2025-09-12 16:21:53 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use ProcessMaker\Model\RbacAuthenticationSource;
|
2025-09-16 16:03:55 +00:00
|
|
|
use ProcessMaker\Model\RbacUsers;
|
|
|
|
|
use ProcessMaker\Model\Configuration;
|
2025-09-12 16:21:53 +00:00
|
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
|
use Illuminate\Support\Facades\Cache;
|
|
|
|
|
|
|
|
|
|
class AuthSources
|
|
|
|
|
{
|
2025-09-16 16:03:55 +00:00
|
|
|
public function getListAuthSources($userUid, $start = 0, $limit = 25, $orderBy = '', $ascending = 'asc' , $filter = '') {
|
2025-09-12 16:21:53 +00:00
|
|
|
try {
|
|
|
|
|
if ($limit == 0) {
|
2025-09-16 16:03:55 +00:00
|
|
|
$limit = 25;
|
|
|
|
|
$filters = array(
|
|
|
|
|
'fields' => ['CFG_VALUE'],
|
|
|
|
|
'conditions' => ['CFG_UID' => 'authSourcesList', 'OBJ_UID' => 'pageSize', 'USR_UID' => $userUid]
|
|
|
|
|
);
|
|
|
|
|
$configuration = new Configuration();
|
|
|
|
|
$configurationReturn = $configuration->show($filters);
|
|
|
|
|
if ($configurationReturn['total'] > 0) {
|
|
|
|
|
$configValue = unserialize($configurationReturn['data'][0]['CFG_VALUE']);
|
|
|
|
|
$limit = $configValue['pageSize'] ?? $limit;
|
|
|
|
|
}
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$filters = array(
|
|
|
|
|
'fields' => ['*'],
|
|
|
|
|
'start' => $start,
|
|
|
|
|
'limit'=> $limit
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($orderBy != '') {
|
|
|
|
|
if (!in_array($ascending, ['asc', 'desc'])) {
|
|
|
|
|
$ascending = 'asc';
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
2025-09-16 16:03:55 +00:00
|
|
|
$filters['orderBy'] = [$orderBy, $ascending];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($filter != '') {
|
|
|
|
|
$filters['conditions'] = ['text' => $filter];
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
2025-09-16 16:03:55 +00:00
|
|
|
|
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
|
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
|
|
|
|
global $RBAC;
|
|
|
|
|
$auth = $RBAC->getAllUsersByAuthSource();
|
|
|
|
|
|
|
|
|
|
$sources = [];
|
2025-09-16 16:03:55 +00:00
|
|
|
foreach ($authSourceReturn['data'] as $key => $authSourceRow) {
|
|
|
|
|
$values = explode('_', $authSourceRow['AUTH_SOURCE_PASSWORD']);
|
2025-09-12 16:21:53 +00:00
|
|
|
foreach ($values as $value) {
|
2025-09-16 16:03:55 +00:00
|
|
|
if ($value == '2NnV3ujj3w') {
|
|
|
|
|
$authSourceRow['AUTH_SOURCE_PASSWORD'] = G::decrypt($values[0], $authSourceRow['AUTH_SOURCE_SERVER_NAME']);
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$label = G::LoadTranslation('ID_DISABLE');
|
2025-09-16 16:03:55 +00:00
|
|
|
if ($authSourceRow['AUTH_SOURCE_ENABLED_TLS'] === '1') {
|
2025-09-12 16:21:53 +00:00
|
|
|
$label = G::LoadTranslation('ID_ENABLE');
|
|
|
|
|
}
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceRow['AUTH_SOURCE_ENABLED_TLS_LABEL'] = $label;
|
2025-09-12 16:21:53 +00:00
|
|
|
//additional information
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceData = json_decode($authSourceRow['AUTH_SOURCE_DATA'], true);
|
2025-09-12 16:21:53 +00:00
|
|
|
if (is_array($authSourceData)) {
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceRow = array_merge($authSourceRow, $authSourceData);
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceRow['AUTH_ANONYMOUS'] = (string)$authSourceRow['AUTH_ANONYMOUS'];
|
|
|
|
|
$sources[] = $authSourceRow;
|
2025-09-12 16:21:53 +00:00
|
|
|
$index = sizeof($sources) - 1;
|
|
|
|
|
$sources[$index]['CURRENT_USERS'] = isset($auth[$sources[$index]['AUTH_SOURCE_UID']]) ? $auth[$sources[$index]['AUTH_SOURCE_UID']] : 0;
|
|
|
|
|
}
|
2025-09-16 16:03:55 +00:00
|
|
|
|
2025-09-12 16:21:53 +00:00
|
|
|
$response = [
|
|
|
|
|
'success' => true,
|
|
|
|
|
'sources' => $sources,
|
2025-09-16 16:03:55 +00:00
|
|
|
'total_sources' => $authSourceReturn['total']
|
2025-09-12 16:21:53 +00:00
|
|
|
];
|
|
|
|
|
return $response;
|
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function removeAuthSource($authSourceUid) {
|
|
|
|
|
try {
|
2025-09-16 16:03:55 +00:00
|
|
|
$conditions = ['AUTH_SOURCE_UID'=> $authSourceUid];
|
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
|
|
|
$removeResponse = $rbacAuthenticationSource->remove($conditions);
|
|
|
|
|
return ['success' => true, 'deleteRows' => $removeResponse['deleteRows'] ];
|
2025-09-12 16:21:53 +00:00
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function verifyAuthSourceName($authSourceName) {
|
|
|
|
|
try {
|
|
|
|
|
$row = false;
|
|
|
|
|
$suggestName = '';
|
2025-09-16 16:03:55 +00:00
|
|
|
$filters = [
|
|
|
|
|
'fields' => ['AUTH_SOURCE_UID', 'AUTH_SOURCE_NAME'],
|
|
|
|
|
'conditions' => ['AUTH_SOURCE_NAME' => $authSourceName]
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
|
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
|
|
|
|
|
|
|
|
if ($authSourceReturn['total'] > 0) {
|
|
|
|
|
$row = $authSourceReturn['data'][0];
|
|
|
|
|
$filters['fields'] = ['AUTH_SOURCE_NAME'];
|
|
|
|
|
$filters['conditions'] = ['text' => $authSourceName];
|
|
|
|
|
$filters['orderBy'] = ['AUTH_SOURCE_NAME', 'desc'];
|
|
|
|
|
$lastAuthSource = $rbacAuthenticationSource->show($filters);
|
|
|
|
|
if ($lastAuthSource['total'] > 0) {
|
|
|
|
|
$name = $lastAuthSource['data'][0]['AUTH_SOURCE_NAME'];
|
2025-09-12 16:21:53 +00:00
|
|
|
//get suggest name
|
|
|
|
|
$pieces = explode( ' ', $name);
|
|
|
|
|
$last = array_pop($pieces);
|
|
|
|
|
$number = trim($last, "()");
|
|
|
|
|
if ("({$number})" === $last) {
|
|
|
|
|
$number = intval($number) + 1;
|
|
|
|
|
$suggestName = implode('', $pieces) . " ({$number})";
|
|
|
|
|
} else {
|
|
|
|
|
$suggestName = $name . " (1)";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ['success' => true, 'row' => $row, 'suggestName' => $suggestName];
|
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testConnection($authSourceData) {
|
|
|
|
|
try {
|
2025-09-16 16:03:55 +00:00
|
|
|
$ldapSource = new LdapSource();
|
|
|
|
|
$authSourceConnectionData = $ldapSource->ldapConnection($authSourceData);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
|
|
|
|
$response = ['success' => true, 'status' => 'OK'];
|
|
|
|
|
if ($authSourceConnectionData['startTLS'] === false) {
|
|
|
|
|
$response["message"] = G::LoadTranslation("ID_TLS_CERTIFICATE_IS_NOT_INSTALLED_IN_THE_SERVER");
|
|
|
|
|
}
|
|
|
|
|
return $response;
|
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function saveAuthSource($authSourceData) {
|
|
|
|
|
try {
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceData['AUTH_SOURCE_VERSION'] = 3;
|
|
|
|
|
$ldapSource = new LdapSource();
|
|
|
|
|
$ldapConnection = $ldapSource->ldapConnection($authSourceData);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$authSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapSource->getPageSizeLimit(
|
|
|
|
|
$ldapConnection['connection'],
|
|
|
|
|
$authSourceData['AUTH_SOURCE_BASE_DN']
|
2025-09-12 16:21:53 +00:00
|
|
|
);
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
|
|
|
$authSourceData['AUTH_SOURCE_ID'] = $authSourceData['AUTH_SOURCE_ID'] ?? 'vacio';
|
|
|
|
|
$authSourceData['AUTH_SOURCE_DATA'] = json_encode($authSourceData['AUTH_SOURCE_DATA']);
|
|
|
|
|
$saveDataResponse = $rbacAuthenticationSource->saveData($authSourceData);
|
|
|
|
|
return ['success' => true, 'saveData' => $saveDataResponse];
|
2025-09-12 16:21:53 +00:00
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function searchUsers($authSourceUid, $filters) {
|
|
|
|
|
try {
|
2025-09-16 16:03:55 +00:00
|
|
|
$rbacUsers = new RbacUsers();
|
|
|
|
|
$usersAuthSources = $rbacUsers->listUsersAuthSources();
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
foreach ($usersAuthSources['data'] as $row) {
|
2025-09-12 16:21:53 +00:00
|
|
|
$listUsers[strtolower($row["USR_USERNAME"])] = $row['UID_AUTH_SOURCE'];
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$ldapSource = new LdapSource();
|
|
|
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
|
|
|
$result = $ldapSource->searchUsersLdap($filters['text'], $filters['start'], $filters['limit']);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$arrayData = array();
|
2025-09-12 16:21:53 +00:00
|
|
|
foreach ($result['data'] as $value) {
|
|
|
|
|
$listUsersData = $value;
|
|
|
|
|
|
|
|
|
|
if (!isset($listUsers[strtolower($listUsersData['sUsername'])])) {
|
|
|
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_NOT_IMPORTED');
|
|
|
|
|
$listUsersData['IMPORT'] = 1;
|
|
|
|
|
} elseif ($authSourceUid === $listUsers[strtolower($listUsersData['sUsername'])]) {
|
|
|
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_IMPORTED');
|
|
|
|
|
$listUsersData['IMPORT'] = 0;
|
|
|
|
|
} else {
|
|
|
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_CANNOT_IMPORT');
|
|
|
|
|
$listUsersData['IMPORT'] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayData[] = $listUsersData;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ['success' => true, 'status' => 'OK', 'resultTotal' => $result['numRecTotal'], 'resultRoot' => $arrayData];
|
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function importUsers($authSourceUid, $usersImport) {
|
|
|
|
|
try {
|
2025-09-16 16:03:55 +00:00
|
|
|
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
|
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
|
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
|
|
|
$authSourceReturn = $authSourceReturn['data'][0];
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$aAttributes = array();
|
|
|
|
|
if (isset($authSourceReturn['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])) {
|
|
|
|
|
$aAttributes = $authSourceReturn['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'];
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$usersCreated = '';
|
|
|
|
|
$countUsers = 0;
|
2025-09-16 16:03:55 +00:00
|
|
|
global $RBAC;
|
2025-09-12 16:21:53 +00:00
|
|
|
foreach ($usersImport as $sUser) {
|
|
|
|
|
$aUser = (array) $sUser;
|
|
|
|
|
$matches = array();
|
|
|
|
|
$aData = array();
|
|
|
|
|
$aData['USR_USERNAME'] = str_replace("*", "'", $aUser['sUsername']);
|
|
|
|
|
$aData["USR_PASSWORD"] = "00000000000000000000000000000000";
|
|
|
|
|
// note added by gustavo gustavo-at-colosa.com
|
|
|
|
|
// asign the FirstName and LastName variables
|
|
|
|
|
// add replace to change D*Souza to D'Souza by krlos
|
|
|
|
|
$aData['USR_FIRSTNAME'] = str_replace("*", "'", $aUser['sFirstname']);
|
|
|
|
|
$aData['USR_FIRSTNAME'] = ($aData['USR_FIRSTNAME'] == '') ? $aData['USR_USERNAME'] : $aData['USR_FIRSTNAME'];
|
|
|
|
|
$aData['USR_LASTNAME'] = str_replace("*", "'", $aUser['sLastname']);
|
|
|
|
|
$aData['USR_EMAIL'] = $aUser['sEmail'];
|
|
|
|
|
$aData['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
|
|
|
|
|
$aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_BIRTHDAY'] = date('Y-m-d');
|
|
|
|
|
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? (($aUser['USR_STATUS'] == 'ACTIVE') ? 1 : 0) : 1;
|
2025-09-16 16:03:55 +00:00
|
|
|
$aData['USR_AUTH_TYPE'] = strtolower($authSourceReturn['AUTH_SOURCE_PROVIDER']);
|
|
|
|
|
$aData['UID_AUTH_SOURCE'] = $authSourceReturn['AUTH_SOURCE_UID'];
|
|
|
|
|
|
2025-09-12 16:21:53 +00:00
|
|
|
// validating with regexp if there are some missing * inside the DN string
|
|
|
|
|
// if it's so the is changed to the ' character
|
|
|
|
|
preg_match('/[a-zA-Z]\*[a-zA-Z]/', $aUser['sDN'], $matches);
|
|
|
|
|
|
|
|
|
|
foreach ($matches as $key => $match) {
|
|
|
|
|
$newMatch = str_replace('*', '\'', $match);
|
|
|
|
|
$aUser['sDN'] = str_replace($match, $newMatch, $aUser['sDN']);
|
|
|
|
|
}
|
|
|
|
|
$aData['USR_AUTH_USER_DN'] = $aUser['sDN'];
|
|
|
|
|
|
|
|
|
|
$usrRole = 'LURANA_OPERATOR';
|
2025-09-16 16:03:55 +00:00
|
|
|
if (!empty($authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'])) {
|
|
|
|
|
//$usrRole = $authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'];
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$sUserUID = $RBAC->createUser($aData, $usrRole, $authSourceReturn['AUTH_SOURCE_NAME']);
|
2025-09-12 16:21:53 +00:00
|
|
|
$usersCreated .= $aData['USR_USERNAME'] . ' ';
|
|
|
|
|
$countUsers++;
|
|
|
|
|
|
|
|
|
|
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? $aUser['USR_STATUS'] : 'ACTIVE';
|
|
|
|
|
$aData['USR_UID'] = $sUserUID;
|
|
|
|
|
$aData['USR_ROLE'] = $usrRole;
|
|
|
|
|
|
|
|
|
|
$calendarObj = new Calendar();
|
|
|
|
|
$calendarObj->assignCalendarTo($sUserUID, '00000000000000000000000000000001', 'USER');
|
|
|
|
|
|
|
|
|
|
if (count($aAttributes)) {
|
|
|
|
|
foreach ($aAttributes as $value) {
|
|
|
|
|
if (isset($aUser[$value['attributeUser']])) {
|
|
|
|
|
$aData[$value['attributeUser']] = str_replace("*", "'", $aUser[$value['attributeUser']]);
|
|
|
|
|
if ($value['attributeUser'] == 'USR_STATUS') {
|
|
|
|
|
$evalValue = $aData[$value['attributeUser']];
|
|
|
|
|
$statusValue = $aData['USR_STATUS'];
|
|
|
|
|
$aData[$value['attributeUser']] = $statusValue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$oUser->create($aData);
|
|
|
|
|
}
|
|
|
|
|
return ['success' => true];
|
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
private static function encrypt($plaintext, $key) {
|
|
|
|
|
$cipher = 'AES-256-CBC';
|
|
|
|
|
$ivlen = openssl_cipher_iv_length($cipher);
|
|
|
|
|
$iv = openssl_random_pseudo_bytes($ivlen);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$ciphertext = base64_encode($iv . $ciphertext_raw);
|
|
|
|
|
return $ciphertext;
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
private static function decrypt($ciphertext_b64, $key) {
|
|
|
|
|
$cipher = "AES-256-CBC";
|
|
|
|
|
$ivlen = openssl_cipher_iv_length($cipher);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$ciphertext = base64_decode($ciphertext_b64);
|
|
|
|
|
$iv = substr($ciphertext, 0, $ivlen);
|
|
|
|
|
$ciphertext_raw = substr($ciphertext, $ivlen);
|
2025-09-12 16:21:53 +00:00
|
|
|
|
2025-09-16 16:03:55 +00:00
|
|
|
$plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, OPENSSL_RAW_DATA, $iv);
|
|
|
|
|
return $plaintext;
|
2025-09-12 16:21:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
