1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* functions related to REST webservices for LDAP User module
|
6 |
|
|
*
|
7 |
|
|
* ldap/user/ws/<action>/<direction_tag>/<drupal username|dn>/<api_key>
|
8 |
|
|
*
|
9 |
|
|
* action = 'create', 'synch', 'query', 'disable', or 'delete'
|
10 |
|
|
* direction_tag = 'todrupal', 'toldap', or '', or 'none'
|
11 |
|
|
* drupal_user_name = drupal user. if direction is toldap, its the ldap associatied drupal user name.
|
12 |
|
|
* key = user entered api key
|
13 |
|
|
*
|
14 |
|
|
* e.g.
|
15 |
|
|
* https://intranet.mycompany.com/ldap/user/ws/create/todrupal/jdoe/dsfew32423rewr3224243
|
16 |
|
|
* https://intranet.mycompany.com/ldap/user/ws/synch/todrupal/jdoe/dsfew32423rewr3224243
|
17 |
|
|
*
|
18 |
|
|
*/
|
19 |
|
|
|
20 |
|
|
function _ldap_user_ws_urls_item_list() {
|
21 |
|
|
global $base_url;
|
22 |
|
|
$base = '<br/>' . $base_url . '/' . LDAP_USER_WS_USER_PATH;
|
23 |
|
|
$ldap_user_conf = new LdapUserConf();
|
24 |
|
|
$key = $ldap_user_conf->wsKey;
|
25 |
|
|
$item_list = array(
|
26 |
|
|
'Create: Drupal User based on LDAP Entry: ' . $base . "/create/todrupal/[username]|[dn]/$key",
|
27 |
|
|
'Synch: LDAP Entry to Drupal User: ' . $base . "/synch/todrupal/[username]|[dn]/$key",
|
28 |
|
|
'Disable: Drupal User: ' . $base . "/disable/todrupal/[username]|[dn]/$key",
|
29 |
|
|
'Delete: Drupal User: ' . $base . "/delete/todrupal/[username]|[dn]/$key",
|
30 |
|
|
'Create: LDAP Entry based on Drupal User: ' . $base . "/create/toldap/[username]/$key",
|
31 |
|
|
'Synch: Drupal User to LDAP Entry: ' . $base . "/synch/toldap/[username]/$key",
|
32 |
|
|
'Query: LDAP Associated Drupal User Exists: ' . $base . "/query/none/[username]|[dn]/$key",
|
33 |
|
|
);
|
34 |
|
|
return $item_list;
|
35 |
|
|
}
|
36 |
|
|
|
37 |
|
|
|
38 |
|
|
/**
|
39 |
|
|
* @todo: this needs work in a few areas:
|
40 |
|
|
* - urls shoudl follow REST conventions
|
41 |
|
|
* - returns should also follow REST conventions
|
42 |
|
|
* - more error catching and $out should be an array that is output in a REST format
|
43 |
|
|
*/
|
44 |
|
|
|
45 |
|
|
function ldap_user_ws($action, $direction_tag, $drupal_user_name_or_dn, $key) {
|
46 |
|
|
|
47 |
|
|
$action = check_plain($action);
|
48 |
|
|
$key = urldecode($key);
|
49 |
|
|
|
50 |
|
|
|
51 |
|
|
if (!$ldap_user_conf->wsEnabled) {
|
52 |
|
|
return ldap_user_ws_out(array(0, t('Webservice Not Enabled')));
|
53 |
|
|
}
|
54 |
|
|
elseif ($key != $ldap_user_conf->wsKey) { // ldap_servers_encrypt($ldap_user_conf->wsKey, LDAP_SERVERS_ENC_TYPE_BLOWFISH)
|
55 |
|
|
return ldap_user_ws_out(array(0, t('Bad Webservice Key')));
|
56 |
|
|
}
|
57 |
|
|
elseif (!in_array($_SERVER['REMOTE_ADDR'], array_values($ldap_user_conf->wsUserIps))) {
|
58 |
|
|
return ldap_user_ws_out(array(0, t('Request from non-allowed IP Address')));
|
59 |
|
|
}
|
60 |
|
|
|
61 |
|
|
if ($direction_tag == 'todrupal') {
|
62 |
|
|
$direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER;
|
63 |
|
|
$sid = $ldap_user_conf->drupalAcctProvisionServer;
|
64 |
|
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
|
65 |
|
|
}
|
66 |
|
|
if ($direction_tag == 'toldap') {
|
67 |
|
|
$direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY;
|
68 |
|
|
$sid = $ldap_user_conf->ldapEntryProvisionServer;
|
69 |
|
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
|
70 |
|
|
}
|
71 |
|
|
else {
|
72 |
|
|
$direction = LDAP_USER_PROV_DIRECTION_NONE;
|
73 |
|
|
$sid = LDAP_USER_NO_SERVER_SID;
|
74 |
|
|
$ldap_server = FALSE;
|
75 |
|
|
}
|
76 |
|
|
|
77 |
|
|
if (strpos($drupal_user_name_or_dn, '=') === FALSE) {
|
78 |
|
|
$drupal_user_name = check_plain($drupal_user_name_or_dn);
|
79 |
|
|
}
|
80 |
|
|
else {
|
81 |
|
|
$drupal_user_name = ($ldap_server) ? $ldap_server->userUsernameFromDn($drupal_user_name_or_dn) : FALSE;
|
82 |
|
|
}
|
83 |
|
|
|
84 |
|
|
ldap_servers_module_load_include('php', 'ldap_user', 'LdapUserConfAdmin.class');
|
85 |
|
|
$ldap_user_conf = new LdapUserConf();
|
86 |
|
|
|
87 |
|
|
$drupal_user = ($action == 'create' || $drupal_user_name === FALSE) ? FALSE : user_load_by_name($drupal_user_name);
|
88 |
|
|
$user_edit = array();
|
89 |
|
|
$account = array();
|
90 |
|
|
|
91 |
|
|
switch ($action) {
|
92 |
|
|
case 'create':
|
93 |
|
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
94 |
|
|
$user_edit['name'] = $drupal_user_name;
|
95 |
|
|
$new_account = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, $ldap_user, TRUE);
|
96 |
|
|
// @todo return boolean on first line, not human readable message
|
97 |
|
|
$text = ($new_account) ? 'Created Account ' . $drupal_user_name : 'Fails to Create Account ' . $drupal_user_name;
|
98 |
|
|
return ldap_user_ws_out(array((boolean)($new_account), $text));
|
99 |
|
|
}
|
100 |
|
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
101 |
|
|
$provision_result = $ldap_user_conf->provisionLdapEntry($drupal_user_name); // no need for ldap_user_ldap_provision_semaphore call with webservice since not tied to single user like logon process
|
102 |
|
|
// @todo turn result array into response
|
103 |
|
|
}
|
104 |
|
|
break;
|
105 |
|
|
|
106 |
|
|
case 'synch':
|
107 |
|
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
108 |
|
|
$saved_account = $ldap_user_conf->synchToDrupalAccount($drupal_user, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
|
109 |
|
|
$text = ($saved_account) ? 'Updated Account ' . $drupal_user_name : 'Failed to Update Account ' . $drupal_user_name;
|
110 |
|
|
return ldap_user_ws_out(array((boolean)($saved_account), $text));
|
111 |
|
|
}
|
112 |
|
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
113 |
|
|
$boolean_result = $ldap_user_conf->synchToLdapEntry($drupal_user_name);
|
114 |
|
|
// @todo turn result array into response
|
115 |
|
|
}
|
116 |
|
|
break;
|
117 |
|
|
|
118 |
|
|
case 'disable':
|
119 |
|
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
120 |
|
|
$drupal_user->status = 0;
|
121 |
|
|
$edit = array('status' => 0);
|
122 |
|
|
$saved_account = user_save($drupal_user, array('status' => 0));
|
123 |
|
|
return ldap_user_ws_out(array((boolean)($saved_account), 'Disabled Account ' . $drupal_user_name));
|
124 |
|
|
}
|
125 |
|
|
break;
|
126 |
|
|
|
127 |
|
|
case 'delete':
|
128 |
|
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
129 |
|
|
user_delete($drupal_user->uid);
|
130 |
|
|
return ldap_user_ws_out(array(1, 'Deleted Account ' . $drupal_user_name));
|
131 |
|
|
}
|
132 |
|
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
133 |
|
|
// @todo implement delete ldap record and call ldap_user event handler for delete account
|
134 |
|
|
}
|
135 |
|
|
break;
|
136 |
|
|
}
|
137 |
|
|
return $out;
|
138 |
|
|
|
139 |
|
|
}
|
140 |
|
|
|
141 |
|
|
function ldap_user_ws_out($response) {
|
142 |
|
|
return join("\n", $response);
|
143 |
|
|
} |