Merge pull request #8 from JoelGilliland/master

Small updates to DB and code cleanup
Nitecon · Mar 19, 2014 · 4e805f8 · 4e805f8
2 parents d4d8003 + 513ca12
commit 4e805f8
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 70 deletions.
diff --git a/src/ZfcUserLdap/Authentication/Adapter/LdapAuth.php b/src/ZfcUserLdap/Authentication/Adapter/LdapAuth.php
@@ -41,6 +41,9 @@ class LdapAuth extends AbstractAdapter implements ServiceManagerAwareInterface
 
     public function authenticate(AuthEvent $e)
     {
+        $userObject = null;
+        $zulConfig = $this->serviceManager->get('ZfcUserLdap\Config');
+
         if ($this->isSatisfied()) {
             $storage = $this->getStorage()->read();
             $e->setIdentity($storage['identity'])
@@ -49,29 +52,65 @@ public function authenticate(AuthEvent $e)
             return;
         }
 
+        // Get POST values
         $identity = $e->getRequest()->getPost()->get('identity');
         $credential = $e->getRequest()->getPost()->get('credential');
-        //$credential = $this->preProcessCredential($credential);
 
-        $userObject = null;
-        // Cycle through the configured identity sources and test each
+        // Start auth against LDAP
+        $ldapAuthAdapter = $this->serviceManager->get('ZfcUserLdap\LdapAdapter');
+        if ($ldapAuthAdapter->authenticate($identity, $credential) !== true) {
+            // Password does not match
+            $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
+                    ->setMessages(array('Supplied credential is invalid.'));
+            $this->setSatisfied(false);
+            return false;
+        }
+        $validator = new EmailAddress();
+        if ($validator->isValid($identity)) {
+            $ldapObj = $ldapAuthAdapter->findByEmail($identity);
+        } else {
+            $ldapObj = $ldapAuthAdapter->findByUsername($identity);
+        }
+        if (!is_array($ldapObj)) {
+            throw new UnexpectedExc('Ldap response is invalid returned: ' . var_export($ldapObj, true));
+        }
+        // LDAP auth Success!
+
         $fields = $this->getOptions()->getAuthIdentityFields();
-        if (in_array('email', $fields)) {
+
+        // Create the user object entity via the LDAP object
+        $userObject = $this->getMapper()->newEntity($ldapObj);
+
+        // If auto insertion is on, we will check against DB for existing user,
+        // then will create or update user depending on results and settings
+        if ($zulConfig['auto_insertion']['enabled']) {
             $validator = new EmailAddress();
             if ($validator->isValid($identity)) {
-                $userObject = $this->getMapper()->findByEmail($identity);
+                $userDbObject = $this->getMapper()->findByEmail($identity);
+            } else {
+                $userDbObject = $this->getMapper()->findByUsername($identity);
+            }
+
+            if ($userDbObject === false) {
+                $userObject = $this->getMapper ()->updateDb ($ldapObj, null);
+                } elseif {
+                ($zulConfig['auto_insertion']['auto_update'])
+                $userObject = $this->getMapper()->updateDb($ldapObj, $userDbObject);
             } else {
-                $userObject = $this->getMapper()->findByUsername($identity);
+                $userObject = $userDbObject;
             }
         }
 
+        // Something happened that should never happen
         if (!$userObject) {
             $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)
                     ->setMessages(array('A record with the supplied identity could not be found.'));
             $this->setSatisfied(false);
             return false;
         }
 
+        // We don't control state, however if someone manually alters
+        // the DB, this will throw the code then
         if ($this->getOptions()->getEnableUserState()) {
             // Don't allow user to login if state is not in allowed list
             if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
@@ -81,32 +120,8 @@ public function authenticate(AuthEvent $e)
                 return false;
             }
         }
-        $ldapAuthAdapter = $this->serviceManager->get('ZfcUserLdap\LdapAdapter');
-        if ($ldapAuthAdapter->authenticate($identity, $credential) !== true) {
-            // Password does not match
-            $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
-                    ->setMessages(array('Supplied credential is invalid.'));
-            $this->setSatisfied(false);
-            return false;
-        }
-        $validator = new EmailAddress();
-        if ($validator->isValid($identity)) {
-            $ldapObj = $ldapAuthAdapter->findByEmail($identity);
-        } else {
-            $ldapObj = $ldapAuthAdapter->findByUsername($identity);
-        }
-        if (!is_array($ldapObj)) {
-
-            throw new UnexpectedExc('Ldap response is invalid returned: ' . var_export($ldapObj, true));
-        }
-        /* Since LDAP can change without us knowing about it we should update
-         * the database with most recent details on login
-         */
-        $zulConfig = $this->serviceManager->get('ZfcUserLdap\Config');
-        if ($zulConfig['auto_insertion']['auto_update']) {
-            $this->updateLocalDBDetails($ldapObj, $userObject);
-        }
 
+        // Set the roles for stuff like ZfcRbac
         $userObject->setRoles($this->getMapper()->getLdapRoles($ldapObj));
         // Success!
         $e->setIdentity($userObject);
@@ -120,30 +135,6 @@ public function authenticate(AuthEvent $e)
                 ->stopPropagation();
     }
 
-    protected function updateLocalDBDetails($ldapObj, $userObject)
-    {
-
-
-        if (isset($ldapObj['uid']['0'])) {
-            $userObject->setUsername($ldapObj['uid']['0']);
-            $userObject->setDisplayName($ldapObj['cn']['0']);
-            $userObject->setEmail($ldapObj['mail']['0']);
-            $userObject->setPassword(md5('HandledByLdap'));
-            $this->getMapper()->update($userObject, null, $this->getMapper()->getTableName(), new UserHydrator());
-        }
-    }
-
-    protected function updateUserPasswordHash($userObject, $password, $bcrypt)
-    {
-        $hash = explode('$', $userObject->getPassword());
-        if ($hash[2] === $bcrypt->getCost()) {
-            return;
-        }
-        $userObject->setPassword($bcrypt->create($password));
-        $this->getMapper()->update($userObject);
-        return $this;
-    }
-
     /**
      * getMapper
      *

diff --git a/src/ZfcUserLdap/Mapper/User.php b/src/ZfcUserLdap/Mapper/User.php
@@ -19,13 +19,6 @@ public function findByEmail($email)
         $entity = $this->select($select, $this->getEntity(), new HydratorInterface())->current();
         if (is_object($entity) && strlen($entity->getUsername()) > 0) {
             $this->getEventManager()->trigger('find', $this, array('entity' => $entity));
-        } else {
-            $zulConfig = $this->getServiceManager()->get('ZfcUserLdap\Config');
-            if ($zulConfig['auto_insertion']['enabled']) {
-                $ldapAdapter = $this->getServiceManager()->get('ZfcUserLdap\LdapAdapter');
-                $ldapObject = $ldapAdapter->findByEmail($email);
-                $this->newEntity($ldapObject);
-            }
         }
         /* Now we select again so that it provides us with the ID as well
          * as assurance that the user made it into the database
@@ -42,13 +35,6 @@ public function findByUsername($username)
         $entity = $this->select($select, $this->getEntity(), new HydratorInterface())->current();
         if (is_object($entity) && strlen($entity->getUsername()) > 0) {
             $this->getEventManager()->trigger('find', $this, array('entity' => $entity));
-        } else {
-            $zulConfig = $this->getServiceManager()->get('ZfcUserLdap\Config');
-            if ($zulConfig['auto_insertion']['enabled']) {
-                $ldapAdapter = $this->getServiceManager()->get('ZfcUserLdap\LdapAdapter');
-                $ldapObject = $ldapAdapter->findByUsername($username);
-                $this->newEntity($ldapObject);
-            }
         }
         /* Now we select again so that it provides us with the ID as well
          * as assurance that the user made it into the database
@@ -121,6 +107,12 @@ public function getEntity()
         return new $entityClass;
     }
 
+    /*
+     * Creates a new User Entity
+     * 
+     * @return User Entity
+     */
+
     public function newEntity($ldapObject)
     {
         $entity = $this->getEntity();
@@ -130,8 +122,35 @@ public function newEntity($ldapObject)
             $entity->setEmail($ldapObject['mail']['0']);
             $entity->setPassword(md5('HandledByLdap'));
             $entity->setRoles(serialize($this->getLdapRoles($ldapObject)));
-            $this->insert($entity, $this->tableName, new HydratorInterface());
         }
+        return $entity;
+    }
+
+    /**
+     * Insert or Update DB entry depending if a User Object is set.
+     * 
+     * @return User Entity
+     */
+    public function updateDb($ldapObject, $userObject)
+    {
+        if ($userObject == null) {
+            $entity = $this->getEntity();
+        } else {
+            $entity = $userObject;
+        }
+        if (isset($ldapObject['uid']['0'])) {
+            $entity->setUsername($ldapObject['uid']['0']);
+            $entity->setDisplayName($ldapObject['cn']['0']);
+            $entity->setEmail($ldapObject['mail']['0']);
+            $entity->setPassword(md5('HandledByLdap'));
+            $entity->setRoles(serialize($this->getLdapRoles($ldapObject)));
+            if ($userObject == null) {
+                $this->insert($entity, $this->tableName, new HydratorInterface());
+            } else {
+                $this->update($entity, null, $this->tableName, new HydratorInterface());
+            }
+        }
+        return $entity;
     }
 
     public function getLdapRoles($ldapObject)