diff --git a/src/Model/Table/LdapConnectionsTable.php b/src/Model/Table/LdapConnectionsTable.php index fcf904d..cde9695 100755 --- a/src/Model/Table/LdapConnectionsTable.php +++ b/src/Model/Table/LdapConnectionsTable.php @@ -67,7 +67,7 @@ class LdapConnectionsTable extends AppTable public function useLdap() { - $this->checkConfiguration(); + $this->_checkConfiguration(); return $this->LDAP_USED; } @@ -203,12 +203,12 @@ class LdapConnectionsTable extends AppTable ]; } - private function buildFakeLdapUsers() + private function _buildFakeLdapUsers() { - return $this->buildFakeLdapUsersFromDB(); + return $this->_buildFakeLdapUsersFromDB(); } - private function buildFakeLdapUsersFromDB() + private function _buildFakeLdapUsersFromDB() { //NEW //$users = TableRegistry::getTableLocator()->get('Users')->find(); @@ -300,11 +300,11 @@ class LdapConnectionsTable extends AppTable // $this->authenticationType => [$prefix.'username'], //'uid' => [ $this->authenticationType => [ - $this->getTheFakeLdapUser()['login'] + $this->_getTheFakeLdapUser()['login'] ], // $this->authenticationType => ['usere'], 'userpassword' => [ - $this->getTheFakeLdapUser()['pass'] + $this->_getTheFakeLdapUser()['pass'] ] // 'userpassword' => ['toto'], ]; @@ -312,7 +312,7 @@ class LdapConnectionsTable extends AppTable return $ldapUsers; } - private function checkConfiguration() + private function _checkConfiguration() { $this->configurationsTable = TableRegistry::getTableLocator()->get('Configurations'); $this->CONF = $this->configurationsTable @@ -333,7 +333,7 @@ class LdapConnectionsTable extends AppTable $this->authenticationType = $config->ldap_authenticationType; if (empty($this->fakeLDAPUsers)) - $this->fakeLDAPUsers = $this->buildFakeLdapUsers(); + $this->fakeLDAPUsers = $this->_buildFakeLdapUsers(); return true; } // debug($this->fakeLDAPUsers); @@ -365,36 +365,7 @@ class LdapConnectionsTable extends AppTable - // REAL LDAP only - /** - * @return array or boolean : all users from DB (CACHE of the LDAP) or FALSE (if table emtpy or expired data) - */ - private function fetchAllUsersFromDB() { - // On remet à jour tous les 7 jours - $PEREMPTION_NB_DAYS = 7; - - // Doit aussi retourner FALSE si la ligne FAKE de la table users - // (celle qui contient le user_name "FAKE_USER") - // a une date "updated" périmée (now - updated > $PEREMPTION_NB_DAYS) - // (update automatique de tous les users, chaque semaine, pour rester synced avec le LDAP) - // By default, no user in CACHE - return FALSE; - } - - // REAL LDAP only - // Sauvegarde de tous les users du LDAP en BD (avec un rythme de mise à jour hebdo) - // Seulement les champs: nom, pnom, login, pass, email, create, updated, profile - private function saveAllUsersInDB($users_fetched) { - - // START TRANSACTION - // 1) Update (ou création) de la ligne FAKE (contient le user_name "FAKE_USER") => avec une date "updated" - // 2) Update (ou création) de chaque user contenu dans $users_fetched - // Attention à ne pas perdre l'attribut "profile", surtout pour les users privilégiés!!! (les autres ont un profile = "Utilisateur") - // END TRANSACTION (COMMIT) - - // SAVE s'est bien passé - return TRUE; - } + @@ -407,7 +378,7 @@ class LdapConnectionsTable extends AppTable private function _getAllLdapUsersFromLDAP() { - return $this->LDAP_USED ? $this->searchLdap($this->filter, []) : $this->fakeLDAPUsers; + return $this->LDAP_USED ? $this->_searchLdap($this->filter, []) : $this->fakeLDAPUsers; } /** @@ -416,7 +387,7 @@ class LdapConnectionsTable extends AppTable // REAL or FAKE LDAP public function getAllLdapUsers() { - if (! $this->checkConfiguration()) return FALSE; + if (! $this->_checkConfiguration()) return FALSE; // By default, nothing found, ERROR $users_fetched = FALSE; @@ -429,39 +400,12 @@ class LdapConnectionsTable extends AppTable // LDAP direct (no optimization) else { - try { - //if ($this->checkConfiguration()) { - - // REAL LDAP - //if ($this->LDAP_USED) { - - /* - // 1) Search users in CACHE (DB) - $users_fetched = $this->fetchAllUsersFromDB(); - - // 2) Not found in CACHE, so search users in LDAP - if ($users_fetched === FALSE) { - */ - $users_fetched = $this->_getAllLdapUsersFromLDAP(); - //$users_fetched = $this->searchLdap($this->filter, []); - // CACHE the new user in DB for next time - //if ($users_fetched !== FALSE) $this->saveAllUsersInDB($users_fetched); - //} - - //} - - /* - // FAKE LDAP - else { - $users_fetched = $this->fakeLDAPUsers; - } - */ - + try { + $users_fetched = $this->_getAllLdapUsersFromLDAP(); // Noter que $user_fetched peut etre egal a FALSE (si rien trouvé) //return $users_fetched; - //} - } - catch (Exception $e) {} + } + catch (Exception $e) {} } return $users_fetched; @@ -609,7 +553,7 @@ class LdapConnectionsTable extends AppTable // Utilisateur du ldap qui n'est pas dans la table utilisateurs // => il a donc le role "Utilisateur" PAR DEFAUT - private function getTheFakeLdapUser() + private function _getTheFakeLdapUser() { return [ 'login' => '_fake_ldap_user_', @@ -902,7 +846,7 @@ class LdapConnectionsTable extends AppTable // REAL LDAP only // from LDAP ==> to DB // SAVE new user in DB - private function saveNewUserInDB($user_from_LDAP) { + private function _saveNewUserInDB($user_from_LDAP) { if (! $this->CONF->ldap_cached) return TRUE; // 1) Format LDAP user as for DB @@ -921,7 +865,7 @@ class LdapConnectionsTable extends AppTable // REAL LDAP only // SEARCH en 4 étapes - private function searchLdap($filter, $just_these, $user_login=NULL, $user_password=NULL) { + private function _searchLdap($filter, $just_these, $user_login=NULL, $user_password=NULL) { // (1) CONNEXION $ldapConnection = ldap_connect($this->host, $this->port) @@ -969,7 +913,7 @@ class LdapConnectionsTable extends AppTable // Il y a eu un pb, utilisateur non reconnu return FALSE; - } // searchLdap() + } // _searchLdap() @@ -977,7 +921,7 @@ class LdapConnectionsTable extends AppTable public function ldapAuthenticationOLD($user_login, $user_password) { try { - if ($this->checkConfiguration()) { + if ($this->_checkConfiguration()) { // REAL LDAP if ($this->LDAP_USED) { @@ -1003,10 +947,10 @@ class LdapConnectionsTable extends AppTable $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; //TODO: optimisation, refactoriser si comportement général //$binddn .= ','.$this->baseDn; - $user_fetched = $this->searchLdap($filter, $just_these, $user_login, $user_password); + $user_fetched = $this->_searchLdap($filter, $just_these, $user_login, $user_password); // CACHE the new user in DB for next time if ($user_fetched != FALSE) { - //$this->saveNewUserInDB($user_fetched[0]); + //$this->_saveNewUserInDB($user_fetched[0]); return $user_fetched[0]; } } @@ -1028,8 +972,8 @@ class LdapConnectionsTable extends AppTable // $this->authenticationType peut valoir "uid" ou "cn"... (par défaut "uid" pour le fake ldap, à confirmer...) // if ($user['uid'][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; - //if ($user['uid'][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) - if ($user[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) + //if ($user['uid'][0] == $this->_getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->_getTheFakeLdapUser()['pass']) + if ($user[$this->authenticationType][0] == $this->_getTheFakeLdapUser()['login'] && $user['userpassword'][0] == $this->_getTheFakeLdapUser()['pass']) return $user; if ( (new DefaultPasswordHasher())->check($user_password,$user['userpassword'][0]) ) return $user; @@ -1058,7 +1002,7 @@ class LdapConnectionsTable extends AppTable public function ldapAuthentication($user_login, $user_password) { // Bad configuration => FAIL - if (! $this->checkConfiguration()) return FALSE; + if (! $this->_checkConfiguration()) return FALSE; /* (EP 5/6/19 : on n'a pas accès au password stocké dans le ldap, on ne peut donc pas le stocker dans le cache) // LDAP optimized @@ -1085,7 +1029,7 @@ class LdapConnectionsTable extends AppTable // normal LDAP (no optimization) try { - //if ($this->checkConfiguration()) { + //if ($this->_checkConfiguration()) { // REAL LDAP if ($this->LDAP_USED) { @@ -1115,7 +1059,7 @@ class LdapConnectionsTable extends AppTable $filter = "(&".$this->filter."(".$this->authenticationType . '=' . $user_login."))"; //TODO: optimisation, refactoriser si comportement général //$binddn .= ','.$this->baseDn; - $user_fetched = $this->searchLdap($filter, $just_these, $user_login, $user_password); + $user_fetched = $this->_searchLdap($filter, $just_these, $user_login, $user_password); //$this->mydebugmsg("(1) user found in LDAP is:"); //$this->mydebugmsg($user_fetched); //$this->mydebugmsg($user_fetched[0]); @@ -1123,7 +1067,7 @@ class LdapConnectionsTable extends AppTable // CACHE the new user in DB for next time if ($user_fetched !== FALSE) { - //$this->saveNewUserInDB($user_fetched[0]); + //$this->_saveNewUserInDB($user_fetched[0]); return $user_fetched[0]; } /* @@ -1176,7 +1120,7 @@ class LdapConnectionsTable extends AppTable // $this->authenticationType peut valoir "uid" ou "cn"... (par défaut "uid" pour le fake ldap, à confirmer...) // if ($user['uid'][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; // if ($user[$this->authenticationType][0] == "_NouvelUtilisateur_username" && $user['userpassword'][0] == "_NouvelUtilisateur_password") return $user; - if ($user_fetched[$this->authenticationType][0] == $this->getTheFakeLdapUser()['login'] && $user_fetched['userpassword'][0] == $this->getTheFakeLdapUser()['pass']) + if ($user_fetched[$this->authenticationType][0] == $this->_getTheFakeLdapUser()['login'] && $user_fetched['userpassword'][0] == $this->_getTheFakeLdapUser()['pass']) return $user_fetched; /* debug("user_password = ".$user_password); -- libgit2 0.21.2