Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitea40f75

Browse files
committed
[Security] Ability to add roles in form_login_ldap by ldap group
1 parent5929aa1 commitea40f75

File tree

7 files changed

+109
-2
lines changed

7 files changed

+109
-2
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ class LdapFactory implements UserProviderFactoryInterface
2929
*/
3030
publicfunctioncreate(ContainerBuilder$container,string$id,array$config)
3131
{
32+
$roleFetcher =$config['role_fetcher'] ?newReference($config['role_fetcher']) :null;
3233
$container
3334
->setDefinition($id,newChildDefinition('security.user.provider.ldap'))
3435
->replaceArgument(0,newReference($config['service']))
@@ -40,6 +41,7 @@ public function create(ContainerBuilder $container, string $id, array $config)
4041
->replaceArgument(6,$config['filter'])
4142
->replaceArgument(7,$config['password_attribute'])
4243
->replaceArgument(8,$config['extra_fields'])
44+
->replaceArgument(9,$roleFetcher)
4345
;
4446
}
4547

@@ -72,6 +74,7 @@ public function addConfiguration(NodeDefinition $node)
7274
->requiresAtLeastOneElement()
7375
->prototype('scalar')->end()
7476
->end()
77+
->scalarNode('role_fetcher')->defaultNull()->end()
7578
->scalarNode('uid_key')->defaultValue('sAMAccountName')->end()
7679
->scalarNode('filter')->defaultValue('({uid_key}={username})')->end()
7780
->scalarNode('password_attribute')->defaultNull()->end()

‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,7 @@
259259
abstract_arg('filter'),
260260
abstract_arg('password_attribute'),
261261
abstract_arg('extra_fields (email etc)'),
262+
abstract_arg('role fetcher'),
262263
])
263264

264265
->set('security.user.provider.chain', ChainUserProvider::class)
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespaceSymfony\Bundle\SecurityBundle\Tests\Functional;
13+
14+
useSymfony\Component\Ldap\Entry;
15+
useSymfony\Component\Ldap\Security\RoleFetcherInterface;
16+
17+
class DummyRoleFetcherimplements RoleFetcherInterface
18+
{
19+
publicfunctionfetchRoles(Entry$entry):array
20+
{
21+
dd($entry);// Tests to be written
22+
}
23+
}

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ services:
44
Symfony\Component\Ldap\Ldap:
55
arguments:['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
66

7+
test_role_fetcher:
8+
class:Symfony\Bundle\SecurityBundle\Tests\Functional\DummyRoleFetcher
9+
710
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
811
arguments:
912
-host:'localhost'
@@ -22,6 +25,7 @@ security:
2225
default_roles:ROLE_USER
2326
uid_key:uid
2427
extra_fields:['email']
28+
role_fetcher:'test_role_fetcher'
2529

2630
firewalls:
2731
main:

‎src/Symfony/Component/Ldap/Security/LdapUserProvider.php

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,9 @@ class LdapUserProvider implements UserProviderInterface, PasswordUpgraderInterfa
4444
privatestring$defaultSearch;
4545
private ?string$passwordAttribute;
4646
privatearray$extraFields;
47+
private ?RoleFetcherInterface$roleFetcher;
4748

48-
publicfunction__construct(LdapInterface$ldap,string$baseDn,string$searchDn =null, #[\SensitiveParameter]string$searchPassword =null,array$defaultRoles = [],string$uidKey =null,string$filter =null,string$passwordAttribute =null,array$extraFields = [])
49+
publicfunction__construct(LdapInterface$ldap,string$baseDn,string$searchDn =null, #[\SensitiveParameter]string$searchPassword =null,array$defaultRoles = [],string$uidKey =null,string$filter =null,string$passwordAttribute =null,array$extraFields = [],RoleFetcherInterface$roleFetcher =null)
4950
{
5051
$uidKey ??='sAMAccountName';
5152
$filter ??='({uid_key}={user_identifier})';
@@ -59,6 +60,7 @@ public function __construct(LdapInterface $ldap, string $baseDn, string $searchD
5960
$this->defaultSearch =str_replace('{uid_key}',$uidKey,$filter);
6061
$this->passwordAttribute =$passwordAttribute;
6162
$this->extraFields =$extraFields;
63+
$this->roleFetcher =$roleFetcher;
6264
}
6365

6466
/**
@@ -166,7 +168,12 @@ protected function loadUser(string $identifier, Entry $entry): UserInterface
166168
$extraFields[$field] =$this->getAttributeValue($entry,$field);
167169
}
168170

169-
returnnewLdapUser($entry,$identifier,$password,$this->defaultRoles,$extraFields);
171+
$roles =$this->defaultRoles;
172+
if (null !==$this->roleFetcher) {
173+
$roles =$this->roleFetcher->fetchRoles($entry);
174+
}
175+
176+
returnnewLdapUser($entry,$identifier,$password,$roles,$extraFields);
170177
}
171178

172179
privatefunctiongetAttributeValue(Entry$entry,string$attribute):mixed
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespaceSymfony\Component\Ldap\Security;
13+
14+
useSymfony\Component\Ldap\Entry;
15+
16+
/**
17+
* Fetches LDAP roles for a given entry.
18+
*/
19+
interface RoleFetcherInterface
20+
{
21+
/**
22+
* @return string[] The list of roles
23+
*/
24+
publicfunctionfetchRoles(Entry$entry):array;
25+
}

‎src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
useSymfony\Component\Ldap\LdapInterface;
2020
useSymfony\Component\Ldap\Security\LdapUser;
2121
useSymfony\Component\Ldap\Security\LdapUserProvider;
22+
useSymfony\Component\Ldap\Security\RoleFetcherInterface;
2223
useSymfony\Component\Security\Core\Exception\InvalidArgumentException;
2324
useSymfony\Component\Security\Core\Exception\UserNotFoundException;
2425

@@ -388,4 +389,47 @@ public function testRefreshUserShouldReturnUserWithSameProperties()
388389

389390
$this->assertEquals($user,$provider->refreshUser($user));
390391
}
392+
393+
publicfunctiontestLoadUserWithCorrectRoles()
394+
{
395+
// Given
396+
$result =$this->createMock(CollectionInterface::class);
397+
$query =$this->createMock(QueryInterface::class);
398+
$query
399+
->method('execute')
400+
->willReturn($result)
401+
;
402+
$ldap =$this->createMock(LdapInterface::class);
403+
$result
404+
->method('offsetGet')
405+
->with(0)
406+
->willReturn(newEntry('foo', ['sAMAccountName' => ['foo']]))
407+
;
408+
$result
409+
->method('count')
410+
->willReturn(1)
411+
;
412+
$ldap
413+
->method('escape')
414+
->willReturn('foo')
415+
;
416+
$ldap
417+
->method('query')
418+
->willReturn($query)
419+
;
420+
$roleFetcher =$this->createMock(RoleFetcherInterface::class);
421+
$roleFetcher
422+
->method('fetchRoles')
423+
->willReturn(['ROLE_FOO','ROLE_BAR'])
424+
;
425+
426+
$provider =newLdapUserProvider($ldap,'ou=MyBusiness,dc=symfony,dc=com', roleFetcher:$roleFetcher);
427+
428+
// When
429+
$user =$provider->loadUserByIdentifier('foo');
430+
431+
// Then
432+
$this->assertInstanceOf(LdapUser::class,$user);
433+
$this->assertSame(['ROLE_FOO','ROLE_BAR'],$user->getRoles());
434+
}
391435
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp