diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Ldap] Add users extra_fields in ldap component

Browse Source
This commit is contained in:
Amrouche Hamza 2019-05-18 09:42:17 +02:00
parent 63d730920b
commit bcfff04797
No known key found for this signature in database
GPG Key ID: E45A3DA456145BC1
7 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php
View File

@ -36,6 +36,7 @@ class LdapFactory implements UserProviderFactoryInterface
->replaceArgument(5, $config['uid_key']) ->replaceArgument(5, $config['uid_key'])
->replaceArgument(6, $config['filter']) ->replaceArgument(6, $config['filter'])
->replaceArgument(7, $config['password_attribute']) ->replaceArgument(7, $config['password_attribute'])
->replaceArgument(8, $config['extra_fields'])
; ;
} }
@ -52,6 +53,9 @@ class LdapFactory implements UserProviderFactoryInterface
->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end() ->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end()
->scalarNode('search_dn')->end() ->scalarNode('search_dn')->end()
->scalarNode('search_password')->end() ->scalarNode('search_password')->end()
->arrayNode('extra_fields')
->prototype('scalar')->end()
->end()
->arrayNode('default_roles') ->arrayNode('default_roles')
->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end() ->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
->requiresAtLeastOneElement() ->requiresAtLeastOneElement()

1
src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
View File

@ -184,6 +184,7 @@
<argument /> <!-- uid key --> <argument /> <!-- uid key -->
<argument /> <!-- filter --> <argument /> <!-- filter -->
<argument /> <!-- password_attribute --> <argument /> <!-- password_attribute -->
<argument /> <!-- extra_fields (email etc) -->
</service> </service>
<service id="security.user.provider.chain" class="Symfony\Component\Security\Core\User\ChainUserProvider" abstract="true" /> <service id="security.user.provider.chain" class="Symfony\Component\Security\Core\User\ChainUserProvider" abstract="true" />

1
src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml
View File

@ -21,6 +21,7 @@ security:
search_password: '' search_password: ''
default_roles: ROLE_USER default_roles: ROLE_USER
uid_key: uid uid_key: uid
extra_fields: ['email']
firewalls: firewalls:
main: main:

5
src/Symfony/Component/Ldap/CHANGELOG.md
View File

@ -1,6 +1,11 @@
CHANGELOG CHANGELOG
========= =========
4.4.0
-----
* Added the "extra_fields" option, an array of custom fields to pull from the LDAP server
4.3.0 4.3.0
----- -----

3
src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php
View File

@ -334,6 +334,7 @@ class LdapUserProviderTest extends TestCase
->will($this->returnValue(new Entry('foo', [ ->will($this->returnValue(new Entry('foo', [
'sAMAccountName' => ['foo'], 'sAMAccountName' => ['foo'],
'userpassword' => ['bar'], 'userpassword' => ['bar'],
'email' => ['elsa@symfony.com'],
] ]
))) )))
; ;
@ -353,7 +354,7 @@ class LdapUserProviderTest extends TestCase
->will($this->returnValue($query)) ->will($this->returnValue($query))
; ;
$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword'); $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);
$this->assertInstanceOf( $this->assertInstanceOf(
'Symfony\Component\Security\Core\User\User', 'Symfony\Component\Security\Core\User\User',
$provider->loadUserByUsername('foo') $provider->loadUserByUsername('foo')

11
src/Symfony/Component/Security/Core/User/LdapUserProvider.php
View File

@ -34,8 +34,9 @@ class LdapUserProvider implements UserProviderInterface
private $uidKey; private $uidKey;
private $defaultSearch; private $defaultSearch;
private $passwordAttribute; private $passwordAttribute;
private $extraFields;
public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null) public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
{ {
if (null === $uidKey) { if (null === $uidKey) {
$uidKey = 'sAMAccountName'; $uidKey = 'sAMAccountName';
@ -53,6 +54,7 @@ class LdapUserProvider implements UserProviderInterface
$this->uidKey = $uidKey; $this->uidKey = $uidKey;
$this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter); $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
$this->passwordAttribute = $passwordAttribute; $this->passwordAttribute = $passwordAttribute;
$this->extraFields = $extraFields;
} }
/** /**
@ -123,12 +125,17 @@ class LdapUserProvider implements UserProviderInterface
protected function loadUser($username, Entry $entry) protected function loadUser($username, Entry $entry)
{ {
$password = null; $password = null;
$extraFields = [];
if (null !== $this->passwordAttribute) { if (null !== $this->passwordAttribute) {
$password = $this->getAttributeValue($entry, $this->passwordAttribute); $password = $this->getAttributeValue($entry, $this->passwordAttribute);
} }
return new User($username, $password, $this->defaultRoles); foreach ($this->extraFields as $field) {
$extraFields[$field] = $this->getAttributeValue($entry, $field);
}
return new User($username, $password, $this->defaultRoles, true, true, true, true, $extraFields);
} }
/** /**

9
src/Symfony/Component/Security/Core/User/User.php
View File

@ -27,8 +27,9 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
private $credentialsNonExpired; private $credentialsNonExpired;
private $accountNonLocked; private $accountNonLocked;
private $roles; private $roles;
private $extraFields;
public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true) public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true, array $extraFields = [])
{ {
if ('' === $username || null === $username) { if ('' === $username || null === $username) {
throw new \InvalidArgumentException('The username cannot be empty.'); throw new \InvalidArgumentException('The username cannot be empty.');
@ -41,6 +42,7 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
$this->credentialsNonExpired = $credentialsNonExpired; $this->credentialsNonExpired = $credentialsNonExpired;
$this->accountNonLocked = $userNonLocked; $this->accountNonLocked = $userNonLocked;
$this->roles = $roles; $this->roles = $roles;
$this->extraFields = $extraFields;
} }
public function __toString() public function __toString()
@ -118,6 +120,11 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
{ {
} }
public function getExtraFields()
{
return $this->extraFields;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */