File: ExtraInvalidCredentials.inc

package info (click to toggle)
ldap-account-manager 9.0-1
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 84,712 kB
  • sloc: php: 226,230; javascript: 83,487; pascal: 41,693; perl: 414; sh: 273; xml: 228; makefile: 188
file content (158 lines) | stat: -rw-r--r-- 4,471 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
<?php

namespace LAM\PLUGINS\EXTRA_INVALID_CREDENTIALS;

/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2020 - 2024  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
 * Extra messages for invalid credentials.
 *
 * @author Roland Gruber
 */

/**
 * Provides additional messages if login failed.
 *
 * @package LAM\PLUGINS\EXTRA_INVALID_CREDENTIALS
 */
class ExtraInvalidCredentials {

	/**
	 * Tries to get additional information why invalid credentials was returned. E.g. account is locked.
	 *
	 * @param handle $ldap LDAP object to connect for getting extra data
	 * @param string $userDn failed DN
	 * @return null|string extra message
	 */
	public function getExtraMessage($ldap, string $userDn) {
		$this->includeFiles();
		$providers = $this->findProviders();
		$attributes = $this->getAttributeNames($providers);
		$userData = $this->getLdapData($userDn, $attributes, $ldap);
		return $this->getMessageFromProviders($providers, $userData, $ldap);
	}

	/**
	 * Includes all plugin files.
	 */
	protected function includeFiles() {
		$pluginDir = dir(__DIR__);
		while ($entry = $pluginDir->read()) {
			if ((str_starts_with($entry, '.')) || ($entry === basename(__FILE__))) {
				continue;
			}
			include_once(__DIR__ . '/' . $entry);
		}
	}

	/**
	 * Returns a list of ExtraInvalidCredentialsProvider objects.
	 *
	 * @return ExtraInvalidCredentialsProvider[] providers
	 */
	protected function findProviders() {
		$providers = [];
		foreach (get_declared_classes() as $declaredClass) {
			if (in_array('LAM\PLUGINS\EXTRA_INVALID_CREDENTIALS\ExtraInvalidCredentialsProvider', class_implements($declaredClass))) {
				$providers[] = new $declaredClass();
			}
		}
		return $providers;
	}

	/**
	 * Returns the attribute names for the LDAP search.
	 *
	 * @param ExtraInvalidCredentialsProvider[] $providers
	 */
	protected function getAttributeNames(array $providers) {
		$attributeNames = [];
		foreach ($providers as $provider) {
			$attributeNames = array_merge($attributeNames, $provider->getAttributeNamesToRead());
		}
		$attributeNames = array_unique($attributeNames);
		logNewMessage(LOG_DEBUG, 'Extra invalid credentials - attribute names: ' . implode(', ', $attributeNames));
		return $attributeNames;
	}

	/**
	 * Reads the LDAP data.
	 *
	 * @param string $userDn user DN
	 * @param array $attributes attribute names
	 * @param handle $ldap LDAP handle
	 * @return array|null attribute values
	 */
	protected function getLdapData(string $userDn, array $attributes, $ldap) {
		$data = ldapGetDN($userDn, $attributes, $ldap);
		logNewMessage(LOG_DEBUG, 'Extra invalid credentials - LDAP data: ' . print_r($data, true));
		if ($data === null) {
			$data = [];
		}
		return $data;
	}

	/**
	 * Returns the message from the providers.
	 *
	 * @param ExtraInvalidCredentialsProvider[] $providers providers
	 * @param array $userData LDAP data
	 * @param handle $ldap LDAP handle
	 * @return null|string extra message
	 */
	protected function getMessageFromProviders(array $providers, array $userData, $ldap) {
		foreach ($providers as $provider) {
			$message = $provider->getExtraMessage($userData, $ldap);
			if ($message !== null) {
				return $message;
			}
		}
		return null;
	}

}

/**
 * Interface for provides of extra messages.
 *
 * @package LAM\PLUGINS\EXTRA_INVALID_CREDENTIALS
 */
interface ExtraInvalidCredentialsProvider {

	/**
	 * Returns the list of attribute names to read from LDAP.
	 *
	 * @return string[] attribute names
	 */
	public function getAttributeNamesToRead(): array;

	/**
	 * Returns an extra message if any.
	 *
	 * @param array $attributes LDAP attributes
	 * @param handle $ldap LDAP handle
	 * @return null|string message
	 */
	public function getExtraMessage(array $attributes, $ldap);

}