From bcfff0479755be61e65513dc90fd59c620c5cdeb Mon Sep 17 00:00:00 2001 From: Amrouche Hamza Date: Sat, 18 May 2019 09:42:17 +0200 Subject: [PATCH] [Ldap] Add users extra_fields in ldap component --- .../Security/UserProvider/LdapFactory.php | 4 ++++ .../SecurityBundle/Resources/config/security.xml | 1 + .../Tests/Functional/app/JsonLoginLdap/config.yml | 1 + src/Symfony/Component/Ldap/CHANGELOG.md | 5 +++++ .../Security/Core/Tests/User/LdapUserProviderTest.php | 3 ++- .../Component/Security/Core/User/LdapUserProvider.php | 11 +++++++++-- src/Symfony/Component/Security/Core/User/User.php | 9 ++++++++- 7 files changed, 30 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php index f213a32f8b..33e59bfc70 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php @@ -36,6 +36,7 @@ class LdapFactory implements UserProviderFactoryInterface ->replaceArgument(5, $config['uid_key']) ->replaceArgument(6, $config['filter']) ->replaceArgument(7, $config['password_attribute']) + ->replaceArgument(8, $config['extra_fields']) ; } @@ -52,6 +53,9 @@ class LdapFactory implements UserProviderFactoryInterface ->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end() ->scalarNode('search_dn')->end() ->scalarNode('search_password')->end() + ->arrayNode('extra_fields') + ->prototype('scalar')->end() + ->end() ->arrayNode('default_roles') ->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end() ->requiresAtLeastOneElement() diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml index 1d2f0c4e50..021acccb2a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml @@ -184,6 +184,7 @@ + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml index d608f309f8..622ec0f3eb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml @@ -21,6 +21,7 @@ security: search_password: '' default_roles: ROLE_USER uid_key: uid + extra_fields: ['email'] firewalls: main: diff --git a/src/Symfony/Component/Ldap/CHANGELOG.md b/src/Symfony/Component/Ldap/CHANGELOG.md index ca2d18fad2..c566ef563d 100644 --- a/src/Symfony/Component/Ldap/CHANGELOG.md +++ b/src/Symfony/Component/Ldap/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +4.4.0 +----- + +* Added the "extra_fields" option, an array of custom fields to pull from the LDAP server + 4.3.0 ----- diff --git a/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php b/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php index 418475ac93..7872c242da 100644 --- a/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php @@ -334,6 +334,7 @@ class LdapUserProviderTest extends TestCase ->will($this->returnValue(new Entry('foo', [ 'sAMAccountName' => ['foo'], 'userpassword' => ['bar'], + 'email' => ['elsa@symfony.com'], ] ))) ; @@ -353,7 +354,7 @@ class LdapUserProviderTest extends TestCase ->will($this->returnValue($query)) ; - $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword'); + $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']); $this->assertInstanceOf( 'Symfony\Component\Security\Core\User\User', $provider->loadUserByUsername('foo') diff --git a/src/Symfony/Component/Security/Core/User/LdapUserProvider.php b/src/Symfony/Component/Security/Core/User/LdapUserProvider.php index adb820fcca..e467b3c3e0 100644 --- a/src/Symfony/Component/Security/Core/User/LdapUserProvider.php +++ b/src/Symfony/Component/Security/Core/User/LdapUserProvider.php @@ -34,8 +34,9 @@ class LdapUserProvider implements UserProviderInterface private $uidKey; private $defaultSearch; private $passwordAttribute; + private $extraFields; - public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null) + public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = []) { if (null === $uidKey) { $uidKey = 'sAMAccountName'; @@ -53,6 +54,7 @@ class LdapUserProvider implements UserProviderInterface $this->uidKey = $uidKey; $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter); $this->passwordAttribute = $passwordAttribute; + $this->extraFields = $extraFields; } /** @@ -123,12 +125,17 @@ class LdapUserProvider implements UserProviderInterface protected function loadUser($username, Entry $entry) { $password = null; + $extraFields = []; if (null !== $this->passwordAttribute) { $password = $this->getAttributeValue($entry, $this->passwordAttribute); } - return new User($username, $password, $this->defaultRoles); + foreach ($this->extraFields as $field) { + $extraFields[$field] = $this->getAttributeValue($entry, $field); + } + + return new User($username, $password, $this->defaultRoles, true, true, true, true, $extraFields); } /** diff --git a/src/Symfony/Component/Security/Core/User/User.php b/src/Symfony/Component/Security/Core/User/User.php index 18faeb7af0..a24cb69668 100644 --- a/src/Symfony/Component/Security/Core/User/User.php +++ b/src/Symfony/Component/Security/Core/User/User.php @@ -27,8 +27,9 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter private $credentialsNonExpired; private $accountNonLocked; private $roles; + private $extraFields; - public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true) + public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true, array $extraFields = []) { if ('' === $username || null === $username) { throw new \InvalidArgumentException('The username cannot be empty.'); @@ -41,6 +42,7 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter $this->credentialsNonExpired = $credentialsNonExpired; $this->accountNonLocked = $userNonLocked; $this->roles = $roles; + $this->extraFields = $extraFields; } public function __toString() @@ -118,6 +120,11 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter { } + public function getExtraFields() + { + return $this->extraFields; + } + /** * {@inheritdoc} */