1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Form to test a ldap authorization consumer configuration.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Form for adding, updating, and deleting a single ldap authorization consumer configuration.
|
10
|
*
|
11
|
* @param mixed $form
|
12
|
* @param mixed $form_state
|
13
|
*
|
14
|
* @return array drupal form array
|
15
|
*/
|
16
|
function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
|
17
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
18
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
19
|
|
20
|
if (isset($_SESSION['ldap_authorization_test_query']['result'])) {
|
21
|
$form['result'] = [
|
22
|
'#type' => 'item',
|
23
|
'#markup' => $_SESSION['ldap_authorization_test_query']['result'],
|
24
|
];
|
25
|
|
26
|
$form['pre-filtered'] = [
|
27
|
'#type' => 'fieldset',
|
28
|
'#title' => t('Prefiltered and Final Mappings'),
|
29
|
'#collapsible' => TRUE,
|
30
|
'#collapsed' => TRUE,
|
31
|
];
|
32
|
$form['pre-filtered']['overview'] = [
|
33
|
'#type' => 'item',
|
34
|
'#markup' => t('Below are the "raw authorizations" and which strategy they are derived from. If enabled, the mapping filter is applied to these.'),
|
35
|
];
|
36
|
|
37
|
if (isset($_SESSION['ldap_authorization_test_query']['maps'])) {
|
38
|
$i = 0;
|
39
|
foreach ($_SESSION['ldap_authorization_test_query']['maps'] as $map => $data) {
|
40
|
$i++;
|
41
|
$form['pre-filtered']['map' . $i] = [
|
42
|
'#type' => 'item',
|
43
|
'#markup' => is_scalar($data) ? "<h2>$map (without filter)</h2>" . $data : theme('item_list', ['items' => $data, 'type' => 'ul', 'title' => "$map (without filter)"]),
|
44
|
];
|
45
|
}
|
46
|
}
|
47
|
|
48
|
$form['use_first_attr_as_groupid'] = [
|
49
|
'#type' => 'fieldset',
|
50
|
'#title' => t('After "Convert full dn to value of first attribute before mapping"'),
|
51
|
'#collapsible' => TRUE,
|
52
|
'#collapsed' => TRUE,
|
53
|
];
|
54
|
|
55
|
if ($consumer->consumerConf->useFirstAttrAsGroupId) {
|
56
|
if (isset($_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'])) {
|
57
|
$form['use_first_attr_as_groupid']['data'] = [
|
58
|
'#type' => 'item',
|
59
|
'#markup' => theme('item_list', ['items' => $_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'], 'type' => 'ul', 'title' => "Convert full dn to value of first attribute before mapping"]),
|
60
|
];
|
61
|
}
|
62
|
}
|
63
|
else {
|
64
|
$form['use_first_attr_as_groupid']['data'] = [
|
65
|
'#type' => 'item',
|
66
|
'#markup' => "Convert full dn to value of first attribute before mapping. NOT enabled",
|
67
|
];
|
68
|
}
|
69
|
|
70
|
$form['post mappings'] = [
|
71
|
'#type' => 'fieldset',
|
72
|
'#title' => t('After Mappings and Filters Applied'),
|
73
|
'#collapsible' => TRUE,
|
74
|
'#collapsed' => TRUE,
|
75
|
];
|
76
|
|
77
|
$maps = [];
|
78
|
foreach ($consumer->consumerConf->mappings as $i => $mapping) {
|
79
|
$maps[] = $mapping['from'] . '|' . $mapping['user_entered'];
|
80
|
}
|
81
|
|
82
|
$form['post mappings']['conf'] = [
|
83
|
'#type' => 'item',
|
84
|
'#markup' => 'Use Mappings as Filter = ' . (int) $consumer->consumerConf->useMappingsAsFilter .
|
85
|
theme('item_list', [
|
86
|
'items' => $maps,
|
87
|
'type' => 'ul',
|
88
|
'title' => 'Configured Mappings',
|
89
|
]
|
90
|
),
|
91
|
];
|
92
|
if ($consumer->consumerConf->mappings) {
|
93
|
$form['post mappings']['conf']['#markup'] =
|
94
|
'Use Mappings as Filter = ' . (int) $consumer->consumerConf->useMappingsAsFilter .
|
95
|
theme('item_list', [
|
96
|
'items' => $maps,
|
97
|
'type' => 'ul',
|
98
|
'title' => 'Configured Mappings',
|
99
|
]
|
100
|
);
|
101
|
}
|
102
|
else {
|
103
|
$form['post mappings']['conf']['#markup'] =
|
104
|
'Use Mappings as Filter = ' .
|
105
|
(int) $consumer->consumerConf->useMappingsAsFilter .
|
106
|
'<br/>No Mappings Configured';
|
107
|
}
|
108
|
|
109
|
if (isset($_SESSION['ldap_authorization_test_query']['post mappings'])) {
|
110
|
$form['post mappings']['data'] = [
|
111
|
'#type' => 'item',
|
112
|
'#markup' => theme('item_list', ['items' => $_SESSION['ldap_authorization_test_query']['post mappings'], 'type' => 'ul', 'title' => "Results after any filtering and mappings applied"]),
|
113
|
];
|
114
|
}
|
115
|
|
116
|
}
|
117
|
|
118
|
if (isset($_SESSION['ldap_authorization_test_query']['setting_data'])) {
|
119
|
foreach ($_SESSION['ldap_authorization_test_query']['setting_data'] as $title => $data) {
|
120
|
$form[$title] = [
|
121
|
'#type' => 'fieldset',
|
122
|
'#title' => $title,
|
123
|
'#collapsible' => TRUE,
|
124
|
'#collapsed' => TRUE,
|
125
|
];
|
126
|
$form[$title]['overview'] = [
|
127
|
'#type' => 'item',
|
128
|
'#markup' => "<pre>" . print_r($data, TRUE) . "</pre>",
|
129
|
];
|
130
|
}
|
131
|
}
|
132
|
|
133
|
$form['intro'] = [
|
134
|
'#type' => 'item',
|
135
|
'#markup' => t('<h1>Test LDAP to !consumer_name Configuration</h1>
|
136
|
<p>This form will not actually grant any authorizations, its just to show
|
137
|
what authorizations would be granted with this configuration.</p>', $consumer_tokens),
|
138
|
];
|
139
|
|
140
|
$form['consumer_type'] = [
|
141
|
'#type' => 'hidden',
|
142
|
'#default_value' => $consumer_type,
|
143
|
];
|
144
|
|
145
|
$form['usernames'] = [
|
146
|
'#type' => 'textarea',
|
147
|
'#title' => t('Drupal usernames to test !consumer_shortName authorizations results for. One per line.', $consumer_tokens),
|
148
|
'#default_value' => @$_SESSION['ldap_authorization_test_query']['usernames'],
|
149
|
'#cols' => 50,
|
150
|
'#rows' => 6,
|
151
|
'#description' => '',
|
152
|
];
|
153
|
|
154
|
$form['random_users'] = [
|
155
|
'#type' => 'checkbox',
|
156
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['random_users'],
|
157
|
'#title' => t('Use 10 random users', $consumer_tokens),
|
158
|
];
|
159
|
|
160
|
$form['execute_authorizations'] = [
|
161
|
'#type' => 'checkbox',
|
162
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['execute_authorizations'],
|
163
|
'#title' => t('Actually grant or revoke example authorizations.
|
164
|
This will grant and revoke based on the ldap authorization configuration
|
165
|
options such as whether to revoke or regrant manually applied authorizations.
|
166
|
Try with this unchecked first, then check to see how authorizations are applied.', $consumer_tokens),
|
167
|
];
|
168
|
|
169
|
$form['user_data_clear'] = [
|
170
|
'#type' => 'checkbox',
|
171
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['user_data_clear'],
|
172
|
'#title' => t('Clear <pre>$user->data[ldap_authorization][<consumer type>]</pre> data for test users.', $consumer_tokens),
|
173
|
];
|
174
|
|
175
|
$form['submit'] = [
|
176
|
'#type' => 'submit',
|
177
|
'#value' => 'test',
|
178
|
];
|
179
|
unset($_SESSION['ldap_authorization_test_query']);
|
180
|
return $form;
|
181
|
}
|
182
|
|
183
|
/**
|
184
|
* Validate handler for the ldap_authorization_test.
|
185
|
*/
|
186
|
function ldap_authorization_test_form_validate($form, &$form_state) {
|
187
|
|
188
|
$values = $form_state['values'];
|
189
|
if (!($values['usernames'] || $values['random_users'])) {
|
190
|
form_set_error('No options chosen', t('Usernames must be given or random users checked.'));
|
191
|
}
|
192
|
|
193
|
}
|
194
|
|
195
|
/**
|
196
|
* Submit handler function for ldap_authorization_test.
|
197
|
*/
|
198
|
function ldap_authorization_test_form_submit($form, &$form_state) {
|
199
|
$consumer_type = $form_state['values']['consumer_type'];
|
200
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
201
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
202
|
|
203
|
$results = [];
|
204
|
$users_listed = $array = preg_split('/[\n\r]+/', $form_state['values']['usernames']);
|
205
|
$random_users = [];
|
206
|
$_SESSION['ldap_authorization_test_query']['random_users'] = $form_state['values']['random_users'];
|
207
|
$_SESSION['ldap_authorization_test_query']['usernames'] = $form_state['values']['usernames'];
|
208
|
// Add 10 random usernames to test.
|
209
|
if ($form_state['values']['random_users']) {
|
210
|
// Not using user_load_multiple because need randomness outside of query.
|
211
|
$select = db_select('users', 'u');
|
212
|
$select->fields('u');
|
213
|
|
214
|
try {
|
215
|
$random_users = $select->execute()->fetchAllAssoc('name', PDO::FETCH_ASSOC);
|
216
|
}
|
217
|
catch (Exception $e) {
|
218
|
drupal_set_message(t('db users query failed. Message = %message, query= %query',
|
219
|
['%message' => $e->getMessage(), '%query' => $e->query_string]), 'error');
|
220
|
return "";
|
221
|
}
|
222
|
|
223
|
}
|
224
|
$user_names = array_unique(array_merge(array_keys($random_users), $users_listed));
|
225
|
$i = 0;
|
226
|
foreach ($user_names as $username) {
|
227
|
if ($username) {
|
228
|
if (!$user = user_load_by_name($username)) {
|
229
|
// If not existing user, create fake user assumed to be ldap authenticated.
|
230
|
$user = new stdClass();
|
231
|
$user->name = $username;
|
232
|
$user->ldap_test = TRUE;
|
233
|
$user->ldap_authenticated = TRUE;
|
234
|
}
|
235
|
else {
|
236
|
if (function_exists('dpm')) {
|
237
|
dpm("user: $username"); dpm($user);
|
238
|
}
|
239
|
}
|
240
|
|
241
|
if ($form_state['values']['user_data_clear'] == 1) {
|
242
|
$user_data = $user->data;
|
243
|
unset($user_data['ldap_authorizations'][$consumer_type]);
|
244
|
$user = user_save($user, ['data' => $user_data]);
|
245
|
}
|
246
|
|
247
|
$action = ($form_state['values']['execute_authorizations'] == 1) ? "test_query_set" : 'test_query';
|
248
|
list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, $action, $consumer_type, 'logon');
|
249
|
// Remove authorizations from other consumer types.
|
250
|
$results[$username] = [$consumer_type => $results[$username][$consumer_type]];
|
251
|
$i++;
|
252
|
if ($i == 10) {
|
253
|
break;
|
254
|
}
|
255
|
}
|
256
|
}
|
257
|
|
258
|
$table = theme('ldap_authorization_test_results', ['results' => $results, 'consumer' => $consumer, 'notifications' => $notifications]);
|
259
|
$_SESSION['ldap_authorization_test_query']['result'] = $table;
|
260
|
$form_state['redirect'] = LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $consumer->consumerType;
|
261
|
|
262
|
}
|