Fixes #75, append user email suffix to username by default if user_em…

…ail_suffix is used. Add option to disable this behavior in case users do not want the suffix appended internally.
matomo-org · Nov 25, 2014 · 21e60ec · 21e60ec
1 parent 04b2642
commit 21e60ec
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 0 deletions.
diff --git a/Config.php b/Config.php
@@ -25,6 +25,7 @@ class Config
         'enable_random_token_auth_generation' => 0,
         'new_user_default_sites_view_access' => '',
         'user_email_suffix' => '',
+        'append_user_email_suffix_to_username' => 1,
         'required_member_of' => '',
         'ldap_user_filter' => '',
         'ldap_user_id_field' => 'uid',
@@ -198,6 +199,11 @@ public static function getLdapNetworkTimeout()
         return self::getConfigOption('ldap_network_timeout');
     }
 
+    public static function shouldAppendUserEmailSuffixToUsername()
+    {
+        return self::getConfigOption('append_user_email_suffix_to_username') == 1;
+    }
+
     public static function getServerConfig($server)
     {
         $configName = 'LoginLdap_' . $server;

diff --git a/LdapInterop/UserMapper.php b/LdapInterop/UserMapper.php
@@ -84,6 +84,16 @@ class UserMapper
      */
     private $isRandomTokenAuthGenerationEnabled = false;
 
+    /**
+     * If true, the user email suffix is appended to the Piwik user's login. This means
+     * the DB will store the user's login w/ the suffix, but user's will login without
+     * the suffix. This emulates pre-3.0 behavior and is necessary for backwards
+     * compatibility.
+     *
+     * @var bool
+     */
+    private $appendUserEmailSuffixToUsername = true;
+
     /**
      * Creates an array with normal Piwik user information using LDAP data for the user. The
      * information in the result should be used with the **UsersManager.addUser** API method.
@@ -106,6 +116,24 @@ public function createPiwikUserFromLdapUser($ldapUser, $user = null)
         );
     }
 
+    /**
+     * Returns the expected LDAP username using a Piwik login. If a user email suffix is
+     * configured, it is appended to the login. This is to provide compatible behavior
+     * with old versions of the plugin.
+     *
+     * @param string $login The Piwik login.
+     * @return string The expected LDAP login.
+     */
+    public function getExpectedLdapUsername($login)
+    {
+        if (!empty($this->userEmailSuffix)
+            && $this->appendUserEmailSuffixToUsername
+        ) {
+            $login .= $this->userEmailSuffix;
+        }
+        return $login;
+    }
+
     /**
      * The password we store for a mapped user isn't used to authenticate, it's just
      * data used to generate a user's token auth.
@@ -348,6 +376,26 @@ public function setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerati
         $this->isRandomTokenAuthGenerationEnabled = $isRandomTokenAuthGenerationEnabled;
     }
 
+    /**
+     * Returns the {@link $appendUserEmailSuffixToUsername} property.
+     *
+     * @return bool
+     */
+    public function getAppendUserEmailSuffixToUsername()
+    {
+        return $this->appendUserEmailSuffixToUsername;
+    }
+
+    /**
+     * Sets the {@link $appendUserEmailSuffixToUsername} property.
+     *
+     * @param bool $appendUserEmailSuffixToUsername
+     */
+    public function setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername)
+    {
+        $this->appendUserEmailSuffixToUsername = $appendUserEmailSuffixToUsername;
+    }
+
     /**
      * Hashes the LDAP password so no part the real LDAP password (or the hash stored in
      * LDAP) will be stored in Piwik's DB.
@@ -423,6 +471,11 @@ public static function makeConfigured()
             $result->setIsRandomTokenAuthGenerationEnabled($isRandomTokenAuthGenerationEnabled);
         }
 
+        $appendUserEmailSuffixToUsername = Config::shouldAppendUserEmailSuffixToUsername();
+        if (!empty($appendUserEmailSuffixToUsername)) {
+            $result->setAppendUserEmailSuffixToUsername($appendUserEmailSuffixToUsername);
+        }
+
         Log::debug("UserMapper::%s: configuring with uidField = %s, aliasField = %s firstNameField = %s, lastNameField = %s"
                  . " mailField = %s, ldapUserPasswordField = %s, userEmailSuffix = %s, isRandomTokenAuthGenerationEnabled = %s",
                    __FUNCTION__, $uidField, $aliasField, $firstNameField, $lastNameField, $mailField, $userPasswordField,

diff --git a/LdapInterop/UserSynchronizer.php b/LdapInterop/UserSynchronizer.php
@@ -101,6 +101,8 @@ public function synchronizeLdapUser($piwikLogin, $ldapUser)
         $userModel = $this->userModel;
         $newUserDefaultSitesWithViewAccess = $this->newUserDefaultSitesWithViewAccess;
         return Access::doAsSuperUser(function () use ($piwikLogin, $ldapUser, $userMapper, $usersManagerApi, $userModel, $newUserDefaultSitesWithViewAccess) {
+            $piwikLogin = $this->userMapper->getExpectedLdapUsername($piwikLogin);
+
             $existingUser = $userModel->getUser($piwikLogin);
 
             $user = $userMapper->createPiwikUserFromLdapUser($ldapUser, $existingUser);