X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/e7a7d8cc1d77b032c4efe9d08ec6c749430b7b57..refs/pull/2902/head:/app/Auth/Access/LdapService.php diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php index a438c0984..7bfdb5328 100644 --- a/app/Auth/Access/LdapService.php +++ b/app/Auth/Access/LdapService.php @@ -1,9 +1,13 @@ -ldap = $ldap; + $this->userAvatars = $userAvatars; $this->config = config('services.ldap'); $this->enabled = config('auth.method') === 'ldap'; } /** * Check if groups should be synced. + * * @return bool */ public function shouldSyncGroups() @@ -38,6 +44,7 @@ class LdapService extends ExternalAuthService /** * Search for attributes for a specific user on the ldap. + * * @throws LdapException */ private function getUserWithAttributes(string $userName, array $attributes): ?array @@ -69,6 +76,7 @@ class LdapService extends ExternalAuthService /** * Get the details of a user from LDAP using the given username. * User found via configurable user filter. + * * @throws LdapException */ public function getUserDetails(string $userName): ?array @@ -76,24 +84,28 @@ class LdapService extends ExternalAuthService $idAttr = $this->config['id_attribute']; $emailAttr = $this->config['email_attribute']; $displayNameAttr = $this->config['display_name_attribute']; + $thumbnailAttr = $this->config['thumbnail_attribute']; - $user = $this->getUserWithAttributes($userName, ['cn', 'dn', $idAttr, $emailAttr, $displayNameAttr]); + $user = $this->getUserWithAttributes($userName, array_filter([ + 'cn', 'dn', $idAttr, $emailAttr, $displayNameAttr, $thumbnailAttr, + ])); - if ($user === null) { + if (is_null($user)) { return null; } $userCn = $this->getUserResponseProperty($user, 'cn', null); $formatted = [ - 'uid' => $this->getUserResponseProperty($user, $idAttr, $user['dn']), - 'name' => $this->getUserResponseProperty($user, $displayNameAttr, $userCn), - 'dn' => $user['dn'], + 'uid' => $this->getUserResponseProperty($user, $idAttr, $user['dn']), + 'name' => $this->getUserResponseProperty($user, $displayNameAttr, $userCn), + 'dn' => $user['dn'], 'email' => $this->getUserResponseProperty($user, $emailAttr, null), + 'avatar'=> $thumbnailAttr ? $this->getUserResponseProperty($user, $thumbnailAttr, null) : null, ]; if ($this->config['dump_user_details']) { throw new JsonDebugException([ - 'details_from_ldap' => $user, + 'details_from_ldap' => $user, 'details_bookstack_parsed' => $formatted, ]); } @@ -129,6 +141,7 @@ class LdapService extends ExternalAuthService /** * Check if the given credentials are valid for the given user. + * * @throws LdapException */ public function validateUserCredentials(?array $ldapUserDetails, string $password): bool @@ -138,6 +151,7 @@ class LdapService extends ExternalAuthService } $ldapConnection = $this->getConnection(); + try { $ldapBind = $this->ldap->bind($ldapConnection, $ldapUserDetails['dn'], $password); } catch (ErrorException $e) { @@ -150,7 +164,9 @@ class LdapService extends ExternalAuthService /** * Bind the system user to the LDAP connection using the given credentials * otherwise anonymous access is attempted. + * * @param $connection + * * @throws LdapException */ protected function bindSystemUser($connection) @@ -173,8 +189,10 @@ class LdapService extends ExternalAuthService /** * Get the connection to the LDAP server. * Creates a new connection if one does not exist. - * @return resource + * * @throws LdapException + * + * @return resource */ protected function getConnection() { @@ -214,6 +232,7 @@ class LdapService extends ExternalAuthService } $this->ldapConnection = $ldapConnection; + return $this->ldapConnection; } @@ -233,6 +252,7 @@ class LdapService extends ExternalAuthService // Otherwise, extract the port out $hostName = $serverNameParts[0]; $ldapPort = (count($serverNameParts) > 1) ? intval($serverNameParts[1]) : 389; + return ['host' => $hostName, 'port' => $ldapPort]; } @@ -246,11 +266,13 @@ class LdapService extends ExternalAuthService $newKey = '${' . $key . '}'; $newAttrs[$newKey] = $this->ldap->escape($attrText); } + return strtr($filterString, $newAttrs); } /** * Get the groups a user is a part of on ldap. + * * @throws LdapException */ public function getUserGroups(string $userName): array @@ -264,11 +286,13 @@ class LdapService extends ExternalAuthService $userGroups = $this->groupFilter($user); $userGroups = $this->getGroupsRecursive($userGroups, []); + return $userGroups; } /** * Get the parent groups of an array of groups. + * * @throws LdapException */ private function getGroupsRecursive(array $groupsArray, array $checked): array @@ -295,6 +319,7 @@ class LdapService extends ExternalAuthService /** * Get the parent groups of a single group. + * * @throws LdapException */ private function getGroupGroups(string $groupName): array @@ -328,7 +353,7 @@ class LdapService extends ExternalAuthService $count = 0; if (isset($userGroupSearchResponse[$groupsAttr]['count'])) { - $count = (int)$userGroupSearchResponse[$groupsAttr]['count']; + $count = (int) $userGroupSearchResponse[$groupsAttr]['count']; } for ($i = 0; $i < $count; $i++) { @@ -343,6 +368,7 @@ class LdapService extends ExternalAuthService /** * Sync the LDAP groups to the user roles for the current user. + * * @throws LdapException */ public function syncGroups(User $user, string $username) @@ -350,4 +376,22 @@ class LdapService extends ExternalAuthService $userLdapGroups = $this->getUserGroups($username); $this->syncWithGroups($user, $userLdapGroups); } + + /** + * Save and attach an avatar image, if found in the ldap details, and attach + * to the given user model. + */ + public function saveAndAttachAvatar(User $user, array $ldapUserDetails): void + { + if (is_null(config('services.ldap.thumbnail_attribute')) || is_null($ldapUserDetails['avatar'])) { + return; + } + + try { + $imageData = $ldapUserDetails['avatar']; + $this->userAvatars->assignToUserFromExistingData($user, $imageData, 'jpg'); + } catch (\Exception $exception) { + Log::info("Failed to use avatar image from LDAP data for user id {$user->id}"); + } + } }