729 lines
31 KiB
PHP
729 lines
31 KiB
PHP
<?php
|
|
|
|
use ProcessMaker\Model\RbacAuthenticationSource;
|
|
use ProcessMaker\Model\RbacUsers;
|
|
use ProcessMaker\Model\Configuration;
|
|
use ProcessMaker\Model\GroupUser;
|
|
use ProcessMaker\Model\Groupwf;
|
|
use ProcessMaker\Model\User;
|
|
use ProcessMaker\Model\Department;
|
|
use Illuminate\Support\Facades\Log;
|
|
use Illuminate\Support\Facades\Cache;
|
|
|
|
class AuthSources
|
|
{
|
|
public function getListAuthSources($userUid, $start = 0, $limit = 25, $orderBy = '', $ascending = 'asc' , $filter = '') {
|
|
try {
|
|
if ($limit == 0) {
|
|
$limit = 25;
|
|
$filters = array(
|
|
'fields' => ['CFG_VALUE'],
|
|
'conditions' => ['CFG_UID' => 'authSourcesList', 'OBJ_UID' => 'pageSize', 'USR_UID' => $userUid]
|
|
);
|
|
$configuration = new Configuration();
|
|
$configurationReturn = $configuration->show($filters);
|
|
if ($configurationReturn['total'] > 0) {
|
|
$configValue = unserialize($configurationReturn['data'][0]['CFG_VALUE']);
|
|
$limit = $configValue['pageSize'] ?? $limit;
|
|
}
|
|
}
|
|
|
|
$filters = array(
|
|
'fields' => ['*'],
|
|
'start' => $start,
|
|
'limit'=> $limit
|
|
);
|
|
|
|
if ($orderBy != '') {
|
|
if (!in_array($ascending, ['asc', 'desc'])) {
|
|
$ascending = 'asc';
|
|
}
|
|
$filters['orderBy'] = [$orderBy, $ascending];
|
|
}
|
|
|
|
if ($filter != '') {
|
|
$filters['conditions'] = ['text' => $filter];
|
|
}
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
|
|
global $RBAC;
|
|
$auth = $RBAC->getAllUsersByAuthSource();
|
|
|
|
$sources = [];
|
|
foreach ($authSourceReturn['data'] as $key => $authSourceRow) {
|
|
$values = explode('_', $authSourceRow['AUTH_SOURCE_PASSWORD']);
|
|
foreach ($values as $value) {
|
|
if ($value == '2NnV3ujj3w') {
|
|
$authSourceRow['AUTH_SOURCE_PASSWORD'] = G::decrypt($values[0], $authSourceRow['AUTH_SOURCE_SERVER_NAME']);
|
|
}
|
|
}
|
|
$label = G::LoadTranslation('ID_DISABLE');
|
|
if ($authSourceRow['AUTH_SOURCE_ENABLED_TLS'] === '1') {
|
|
$label = G::LoadTranslation('ID_ENABLE');
|
|
}
|
|
$authSourceRow['AUTH_SOURCE_ENABLED_TLS_LABEL'] = $label;
|
|
//additional information
|
|
$authSourceData = json_decode($authSourceRow['AUTH_SOURCE_DATA'], true);
|
|
if (is_array($authSourceData)) {
|
|
$authSourceRow = array_merge($authSourceRow, $authSourceData);
|
|
}
|
|
$authSourceRow['AUTH_ANONYMOUS'] = (string)$authSourceRow['AUTH_ANONYMOUS'];
|
|
$sources[] = $authSourceRow;
|
|
$index = sizeof($sources) - 1;
|
|
$sources[$index]['CURRENT_USERS'] = isset($auth[$sources[$index]['AUTH_SOURCE_UID']]) ? $auth[$sources[$index]['AUTH_SOURCE_UID']] : 0;
|
|
}
|
|
|
|
$response = [
|
|
'success' => true,
|
|
'sources' => $sources,
|
|
'total_sources' => $authSourceReturn['total']
|
|
];
|
|
return $response;
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function removeAuthSource($authSourceUid) {
|
|
try {
|
|
$conditions = ['AUTH_SOURCE_UID'=> $authSourceUid];
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$removeResponse = $rbacAuthenticationSource->remove($conditions);
|
|
return ['success' => true, 'deleteRows' => $removeResponse['deleteRows'] ];
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function verifyAuthSourceName($authSourceName) {
|
|
try {
|
|
$row = false;
|
|
$suggestName = '';
|
|
$filters = [
|
|
'fields' => ['AUTH_SOURCE_UID', 'AUTH_SOURCE_NAME'],
|
|
'conditions' => ['AUTH_SOURCE_NAME' => $authSourceName]
|
|
];
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
|
|
if ($authSourceReturn['total'] > 0) {
|
|
$row = $authSourceReturn['data'][0];
|
|
$filters['fields'] = ['AUTH_SOURCE_NAME'];
|
|
$filters['conditions'] = ['text' => $authSourceName];
|
|
$filters['orderBy'] = ['AUTH_SOURCE_NAME', 'desc'];
|
|
$lastAuthSource = $rbacAuthenticationSource->show($filters);
|
|
if ($lastAuthSource['total'] > 0) {
|
|
$name = $lastAuthSource['data'][0]['AUTH_SOURCE_NAME'];
|
|
//get suggest name
|
|
$pieces = explode( ' ', $name);
|
|
$last = array_pop($pieces);
|
|
$number = trim($last, '()');
|
|
if ("({$number})" === $last) {
|
|
$number = intval($number) + 1;
|
|
$suggestName = implode('', $pieces) . " ({$number})";
|
|
} else {
|
|
$suggestName = $name . ' (1)';
|
|
}
|
|
}
|
|
}
|
|
return ['success' => true, 'row' => $row, 'suggestName' => $suggestName];
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function testConnection($authSourceData) {
|
|
try {
|
|
$ldapSource = new LdapSource();
|
|
$authSourceConnectionData = $ldapSource->ldapConnection($authSourceData);
|
|
|
|
$response = ['success' => true, 'status' => 'OK'];
|
|
if ($authSourceConnectionData['startTLS'] === false) {
|
|
$response['message'] = G::LoadTranslation('ID_TLS_CERTIFICATE_IS_NOT_INSTALLED_IN_THE_SERVER');
|
|
}
|
|
return $response;
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function saveAuthSource($authSourceData) {
|
|
try {
|
|
$authSourceData['AUTH_SOURCE_VERSION'] = 3;
|
|
$ldapSource = new LdapSource();
|
|
$ldapConnection = $ldapSource->ldapConnection($authSourceData);
|
|
|
|
$authSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapSource->getPageSizeLimit(
|
|
$ldapConnection['connection'],
|
|
$authSourceData['AUTH_SOURCE_BASE_DN']
|
|
);
|
|
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceData['AUTH_SOURCE_UID'] = $authSourceData['AUTH_SOURCE_UID'] ?? '';
|
|
$authSourceData['AUTH_SOURCE_DATA'] = json_encode($authSourceData['AUTH_SOURCE_DATA']);
|
|
$saveDataResponse = $rbacAuthenticationSource->saveData($authSourceData);
|
|
return ['success' => true, 'saveData' => $saveDataResponse];
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function searchUsers($authSourceUid, $filters) {
|
|
try {
|
|
$rbacUsers = new RbacUsers();
|
|
$usersAuthSources = $rbacUsers->listUsersAuthSources();
|
|
|
|
foreach ($usersAuthSources['data'] as $row) {
|
|
$listUsers[strtolower($row['USR_USERNAME'])] = $row['UID_AUTH_SOURCE'];
|
|
}
|
|
|
|
$ldapSource = new LdapSource();
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
$result = $ldapSource->searchUsersLdap($filters['text'], $filters['start'], $filters['limit']);
|
|
|
|
$arrayData = array();
|
|
foreach ($result['data'] as $value) {
|
|
$listUsersData = $value;
|
|
|
|
if (!isset($listUsers[strtolower($listUsersData['sUsername'])])) {
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_NOT_IMPORTED');
|
|
$listUsersData['IMPORT'] = 1;
|
|
} elseif ($authSourceUid === $listUsers[strtolower($listUsersData['sUsername'])]) {
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_IMPORTED');
|
|
$listUsersData['IMPORT'] = 0;
|
|
} else {
|
|
$listUsersData['STATUS'] = G::LoadTranslation('ID_CANNOT_IMPORT');
|
|
$listUsersData['IMPORT'] = 0;
|
|
}
|
|
|
|
$arrayData[] = $listUsersData;
|
|
}
|
|
|
|
return ['success' => true, 'status' => 'OK', 'resultTotal' => $result['numRecTotal'], 'resultRoot' => $arrayData];
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function importUsers($authSourceUid, $usersImport) {
|
|
try {
|
|
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
$authSourceReturn = $authSourceReturn['data'][0];
|
|
|
|
$aAttributes = array();
|
|
if (isset($authSourceReturn['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])) {
|
|
$aAttributes = $authSourceReturn['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'];
|
|
}
|
|
|
|
$usersCreated = '';
|
|
$countUsers = 0;
|
|
global $RBAC;
|
|
foreach ($usersImport as $sUser) {
|
|
$aUser = (array) $sUser;
|
|
$matches = array();
|
|
$aData = array();
|
|
$aData['USR_USERNAME'] = str_replace('*', "'", $aUser['sUsername']);
|
|
$aData['USR_PASSWORD'] = '00000000000000000000000000000000';
|
|
// note added by gustavo gustavo-at-colosa.com
|
|
// asign the FirstName and LastName variables
|
|
// add replace to change D*Souza to D'Souza by krlos
|
|
$aData['USR_FIRSTNAME'] = str_replace('*', "'", $aUser['sFirstname']);
|
|
$aData['USR_FIRSTNAME'] = ($aData['USR_FIRSTNAME'] == '') ? $aData['USR_USERNAME'] : $aData['USR_FIRSTNAME'];
|
|
$aData['USR_LASTNAME'] = str_replace('*', "'", $aUser['sLastname']);
|
|
$aData['USR_EMAIL'] = $aUser['sEmail'];
|
|
$aData['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
|
|
$aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
|
|
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
|
|
$aData['USR_BIRTHDAY'] = date('Y-m-d');
|
|
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? (($aUser['USR_STATUS'] == 'ACTIVE') ? 1 : 0) : 1;
|
|
$aData['USR_AUTH_TYPE'] = strtolower($authSourceReturn['AUTH_SOURCE_PROVIDER']);
|
|
$aData['UID_AUTH_SOURCE'] = $authSourceReturn['AUTH_SOURCE_UID'];
|
|
|
|
// validating with regexp if there are some missing * inside the DN string
|
|
// if it's so the is changed to the ' character
|
|
preg_match('/[a-zA-Z]\*[a-zA-Z]/', $aUser['sDN'], $matches);
|
|
|
|
foreach ($matches as $key => $match) {
|
|
$newMatch = str_replace('*', '\'', $match);
|
|
$aUser['sDN'] = str_replace($match, $newMatch, $aUser['sDN']);
|
|
}
|
|
$aData['USR_AUTH_USER_DN'] = $aUser['sDN'];
|
|
|
|
$usrRole = 'LURANA_OPERATOR';
|
|
if (!empty($authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'])) {
|
|
$usrRole = $authSourceReturn['AUTH_SOURCE_DATA']['USR_ROLE'];
|
|
}
|
|
|
|
$sUserUID = $RBAC->createUser($aData, $usrRole, $authSourceReturn['AUTH_SOURCE_NAME']);
|
|
$usersCreated .= $aData['USR_USERNAME'] . ' ';
|
|
$countUsers++;
|
|
|
|
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? $aUser['USR_STATUS'] : 'ACTIVE';
|
|
$aData['USR_UID'] = $sUserUID;
|
|
$aData['USR_ROLE'] = $usrRole;
|
|
|
|
$calendarObj = new Calendar();
|
|
$calendarObj->assignCalendarTo($sUserUID, '00000000000000000000000000000001', 'USER');
|
|
|
|
if (count($aAttributes)) {
|
|
foreach ($aAttributes as $value) {
|
|
if (isset($aUser[$value['attributeUser']])) {
|
|
$aData[$value['attributeUser']] = str_replace('*', "'", $aUser[$value['attributeUser']]);
|
|
if ($value['attributeUser'] == 'USR_STATUS') {
|
|
$evalValue = $aData[$value['attributeUser']];
|
|
$statusValue = $aData['USR_STATUS'];
|
|
$aData[$value['attributeUser']] = $statusValue;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$oUser = new Users();
|
|
$oUser->create($aData);
|
|
}
|
|
return ['success' => true];
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function searchGroups($authSourceUid) {
|
|
try {
|
|
$ldapSource = new LdapSource();
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
$groupsLdap = $ldapSource->searchGroups();
|
|
|
|
$allGroupsLdap = [];
|
|
foreach ($groupsLdap as $group) {
|
|
$node = array();
|
|
$node['GRP_UID'] = $group['cn'];
|
|
$node['GRP_TITLE'] = $group['cn'];
|
|
$node['GRP_USERS'] = $group['users'];
|
|
$node['GRP_DN'] = $group['dn'];
|
|
$allGroupsLdap[] = $node;
|
|
}
|
|
|
|
$groupUser = new GroupUser();
|
|
$groupsNumberUsers = $groupUser->getNumberOfUsersByGroups();
|
|
$listGroupsNumberUsers = [];
|
|
foreach ($groupsNumberUsers['data'] as $group) {
|
|
$listGroupsNumberUsers[$group['GRP_UID']] = $group['NUM_REC'];
|
|
}
|
|
|
|
$groupwf = new Groupwf();
|
|
$groupsObjects = [];
|
|
foreach ($allGroupsLdap as $group) {
|
|
$groupObject = new TreeNodeAuthSource();
|
|
$groupObject->text = htmlentities($group['GRP_TITLE'], ENT_QUOTES, 'UTF-8');
|
|
$groupUid = $groupwf->getGroupWithDN($group['GRP_DN']);
|
|
if (!empty($groupUid[0]['GRP_UID'])) {
|
|
$groupUid = $groupUid[0]['GRP_UID'];
|
|
$groupObject->text .= ' (' . ($listGroupsNumberUsers[$groupUid] ?? 0) . ')';
|
|
$groupObject->checked = true;
|
|
} else {
|
|
$groupObject->checked = false;
|
|
}
|
|
$groupObject->id = urlencode($group['GRP_DN']);
|
|
$groupsObjects[] = $groupObject;
|
|
}
|
|
|
|
return $groupsObjects;
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function searchDepartaments($authSourceUid) {
|
|
try {
|
|
$ldapSource = new LdapSource();
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
$departments = $ldapSource->searchDepartments();
|
|
|
|
$departmentsObjects = array();
|
|
$user = new User();
|
|
$departmentsNumberUsers = $user->getNumberOfUsersByDepartments();
|
|
$listDepartmentsNumberUsers = [];
|
|
foreach ($departmentsNumberUsers['data'] as $group) {
|
|
$listDepartmentsNumberUsers[$group['DEP_UID']] = $group['NUM_REC'];
|
|
}
|
|
|
|
$departmentsObject = $this->getChildrenDepartments($departments, '', $listDepartmentsNumberUsers, $ldapSource->terminatedOu);
|
|
return $departmentsObject;
|
|
} catch (Exception $exception) {
|
|
return ['success' => false, 'message' => $exception->getMessage()];
|
|
}
|
|
}
|
|
|
|
public function saveGroups($groupsDN, $authSourceUid) {
|
|
$groupsToCheck = explode('|', $groupsDN);
|
|
$groupsToCheck = array_map('urldecode', $groupsToCheck);
|
|
$groupsToUncheck = $this->getGroupsToUncheck($groupsToCheck);
|
|
|
|
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
$authenticationSourceData = $authSourceReturn['data'][0];
|
|
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
|
|
|
|
$ldapSource = new LdapSource();
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
|
|
$groupwf = new Groupwf();
|
|
foreach ($groupsToCheck as $groupDN) {
|
|
$ous = $ldapSource->custom_ldap_explode_dn($groupDN);
|
|
$currentGroup = array_shift($ous);
|
|
$groupAux = explode('=', $currentGroup);
|
|
$groupTitle = isset($groupAux[1]) ? trim($groupAux[1]) : '';
|
|
$groupTitle = stripslashes($groupTitle);
|
|
if (empty($groupTitle)) {
|
|
continue;
|
|
}
|
|
|
|
$filters = array(
|
|
'fields' => ['GRP_UID'],
|
|
'conditions' => ['GRP_TITLE' => $groupTitle, 'GRP_STATUS' => 'ACTIVE']
|
|
);
|
|
$allGroups = $groupwf->show($filters);
|
|
$groupUid = $allGroups['data'][0]['GRP_UID'] ?? '';
|
|
|
|
if ($groupUid === '') {
|
|
$group = [
|
|
'GRP_TITLE' => $groupTitle,
|
|
'GRP_LDAP_DN' => $groupDN
|
|
];
|
|
} else {
|
|
$group = $allGroups['data'][0];
|
|
$group['GRP_LDAP_DN'] = $groupDN;
|
|
}
|
|
|
|
$groupwf->saveData($group);
|
|
}
|
|
|
|
if (count($groupsToUncheck) > 0) {
|
|
foreach ($groupsToUncheck as $groupDN) {
|
|
$ous = $ldapSource->custom_ldap_explode_dn($groupDN);
|
|
$currentGroup = array_shift($ous);
|
|
$groupAux = explode('=', $currentGroup);
|
|
$groupTitle = isset($groupAux[1]) ? trim($groupAux[1]) : '';
|
|
$groupTitle = stripslashes($groupTitle);
|
|
if (empty($groupTitle)) {
|
|
continue;
|
|
}
|
|
|
|
$filters = array(
|
|
'fields' => ['GRP_UID'],
|
|
'conditions' => ['GRP_TITLE' => $groupTitle, 'GRP_STATUS' => 'ACTIVE']
|
|
);
|
|
$allGroups = $groupwf->show($filters);
|
|
$groupUid = $allGroups['data'][0]['GRP_UID'] ?? '';
|
|
|
|
if ($groupUid != '') {
|
|
$group = $allGroups['data'][0];
|
|
$group['GRP_LDAP_DN'] = '';
|
|
$groupwf->saveData($group);
|
|
if (!isset($authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'])) {
|
|
$authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'] = [];
|
|
}
|
|
if (!in_array($groupUid, $authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'])) {
|
|
$authenticationSourceData['AUTH_SOURCE_DATA']['GROUPS_TO_UNASSIGN'][] = $groupUid;
|
|
}
|
|
}
|
|
}
|
|
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_encode($authenticationSourceData['AUTH_SOURCE_DATA']);
|
|
$rbacAuthenticationSource->saveData($authenticationSourceData);
|
|
}
|
|
|
|
$responseSaveGroups = [
|
|
'status' => 'OK',
|
|
'success' => true
|
|
];
|
|
return $responseSaveGroups;
|
|
|
|
if ($ldapSource->checkDuplicateTitles()) {
|
|
$response->warning = G::LoadTranslation('ID_IT_WAS_IDENTIFIED_DUPLICATED_GROUPS_PLEASE_REMOVE_THESE_GROUPS');
|
|
}
|
|
}
|
|
|
|
public function saveDepartments($departmentsDN, $authSourceUid) {
|
|
$depsToCheck = ($departmentsDN != '') ? explode('|', $departmentsDN) : [];
|
|
$depsToCheck = array_map('urldecode', $depsToCheck);
|
|
|
|
$depsToUncheck = $this->getDepartmentsToUncheck($depsToCheck);
|
|
|
|
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authSourceUid]];
|
|
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
|
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
|
$authenticationSourceData = $authSourceReturn['data'][0];
|
|
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
|
|
|
|
$ldapSource = new LdapSource();
|
|
$ldapSource->authSourceUid = $authSourceUid;
|
|
|
|
$department = new Department();
|
|
foreach ($depsToCheck as $departmentDn) {
|
|
$departmentUid = $department->getDepUidIfExistsDN($departmentDn);
|
|
$departmentUid = $departmentUid['data'][0]['DEP_UID'] ?? '';
|
|
|
|
if ($departmentUid == '') {
|
|
if (strcasecmp($departmentDn, $authenticationSourceData['AUTH_SOURCE_BASE_DN']) == 0) {
|
|
$departmentTitle = 'ROOT (' . $authenticationSourceData['AUTH_SOURCE_BASE_DN'] . ')';
|
|
$parentUid = '';
|
|
} else {
|
|
$ous = $ldapSource->custom_ldap_explode_dn($departmentDn);
|
|
$departmentCurrent = array_shift($ous);
|
|
$parentDn = implode(',', $ous);
|
|
$ous = explode('=', $departmentCurrent);
|
|
$departmentTitle = trim($ous[1]);
|
|
$parentUid = $department->getDepUidIfExistsDN($parentDn);
|
|
$parentUid = $parentUid['data'][0]['DEP_UID'] ?? '';
|
|
if (str_ireplace($authenticationSourceData['AUTH_SOURCE_BASE_DN'], '', $parentDn) != '' && $parentUid == '') {
|
|
$response = new stdClass();
|
|
$response->status = 'ERROR';
|
|
$response->message = G::LoadTranslation(
|
|
'ID_DEPARTMENT_CHECK_PARENT_DEPARTMENT',
|
|
[$parentDn, $departmentTitle]
|
|
);
|
|
echo json_encode($response);
|
|
exit(0);
|
|
}
|
|
}
|
|
|
|
$filters = array(
|
|
'conditions' => ['DEP_STATUS' => 'ACTIVE', 'DEP_TITLE' => $departmentTitle]
|
|
);
|
|
$allDepartments = $department->show($filters);
|
|
$departmentUid = $allDepartments['data'][0]['DEP_UID'] ?? '';
|
|
|
|
if (empty($departmentUid)) {
|
|
$data = [
|
|
'DEP_TITLE' => stripslashes($departmentTitle),
|
|
'DEP_PARENT' => $parentUid,
|
|
'DEP_LDAP_DN' => $departmentDn,
|
|
'DEP_REF_CODE' => ''
|
|
];
|
|
$saveDerpartment = $department->saveData($data);
|
|
|
|
if (empty($saveDerpartment)) {
|
|
$response = new stdClass();
|
|
$response->status = 'ERROR';
|
|
$response->message = G::LoadTranslation('ID_DEPARTMENT_ERROR_CREATE');
|
|
echo json_encode($response);
|
|
exit(0);
|
|
}
|
|
} else {
|
|
|
|
$data = $allDepartments['data'][0];
|
|
$data['DEP_LDAP_DN'] = $departmentDn;
|
|
$department->saveData($data);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (count($depsToUncheck) > 0) {
|
|
$baseDnLength = strlen($authenticationSourceData['AUTH_SOURCE_BASE_DN']);
|
|
foreach ($depsToUncheck as $departmentDn) {
|
|
$departmentUid = $department->getDepUidIfExistsDN($departmentDn);
|
|
$departmentUid = $departmentUid['data'][0]['DEP_UID'] ?? '';
|
|
if ($departmentUid != '' &&
|
|
strcasecmp(
|
|
substr($departmentDn, strlen($departmentDn) - $baseDnLength),
|
|
$authenticationSourceData['AUTH_SOURCE_BASE_DN']
|
|
) == 0
|
|
) {
|
|
$filters = array(
|
|
'conditions' => ['DEP_UID' => $departmentUid]
|
|
);
|
|
$allDepartments = $department->show($filters);
|
|
$data = $allDepartments['data'][0] ?? [];
|
|
$data['DEP_LDAP_DN'] = '';
|
|
$department->saveData($data);
|
|
if (!isset($authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'])) {
|
|
$authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'] = [];
|
|
}
|
|
if (!in_array($departmentUid, $authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'])) {
|
|
$authenticationSourceData['AUTH_SOURCE_DATA']['DEPARTMENTS_TO_UNASSIGN'][] = $departmentUid;
|
|
}
|
|
}
|
|
}
|
|
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_encode($authenticationSourceData['AUTH_SOURCE_DATA']);
|
|
$rbacAuthenticationSource->saveData($authenticationSourceData);
|
|
}
|
|
|
|
$responseSaveGroups = [
|
|
'status' => 'OK',
|
|
'success' => true
|
|
];
|
|
return $responseSaveGroups;
|
|
|
|
if ($ldapAdvanced->checkDuplicateDepartmentTitles()) {
|
|
$response->warning = G::LoadTranslation('ID_IT_WAS_IDENTIFIED_DUPLICATED_DEPARTMENTS_PLEASE_REMOVE_THESE_DEPARTMENTS');
|
|
}
|
|
}
|
|
|
|
private function getDepartments($departments, $parent, $terminatedOu)
|
|
{
|
|
$parentDepartments = $departments;
|
|
$childDepartments = $departments;
|
|
$currentDepartments = array();
|
|
|
|
foreach ($parentDepartments as $key => $val) {
|
|
if (strtolower($val['dn']) != strtolower($parent)) {
|
|
if ((strtolower($val['parent']) == strtolower($parent)) && (strtolower($val['ou']) != strtolower($terminatedOu))) {
|
|
$node = array();
|
|
$node['DEP_UID'] = $val['ou'];
|
|
$node['DEP_TITLE'] = $val['ou'];
|
|
$node['DEP_USERS'] = $val['users'];
|
|
$node['DEP_DN'] = $val['dn'];
|
|
$node['HAS_CHILDREN'] = false;
|
|
$departments[$key]['hasChildren'] = false;
|
|
|
|
foreach ($childDepartments as $key2 => $val2) {
|
|
if (strtolower($val2['parent']) == strtolower($val['dn'])) {
|
|
$node['HAS_CHILDREN'] = true;
|
|
$departments[$key]['hasChildren'] = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
$node['DEP_LAST'] = false;
|
|
$currentDepartments[] = $node;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (isset($currentDepartments[count($currentDepartments) - 1])) {
|
|
$currentDepartments[count($currentDepartments) - 1]['DEP_LAST'] = true;
|
|
}
|
|
|
|
return $currentDepartments;
|
|
}
|
|
|
|
private function getChildrenDepartments($departments, $parent, $listDepartmentsNumberUsers, $terminatedOu) {
|
|
$allDepartments = $this->getDepartments($departments, $parent, $terminatedOu);
|
|
|
|
$department = new Department();
|
|
foreach ($allDepartments as $departmentData) {
|
|
$departmentObject = new TreeNodeAuthSource();
|
|
$departmentObject->text = htmlentities($departmentData['DEP_TITLE'], ENT_QUOTES, 'UTF-8');
|
|
|
|
$departmentDNData = $department->getDepUidIfExistsDN($departmentData['DEP_DN']);
|
|
$departmentUid = $departmentDNData['data'][0]['DEP_UID'] ?? '';
|
|
|
|
if ($departmentUid != '') {
|
|
$departmentObject->text .= ' (' . ($listDepartmentsNumberUsers[$departmentUid] ?? '') . ')';
|
|
$departmentObject->checked = true;
|
|
} else {
|
|
$departmentObject->checked = false;
|
|
}
|
|
|
|
if ($departmentData['HAS_CHILDREN'] == 1) {
|
|
$departmentObject->children = $this->getChildrenDepartments($departments, $departmentData['DEP_DN'], $listDepartmentsNumberUsers, $terminatedOu);
|
|
}
|
|
|
|
$departmentObject->id = urlencode($departmentData['DEP_DN']);
|
|
$departmentsObjects[] = $departmentObject;
|
|
}
|
|
return $departmentsObjects;
|
|
}
|
|
|
|
private function getDepartmentsToUncheck($depsToCheck)
|
|
{
|
|
$departament = new Department();
|
|
$departmentsWithDN = $departament->getDepartmentsWithDN();
|
|
$departmentsWithDN = $departmentsWithDN['data'];
|
|
|
|
$depsToUncheck = [];
|
|
foreach ($departmentsWithDN as $departmentWithDN) {
|
|
$found = false;
|
|
|
|
foreach ($depsToCheck as $depToCheck) {
|
|
if ($departmentWithDN['DEP_LDAP_DN'] == $depToCheck) {
|
|
$found = true;
|
|
}
|
|
}
|
|
|
|
if (!$found) {
|
|
$depsToUncheck[] = $departmentWithDN['DEP_LDAP_DN'];
|
|
}
|
|
}
|
|
|
|
return $depsToUncheck;
|
|
}
|
|
|
|
private function getGroupsToUncheck($groupsToCheck)
|
|
{
|
|
$groupsWithDN = $this->getGroupsWithDN();
|
|
$groupsToUncheck = array();
|
|
|
|
foreach ($groupsWithDN as $groupWithDN) {
|
|
$found = false;
|
|
|
|
foreach ($groupsToCheck as $groupToCheck) {
|
|
if ($groupWithDN['GRP_LDAP_DN'] == $groupToCheck) {
|
|
$found = true;
|
|
}
|
|
}
|
|
|
|
if (!$found) {
|
|
$groupsToUncheck[] = $groupWithDN['GRP_LDAP_DN'];
|
|
}
|
|
}
|
|
|
|
return $groupsToUncheck;
|
|
}
|
|
|
|
private function getGroupsWithDN()
|
|
{
|
|
$groupwf = new Groupwf();
|
|
$filters = array('start' => 0, 'limit' => 1000);
|
|
$allGroups = $groupwf->show($filters);
|
|
$allGroups = $allGroups['data'];
|
|
$groupsWithDN = array();
|
|
|
|
foreach ($allGroups as $group) {
|
|
if ($group['GRP_LDAP_DN'] != '') {
|
|
$groupsWithDN[] = $group;
|
|
}
|
|
}
|
|
|
|
return $groupsWithDN;
|
|
}
|
|
|
|
private static function encrypt($plaintext, $key) {
|
|
$cipher = 'AES-256-CBC';
|
|
$ivlen = openssl_cipher_iv_length($cipher);
|
|
$iv = openssl_random_pseudo_bytes($ivlen);
|
|
|
|
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv);
|
|
|
|
$ciphertext = base64_encode($iv . $ciphertext_raw);
|
|
return $ciphertext;
|
|
}
|
|
|
|
private static function decrypt($ciphertext_b64, $key) {
|
|
$cipher = 'AES-256-CBC';
|
|
$ivlen = openssl_cipher_iv_length($cipher);
|
|
|
|
$ciphertext = base64_decode($ciphertext_b64);
|
|
$iv = substr($ciphertext, 0, $ivlen);
|
|
$ciphertext_raw = substr($ciphertext, $ivlen);
|
|
|
|
$plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, OPENSSL_RAW_DATA, $iv);
|
|
return $plaintext;
|
|
}
|
|
}
|
|
|
|
|
|
class TreeNodeAuthSource extends stdclass
|
|
{
|
|
public $text = '';
|
|
public $cls = '';
|
|
public $leaf = false;
|
|
public $checked = false;
|
|
public $children = array();
|
|
public $id = '';
|
|
} |