0.10/balance/modules/profile/classes/LDAPAuthenticationProvider.class.php - oodt - Git at Google

 <?php
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 /**
  * LDAPAuthenticationProvider
  *
  * This class provides an extension of the OODT Security 'Single-sign on'
  * functionality that complies with the contract specified in the OODT Balance
  * ApplicationAuthenticationProvider interface.
  *
  * For more information on the functions available here, consult either the
  * OODT Security package or the Balance ApplicationAuthenticationProvider
  * interface documentation.
  *
  * Note: This class has a dependency on the OODT CAS-SSO package
  *      (http://oodt.jpl.nasa.gov/repo/framework/cas-sso/trunk/src/php/pear)
  *
  *      To build this dependency, check out the above project and then:
  *      1) cd into the checked out project (you should see a package.xml file)
  *      2) pear package
  *      3) (sudo) pear install --force Gov_Nasa_Jpl...tar.gz
  *
  * @author s.khudikyan
  * @author ahart
  *
  */

 require("Org/Apache/Oodt/Security/SingleSignOn.php");

 class LDAPAuthenticationProvider
 	extends Org_Apache_Oodt_Security_SingleSignOn
 	implements Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider {

 	// The LDAP server name
 	protected $ldapHost;

 	// The port on which the LDAP server listens
 	protected $ldapPort;


 	/**
 	 * Constructor
 	 */
 	public function __construct() {

 		// set LDAP constants
 		define("CAS_SECURITY",true);
 		define("SSO_LDAP_HOST", App::Get()->settings['ldap_host']);
 		define("SSO_LDAP_PORT", App::Get()->settings['ldap_port']);
 		define("SSO_BASE_DN", App::Get()->settings['ldap_base_dn']);
 		define("SSO_GROUPS_DN", App::Get()->settings['ldap_group_dn']);
 		define("SSO_COOKIE_KEY", App::Get()->settings['cookie_key']);

 		$this->ldapHost = SSO_LDAP_HOST;
 		$this->ldapPort = SSO_LDAP_PORT;
 	}

 	/**
 	 * Connect to the LDAP server
 	 */
 	public function connect() {
 		return parent::connect($this->ldapHost,$this->ldapPort);
 	}

 	/**
 	 * Disconnect from the LDAP server
 	 */
 	public function disconnect() {
 		ldap_close($this->conn);
 	}

 	/**
 	 * Determine whether or not a user has authenticated
 	 *
 	 * @return boolean Whether or not the current user has authenticated
 	 */
 	public function isLoggedIn() {
 		return parent::isLoggedIn();
 	}

 	/**
 	 * Process a user login
 	 *
 	 * @param string $username The provided username
 	 * @param string $password The provided password
 	 */
 	public function login( $username, $password ) {
 		return parent::login( $username, $password );
 	}

 	/**
 	 * End an authenticated user's session
 	 */
 	public function logout() {
 		parent::logout();
 	}

 	/**
 	 * Return the unique username of the currently authenticated user
 	 */
 	public function getCurrentUsername() {
 		return parent::getCurrentUsername();
 	}

 	/**
 	 * Process a password change request for the currently authenticated
 	 * user
 	 *
 	 * @param string $newPassword The new password to associate with the user
 	 */
 	public function changePassword( $newPassword ) {
 		if ( App::Get()->settings['auth_encryption_method'] ) {
 			return parent::changePassword( $newPassword, App::Get()->settings['auth_encryption_method'] );
 		}
 		return parent::changePassword( $newPassword );
 	}

 	/**
 	 * Attempt to validate a candidate value for new user password
 	 *
 	 * @param string $newPass The candidate password value
 	 * @param string $encryptionMethod The encryption method to use
 	 */
 	public function validateChangePassword( $newPass, $encryptionMethod = "SHA" ) {
 		$isValid = true;
 		$messages = array();
 		// validate rules from config file
 		$rules = App::Get()->settings['security_password_rules'];

 		if ( isset($rules) ) {
 			foreach( $rules as $rule ){

 				// Separate the rule from the error message
 				list($regularExpression,$errorMessage) = explode('|',$rule,2);

 				// Test the rule
 				$rulePassed = preg_match($regularExpression, $newPass);

 				// If the rule failed, append the error message
 				if (!$rulePassed) {
 					$messages[] = $errorMessage;
 					$isValid    = false;
 				}
 			}
 		}

 		if ($isValid && $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT)) {
 		  $result = $this->changePassword($newPass,$encryptionMethod);
 		  return true;
 		} else
 		  return $messages;
 	}

 	/**
 	 * Obtain detailed information about the specified user.
 	 *
 	 * This function accepts both a username and an array of attributes
 	 * corresponding to the variables in the LDAP user record for which
 	 * values should be returned.
 	 *
 	 * @param string $username   The username to obtain information for
 	 * @param array  $attributes The set of variables to return values for
 	 */
 	public function retrieveUserAttributes( $username, $attributes ) {
 		$rawArray 		= parent::retrieveUserAttributes( $username, $attributes );
 		$userAttributes = array();

 		if ( count($rawArray) > 1 ) {
 			$rawArray = $rawArray[0];
 			// Get only necessary attributes to return
 			foreach ( $rawArray as $key=>$keyValue ) {
 				foreach ( $attributes as $value ) {
 					if ( $key === $value ) {
 						$userAttributes[$key] = $keyValue[0];
 					}
 				}
 			}
 		}
 		return $userAttributes;
 	}

 	/**
 	 * Add a user record to the LDAP directory
 	 *
 	 * This function accepts an associative array of information about
 	 * a user. The keys in this array correspond to the named variables
 	 * in the user object in the LDAP directory. At a minimum, this
 	 * array must contain a key 'uid' which must be unique across users
 	 * so that a proper dn can be generated for the new user.
 	 *
 	 * @param array $userInfo The information to include in the record
 	 */
 	public function addUser($userInfo) {
 		$ldapconn = $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT);
 		if ($ldapconn) {
 			$user  = "uid={$userInfo[ "uid" ]}," . SSO_BASE_DN;
 			return ldap_add($ldapconn,$user,$userInfo);
 		}
 		// connection failed
 		return false;
 	}

 	/**
 	 * Determine if the specified username is available
 	 *
 	 * This function uses the value of the config setting 'username_attr' when
 	 * determining which key in the LDAP user record to use as the username
 	 * attribute.
 	 *
 	 * @param string $username The username to test for availability
 	 */
 	public function usernameAvailability( $username ) {
 		$justthese = array( App::Get()->settings['username_attr'] );
 		$profile = $this->retrieveUserAttributes($username, $justthese);
 		if (count($profile) > 0) {
 			return false;
 		} else {
 			// available
 			return true;
 		}
 	}

 	/**
 	 * Update an existing user profile with new information
 	 *
 	 * This function accepts an associative array containing named key/value
 	 * pairs. The keys in this array correspond to the named variables
 	 * in the user object in the LDAP directory. The function can only update
 	 * the record for the currently authenticated user.
 	 *
 	 * @param array $newInfo The updated information for the user's profile
 	 */
 	public function updateProfile($newInfo) {

 		if ($this->isLoggedIn()) {
 			$user  = "uid={$this->getCurrentUsername()}," . SSO_BASE_DN ;
 			$ldapconn = $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT);

 			if (ldap_mod_replace($ldapconn,$user,$newInfo)) {
 				return true;
 			} else {
 				return false;
 			}
 		} else {
 			return false;
 		}
 	}
 }
	<?php
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/**
	* LDAPAuthenticationProvider
	*
	* This class provides an extension of the OODT Security 'Single-sign on'
	* functionality that complies with the contract specified in the OODT Balance
	* ApplicationAuthenticationProvider interface.
	*
	* For more information on the functions available here, consult either the
	* OODT Security package or the Balance ApplicationAuthenticationProvider
	* interface documentation.
	*
	* Note: This class has a dependency on the OODT CAS-SSO package
	* (http://oodt.jpl.nasa.gov/repo/framework/cas-sso/trunk/src/php/pear)
	*
	* To build this dependency, check out the above project and then:
	* 1) cd into the checked out project (you should see a package.xml file)
	* 2) pear package
	* 3) (sudo) pear install --force Gov_Nasa_Jpl...tar.gz
	*
	* @author s.khudikyan
	* @author ahart
	*
	*/

	require("Org/Apache/Oodt/Security/SingleSignOn.php");

	class LDAPAuthenticationProvider
	extends Org_Apache_Oodt_Security_SingleSignOn
	implements Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthenticationProvider {

	// The LDAP server name
	protected $ldapHost;

	// The port on which the LDAP server listens
	protected $ldapPort;


	/**
	* Constructor
	*/
	public function __construct() {

	// set LDAP constants
	define("CAS_SECURITY",true);
	define("SSO_LDAP_HOST", App::Get()->settings['ldap_host']);
	define("SSO_LDAP_PORT", App::Get()->settings['ldap_port']);
	define("SSO_BASE_DN", App::Get()->settings['ldap_base_dn']);
	define("SSO_GROUPS_DN", App::Get()->settings['ldap_group_dn']);
	define("SSO_COOKIE_KEY", App::Get()->settings['cookie_key']);

	$this->ldapHost = SSO_LDAP_HOST;
	$this->ldapPort = SSO_LDAP_PORT;
	}

	/**
	* Connect to the LDAP server
	*/
	public function connect() {
	return parent::connect($this->ldapHost,$this->ldapPort);
	}

	/**
	* Disconnect from the LDAP server
	*/
	public function disconnect() {
	ldap_close($this->conn);
	}

	/**
	* Determine whether or not a user has authenticated
	*
	* @return boolean Whether or not the current user has authenticated
	*/
	public function isLoggedIn() {
	return parent::isLoggedIn();
	}

	/**
	* Process a user login
	*
	* @param string $username The provided username
	* @param string $password The provided password
	*/
	public function login( $username, $password ) {
	return parent::login( $username, $password );
	}

	/**
	* End an authenticated user's session
	*/
	public function logout() {
	parent::logout();
	}

	/**
	* Return the unique username of the currently authenticated user
	*/
	public function getCurrentUsername() {
	return parent::getCurrentUsername();
	}

	/**
	* Process a password change request for the currently authenticated
	* user
	*
	* @param string $newPassword The new password to associate with the user
	*/
	public function changePassword( $newPassword ) {
	if ( App::Get()->settings['auth_encryption_method'] ) {
	return parent::changePassword( $newPassword, App::Get()->settings['auth_encryption_method'] );
	}
	return parent::changePassword( $newPassword );
	}

	/**
	* Attempt to validate a candidate value for new user password
	*
	* @param string $newPass The candidate password value
	* @param string $encryptionMethod The encryption method to use
	*/
	public function validateChangePassword( $newPass, $encryptionMethod = "SHA" ) {
	$isValid = true;
	$messages = array();
	// validate rules from config file
	$rules = App::Get()->settings['security_password_rules'];

	if ( isset($rules) ) {
	foreach( $rules as $rule ){

	// Separate the rule from the error message
	list($regularExpression,$errorMessage) = explode('\|',$rule,2);

	// Test the rule
	$rulePassed = preg_match($regularExpression, $newPass);

	// If the rule failed, append the error message
	if (!$rulePassed) {
	$messages[] = $errorMessage;
	$isValid = false;
	}
	}
	}

	if ($isValid && $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT)) {
	$result = $this->changePassword($newPass,$encryptionMethod);
	return true;
	} else
	return $messages;
	}

	/**
	* Obtain detailed information about the specified user.
	*
	* This function accepts both a username and an array of attributes
	* corresponding to the variables in the LDAP user record for which
	* values should be returned.
	*
	* @param string $username The username to obtain information for
	* @param array $attributes The set of variables to return values for
	*/
	public function retrieveUserAttributes( $username, $attributes ) {
	$rawArray = parent::retrieveUserAttributes( $username, $attributes );
	$userAttributes = array();

	if ( count($rawArray) > 1 ) {
	$rawArray = $rawArray[0];
	// Get only necessary attributes to return
	foreach ( $rawArray as $key=>$keyValue ) {
	foreach ( $attributes as $value ) {
	if ( $key === $value ) {
	$userAttributes[$key] = $keyValue[0];
	}
	}
	}
	}
	return $userAttributes;
	}

	/**
	* Add a user record to the LDAP directory
	*
	* This function accepts an associative array of information about
	* a user. The keys in this array correspond to the named variables
	* in the user object in the LDAP directory. At a minimum, this
	* array must contain a key 'uid' which must be unique across users
	* so that a proper dn can be generated for the new user.
	*
	* @param array $userInfo The information to include in the record
	*/
	public function addUser($userInfo) {
	$ldapconn = $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT);
	if ($ldapconn) {
	$user = "uid={$userInfo[ "uid" ]}," . SSO_BASE_DN;
	return ldap_add($ldapconn,$user,$userInfo);
	}
	// connection failed
	return false;
	}

	/**
	* Determine if the specified username is available
	*
	* This function uses the value of the config setting 'username_attr' when
	* determining which key in the LDAP user record to use as the username
	* attribute.
	*
	* @param string $username The username to test for availability
	*/
	public function usernameAvailability( $username ) {
	$justthese = array( App::Get()->settings['username_attr'] );
	$profile = $this->retrieveUserAttributes($username, $justthese);
	if (count($profile) > 0) {
	return false;
	} else {
	// available
	return true;
	}
	}

	/**
	* Update an existing user profile with new information
	*
	* This function accepts an associative array containing named key/value
	* pairs. The keys in this array correspond to the named variables
	* in the user object in the LDAP directory. The function can only update
	* the record for the currently authenticated user.
	*
	* @param array $newInfo The updated information for the user's profile
	*/
	public function updateProfile($newInfo) {

	if ($this->isLoggedIn()) {
	$user = "uid={$this->getCurrentUsername()}," . SSO_BASE_DN ;
	$ldapconn = $this->connect(SSO_LDAP_HOST,SSO_LDAP_PORT);

	if (ldap_mod_replace($ldapconn,$user,$newInfo)) {
	return true;
	} else {
	return false;
	}
	} else {
	return false;
	}
	}
	}