堆棧內存溢出
  簡體   English   中英

Symfony LDAP 檢查密碼

[英]Symfony Ldap checkPassword

 原文  2020-09-11 06:39:54       php/ ldap/ passwords/ symfony4

問題描述

我正在使用 Symfony 4.4 並且我正在做我自己的身份驗證器。 一切正常,我只是不知道如何比較用戶輸入的密碼和 LDAP 中的密碼。 我想在我的 LoginFormAuthenticator 中的“checkCredentials”方法中執行此操作。 這是我的 LdapUserProvider:

class LdapUserProvider implements UserProviderInterface, PasswordUpgraderInterface
{
    private $ldap;
    private $baseDn;
    private $searchDn;
    private $searchPassword;
    private $defaultRoles;
    private $uidKey;
    private $defaultSearch;
    private $passwordAttribute;
    private $extraFields;
    //New
    private $em;

    public function __construct(Ldap $ldap, string $baseDn, EntityManagerInterface $em , string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
    {
        if (null === $uidKey) {
            $uidKey = 'sAMAccountName';
        }

        if (null === $filter) {
            $filter = '({uid_key}={username})';
        }

        $this->ldap = $ldap;
        $this->baseDn = $baseDn;
        $this->searchDn = $searchDn;
        $this->searchPassword = $searchPassword;
        $this->defaultRoles = $defaultRoles;
        $this->uidKey = $uidKey;
        $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
        $this->passwordAttribute = $passwordAttribute;
        $this->extraFields = $extraFields;
        $this->em = $em;
    }

    /**
     * {@inheritdoc}
     */
    public function loadUserByUsername($username)
    {
        try {
            $this->ldap->bind($this->searchDn, $this->searchPassword);
            $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
            $query = str_replace('{username}', $username, $this->defaultSearch);
            $search = $this->ldap->query($this->baseDn, $query);
        } catch (ConnectionException $e) {
            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
        }

        $entries = $search->execute();
        $count = \count($entries);

        if (!$count) {
            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
        }

        if ($count > 1) {
            throw new UsernameNotFoundException('More than one user found.');
        }

        return $this->loadUser($username, $entries[0]);
    }

    /**
     * {@inheritdoc}
     */
    public function refreshUser(UserInterface $user)
    {
        if (!$user instanceof LdapUser || !$user instanceof User) {
            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
        }

        //New
        $userRepository = $this->em->getRepository("AppBundle:User");
        $user = $userRepository->findOneBy(array("username" => $user->getUsername()));

        if($user === null){
            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
        }

        return new LdapUser($user->getEntry(), $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
    }

    /**
     * {@inheritdoc}
     */
    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
    {
        if (!$user instanceof LdapUser) {
            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
        }

        if (null === $this->passwordAttribute) {
            return;
        }

        try {
            $user->getEntry()->setAttribute($this->passwordAttribute, [$newEncodedPassword]);
            $this->ldap->getEntryManager()->update($user->getEntry());
            $user->setPassword($newEncodedPassword);
        } catch (ExceptionInterface $e) {
            // ignore failed password upgrades
        }
    }

    /**
     * {@inheritdoc}
     */
    public function supportsClass($class)
    {
        return LdapUser::class === $class;
    }

    /**
     * Loads a user from an LDAP entry.
     *
     * @param $username
     * @param Entry $entry
     * @return UserInterface
     */
    protected function loadUser($username, Entry $entry)
    {
        /*
        $password = null;
        $extraFields = [];
        var_dump($this->passwordAttribute);
        if (null !== $this->passwordAttribute) {
            var_dump($this->passwordAttribute);
            $password = $this->getAttributeValue($entry, $this->passwordAttribute);
            var_dump($password);
        }

        foreach ($this->extraFields as $field) {
            $extraFields[$field] = $this->getAttributeValue($entry, $field);
        }
        exit();
        return new LdapUser($entry, $username, $password, $this->defaultRoles, $extraFields);*/

        $userRepository = $this->em->getRepository("App:User");
        //On récupère les infos de l'utilisateur qui se connecte
        $user = $userRepository->findOneBy(array("username" => $username));

        //Si l'utilisateur est null, donc pas présent en BDD mais OK niveau LDAP
        if ($user === null) {
            //Créé un User pour l'ajouter à la BDD une fois qu'on s'est assuré que c'était bien un utilisateur LDAP
            //Cas première connexion de l'utilisateur
            $user = new User();
            $user->setFirstname($entry->getAttribute("givenName")[0]);
            $user->setLastname($entry->getAttribute("sn")[0]);
            $user->setEmail($entry->getAttribute("mail")[0]);
            $user->setUsername($entry->getAttribute("uid")[0]);
            $user->setRoles($this->defaultRoles);

            $this->em->persist($user);
            $this->em->flush();
        } else {
            $this->em->flush();
        }

        return $user;
    }

    public function checkPassword($password){

    }

    /**
     * Fetches the password from an LDAP entry.
     *
     * @param null|Entry $entry
     */
    private function getPassword(Entry $entry)
    {
        if (null === $this->passwordAttribute) {
            return;
        }

        if (!$entry->hasAttribute($this->passwordAttribute)) {
            throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $this->passwordAttribute, $entry->getDn()));
        }

        $values = $entry->getAttribute($this->passwordAttribute);

        if (1 !== count($values)) {
            throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $this->passwordAttribute));
        }

        return $values[0];
    }

    private function getAttributeValue(Entry $entry, string $attribute)
    {
        var_dump("getAttributeValue ".$attribute);
        if (!$entry->hasAttribute($attribute)) {
            throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn()));
        }

        $values = $entry->getAttribute($attribute);

        if (1 !== \count($values)) {
            throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
        }

        return $values[0];
    }
}

一開始想到用getPassword方法,但是需要Entry,不知道怎么獲取這個Entry。 謝謝

1 個解決方案

解決方案1
 0 已采納  2020-09-14 14:06:43

對於任何可能想要相同的人,我實際上使用過

$this->ldap->bind($dnUser, $password);

$dnUser 對應用戶的Entry 的dn,可以通過

$user->getEntry()->getDn();

密碼是用戶輸入的密碼。 它檢查用戶輸入的密碼是否與 LDAP 中的密碼相同。 如果它是好的,什么都不會發生,但如果它是假的,它會拋出一個 InvalidCredentialsException。 所以我這樣使用它:

public function checkCredentials($password){
    try{
        $this->ldap->bind($dnUser, $password);
    } catch (InvalidCredentialsException $e){
        return false;
    }
    return true;
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Symfony 4 LDAP認證 使用LDAP的Symfony身份驗證 使用LDAP登錄Symfony Symfony 2.8 LDAP 身份驗證 LDAP安全組Symfony 2 Symfony3 LDAP配置 使用Symfony 2.8進行LDAP身份驗證 Symfony3 ldap組件 Symfony LDAP提供程序憑據 在Symfony 3中通過LDAP進行身份驗證
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM