如何解决Symfony Ldap检查密码
我正在使用Symfony 4.4,并且正在做自己的身份验证器。一切正常,我只是想不通如何比较用户输入的密码和Ldap中输入的密码。我想在我的LoginFormAuthenticator中的“ checkCredentials”方法中执行此操作。这是我的LdapUserProvider:
class LdapUserProvider implements UserProviderInterface,PasswordUpgraderInterface
{
private $ldap;
private $baseDn;
private $searchDn;
private $searchPassword;
private $defaultRoles;
private $uidKey;
private $defaultSearch;
private $passwordAttribute;
private $extraFields;
//New
private $em;
public function __construct(Ldap $ldap,string $baseDn,EntityManagerInterface $em,string $searchDn = null,string $searchPassword = null,array $defaultRoles = [],string $uidKey = null,string $filter = null,string $passwordAttribute = null,array $extraFields = [])
{
if (null === $uidKey) {
$uidKey = 'sAMAccountName';
}
if (null === $filter) {
$filter = '({uid_key}={username})';
}
$this->ldap = $ldap;
$this->baseDn = $baseDn;
$this->searchDn = $searchDn;
$this->searchPassword = $searchPassword;
$this->defaultRoles = $defaultRoles;
$this->uidKey = $uidKey;
$this->defaultSearch = str_replace('{uid_key}',$uidKey,$filter);
$this->passwordAttribute = $passwordAttribute;
$this->extraFields = $extraFields;
$this->em = $em;
}
/**
* {@inheritdoc}
*/
public function loadUserByUsername($username)
{
try {
$this->ldap->bind($this->searchDn,$this->searchPassword);
$username = $this->ldap->escape($username,'',LdapInterface::ESCAPE_FILTER);
$query = str_replace('{username}',$username,$this->defaultSearch);
$search = $this->ldap->query($this->baseDn,$query);
} catch (ConnectionException $e) {
throw new UsernameNotFoundException(sprintf('User "%s" not found.',$username),$e);
}
$entries = $search->execute();
$count = \count($entries);
if (!$count) {
throw new UsernameNotFoundException(sprintf('User "%s" not found.',$username));
}
if ($count > 1) {
throw new UsernameNotFoundException('More than one user found.');
}
return $this->loadUser($username,$entries[0]);
}
/**
* {@inheritdoc}
*/
public function refreshUser(UserInterface $user)
{
if (!$user instanceof LdapUser || !$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.',\get_class($user)));
}
//New
$userRepository = $this->em->getRepository("AppBundle:User");
$user = $userRepository->findOneBy(array("username" => $user->getUsername()));
if($user === null){
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.',get_class($user)));
}
return new LdapUser($user->getEntry(),$user->getUsername(),$user->getPassword(),$user->getRoles(),$user->getExtraFields());
}
/**
* {@inheritdoc}
*/
public function upgradePassword(UserInterface $user,string $newEncodedPassword): void
{
if (!$user instanceof LdapUser) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.',\get_class($user)));
}
if (null === $this->passwordAttribute) {
return;
}
try {
$user->getEntry()->setAttribute($this->passwordAttribute,[$newEncodedPassword]);
$this->ldap->getEntryManager()->update($user->getEntry());
$user->setPassword($newEncodedPassword);
} catch (ExceptionInterface $e) {
// ignore failed password upgrades
}
}
/**
* {@inheritdoc}
*/
public function supportsClass($class)
{
return LdapUser::class === $class;
}
/**
* Loads a user from an LDAP entry.
*
* @param $username
* @param Entry $entry
* @return UserInterface
*/
protected function loadUser($username,Entry $entry)
{
/*
$password = null;
$extraFields = [];
var_dump($this->passwordAttribute);
if (null !== $this->passwordAttribute) {
var_dump($this->passwordAttribute);
$password = $this->getAttributeValue($entry,$this->passwordAttribute);
var_dump($password);
}
foreach ($this->extraFields as $field) {
$extraFields[$field] = $this->getAttributeValue($entry,$field);
}
exit();
return new LdapUser($entry,$password,$this->defaultRoles,$extraFields);*/
$userRepository = $this->em->getRepository("App:User");
//On récupère les infos de l'utilisateur qui se connecte
$user = $userRepository->findOneBy(array("username" => $username));
//Si l'utilisateur est null,donc pas présent en BDD mais OK niveau LDAP
if ($user === null) {
//Créé un User pour l'ajouter à la BDD une fois qu'on s'est assuré que c'était bien un utilisateur LDAP
//Cas première connexion de l'utilisateur
$user = new User();
$user->setFirstname($entry->getAttribute("givenName")[0]);
$user->setLastname($entry->getAttribute("sn")[0]);
$user->setEmail($entry->getAttribute("mail")[0]);
$user->setUsername($entry->getAttribute("uid")[0]);
$user->setRoles($this->defaultRoles);
$this->em->persist($user);
$this->em->flush();
} else {
$this->em->flush();
}
return $user;
}
public function checkPassword($password){
}
/**
* Fetches the password from an LDAP entry.
*
* @param null|Entry $entry
*/
private function getPassword(Entry $entry)
{
if (null === $this->passwordAttribute) {
return;
}
if (!$entry->hasAttribute($this->passwordAttribute)) {
throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".',$this->passwordAttribute,$entry->getDn()));
}
$values = $entry->getAttribute($this->passwordAttribute);
if (1 !== count($values)) {
throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.',$this->passwordAttribute));
}
return $values[0];
}
private function getAttributeValue(Entry $entry,string $attribute)
{
var_dump("getAttributeValue ".$attribute);
if (!$entry->hasAttribute($attribute)) {
throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".',$attribute,$entry->getDn()));
}
$values = $entry->getAttribute($attribute);
if (1 !== \count($values)) {
throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.',$attribute));
}
return $values[0];
}
}
我首先考虑过使用getPassword方法,但是它需要和Entry,而且我不知道如何获取此Entry。谢谢
解决方法
对于那些可能想要相同的人,我实际上使用过
$this->ldap->bind($dnUser,$password);
$ dnUser对应于用户条目的dn,您可以通过以下方式获取它
$user->getEntry()->getDn();
密码是用户输入的密码。它检查用户输入的密码是否与LDAP中的密码相同。如果情况良好,则什么也不会发生,但如果结果为false,则抛出InvalidCredentialsException。所以我就这样使用它:
public function checkCredentials($password){
try{
$this->ldap->bind($dnUser,$password);
} catch (InvalidCredentialsException $e){
return false;
}
return true;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。