| 1 |
85ad3d82
|
Assos Assos
|
<?php
|
| 2 |
|
|
|
| 3 |
|
|
/**
|
| 4 |
|
|
* @file
|
| 5 |
|
|
* form to test a ldap authorization consumer configuration
|
| 6 |
|
|
*/
|
| 7 |
|
|
|
| 8 |
|
|
/**
|
| 9 |
|
|
* form for adding, updating, and deleting a single ldap authorization consumer configuration
|
| 10 |
|
|
*
|
| 11 |
|
|
* @param <type> $form
|
| 12 |
|
|
* @param <type> $form_state
|
| 13 |
|
|
* @return array drupal form array
|
| 14 |
|
|
*/
|
| 15 |
|
|
|
| 16 |
|
|
|
| 17 |
|
|
function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
|
| 18 |
|
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
| 19 |
|
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
| 20 |
|
|
|
| 21 |
|
|
if (isset($_SESSION['ldap_authorization_test_query']['result'])) {
|
| 22 |
|
|
$form['result'] = array(
|
| 23 |
|
|
'#type' => 'item',
|
| 24 |
|
|
'#markup' => $_SESSION['ldap_authorization_test_query']['result'],
|
| 25 |
|
|
);
|
| 26 |
|
|
|
| 27 |
|
|
$form['pre-filtered'] = array(
|
| 28 |
|
|
'#type' => 'fieldset',
|
| 29 |
|
|
'#title' => t('Prefiltered and Final Mappings'),
|
| 30 |
|
|
'#collapsible' => TRUE,
|
| 31 |
|
|
'#collapsed' => TRUE,
|
| 32 |
|
|
);
|
| 33 |
|
|
$form['pre-filtered']['overview'] = array(
|
| 34 |
|
|
'#type' => 'item',
|
| 35 |
|
|
'#markup' => t('Below are the "raw authorizations" and which strategy they are derived from. If enabled, the mapping filter is applied to these.'),
|
| 36 |
|
|
);
|
| 37 |
|
|
|
| 38 |
|
|
if (isset($_SESSION['ldap_authorization_test_query']['maps'])) {
|
| 39 |
|
|
$i = 0;
|
| 40 |
|
|
foreach ($_SESSION['ldap_authorization_test_query']['maps'] as $map => $data) {
|
| 41 |
|
|
$i++;
|
| 42 |
|
|
$form['pre-filtered']['map' . $i] = array(
|
| 43 |
|
|
'#type' => 'item',
|
| 44 |
|
|
'#markup' => is_scalar($data) ? "<h2>$map (without filter)</h2>" . $data : theme('item_list', array('items' => $data, 'type' => 'ul', 'title' => "$map (without filter)")),
|
| 45 |
|
|
);
|
| 46 |
|
|
}
|
| 47 |
|
|
}
|
| 48 |
|
|
|
| 49 |
|
|
$form['use_first_attr_as_groupid'] = array(
|
| 50 |
|
|
'#type' => 'fieldset',
|
| 51 |
|
|
'#title' => t('After "Convert full dn to value of first attribute before mapping"'),
|
| 52 |
|
|
'#collapsible' => TRUE,
|
| 53 |
|
|
'#collapsed' => TRUE,
|
| 54 |
|
|
);
|
| 55 |
|
|
|
| 56 |
|
|
if ($consumer->consumerConf->useFirstAttrAsGroupId) {
|
| 57 |
|
|
if (isset($_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'])) {
|
| 58 |
|
|
$form['use_first_attr_as_groupid']['data'] = array(
|
| 59 |
|
|
'#type' => 'item',
|
| 60 |
|
|
'#markup' => theme('item_list', array('items' => $_SESSION['ldap_authorization_test_query']['useFirstAttrAsGroupId'], 'type' => 'ul', 'title' => "Convert full dn to value of first attribute before mapping")),
|
| 61 |
|
|
);
|
| 62 |
|
|
}
|
| 63 |
|
|
}
|
| 64 |
|
|
else {
|
| 65 |
|
|
$form['use_first_attr_as_groupid']['data'] = array(
|
| 66 |
|
|
'#type' => 'item',
|
| 67 |
|
|
'#markup' => "Convert full dn to value of first attribute before mapping. NOT enabled",
|
| 68 |
|
|
);
|
| 69 |
|
|
}
|
| 70 |
|
|
|
| 71 |
|
|
$form['post mappings'] = array(
|
| 72 |
|
|
'#type' => 'fieldset',
|
| 73 |
|
|
'#title' => t('After Mappings and Filters Applied'),
|
| 74 |
|
|
'#collapsible' => TRUE,
|
| 75 |
|
|
'#collapsed' => TRUE,
|
| 76 |
|
|
);
|
| 77 |
|
|
|
| 78 |
|
|
$maps = array();
|
| 79 |
|
|
foreach ($consumer->consumerConf->mappings as $i => $mapping) {
|
| 80 |
|
|
$maps[] = $mapping['from'] . '|' . $mapping['user_entered'];
|
| 81 |
|
|
}
|
| 82 |
|
|
|
| 83 |
|
|
$form['post mappings']['conf'] = array(
|
| 84 |
|
|
'#type' => 'item',
|
| 85 |
|
|
'#markup' => 'Use Mappings as Filter = ' . (int)$consumer->consumerConf->useMappingsAsFilter .
|
| 86 |
|
|
theme('item_list', array(
|
| 87 |
|
|
'items' => $maps,
|
| 88 |
|
|
'type' => 'ul',
|
| 89 |
|
|
'title' => 'Configured Mappings',
|
| 90 |
|
|
)
|
| 91 |
|
|
)
|
| 92 |
|
|
);
|
| 93 |
|
|
if ($consumer->consumerConf->mappings) {
|
| 94 |
|
|
$form['post mappings']['conf']['#markup'] =
|
| 95 |
|
|
'Use Mappings as Filter = ' . (int)$consumer->consumerConf->useMappingsAsFilter .
|
| 96 |
|
|
theme('item_list', array(
|
| 97 |
|
|
'items' => $maps,
|
| 98 |
|
|
'type' => 'ul',
|
| 99 |
|
|
'title' => 'Configured Mappings',
|
| 100 |
|
|
)
|
| 101 |
|
|
);
|
| 102 |
|
|
}
|
| 103 |
|
|
else {
|
| 104 |
|
|
$form['post mappings']['conf']['#markup'] =
|
| 105 |
|
|
'Use Mappings as Filter = ' .
|
| 106 |
|
|
(int)$consumer->consumerConf->useMappingsAsFilter .
|
| 107 |
|
|
'<br/>No Mappings Configured';
|
| 108 |
|
|
}
|
| 109 |
|
|
|
| 110 |
|
|
if (isset($_SESSION['ldap_authorization_test_query']['post mappings'])) {
|
| 111 |
|
|
$form['post mappings']['data'] = array(
|
| 112 |
|
|
'#type' => 'item',
|
| 113 |
|
|
'#markup' => theme('item_list', array('items' => $_SESSION['ldap_authorization_test_query']['post mappings'], 'type' => 'ul', 'title' => "Results after any filtering and mappings applied")),
|
| 114 |
|
|
);
|
| 115 |
|
|
}
|
| 116 |
|
|
|
| 117 |
|
|
}
|
| 118 |
|
|
|
| 119 |
|
|
if (isset($_SESSION['ldap_authorization_test_query']['setting_data'])) {
|
| 120 |
|
|
foreach ($_SESSION['ldap_authorization_test_query']['setting_data'] as $title => $data) {
|
| 121 |
|
|
$form[$title] = array(
|
| 122 |
|
|
'#type' => 'fieldset',
|
| 123 |
|
|
'#title' => $title,
|
| 124 |
|
|
'#collapsible' => TRUE,
|
| 125 |
|
|
'#collapsed' => TRUE,
|
| 126 |
|
|
);
|
| 127 |
|
|
$form[$title]['overview'] = array(
|
| 128 |
|
|
'#type' => 'item',
|
| 129 |
|
|
'#markup' => "<pre>" . print_r($data, TRUE) . "</pre>",
|
| 130 |
|
|
);
|
| 131 |
|
|
}
|
| 132 |
|
|
}
|
| 133 |
|
|
|
| 134 |
|
|
|
| 135 |
|
|
$form['intro'] = array(
|
| 136 |
|
|
'#type' => 'item',
|
| 137 |
|
|
'#markup' => t('<h1>Test LDAP to !consumer_name Configuration</h1>
|
| 138 |
|
|
<p>This form will not actually grant any authorizations, its just to show
|
| 139 |
|
|
what authorizations would be granted with this configuration.</p>', $consumer_tokens),
|
| 140 |
|
|
);
|
| 141 |
|
|
|
| 142 |
|
|
$form['consumer_type'] = array(
|
| 143 |
|
|
'#type' => 'hidden',
|
| 144 |
|
|
'#default_value' => $consumer_type,
|
| 145 |
|
|
);
|
| 146 |
|
|
|
| 147 |
|
|
$form['usernames'] = array(
|
| 148 |
|
|
'#type' => 'textarea',
|
| 149 |
|
|
'#title' => t('Drupal usernames to test !consumer_shortName authorizations results for. One per line.', $consumer_tokens),
|
| 150 |
|
|
'#default_value' => @$_SESSION['ldap_authorization_test_query']['usernames'] ,
|
| 151 |
|
|
'#cols' => 50,
|
| 152 |
|
|
'#rows' => 6,
|
| 153 |
|
|
'#description' => '',
|
| 154 |
|
|
);
|
| 155 |
|
|
|
| 156 |
|
|
$form['random_users'] = array(
|
| 157 |
|
|
'#type' => 'checkbox',
|
| 158 |
|
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['random_users'],
|
| 159 |
|
|
'#title' => t('Use 10 random users', $consumer_tokens),
|
| 160 |
|
|
);
|
| 161 |
|
|
|
| 162 |
|
|
$form['execute_authorizations'] = array(
|
| 163 |
|
|
'#type' => 'checkbox',
|
| 164 |
|
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['execute_authorizations'],
|
| 165 |
|
|
'#title' => t('Actually grant or revoke example authorizations.
|
| 166 |
|
|
This will grant and revoke based on the ldap authorization configuration
|
| 167 |
|
|
options such as whether to revoke or regrant manually applied authorizations.
|
| 168 |
|
|
Try with this unchecked first, then check to see how authorizations are applied.', $consumer_tokens),
|
| 169 |
|
|
);
|
| 170 |
|
|
|
| 171 |
|
|
$form['user_data_clear'] = array(
|
| 172 |
|
|
'#type' => 'checkbox',
|
| 173 |
|
|
'#default_value' => @$_SESSION['ldap_authorization_test_form']['user_data_clear'],
|
| 174 |
|
|
'#title' => t('Clear <pre>$user->data[ldap_authorization][<consumer type>]</pre> data for test users.', $consumer_tokens),
|
| 175 |
|
|
);
|
| 176 |
|
|
|
| 177 |
|
|
$form['submit'] = array(
|
| 178 |
|
|
'#type' => 'submit',
|
| 179 |
|
|
'#value' => 'test',
|
| 180 |
|
|
);
|
| 181 |
|
|
unset($_SESSION['ldap_authorization_test_query']);
|
| 182 |
|
|
return $form;
|
| 183 |
|
|
}
|
| 184 |
|
|
|
| 185 |
|
|
|
| 186 |
|
|
/**
|
| 187 |
|
|
* validate handler for the ldap_authorization_test
|
| 188 |
|
|
*/
|
| 189 |
|
|
function ldap_authorization_test_form_validate($form, &$form_state) {
|
| 190 |
|
|
|
| 191 |
|
|
$values = $form_state['values'];
|
| 192 |
|
|
if (!($values['usernames'] || $values['random_users'])) {
|
| 193 |
|
|
form_set_error('No options chosen', t('Usernames must be given or random users checked.'));
|
| 194 |
|
|
}
|
| 195 |
|
|
|
| 196 |
|
|
}
|
| 197 |
|
|
|
| 198 |
|
|
/**
|
| 199 |
|
|
* submit handler function for ldap_authorization_test
|
| 200 |
|
|
*/
|
| 201 |
|
|
|
| 202 |
|
|
|
| 203 |
|
|
function ldap_authorization_test_form_submit($form, &$form_state) {
|
| 204 |
|
|
$consumer_type = $form_state['values']['consumer_type'];
|
| 205 |
|
|
$consumer = ldap_authorization_get_consumer_object($consumer_type);
|
| 206 |
|
|
$consumer_tokens = ldap_authorization_tokens($consumer);
|
| 207 |
|
|
|
| 208 |
|
|
$results = array();
|
| 209 |
|
|
$users_listed = $array = preg_split('/[\n\r]+/', $form_state['values']['usernames']);
|
| 210 |
|
|
$random_users = array();
|
| 211 |
|
|
$_SESSION['ldap_authorization_test_query']['random_users'] = $form_state['values']['random_users'];
|
| 212 |
|
|
$_SESSION['ldap_authorization_test_query']['usernames'] = $form_state['values']['usernames'];
|
| 213 |
|
|
if ($form_state['values']['random_users']) { // add 10 random usernames to test
|
| 214 |
|
|
// not using user_load_multiple because need randomness outside of query
|
| 215 |
|
|
$select = db_select('users', 'u');
|
| 216 |
|
|
$select->fields('u');
|
| 217 |
|
|
|
| 218 |
|
|
try {
|
| 219 |
|
|
$random_users = $select->execute()->fetchAllAssoc('name', PDO::FETCH_ASSOC);
|
| 220 |
|
|
}
|
| 221 |
|
|
catch (Exception $e) {
|
| 222 |
|
|
drupal_set_message(t('db users query failed. Message = %message, query= %query',
|
| 223 |
|
|
array('%message' => $e->getMessage(), '%query' => $e->query_string)), 'error');
|
| 224 |
|
|
return "";
|
| 225 |
|
|
}
|
| 226 |
|
|
|
| 227 |
|
|
}
|
| 228 |
|
|
$user_names = array_unique(array_merge(array_keys($random_users), $users_listed));
|
| 229 |
|
|
$i = 0;
|
| 230 |
|
|
foreach ($user_names as $username) {
|
| 231 |
|
|
if ($username) {
|
| 232 |
|
|
if (!$user = user_load_by_name($username)) {
|
| 233 |
|
|
// if not existing user, create fake user assumed to be ldap authenticated
|
| 234 |
|
|
$user = new stdClass();
|
| 235 |
|
|
$user->name = $username;
|
| 236 |
|
|
$user->ldap_test = TRUE;
|
| 237 |
|
|
$user->ldap_authenticated = TRUE;
|
| 238 |
|
|
}
|
| 239 |
|
|
else {
|
| 240 |
|
|
if (function_exists('dpm')) {
|
| 241 |
|
|
dpm("user: $username"); dpm($user);
|
| 242 |
|
|
}
|
| 243 |
|
|
}
|
| 244 |
|
|
|
| 245 |
|
|
if ($form_state['values']['user_data_clear'] == 1) {
|
| 246 |
|
|
$user_data = $user->data;
|
| 247 |
|
|
unset($user_data['ldap_authorizations'][$consumer_type]);
|
| 248 |
|
|
$user = user_save($user, array('data' => $user_data));
|
| 249 |
|
|
}
|
| 250 |
|
|
|
| 251 |
|
|
$action = ($form_state['values']['execute_authorizations'] == 1) ? "test_query_set" : 'test_query';
|
| 252 |
|
|
list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, $action, $consumer_type, 'logon');
|
| 253 |
|
|
// remove authorizations from other consumer types
|
| 254 |
|
|
$results[$username] = array($consumer_type => $results[$username][$consumer_type]);
|
| 255 |
|
|
$i++;
|
| 256 |
|
|
if ($i == 10) {
|
| 257 |
|
|
break;
|
| 258 |
|
|
}
|
| 259 |
|
|
}
|
| 260 |
|
|
}
|
| 261 |
|
|
|
| 262 |
|
|
$table = theme('ldap_authorization_test_results', array('results' => $results, 'consumer' => $consumer, 'notifications' => $notifications));
|
| 263 |
|
|
$_SESSION['ldap_authorization_test_query']['result'] = $table;
|
| 264 |
|
|
$form_state['redirect'] = LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $consumer->consumerType;
|
| 265 |
|
|
|
| 266 |
|
|
} |
