From c0cc7bbfdfd3d63e1f44cf4addead1754f19fc36 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Jun 2013 13:26:25 -0700 Subject: [PATCH] Provide `bin/auth ldap` for LDAP diagnostics Summary: Ref T1536. Test Plan: Ran `bin/auth ldap`. Reviewers: mbishopim3, chad Reviewed By: mbishopim3 CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6218 --- scripts/setup/manage_auth.php | 3 +- src/__phutil_library_map__.php | 2 + .../PhabricatorAuthManagementLDAPWorkflow.php | 71 +++++++++++++++++++ .../auth/provider/PhabricatorAuthProvider.php | 45 ++++++------ 4 files changed, 100 insertions(+), 21 deletions(-) create mode 100644 src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php diff --git a/scripts/setup/manage_auth.php b/scripts/setup/manage_auth.php index acace43163..5eddff97ca 100755 --- a/scripts/setup/manage_auth.php +++ b/scripts/setup/manage_auth.php @@ -15,7 +15,8 @@ EOSYNOPSIS $args->parseStandardArguments(); $workflows = array( - new PhabricatorAuthManagementListWorkflow(), + new PhabricatorAuthManagementRecoverWorkflow(), + new PhabricatorAuthManagementLDAPWorkflow(), new PhutilHelpArgumentWorkflow(), ); diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index a56036d494..64e43cba3f 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -823,6 +823,7 @@ phutil_register_library_map(array( 'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php', 'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php', 'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php', + 'PhabricatorAuthManagementLDAPWorkflow' => 'applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php', 'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php', 'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php', 'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php', @@ -2707,6 +2708,7 @@ phutil_register_library_map(array( 1 => 'PhabricatorApplicationSearchResultsControllerInterface', ), 'PhabricatorAuthLoginController' => 'PhabricatorAuthController', + 'PhabricatorAuthManagementLDAPWorkflow' => 'PhabricatorAuthManagementWorkflow', 'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow', 'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow', 'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController', diff --git a/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php new file mode 100644 index 0000000000..a390d11d79 --- /dev/null +++ b/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php @@ -0,0 +1,71 @@ +setName('ldap') + ->setExamples('**ldap**') + ->setSynopsis( + pht('Analyze and diagnose issues with LDAP configuration.')); + } + + public function execute(PhutilArgumentParser $args) { + $console = PhutilConsole::getConsole(); + $console->getServer()->setEnableLog(true); + + $provider = new PhabricatorAuthProviderLDAP(); + if (!$provider->isEnabled()) { + $console->writeOut( + "%s\n", + "The LDAP authentication provider is not enabled."); + exit(1); + } + + if (!function_exists('ldap_connect')) { + $console->writeOut( + "%s\n", + "The LDAP extension is not enabled."); + exit(1); + } + + $adapter = $provider->getAdapter(); + $adapter->setConsole($console); + + $console->writeOut("%s\n", pht('LDAP CONFIGURATION')); + $adapter->printConfiguration(); + + $console->writeOut("%s\n", pht('Enter LDAP Credentials')); + $username = phutil_console_prompt("LDAP Username: "); + if (!strlen($username)) { + throw new PhutilArgumentUsageException( + pht("You must enter an LDAP username.")); + } + + phutil_passthru('stty -echo'); + $password = phutil_console_prompt("LDAP Password: "); + phutil_passthru('stty echo'); + + if (!strlen($password)) { + throw new PhutilArgumentUsageException( + pht("You must enter an LDAP password.")); + } + + $adapter->setLoginUsername($username); + $adapter->setLoginPassword(new PhutilOpaqueEnvelope($password)); + + $console->writeOut("\n"); + $console->writeOut("%s\n", pht('Connecting to LDAP...')); + + $account_id = $adapter->getAccountID(); + if ($account_id) { + $console->writeOut("%s\n", pht('Found LDAP Account: %s', $account_id)); + } else { + $console->writeOut("%s\n", pht('Unable to find LDAP account!')); + } + + return 0; + } + +} diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php index 5bbc7d3c20..aeb3a6dfdf 100644 --- a/src/applications/auth/provider/PhabricatorAuthProvider.php +++ b/src/applications/auth/provider/PhabricatorAuthProvider.php @@ -180,28 +180,33 @@ abstract class PhabricatorAuthProvider { $account->setEmail($adapter->getAccountEmail()); $account->setAccountURI($adapter->getAccountURI()); - try { - $name = PhabricatorSlug::normalize($this->getProviderName()); - $name = $name.'-profile.jpg'; + $account->setProfileImagePHID(null); + $image_uri = $adapter->getAccountImageURI(); + if ($image_uri) { + try { + $name = PhabricatorSlug::normalize($this->getProviderName()); + $name = $name.'-profile.jpg'; - // TODO: If the image has not changed, we do not need to make a new - // file entry for it, but there's no convenient way to do this with - // PhabricatorFile right now. The storage will get shared, so the impact - // here is negligible. + // TODO: If the image has not changed, we do not need to make a new + // file entry for it, but there's no convenient way to do this with + // PhabricatorFile right now. The storage will get shared, so the impact + // here is negligible. + $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); + $image_file = PhabricatorFile::newFromFileDownload( + $image_uri, + array( + 'name' => $name, + )); + unset($unguarded); - $image_uri = $adapter->getAccountImageURI(); - - $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); - $image_file = PhabricatorFile::newFromFileDownload( - $image_uri, - array( - 'name' => $name, - )); - unset($unguarded); - - $account->setProfileImagePHID($image_file->getPHID()); - } catch (Exception $ex) { - $account->setProfileImagePHID(null); + if ($image_file) { + $account->setProfileImagePHID($image_file->getPHID()); + } + } catch (Exception $ex) { + // Log this but proceed, it's not especially important that we + // be able to pull profile images. + phlog($ex); + } } $this->willSaveAccount($account);