Skip to content

Commit

Permalink
Refine logging plus group map supports multiple groups comma separate…
Browse files Browse the repository at this point in the history 
…d, plus default group ("*").
  • Loading branch information
@dcapslock
dcapslock committed Jun 21, 2018
1 parent 3416234 commit 6c98897
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 63 deletions.
108 changes: 58 additions & 50 deletions crowd/crowd.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@

class plgAuthenticationCrowd extends JPlugin
{
const LOGGER_CATEGORY = 'crowd';

/**
* Constructor
*
Expand All @@ -30,9 +32,8 @@ class plgAuthenticationCrowd extends JPlugin
*/
function plgAuthenticationCrowd(& $subject, $config) {
parent::__construct($subject, $config);
JLog::addLogger(array('text_file' => 'debug.crowd.log'));
JLog::add('crowd 0.01 Start logging');
//JLog::add('crowd config params: ' . $this->params);
JLog::addLogger(array('text_file' => 'debug.crowd.log'), JLog::DEBUG, array(self::LOGGER_CATEGORY));
JLog::add('crowd 0.01 Start logging', JLog::DEBUG, self::LOGGER_CATEGORY);
}

// see rules.php
Expand All @@ -55,15 +56,15 @@ protected function checkDeleteUser($credentials)
JLog::add('check if we have to delete user ' . $credentials['username']);
$id = intval(JUserHelper::getUserId($credentials['username']));
if ($id < 1) {
JLog::add('user not known to joomla, do nothing');
JLog::add('user not known to joomla, do nothing', JLog::DEBUG, self::LOGGER_CATEGORY);
return; // no such user in joomla, nothing to do for us
}

// check whether this user exists in crowd
$server = $this->params->get('crowd_url');
$appname = $this->params->get('crowd_app_name');
$apppass = $this->params->get('crowd_password');
JLog::add('onUserAuthenticate: connecting to url ' . $server);
JLog::add('onUserAuthenticate: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY);
$authcode = base64_encode($appname . ":" . $apppass);
// JLog::add('auth code [' . $authcode . ']');

Expand All @@ -72,54 +73,54 @@ protected function checkDeleteUser($credentials)
$request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml',
'Authorization' => 'Basic ' . $authcode);
$http = new JHttp;
JLog::add('request url ' . $request_url);
JLog::add('with headers ' . var_export($request_header, true));
JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY);
JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$result = $http->get($request_url, $request_header);
JLog::add('response: ' . var_export($result, true));
JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$obj = json_decode($result->body);
JLog::add('msg: ' . $obj->reason);
JLog::add('msg: ' . $obj->reason, JLog::DEBUG, self::LOGGER_CATEGORY);
if ($obj->reason != 'USER_NOT_FOUND') {
JLog::add('crowd seems to know about this user, do not delete from joomla!');
JLog::add('crowd seems to know about this user, do not delete from joomla!', JLog::DEBUG, self::LOGGER_CATEGORY);
return;
}

// delete this user
$user = JUser::getInstance();
$user->load($id);
$user->delete();
JLog::add('user deleted from joomla.');
JLog::add('user deleted from joomla.', JLog::DEBUG, self::LOGGER_CATEGORY);
}

/** creates a new joomla group, returns the resulting group id */
protected function createGroup($gname)
{
//$db = JFactory::getDbo();
JLog::add('createGroup not yet implemented!');
JLog::add('createGroup not yet implemented!', JLog::DEBUG, self::LOGGER_CATEGORY);
}


/** Trust the sso flag, login without password */
function doSSOLogin( $credentials, $options, &$response )
{
JLog::add('crowd::onUserAuthenticate immediate login: ' . var_export($credentials, true));
JLog::add('crowd::onUserAuthenticate immediate login: ' . var_export($credentials, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$response->status = JAuthentication::STATUS_SUCCESS;
$response->email = $credentials['email'];
$response->fullname = $credentials['fullname'];
$response->username = $credentials['username'];
$response->error_message = '';
JLog::add('crowd: returning response: ' . var_export($response, true));
JLog::add('crowd: returning response: ' . var_export($response, true), JLog::DEBUG, self::LOGGER_CATEGORY);
return true;
}

/** checks username/password against crowd */
function doCrowdLogin( $credentials, $options, &$response )
{
JLog::add('doing regular login');
JLog::add('doing regular login', JLog::DEBUG, self::LOGGER_CATEGORY);

$server = $this->params->get('crowd_url');
$appname = $this->params->get('crowd_app_name');
$apppass = $this->params->get('crowd_password');
JLog::add('onUserAuthenticate: connecting to url ' . $server);
JLog::add('onUserAuthenticate: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY);
$authcode = base64_encode($appname . ":" . $apppass);
// JLog::add('auth code [' . $authcode . ']');

Expand All @@ -128,10 +129,10 @@ function doCrowdLogin( $credentials, $options, &$response )
$request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml',
'Authorization' => 'Basic ' . $authcode);
$http = new JHttp;
JLog::add('request url ' . $request_url);
JLog::add('with headers ' . var_export($request_header, true));
JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY);
JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$result = $http->get($request_url, $request_header);
JLog::add('cookie config: ' . var_export($result, true));
JLog::add('cookie config: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY);
if (!$result or $result->code != 200) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = 'Cannot fetch cookie config from crowd';
Expand All @@ -147,11 +148,11 @@ function doCrowdLogin( $credentials, $options, &$response )
$cookieDomain = $altCookieDomain;
}

JLog::add('cookie name: ' . $cookieName . ', domain: ' . $cookieDomain);
JLog::add('cookie name: ' . $cookieName . ', domain: ' . $cookieDomain, JLog::DEBUG, self::LOGGER_CATEGORY);

// now trying to login
$request_url = $server . '/rest/usermanagement/1/session?validate-password=true';
JLog::add('request url ' . $request_url);
JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY);
$request_data = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' .
'<authentication-context>' .
' <username>' . $credentials['username'] . '</username>' .
Expand All @@ -166,20 +167,20 @@ function doCrowdLogin( $credentials, $options, &$response )
#JLog::add('request data: ' . $request_data);
$request_header = array('Accept' => 'application/xml', 'Content-Type' => 'application/xml',
'Authorization' => 'Basic ' . $authcode);
JLog::add('with headers ' . var_export($request_header, true));
JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$result = $http->post($request_url, $request_data, $request_header);
JLog::add('response: ' . var_export($result, true));
JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY);
if (!$result or $result->code != 201) {
JLog::add('have not got expected code 201, login failed');
JLog::add('have not got expected code 201, login failed', JLog::DEBUG, self::LOGGER_CATEGORY);
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = 'Login to crowd failed';
return false;
}
JLog::add('fetching info from new location: ' . $result->headers['Location']);
JLog::add('fetching info from new location: ' . $result->headers['Location'], JLog::DEBUG, self::LOGGER_CATEGORY);
$result = $http->get($result->headers['Location'], $request_header);
JLog::add('response: ' . var_export($result, true));
JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY);
if (!$result or $result->code != 200) {
JLog::add('have not got expected code 200, login failed');
JLog::add('have not got expected code 200, login failed', JLog::DEBUG, self::LOGGER_CATEGORY);
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = 'Login to crowd failed';
return false;
Expand All @@ -194,22 +195,22 @@ function doCrowdLogin( $credentials, $options, &$response )
$response->username = (string) $xml->user['name'];
$response->status = JAuthentication::STATUS_SUCCESS;
$response->error_message = '';
JLog::add('login successfull, returning: ' . var_export($response, true));
JLog::add('login successfull, returning: ' . var_export($response, true), JLog::DEBUG, self::LOGGER_CATEGORY);

// finally export our token as cookie
JLog::add('set cookie ' . $cookieName . ' = ' . $token);
JLog::add('set cookie ' . $cookieName . ' = ' . $token, JLog::DEBUG, self::LOGGER_CATEGORY);
setcookie($cookieName,$token, 0, "/", $cookieDomain,false,true);

return true;
}

function handleGroups( $user, $credentials, $options, &$response )
{
JLog::add('login succeeded, obtaining groups');
JLog::add('login succeeded, obtaining groups', JLog::DEBUG, self::LOGGER_CATEGORY);
$server = $this->params->get('crowd_url');
$appname = $this->params->get('crowd_app_name');
$apppass = $this->params->get('crowd_password');
JLog::add('handleGroups: connecting to url ' . $server);
JLog::add('handleGroups: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY);
$authcode = base64_encode($appname . ":" . $apppass);
// JLog::add('auth code [' . $authcode . ']');

Expand All @@ -218,35 +219,35 @@ function handleGroups( $user, $credentials, $options, &$response )
$request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml',
'Authorization' => 'Basic ' . $authcode);
$http = new JHttp;
JLog::add('request url ' . $request_url);
JLog::add('with headers ' . var_export($request_header, true));
JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY);
JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$result = $http->get($request_url, $request_header);
JLog::add('group config: ' . var_export($result, true));
JLog::add('group config: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY);
if (!$result or $result->code != 200) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = 'Cannot fetch groups from crowd';
return false;
}
$obj = json_decode($result->body);
$groups = $obj->groups; // array containing all crowd groups of this user as objects with attr 'name'
JLog::add('crowd groups: ' . var_export($groups, true));
JLog::add('crowd groups: ' . var_export($groups, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$response->groups = array();
$allgroups = $this->getUserGroups(); // array of objects containing group name and joomla id as 'text' and 'value'
JLog::add('joomla groups: ' . var_export($allgroups, true));
JLog::add('joomla groups: ' . var_export($allgroups, true), JLog::DEBUG, self::LOGGER_CATEGORY);
$allgroupnames = array(); // array of joomla group names

$groupmapping = explode(";",$this->params->get('crowd_group_map'));
$groupmap = array();
foreach ($groupmapping as $gm) {
$ml = explode(":",$gm);
if (count($ml) != 2 || intval($ml[1]) < 1) {
JLog::add('ignored mapping entry [' . $gm . ']');
JLog::add('ignored mapping entry [' . $gm . ']', JLog::DEBUG, self::LOGGER_CATEGORY);
}
else {
$groupmap[trim($ml[0])] = intval($ml[1]);
$groupmap[trim($ml[0])] = explode(",",$ml[1]);
}
}
JLog::add('groupmap: ' . var_export($groupmap,true));
JLog::add('groupmap: ' . var_export($groupmap,true), JLog::DEBUG, self::LOGGER_CATEGORY);

foreach ($allgroups as $jgroup) {
array_push($allgroupnames, $jgroup->text);
Expand All @@ -255,35 +256,42 @@ function handleGroups( $user, $credentials, $options, &$response )
// first remove user from all groups
foreach ($allgroups as $group) {
$res = JUserHelper::removeUserFromGroup($user->id, $group->value);
JLog::add('removed user from group ' . $group->text . ' with result ' . $res);
JLog::add('removed user from group ' . $group->text . ' with result ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY);
}

// Process Group Map default if exists
if (array_key_exists("*", $groupmap)) {
$res = JUserHelper::setUserGroups($user->id, $groupmap["*"]);
JLog::add('added user to mapped groups ' . $group->name . ':' . implode(",", $groupmap["*"]) . ' result: ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY);
}


// now re-add all groups we have got from crowd
foreach ($groups as $group) {
JLog::add('got group: ' . $group->name);
JLog::add('got group: ' . $group->name, JLog::DEBUG, self::LOGGER_CATEGORY);
array_push($response->groups, $group->name);
//array_push($user->groups, $group->name);

// check mapping
if (array_key_exists($group->name, $groupmap)) {
$res = JUserHelper::addUserToGroup($user->id, $groupmap[$group->name]);
JLog::add('added user to mapped group ' . $group->name . ' result: ' . $res);
$res = JUserHelper::setUserGroups($user->id, $groupmap[$group->name]);
JLog::add('added user to mapped groups ' . $group->name . ':' . implode(",", $groupmap[$group->name]) . ' result: ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY);
continue;
}

// create new groups if needed
if (!in_array($group->name, $allgroupnames)) {
JLog::add('create new group ' . $group->name);
JLog::add('create new group ' . $group->name, JLog::DEBUG, self::LOGGER_CATEGORY);
$gid = $this->createGroup($group->name);
}
else { // group already exists in joomla
foreach ($allgroups as $g) {
if ($g->text == $group->name) {
try {
JUserHelper::addUserToGroup($user->id, $g->value);
JLog::add("added user " . $user->id . ' to group ' . $g->name . ' id: ' . $g->value);
JLog::add("added user " . $user->id . ' to group ' . $g->name . ' id: ' . $g->value, JLog::DEBUG, self::LOGGER_CATEGORY);
} catch (Exception $e) {
JLog::add('adding user ' . $user->id . ' to group ' . $g->name . ' caused exception: ' . $e->getMessage());
JLog::add('adding user ' . $user->id . ' to group ' . $g->name . ' caused exception: ' . $e->getMessage(), JLog::DEBUG, self::LOGGER_CATEGORY);
}
}
}
Expand All @@ -292,7 +300,7 @@ function handleGroups( $user, $credentials, $options, &$response )
try {
$user->save();
} catch (Exception $e) {
JLog::add('saving user ' . $user->id . ' caused exception: ' . $e->getMessage());
JLog::add('saving user ' . $user->id . ' caused exception: ' . $e->getMessage(), JLog::DEBUG, self::LOGGER_CATEGORY);
}

}
Expand All @@ -309,7 +317,7 @@ function handleGroups( $user, $credentials, $options, &$response )
*/
function onUserAuthenticate( $credentials, $options, &$response )
{
JLog::add('onUserAuthenticate: auth started');
JLog::add('onUserAuthenticate: auth started', JLog::DEBUG, self::LOGGER_CATEGORY);
$response->type = 'Crowd';
$response->password_clear = "";
$login_succeeded = false;
Expand All @@ -320,7 +328,7 @@ function onUserAuthenticate( $credentials, $options, &$response )
$login_succeeded = $this->doCrowdLogin($credentials, $options, $response);
}
if ($credentials['username'] == "admin") {
JLog::add('admin login, neither check user nor groups');
JLog::add('admin login, neither check user nor groups', JLog::DEBUG, self::LOGGER_CATEGORY);
return login_succeeded; // do not more for admin user
}
if (! $login_succeeded) {
Expand All @@ -331,7 +339,7 @@ function onUserAuthenticate( $credentials, $options, &$response )
if ($id = intval(JUserHelper::getUserId($response->username))) {
}
else {
JLog::add('creating new user ' . $response->username);
JLog::add('creating new user ' . $response->username, JLog::DEBUG, self::LOGGER_CATEGORY);
$user->set('id', 0);
$user->set('name', $response->fullname);
$user->set('username', $response->username);
Expand Down
Loading

0 comments on commit 6c98897

Please sign in to comment.