-
Notifications
You must be signed in to change notification settings - Fork 30
/
API.php
168 lines (140 loc) · 4.73 KB
/
API.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\LoginLdap;
use Piwik\Common;
use Piwik\Piwik;
use Piwik\Plugins\LoginLdap\LdapInterop\UserSynchronizer;
use Piwik\Plugins\LoginLdap\Model\LdapUsers;
use Exception;
/**
*/
class API extends \Piwik\Plugin\API
{
/**
* The LdapUsers instance to use when executing LDAP logic regarding LDAP users.
*
* @var LdapUsers
*/
private $ldapUsers;
/**
* The UserSynchronizer instance to use when synchronizing users.
*
* @var UserSynchronizer
*/
private $userSynchronizer;
/**
* Constructor.
*/
public function __construct()
{
$this->ldapUsers = LdapUsers::makeConfigured();
$this->userSynchronizer = UserSynchronizer::makeConfigured();
}
/**
* Saves LoginLdap config.
*
* @param string $data JSON encoded config array.
* @return array
* @throws Exception if user does not have super access, if this is not a POST method or
* if JSON is not supplied.
*/
public function saveLdapConfig($data)
{
$this->checkHttpMethodIsPost();
Piwik::checkUserHasSuperUserAccess();
$data = json_decode(Common::unsanitizeInputValue($data), true);
Config::savePluginOptions($data);
return array('result' => 'success', 'message' => Piwik::translate("General_YourChangesHaveBeenSaved"));
}
/**
* Saves LDAP server config.
*
* @param string $data JSON encoded array w/ server info.
* @return array
* @throws Exception
*/
public function saveServersInfo($data)
{
$this->checkHttpMethodIsPost();
Piwik::checkUserHasSuperUserAccess();
$servers = json_decode(Common::unsanitizeInputValue($data), true);
Config::saveLdapServerConfigs($servers);
return array('result' => 'success', 'message' => Piwik::translate("General_YourChangesHaveBeenSaved"));
}
/**
* Returns count of users in LDAP that are member of a specific group of names. Uses a search
* filter with memberof=?.
*
* @param string $memberOf The group to check.
* @return int
* @throws Exception if the current user is not a Super User or something goes wrong with LDAP.
*/
public function getCountOfUsersMemberOf($memberOf)
{
Piwik::checkUserHasSuperUserAccess();
$memberOf = Common::unsanitizeInputValue($memberOf);
$memberOfField = Config::getRequiredMemberOfField();
return $this->ldapUsers->getCountOfUsersMatchingFilter("(" . $memberOfField . "=?)", array($memberOf));
}
/**
* Returns count of users in LDAP that match an LDAP filter. If the filter is incorrect,
* `null` is returned.
*
* @param string $filter The filter to match.
* @return int|null
* @throws Exception if the current user is not a Super User or something goes wrong with LDAP.
*/
public function getCountOfUsersMatchingFilter($filter)
{
Piwik::checkUserHasSuperUserAccess();
$filter = Common::unsanitizeInputValue($filter);
try {
return $this->ldapUsers->getCountOfUsersMatchingFilter($filter);
} catch (Exception $ex) {
if (stripos($ex->getMessage(), "Bad search filter") !== false) {
throw new Exception(Piwik::translate("LoginLdap_InvalidFilter"));
} else {
throw $ex;
}
}
}
/**
* Synchronizes a single user in LDAP. This method can be used by superusers to synchronize
* a user before (s)he logs in.
*
* @param string $login The login of the user.
* @throws Exception if the user cannot be found or a problem occurs during synchronization.
*/
public function synchronizeUser($login)
{
Piwik::checkUserHasSuperUserAccess();
$ldapUser = $this->ldapUsers->getUser($login);
if (empty($ldapUser)) {
throw new Exception(Piwik::translate('LoginLdap_UserNotFound', $login));
}
$this->userSynchronizer->synchronizeLdapUser($login, $ldapUser);
$this->userSynchronizer->synchronizePiwikAccessFromLdap($login, $ldapUser);
}
/**
* Get all the existing LDAP users from DB
*
* @return []
*/
public function getExistingLdapUsersFromDb()
{
Piwik::checkUserHasSuperUserAccess();
$ldapUsers = new LdapUsers();
return $ldapUsers->getExistingLdapUsersFromDb();
}
private function checkHttpMethodIsPost()
{
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
throw new Exception("Invalid HTTP method.");
}
}
}