diff --git a/src/Adapter/Ldap.php b/src/Adapter/Ldap.php index 7b991a1..d42c61e 100644 --- a/src/Adapter/Ldap.php +++ b/src/Adapter/Ldap.php @@ -22,14 +22,11 @@ namespace Zend\Authentication\Adapter; use Zend\Authentication\Adapter as AuthenticationAdapter, - Zend\Authentication\Result as AuthenticationResult; + Zend\Authentication\Result as AuthenticationResult, + Zend\Ldap as ZendLdap, + Zend\Ldap\Exception\LdapException; /** - * @uses Zend\Authentication\Adapter\Exception - * @uses Zend\Authentication\Adapter - * @uses Zend\Ldap\Ldap - * @uses Zend\Ldap\Exception - * @uses Zend\Ldap\Filter * @category Zend * @package Zend_Authentication * @subpackage Adapter @@ -40,44 +37,44 @@ class Ldap implements AuthenticationAdapter { /** - * The Zend_Ldap context. + * The Zend\Ldap\Ldap context. * - * @var Zend_Ldap + * @var ZendLdap\Ldap */ - protected $_ldap = null; + protected $ldap = null; /** - * The array of arrays of Zend_Ldap options passed to the constructor. + * The array of arrays of Zend\Ldap\Ldap options passed to the constructor. * * @var array */ - protected $_options = null; + protected $options = null; /** * The username of the account being authenticated. * * @var string */ - protected $_username = null; + protected $username = null; /** * The password of the account being authenticated. * * @var string */ - protected $_password = null; + protected $password = null; /** * The DN of the authenticated account. Used to retrieve the account entry on request. * * @var string */ - protected $_authenticatedDn = null; + protected $authenticatedDn = null; /** * Constructor * - * @param array $options An array of arrays of Zend_Ldap options + * @param array $options An array of arrays of Zend\Ldap\Ldap options * @param string $username The username of the account being authenticated * @param string $password The password of the account being authenticated * @return void @@ -94,25 +91,25 @@ public function __construct(array $options = array(), $username = null, $passwor } /** - * Returns the array of arrays of Zend_Ldap options of this adapter. + * Returns the array of arrays of Zend\Ldap\Ldap options of this adapter. * * @return array|null */ public function getOptions() { - return $this->_options; + return $this->options; } /** - * Sets the array of arrays of Zend_Ldap options to be used by + * Sets the array of arrays of Zend\Ldap\Ldap options to be used by * this adapter. * - * @param array $options The array of arrays of Zend_Ldap options - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @param array $options The array of arrays of Zend\Ldap\Ldap options + * @return Ldap Provides a fluent interface */ public function setOptions($options) { - $this->_options = is_array($options) ? $options : array(); + $this->options = is_array($options) ? $options : array(); return $this; } @@ -124,18 +121,18 @@ public function setOptions($options) */ public function getUsername() { - return $this->_username; + return $this->username; } /** * Sets the username for binding * * @param string $username The username for binding - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @return Ldap Provides a fluent interface */ public function setUsername($username) { - $this->_username = (string) $username; + $this->username = (string) $username; return $this; } @@ -147,18 +144,18 @@ public function setUsername($username) */ public function getPassword() { - return $this->_password; + return $this->password; } /** - * Sets the passwort for the account + * Sets the password for the account * * @param string $password The password of the account being authenticated - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @return Ldap Provides a fluent interface */ public function setPassword($password) { - $this->_password = (string) $password; + $this->password = (string) $password; return $this; } @@ -170,7 +167,7 @@ public function setPassword($password) * Closes ZF-6813 * * @param string $identity - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @return Ldap Provides a fluent interface */ public function setIdentity($identity) { @@ -185,7 +182,7 @@ public function setIdentity($identity) * Closes ZF-6813 * * @param string $credential - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @return Ldap Provides a fluent interface */ public function setCredential($credential) { @@ -195,26 +192,26 @@ public function setCredential($credential) /** * Returns the LDAP Object * - * @return Zend_Ldap The Zend_Ldap object used to authenticate the credentials + * @return ZendLdap\Ldap The Zend\Ldap\Ldap object used to authenticate the credentials */ public function getLdap() { - if ($this->_ldap === null) { - $this->_ldap = new \Zend\Ldap\Ldap(); + if ($this->ldap === null) { + $this->ldap = new ZendLdap\Ldap(); } - return $this->_ldap; + return $this->ldap; } /** * Set an Ldap connection * - * @param Zend_Ldap $ldap An existing Ldap object - * @return Zend\Authentication\Adapter\Ldap Provides a fluent interface + * @param ZendLdap\Ldap $ldap An existing Ldap object + * @return Ldap Provides a fluent interface */ - public function setLdap(\Zend\Ldap\Ldap $ldap) + public function setLdap(ZendLdap\Ldap $ldap) { - $this->_ldap = $ldap; + $this->ldap = $ldap; $this->setOptions(array($ldap->getOptions())); @@ -227,7 +224,7 @@ public function setLdap(\Zend\Ldap\Ldap $ldap) * * @return string */ - protected function _getAuthorityName() + protected function getAuthorityName() { $options = $this->getLdap()->getOptions(); $name = $options['accountDomainName']; @@ -239,8 +236,8 @@ protected function _getAuthorityName() /** * Authenticate the user * - * @throws Zend\Authentication\Adapter\Exception * @return Zend\Authentication\Result + * @throws Zend\Authentication\Adapter\Exception */ public function authenticate() { @@ -248,8 +245,8 @@ public function authenticate() $messages[0] = ''; // reserved $messages[1] = ''; // reserved - $username = $this->_username; - $password = $this->_password; + $username = $this->username; + $password = $this->password; if (!$username) { $code = AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND; @@ -274,21 +271,21 @@ public function authenticate() /* Iterate through each server and try to authenticate the supplied * credentials against it. */ - foreach ($this->_options as $name => $options) { + foreach ($this->options as $name => $options) { if (!is_array($options)) { throw new InvalidArgumentException('Adapter options array not an array'); } - $adapterOptions = $this->_prepareOptions($ldap, $options); + $adapterOptions = $this->prepareOptions($ldap, $options); $dname = ''; try { if ($messages[1]) $messages[] = $messages[1]; $messages[1] = ''; - $messages[] = $this->_optionsToString($options); + $messages[] = $this->optionsToString($options); - $dname = $this->_getAuthorityName(); + $dname = $this->getAuthorityName(); if (isset($failedAuthorities[$dname])) { /* If multiple sets of server options for the same domain * are supplied, we want to skip redundant authentications @@ -309,7 +306,7 @@ public function authenticate() * Fixes problem when authenticated user is not allowed to retrieve * group-membership information or own account. * This requires that the user specified with "username" and optionally - * "password" in the Zend_Ldap options is able to retrieve the required + * "password" in the Zend\Ldap\Ldap options is able to retrieve the required * information. */ $requireRebind = false; @@ -317,11 +314,11 @@ public function authenticate() $ldap->bind(); $requireRebind = true; } - $dn = $ldap->getCanonicalAccountName($canonicalName, \Zend\Ldap\Ldap::ACCTNAME_FORM_DN); + $dn = $ldap->getCanonicalAccountName($canonicalName, ZendLdap\Ldap::ACCTNAME_FORM_DN); - $groupResult = $this->_checkGroupMembership($ldap, $canonicalName, $dn, $adapterOptions); + $groupResult = $this->checkGroupMembership($ldap, $canonicalName, $dn, $adapterOptions); if ($groupResult === true) { - $this->_authenticatedDn = $dn; + $this->authenticatedDn = $dn; $messages[0] = ''; $messages[1] = ''; $messages[] = "$canonicalName authentication successful"; @@ -335,7 +332,7 @@ public function authenticate() $messages[1] = $groupResult; $failedAuthorities[$dname] = $groupResult; } - } catch (\Zend\Ldap\Exception $zle) { + } catch (LdapException $zle) { /* LDAP based authentication is notoriously difficult to diagnose. Therefore * we bend over backwards to capture and record every possible bit of @@ -344,18 +341,18 @@ public function authenticate() $err = $zle->getCode(); - if ($err == \Zend\Ldap\Exception::LDAP_X_DOMAIN_MISMATCH) { + if ($err == LdapException::LDAP_X_DOMAIN_MISMATCH) { /* This error indicates that the domain supplied in the * username did not match the domains in the server options * and therefore we should just skip to the next set of * server options. */ continue; - } else if ($err == \Zend\Ldap\Exception::LDAP_NO_SUCH_OBJECT) { + } else if ($err == LdapException::LDAP_NO_SUCH_OBJECT) { $code = AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND; $messages[0] = "Account not found: $username"; $failedAuthorities[$dname] = $zle->getMessage(); - } else if ($err == \Zend\Ldap\Exception::LDAP_INVALID_CREDENTIALS) { + } else if ($err == LdapException::LDAP_INVALID_CREDENTIALS) { $code = AuthenticationResult::FAILURE_CREDENTIAL_INVALID; $messages[0] = 'Invalid credentials'; $failedAuthorities[$dname] = $zle->getMessage(); @@ -380,18 +377,18 @@ public function authenticate() } /** - * Sets the LDAP specific options on the Zend_Ldap instance + * Sets the LDAP specific options on the Zend\Ldap\Ldap instance * - * @param Zend_Ldap $ldap - * @param array $options + * @param ZendLdap\Ldap $ldap + * @param array $options * @return array of auth-adapter specific options */ - protected function _prepareOptions(\Zend\Ldap\Ldap $ldap, array $options) + protected function prepareOptions(ZendLdap\Ldap $ldap, array $options) { $adapterOptions = array( 'group' => null, 'groupDn' => $ldap->getBaseDn(), - 'groupScope' => \Zend\Ldap\Ldap::SEARCH_SCOPE_SUB, + 'groupScope' => ZendLdap\Ldap::SEARCH_SCOPE_SUB, 'groupAttr' => 'cn', 'groupFilter' => 'objectClass=groupOfUniqueNames', 'memberAttr' => 'uniqueMember', @@ -404,8 +401,8 @@ protected function _prepareOptions(\Zend\Ldap\Ldap $ldap, array $options) switch ($key) { case 'groupScope': $value = (int)$value; - if (in_array($value, array(\Zend\Ldap\Ldap::SEARCH_SCOPE_BASE, - \Zend\Ldap\Ldap::SEARCH_SCOPE_ONE, \Zend\Ldap\Ldap::SEARCH_SCOPE_SUB), true)) { + if (in_array($value, array(ZendLdap\Ldap::SEARCH_SCOPE_BASE, + ZendLdap\Ldap::SEARCH_SCOPE_ONE, ZendLdap\Ldap::SEARCH_SCOPE_SUB), true)) { $adapterOptions[$key] = $value; } break; @@ -426,13 +423,13 @@ protected function _prepareOptions(\Zend\Ldap\Ldap $ldap, array $options) /** * Checks the group membership of the bound user * - * @param Zend_Ldap $ldap - * @param string $canonicalName - * @param string $dn - * @param array $adapterOptions + * @param ZendLdap\Ldap $ldap + * @param string $canonicalName + * @param string $dn + * @param array $adapterOptions * @return string|true */ - protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, $dn, array $adapterOptions) + protected function checkGroupMembership(ZendLdap\Ldap $ldap, $canonicalName, $dn, array $adapterOptions) { if ($adapterOptions['group'] === null) { return true; @@ -444,9 +441,9 @@ protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, $user = $dn; } - $groupName = \Zend\Ldap\Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']); - $membership = \Zend\Ldap\Filter::equals($adapterOptions['memberAttr'], $user); - $group = \Zend\Ldap\Filter::andFilter($groupName, $membership); + $groupName = ZendLdap\Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']); + $membership = ZendLdap\Filter::equals($adapterOptions['memberAttr'], $user); + $group = ZendLdap\Filter::andFilter($groupName, $membership); $groupFilter = $adapterOptions['groupFilter']; if (!empty($groupFilter)) { $group = $group->addAnd($groupFilter); @@ -464,7 +461,7 @@ protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, /** * getAccountObject() - Returns the result entry as a stdClass object * - * This resembles the feature {@see Zend_Auth_Adapter_DbTable::getResultRowObject()}. + * This resembles the feature {@see Zend\Authentication\Adapter\DbTable::getResultRowObject()}. * Closes ZF-6813 * * @param array $returnAttribs @@ -473,7 +470,7 @@ protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, */ public function getAccountObject(array $returnAttribs = array(), array $omitAttribs = array()) { - if (!$this->_authenticatedDn) { + if (!$this->authenticatedDn) { return false; } @@ -481,7 +478,7 @@ public function getAccountObject(array $returnAttribs = array(), array $omitAttr $omitAttribs = array_map('strtolower', $omitAttribs); - $entry = $this->getLdap()->getEntry($this->_authenticatedDn, $returnAttribs, true); + $entry = $this->getLdap()->getEntry($this->authenticatedDn, $returnAttribs, true); foreach ($entry as $attr => $value) { if (in_array($attr, $omitAttribs)) { // skip attributes marked to be omitted @@ -502,7 +499,7 @@ public function getAccountObject(array $returnAttribs = array(), array $omitAttr * @param array $options * @return string */ - private function _optionsToString(array $options) + private function optionsToString(array $options) { $str = ''; foreach ($options as $key => $val) { diff --git a/test/Adapter/Ldap/OfflineTest.php b/test/Adapter/Ldap/OfflineTest.php index c872fe4..08a2446 100644 --- a/test/Adapter/Ldap/OfflineTest.php +++ b/test/Adapter/Ldap/OfflineTest.php @@ -21,6 +21,9 @@ namespace ZendTest\Auth\Adapter\Ldap; +use Zend\Authentication\Adapter, + Zend\Ldap; + /** * @category Zend * @package Zend_Auth @@ -34,20 +37,20 @@ class OfflineTest extends \PHPUnit_Framework_TestCase /** * Authentication adapter instance * - * @var Zend_Auth_Adapter_Ldap + * @var Adapter\Ldap */ - protected $_adapter = null; + protected $adapter = null; /** * Setup operations run prior to each test method: * - * * Creates an instance of Zend\\Auth\\Adapter\\Ldap + * * Creates an instance of Zend\Authentication\Adapter\Ldap * * @return void */ public function setUp() { - $this->_adapter = new \Zend\Authentication\Adapter\Ldap(); + $this->adapter = new Adapter\Ldap(); } public function testGetSetLdap() @@ -55,24 +58,24 @@ public function testGetSetLdap() if (!extension_loaded('ldap')) { $this->markTestSkipped('LDAP is not enabled'); } - $this->_adapter->setLdap(new \Zend\Ldap\Ldap()); - $this->assertInstanceOf('Zend\Ldap\Ldap', $this->_adapter->getLdap()); + $this->adapter->setLdap(new Ldap\Ldap()); + $this->assertInstanceOf('Zend\Ldap\Ldap', $this->adapter->getLdap()); } public function testUsernameIsNullIfNotSet() { - $this->assertNull($this->_adapter->getUsername()); + $this->assertNull($this->adapter->getUsername()); } public function testPasswordIsNullIfNotSet() { - $this->assertNull($this->_adapter->getPassword()); + $this->assertNull($this->adapter->getPassword()); } public function testSetAndGetUsername() { $usernameExpected = 'someUsername'; - $usernameActual = $this->_adapter->setUsername($usernameExpected) + $usernameActual = $this->adapter->setUsername($usernameExpected) ->getUsername(); $this->assertSame($usernameExpected, $usernameActual); } @@ -80,7 +83,7 @@ public function testSetAndGetUsername() public function testSetAndGetPassword() { $passwordExpected = 'somePassword'; - $passwordActual = $this->_adapter->setPassword($passwordExpected) + $passwordActual = $this->adapter->setPassword($passwordExpected) ->getPassword(); $this->assertSame($passwordExpected, $passwordActual); } @@ -88,7 +91,7 @@ public function testSetAndGetPassword() public function testSetIdentityProxiesToSetUsername() { $usernameExpected = 'someUsername'; - $usernameActual = $this->_adapter->setIdentity($usernameExpected) + $usernameActual = $this->adapter->setIdentity($usernameExpected) ->getUsername(); $this->assertSame($usernameExpected, $usernameActual); } @@ -96,7 +99,7 @@ public function testSetIdentityProxiesToSetUsername() public function testSetCredentialProxiesToSetPassword() { $passwordExpected = 'somePassword'; - $passwordActual = $this->_adapter->setCredential($passwordExpected) + $passwordActual = $this->adapter->setCredential($passwordExpected) ->getPassword(); $this->assertSame($passwordExpected, $passwordActual); } diff --git a/test/Adapter/Ldap/OnlineTest.php b/test/Adapter/Ldap/OnlineTest.php index d66e34c..c3d34bc 100644 --- a/test/Adapter/Ldap/OnlineTest.php +++ b/test/Adapter/Ldap/OnlineTest.php @@ -21,9 +21,9 @@ namespace ZendTest\Auth\Adapter\Ldap; -use Zend_Ldap, +use Zend\Authentication, Zend\Authentication\Adapter, - Zend\Authentication; + Zend\Ldap; /** * @category Zend @@ -40,47 +40,47 @@ class OnlineTest extends \PHPUnit_Framework_TestCase * * @var array */ - protected $_options = array(); + protected $options = array(); /** * @var array */ - protected $_names = array(); + protected $names = array(); public function setUp() { if (!constant('TESTS_ZEND_AUTH_ADAPTER_LDAP_ONLINE_ENABLED')) { $this->markTestSkipped('LDAP online tests are not enabled'); } - $this->_options = array( + $this->options = array( 'host' => TESTS_ZEND_LDAP_HOST, 'username' => TESTS_ZEND_LDAP_USERNAME, 'password' => TESTS_ZEND_LDAP_PASSWORD, 'baseDn' => TESTS_ZEND_LDAP_BASE_DN, ); if (defined('TESTS_ZEND_LDAP_PORT')) - $this->_options['port'] = TESTS_ZEND_LDAP_PORT; + $this->options['port'] = TESTS_ZEND_LDAP_PORT; if (defined('TESTS_ZEND_LDAP_USE_START_TLS')) - $this->_options['useStartTls'] = TESTS_ZEND_LDAP_USE_START_TLS; + $this->options['useStartTls'] = TESTS_ZEND_LDAP_USE_START_TLS; if (defined('TESTS_ZEND_LDAP_USE_SSL')) - $this->_options['useSsl'] = TESTS_ZEND_LDAP_USE_SSL; + $this->options['useSsl'] = TESTS_ZEND_LDAP_USE_SSL; if (defined('TESTS_ZEND_LDAP_BIND_REQUIRES_DN')) - $this->_options['bindRequiresDn'] = TESTS_ZEND_LDAP_BIND_REQUIRES_DN; + $this->options['bindRequiresDn'] = TESTS_ZEND_LDAP_BIND_REQUIRES_DN; if (defined('TESTS_ZEND_LDAP_ACCOUNT_FILTER_FORMAT')) - $this->_options['accountFilterFormat'] = TESTS_ZEND_LDAP_ACCOUNT_FILTER_FORMAT; + $this->options['accountFilterFormat'] = TESTS_ZEND_LDAP_ACCOUNT_FILTER_FORMAT; if (defined('TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME')) - $this->_options['accountDomainName'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME; + $this->options['accountDomainName'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME; if (defined('TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT')) - $this->_options['accountDomainNameShort'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT; + $this->options['accountDomainNameShort'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT; if (defined('TESTS_ZEND_LDAP_ALT_USERNAME')) { - $this->_names[\Zend\Ldap\Ldap::ACCTNAME_FORM_USERNAME] = TESTS_ZEND_LDAP_ALT_USERNAME; + $this->names[Ldap\Ldap::ACCTNAME_FORM_USERNAME] = TESTS_ZEND_LDAP_ALT_USERNAME; if (defined('TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME')) { - $this->_names[\Zend\Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL] = + $this->names[Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL] = TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME; } if (defined('TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT')) { - $this->_names[\Zend\Ldap\Ldap::ACCTNAME_FORM_BACKSLASH] = + $this->names[Ldap\Ldap::ACCTNAME_FORM_BACKSLASH] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME; } } @@ -89,7 +89,7 @@ public function setUp() public function testSimpleAuth() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), TESTS_ZEND_LDAP_ALT_USERNAME, TESTS_ZEND_LDAP_ALT_PASSWORD ); @@ -109,12 +109,12 @@ public function testCanonAuth() * (e.g. authenticate with uname@example.com but getIdentity() returns * EXAMPLE\uname). A total of 9 authentications are performed. */ - foreach ($this->_names as $form => $formName) { - $options = $this->_options; + foreach ($this->names as $form => $formName) { + $options = $this->options; $options['accountCanonicalForm'] = $form; $adapter = new Adapter\Ldap(array($options)); $adapter->setPassword(TESTS_ZEND_LDAP_ALT_PASSWORD); - foreach ($this->_names as $username) { + foreach ($this->names as $username) { $adapter->setUsername($username); $result = $adapter->authenticate(); $this->assertTrue($result instanceof Authentication\Result); @@ -128,7 +128,7 @@ public function testCanonAuth() public function testInvalidPassAuth() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), TESTS_ZEND_LDAP_ALT_USERNAME, 'invalid' ); @@ -142,7 +142,7 @@ public function testInvalidPassAuth() public function testInvalidUserAuth() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), 'invalid', 'doesntmatter' ); @@ -159,7 +159,7 @@ public function testInvalidUserAuth() public function testMismatchDomainAuth() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), 'EXAMPLE\\doesntmatter', 'doesntmatter' ); @@ -175,7 +175,7 @@ public function testMismatchDomainAuth() public function testAccountObjectRetrieval() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), TESTS_ZEND_LDAP_ALT_USERNAME, TESTS_ZEND_LDAP_ALT_PASSWORD ); @@ -191,7 +191,7 @@ public function testAccountObjectRetrieval() public function testAccountObjectRetrievalWithOmittedAttributes() { $adapter = new Adapter\Ldap( - array($this->_options), + array($this->options), TESTS_ZEND_LDAP_ALT_USERNAME, TESTS_ZEND_LDAP_ALT_PASSWORD );