)
    64. 

  64.     {
    65. 

  65.         if (AuthenticationProviderInterface::USERNAME_NONE_PROVIDED === $username) {
    66. 

  66.             throw new UsernameNotFoundException('Username can not be null.');
    67. 

  67.         }
    68. 

  68. 

  69.         return $this->userProvider->loadUserByUsername($username);
    70. 

  70.     }
    71. 

  71. 

  72.     /**
    73. 

  73.      * {@inheritdoc}
    74. 

  74.      */
    75. 

  75.     protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
    76. 

  76.     {
    77. 

  77.         $username = $token->getUsername();
    78. 

  78.         $password = $token->getCredentials();
    79. 

  79. 

  80.         if ('' === (string) $password) {
    81. 

  81.             throw new BadCredentialsException('The presented password must not be empty.');
    82. 

  82.         }
    83. 

  83. 

  84.         try {
    85. 

  85.             if ($this->queryString) {
    86. 

  86.                 if ('' !== $this->searchDn && '' !== $this->searchPassword) {
    87. 

  87.                     $this->ldap->bind($this->searchDn, $this->searchPassword);
    88. 

  88.                 } else {
    89. 

  89.                     throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.');
    90. 

  90.                 }
    91. 

  91.                 $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
    92. 

  92.                 $query = str_replace('{username}', $username, $this->queryString);
    93. 

  93.                 $result = $this->ldap->query($this->dnString, $query)->execute();
    94. 

  94.                 if (1 !== $result->count()) {
    95. 

  95.                     throw new BadCredentialsException('The presented username is invalid.');
    96. 

  96.                 }
    97. 

  97. 

  98.                 $dn = $result[0]->getDn();
    99. 

  99.             } else {
    100. 

  100.                 $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
    101. 

  101.                 $dn = str_replace('{username}', $username, $this->dnString);
    102. 

  102.             }
    103. 

  103. 

  104.             $this->ldap->bind($dn, $password);
    105. 

  105.         } catch (ConnectionException $e) {
    106. 

  106.             throw new BadCredentialsException('The presented password is invalid.');
    107. 

  107.         }
    108. 

  108.     }
    109. 

  109. }
    110.