davis/src/Services/LDAPFallbackAuth.php at cb09cb1fd9519355285487a93ab75a1359369df5 · tchapi/davis · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php

namespace App\Services;

use App\Entity\User;
use App\Services\BasicAuth;
use App\Services\LDAPAuth;
use Doctrine\Persistence\ManagerRegistry;
use Sabre\DAV\Auth\Backend\AbstractBasic;

final class LDAPFallbackAuth extends AbstractBasic
{

    public const PROVIDER_BASIC = 'Basic';
    public const PROVIDER_LDAP = 'LDAP';

    /**
     * LDAP authenticator.
     *
     * @var App\Services\LDAPAuth
     */
    private $LDAPAuth;

    /**
     * Basic authenticator.
     *
     * @var App\Services\BasicAuth
     */
    private $BasicAuth;

    /**
     * Configure which authenticator to check first.
     *
     * Either 'LDAP' or 'Basic'
     *
     * @var string
     *
     */
    private $whichFirst;

    /**
     * Creates the backend object.
     */
    public function __construct(ManagerRegistry $doctrine, Utils $utils, string $LDAPAuthUrl, string $LDAPDnPattern, ?string $LDAPMailAttribute, bool $autoCreate, ?string $LDAPCertificateCheckingStrategy, ?string $whichFirst)
    {

        $this->LDAPAuth = new LDAPAuth($doctrine, $utils,  $LDAPAuthUrl, $LDAPDnPattern, $LDAPMailAttribute ?? 'mail', $autoCreate, $LDAPCertificateCheckingStrategy  ?? 'try' );
        $this->BasicAuth = new BasicAuth($doctrine, $utils);
        $this->whichFirst = $whichFirst ?? PROVIDER_BASIC;

        $this->doctrine = $doctrine;
        $this->utils = $utils;
    }

    /**
     * Validates a username and password by trying to authenticate against LDAP and local database.
     *
     * @param string $username
     * @param string $password
     */
    protected function validateUserPass($username, $password): bool
    {
        /*
         * Use the backends.
         */
        switch ($this->whichFirst) {
            case self::PROVIDER_BASIC:
                if(!$this->BasicAuth->validateUserPass($username, $password)){
                  return $this->LDAPAuth->validateUserPass($username, $password);
                }else{
                  return true;
                }
            case self::PROVIDER_LDAP:
                if(!$this->LDAPAuth->validateUserPass($username, $password)){
                  return $this->BasicAuth->validateUserPass($username, $password);
                }else{
                  return true;
                }
        }
        return false;
    }
}