1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* form to test a ldap authorization consumer configuration
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* form for adding, updating, and deleting a single ldap authorization consumer configuration
|
10
|
*
|
11
|
* @param <type> $form
|
12
|
* @param <type> $form_state
|
13
|
* @return array drupal form array
|
14
|
*/
|
15
|
|
16
|
|
17
|
function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
|
18
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
19
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
20
|
|
21
|
if (isset($_SESSION['ldap_authorization_test_query']['result'])) {
|
22
|
$form['result'] = array(
|
23
|
'#type' => 'item',
|
24
|
'#markup' => $_SESSION['ldap_authorization_test_query']['result'],
|
25
|
);
|
26
|
|
27
|
$form['pre-filtered'] = array(
|
28
|
'#type' => 'fieldset',
|
29
|
'#title' => t('Prefiltered and Final Mappings'),
|
30
|
'#collapsible' => TRUE,
|
31
|
'#collapsed' => TRUE,
|
32
|
);
|
33
|
$form['pre-filtered']['overview'] = array(
|
34
|
'#type' => 'item',
|
35
|
'#markup' => t('Below are the "raw authorizations" and which strategy they are derived from. If enabled, the mapping filter is applied to these.'),
|
36
|
);
|
37
|
|
38
|
if (isset($_SESSION['ldap_authorization_test_query']['maps'])) {
|
39
|
$i = 0;
|
40
|
foreach ($_SESSION['ldap_authorization_test_query']['maps'] as $map => $data) {
|
41
|
$i++;
|
42
|
$form['pre-filtered']['map' . $i] = array(
|
43
|
'#type' => 'item',
|
44
|
'#markup' => is_scalar($data) ? "<h2>$map (without filter)</h2>" . $data : theme('item_list', array('items' => $data, 'type' => 'ul', 'title' => "$map (without filter)")),
|
45
|
);
|
46
|
}
|
47
|
}
|
48
|
|
49
|
$form['use_first_attr_as_groupid'] = array(
|
50
|
'#type' => 'fieldset',
|
51
|
'#title' => t('After "Convert full dn to value of first attribute before mapping"'),
|
52
|
'#collapsible' => TRUE,
|
53
|
'#collapsed' => TRUE,
|
54
|
);
|
55
|
|
56
|
if ($consumer->consumerConf->useFirstAttrAsGroupId) {
|
57
|
if (isset($_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'])) {
|
58
|
$form['use_first_attr_as_groupid']['data'] = array(
|
59
|
'#type' => 'item',
|
60
|
'#markup' => theme('item_list', array('items' => $_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'], 'type' => 'ul', 'title' => "Convert full dn to value of first attribute before mapping")),
|
61
|
);
|
62
|
}
|
63
|
}
|
64
|
else {
|
65
|
$form['use_first_attr_as_groupid']['data'] = array(
|
66
|
'#type' => 'item',
|
67
|
'#markup' => "Convert full dn to value of first attribute before mapping. NOT enabled",
|
68
|
);
|
69
|
}
|
70
|
|
71
|
$form['post mappings'] = array(
|
72
|
'#type' => 'fieldset',
|
73
|
'#title' => t('After Mappings and Filters Applied'),
|
74
|
'#collapsible' => TRUE,
|
75
|
'#collapsed' => TRUE,
|
76
|
);
|
77
|
|
78
|
$maps = array();
|
79
|
foreach ($consumer->consumerConf->mappings as $i => $mapping) {
|
80
|
$maps[] = $mapping['from'] . '|' . $mapping['user_entered'];
|
81
|
}
|
82
|
|
83
|
$form['post mappings']['conf'] = array(
|
84
|
'#type' => 'item',
|
85
|
'#markup' => 'Use Mappings as Filter = ' . (int)$consumer->consumerConf->useMappingsAsFilter .
|
86
|
theme('item_list', array(
|
87
|
'items' => $maps,
|
88
|
'type' => 'ul',
|
89
|
'title' => 'Configured Mappings',
|
90
|
)
|
91
|
)
|
92
|
);
|
93
|
if ($consumer->consumerConf->mappings) {
|
94
|
$form['post mappings']['conf']['#markup'] =
|
95
|
'Use Mappings as Filter = ' . (int)$consumer->consumerConf->useMappingsAsFilter .
|
96
|
theme('item_list', array(
|
97
|
'items' => $maps,
|
98
|
'type' => 'ul',
|
99
|
'title' => 'Configured Mappings',
|
100
|
)
|
101
|
);
|
102
|
}
|
103
|
else {
|
104
|
$form['post mappings']['conf']['#markup'] =
|
105
|
'Use Mappings as Filter = ' .
|
106
|
(int)$consumer->consumerConf->useMappingsAsFilter .
|
107
|
'<br/>No Mappings Configured';
|
108
|
}
|
109
|
|
110
|
if (isset($_SESSION['ldap_authorization_test_query']['post mappings'])) {
|
111
|
$form['post mappings']['data'] = array(
|
112
|
'#type' => 'item',
|
113
|
'#markup' => theme('item_list', array('items' => $_SESSION['ldap_authorization_test_query']['post mappings'], 'type' => 'ul', 'title' => "Results after any filtering and mappings applied")),
|
114
|
);
|
115
|
}
|
116
|
|
117
|
}
|
118
|
|
119
|
if (isset($_SESSION['ldap_authorization_test_query']['setting_data'])) {
|
120
|
foreach ($_SESSION['ldap_authorization_test_query']['setting_data'] as $title => $data) {
|
121
|
$form[$title] = array(
|
122
|
'#type' => 'fieldset',
|
123
|
'#title' => $title,
|
124
|
'#collapsible' => TRUE,
|
125
|
'#collapsed' => TRUE,
|
126
|
);
|
127
|
$form[$title]['overview'] = array(
|
128
|
'#type' => 'item',
|
129
|
'#markup' => "<pre>" . print_r($data, TRUE) . "</pre>",
|
130
|
);
|
131
|
}
|
132
|
}
|
133
|
|
134
|
|
135
|
$form['intro'] = array(
|
136
|
'#type' => 'item',
|
137
|
'#markup' => t('<h1>Test LDAP to !consumer_name Configuration</h1>
|
138
|
<p>This form will not actually grant any authorizations, its just to show
|
139
|
what authorizations would be granted with this configuration.</p>', $consumer_tokens),
|
140
|
);
|
141
|
|
142
|
$form['consumer_type'] = array(
|
143
|
'#type' => 'hidden',
|
144
|
'#default_value' => $consumer_type,
|
145
|
);
|
146
|
|
147
|
$form['usernames'] = array(
|
148
|
'#type' => 'textarea',
|
149
|
'#title' => t('Drupal usernames to test !consumer_shortName authorizations results for. One per line.', $consumer_tokens),
|
150
|
'#default_value' => @$_SESSION['ldap_authorization_test_query']['usernames'] ,
|
151
|
'#cols' => 50,
|
152
|
'#rows' => 6,
|
153
|
'#description' => '',
|
154
|
);
|
155
|
|
156
|
$form['random_users'] = array(
|
157
|
'#type' => 'checkbox',
|
158
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['random_users'],
|
159
|
'#title' => t('Use 10 random users', $consumer_tokens),
|
160
|
);
|
161
|
|
162
|
$form['execute_authorizations'] = array(
|
163
|
'#type' => 'checkbox',
|
164
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['execute_authorizations'],
|
165
|
'#title' => t('Actually grant or revoke example authorizations.
|
166
|
This will grant and revoke based on the ldap authorization configuration
|
167
|
options such as whether to revoke or regrant manually applied authorizations.
|
168
|
Try with this unchecked first, then check to see how authorizations are applied.', $consumer_tokens),
|
169
|
);
|
170
|
|
171
|
$form['user_data_clear'] = array(
|
172
|
'#type' => 'checkbox',
|
173
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['user_data_clear'],
|
174
|
'#title' => t('Clear <pre>$user->data[ldap_authorization][<consumer type>]</pre> data for test users.', $consumer_tokens),
|
175
|
);
|
176
|
|
177
|
$form['submit'] = array(
|
178
|
'#type' => 'submit',
|
179
|
'#value' => 'test',
|
180
|
);
|
181
|
unset($_SESSION['ldap_authorization_test_query']);
|
182
|
return $form;
|
183
|
}
|
184
|
|
185
|
|
186
|
/**
|
187
|
* validate handler for the ldap_authorization_test
|
188
|
*/
|
189
|
function ldap_authorization_test_form_validate($form, &$form_state) {
|
190
|
|
191
|
$values = $form_state['values'];
|
192
|
if (!($values['usernames'] || $values['random_users'])) {
|
193
|
form_set_error('No options chosen', t('Usernames must be given or random users checked.'));
|
194
|
}
|
195
|
|
196
|
}
|
197
|
|
198
|
/**
|
199
|
* submit handler function for ldap_authorization_test
|
200
|
*/
|
201
|
|
202
|
|
203
|
function ldap_authorization_test_form_submit($form, &$form_state) {
|
204
|
$consumer_type = $form_state['values']['consumer_type'];
|
205
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
206
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
207
|
|
208
|
$results = array();
|
209
|
$users_listed = $array = preg_split('/[\n\r]+/', $form_state['values']['usernames']);
|
210
|
$random_users = array();
|
211
|
$_SESSION['ldap_authorization_test_query']['random_users'] = $form_state['values']['random_users'];
|
212
|
$_SESSION['ldap_authorization_test_query']['usernames'] = $form_state['values']['usernames'];
|
213
|
if ($form_state['values']['random_users']) { // add 10 random usernames to test
|
214
|
// not using user_load_multiple because need randomness outside of query
|
215
|
$select = db_select('users', 'u');
|
216
|
$select->fields('u');
|
217
|
|
218
|
try {
|
219
|
$random_users = $select->execute()->fetchAllAssoc('name', PDO::FETCH_ASSOC);
|
220
|
}
|
221
|
catch (Exception $e) {
|
222
|
drupal_set_message(t('db users query failed. Message = %message, query= %query',
|
223
|
array('%message' => $e->getMessage(), '%query' => $e->query_string)), 'error');
|
224
|
return "";
|
225
|
}
|
226
|
|
227
|
}
|
228
|
$user_names = array_unique(array_merge(array_keys($random_users), $users_listed));
|
229
|
$i = 0;
|
230
|
foreach ($user_names as $username) {
|
231
|
if ($username) {
|
232
|
if (!$user = user_load_by_name($username)) {
|
233
|
// if not existing user, create fake user assumed to be ldap authenticated
|
234
|
$user = new stdClass();
|
235
|
$user->name = $username;
|
236
|
$user->ldap_test = TRUE;
|
237
|
$user->ldap_authenticated = TRUE;
|
238
|
}
|
239
|
else {
|
240
|
if (function_exists('dpm')) {
|
241
|
dpm("user: $username"); dpm($user);
|
242
|
}
|
243
|
}
|
244
|
|
245
|
if ($form_state['values']['user_data_clear'] == 1) {
|
246
|
$user_data = $user->data;
|
247
|
unset($user_data['ldap_authorizations'][$consumer_type]);
|
248
|
$user = user_save($user, array('data' => $user_data));
|
249
|
}
|
250
|
|
251
|
$action = ($form_state['values']['execute_authorizations'] == 1) ? "test_query_set" : 'test_query';
|
252
|
list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, $action, $consumer_type, 'logon');
|
253
|
// remove authorizations from other consumer types
|
254
|
$results[$username] = array($consumer_type => $results[$username][$consumer_type]);
|
255
|
$i++;
|
256
|
if ($i == 10) {
|
257
|
break;
|
258
|
}
|
259
|
}
|
260
|
}
|
261
|
|
262
|
$table = theme('ldap_authorization_test_results', array('results' => $results, 'consumer' => $consumer, 'notifications' => $notifications));
|
263
|
$_SESSION['ldap_authorization_test_query']['result'] = $table;
|
264
|
$form_state['redirect'] = LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $consumer->consumerType;
|
265
|
|
266
|
}
|