|
1
|
<?php
|
|
2
|
|
|
3
|
/**
|
|
4
|
* @file
|
|
5
|
* Functions related to REST webservices for LDAP User module.
|
|
6
|
*
|
|
7
|
* DO NOT USE THIS CODE, it is unsupported and only left for those relying on
|
|
8
|
* these functions already.
|
|
9
|
*
|
|
10
|
* @codingStandardsIgnoreFile
|
|
11
|
*/
|
|
12
|
|
|
13
|
/**
|
|
14
|
* @deprecated
|
|
15
|
*/
|
|
16
|
function _ldap_user_ws_urls_item_list() {
|
|
17
|
global $base_url;
|
|
18
|
$base = '<br/>' . $base_url . '/' . LDAP_USER_WS_USER_PATH;
|
|
19
|
$ldap_user_conf = new LdapUserConf();
|
|
20
|
$key = $ldap_user_conf->wsKey;
|
|
21
|
$item_list = [
|
|
22
|
'Create: Drupal User based on LDAP Entry: ' . $base . "/create/todrupal/[username]|[dn]/$key",
|
|
23
|
'Synch: LDAP Entry to Drupal User: ' . $base . "/synch/todrupal/[username]|[dn]/$key",
|
|
24
|
'Disable: Drupal User: ' . $base . "/disable/todrupal/[username]|[dn]/$key",
|
|
25
|
'Delete: Drupal User: ' . $base . "/delete/todrupal/[username]|[dn]/$key",
|
|
26
|
'Create: LDAP Entry based on Drupal User: ' . $base . "/create/toldap/[username]/$key",
|
|
27
|
'Synch: Drupal User to LDAP Entry: ' . $base . "/synch/toldap/[username]/$key",
|
|
28
|
'Query: LDAP Associated Drupal User Exists: ' . $base . "/query/none/[username]|[dn]/$key",
|
|
29
|
];
|
|
30
|
return $item_list;
|
|
31
|
}
|
|
32
|
|
|
33
|
/**
|
|
34
|
* @deprecated
|
|
35
|
*/
|
|
36
|
function ldap_user_ws($action, $direction_tag, $drupal_user_name_or_dn, $key) {
|
|
37
|
|
|
38
|
$action = check_plain($action);
|
|
39
|
$key = urldecode($key);
|
|
40
|
|
|
41
|
if (!$ldap_user_conf->wsEnabled) {
|
|
42
|
return ldap_user_ws_out([0, t('Webservice Not Enabled')]);
|
|
43
|
}
|
|
44
|
// ldap_servers_encrypt($ldap_user_conf->wsKey, LDAP_SERVERS_ENC_TYPE_BLOWFISH)
|
|
45
|
elseif ($key != $ldap_user_conf->wsKey) {
|
|
46
|
return ldap_user_ws_out([0, t('Bad Webservice Key')]);
|
|
47
|
}
|
|
48
|
elseif (!in_array($_SERVER['REMOTE_ADDR'], array_values($ldap_user_conf->wsUserIps))) {
|
|
49
|
return ldap_user_ws_out([0, t('Request from non-allowed IP Address')]);
|
|
50
|
}
|
|
51
|
|
|
52
|
if ($direction_tag == 'todrupal') {
|
|
53
|
$direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER;
|
|
54
|
$sid = $ldap_user_conf->drupalAcctProvisionServer;
|
|
55
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
|
|
56
|
}
|
|
57
|
if ($direction_tag == 'toldap') {
|
|
58
|
$direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY;
|
|
59
|
$sid = $ldap_user_conf->ldapEntryProvisionServer;
|
|
60
|
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
|
|
61
|
}
|
|
62
|
else {
|
|
63
|
$direction = LDAP_USER_PROV_DIRECTION_NONE;
|
|
64
|
$sid = LDAP_USER_NO_SERVER_SID;
|
|
65
|
$ldap_server = FALSE;
|
|
66
|
}
|
|
67
|
|
|
68
|
if (strpos($drupal_user_name_or_dn, '=') === FALSE) {
|
|
69
|
$drupal_user_name = check_plain($drupal_user_name_or_dn);
|
|
70
|
}
|
|
71
|
else {
|
|
72
|
$drupal_user_name = ($ldap_server) ? $ldap_server->userUsernameFromDn($drupal_user_name_or_dn) : FALSE;
|
|
73
|
}
|
|
74
|
|
|
75
|
ldap_servers_module_load_include('php', 'ldap_user', 'LdapUserConfAdmin.class');
|
|
76
|
$ldap_user_conf = new LdapUserConf();
|
|
77
|
|
|
78
|
$drupal_user = ($action == 'create' || $drupal_user_name === FALSE) ? FALSE : user_load_by_name($drupal_user_name);
|
|
79
|
$user_edit = [];
|
|
80
|
$account = [];
|
|
81
|
|
|
82
|
switch ($action) {
|
|
83
|
case 'create':
|
|
84
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
|
85
|
$user_edit['name'] = $drupal_user_name;
|
|
86
|
$new_account = $ldap_user_conf->provisionDrupalAccount($account, $user_edit, $ldap_user, TRUE);
|
|
87
|
// @todo return boolean on first line, not human readable message
|
|
88
|
$text = ($new_account) ? 'Created Account ' . $drupal_user_name : 'Fails to Create Account ' . $drupal_user_name;
|
|
89
|
return ldap_user_ws_out([(boolean) ($new_account), $text]);
|
|
90
|
}
|
|
91
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
|
92
|
// No need for ldap_user_ldap_provision_semaphore call with webservice since not tied to single user like logon process.
|
|
93
|
$provision_result = $ldap_user_conf->provisionLdapEntry($drupal_user_name);
|
|
94
|
// @todo turn result array into response
|
|
95
|
}
|
|
96
|
break;
|
|
97
|
|
|
98
|
case 'synch':
|
|
99
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
|
100
|
$saved_account = $ldap_user_conf->synchToDrupalAccount($drupal_user, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
|
|
101
|
$text = ($saved_account) ? 'Updated Account ' . $drupal_user_name : 'Failed to Update Account ' . $drupal_user_name;
|
|
102
|
return ldap_user_ws_out([(boolean) ($saved_account), $text]);
|
|
103
|
}
|
|
104
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
|
105
|
$boolean_result = $ldap_user_conf->synchToLdapEntry($drupal_user_name);
|
|
106
|
// @todo turn result array into response
|
|
107
|
}
|
|
108
|
break;
|
|
109
|
|
|
110
|
case 'disable':
|
|
111
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
|
112
|
$drupal_user->status = 0;
|
|
113
|
$edit = ['status' => 0];
|
|
114
|
$saved_account = user_save($drupal_user, ['status' => 0]);
|
|
115
|
return ldap_user_ws_out([(boolean) ($saved_account), 'Disabled Account ' . $drupal_user_name]);
|
|
116
|
}
|
|
117
|
break;
|
|
118
|
|
|
119
|
case 'delete':
|
|
120
|
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
|
121
|
user_delete($drupal_user->uid);
|
|
122
|
return ldap_user_ws_out([1, 'Deleted Account ' . $drupal_user_name]);
|
|
123
|
}
|
|
124
|
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
|
125
|
// @todo implement delete ldap record and call ldap_user event handler for delete account
|
|
126
|
}
|
|
127
|
break;
|
|
128
|
}
|
|
129
|
return $out;
|
|
130
|
|
|
131
|
}
|
|
132
|
|
|
133
|
/**
|
|
134
|
* @deprecated
|
|
135
|
*/
|
|
136
|
function ldap_user_ws_out($response) {
|
|
137
|
return join("\n", $response);
|
|
138
|
}
|
