diff --git a/.gitignore b/.gitignore
index a47460047af34a4d26d521bacc1cfa163414722f..84558c9e883637214bf1f2aff7e1c8002c04b140 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,9 @@
.vendor/
.composer.lock
+filelist
+phpstan.neon
+.idea/fusiondirectory-orchestrator.iml
+.idea/modules.xml
+.idea/php.xml
+.idea/vcs.xml
+.idea/codeStyles/codeStyleConfig.xml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e8490204358361b38352d4ec1007746821836a0..8356ce6846381f9e3c7468d37ef7544cad397830 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -93,10 +93,3 @@ trigger-ci-ubuntu-focal:
project: ubuntu/focal-fusiondirectory-orchestrator-dev
branch: "main"
-trigger-ci-centos-7:
- stage: trigger
- only:
- - dev
- trigger:
- project: centos/centos7-fusiondirectory-orchestrator-dev
- branch: "main"
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100755
index 0000000000000000000000000000000000000000..13566b81b018ad684f3a35fee301741b2734c8f4
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/library/TaskController.php b/library/TaskController.php
index 849f5b65c2971b92097a9098e764bcca0987b2cb..2b4ddf358822be6d5f43bc08220b66007114b39f 100644
--- a/library/TaskController.php
+++ b/library/TaskController.php
@@ -55,7 +55,7 @@ class TaskController
switch ($objectType) {
case $objectType:
if (class_exists($objectType)) {
- $endpoint = new $objectType;
+ $endpoint = new $objectType($this->gateway);
$result = $endpoint->processEndPointGet();
}
break;
diff --git a/library/Utils.php b/library/Utils.php
deleted file mode 100644
index 1c132ac73f44b941c4f5e6ba98dc97bb771713a7..0000000000000000000000000000000000000000
--- a/library/Utils.php
+++ /dev/null
@@ -1,85 +0,0 @@
-<?php
-
-class Utils
-{
- private function __construct ()
- {
- }
-
- /**
- * @param array $array
- * @return array
- * Note : Recursively filters out empty values and arrays at any depth.
- */
- public static function recursiveArrayFilter (array $array): array
- {
- // First filter the array for non-empty elements
- $filtered = array_filter($array, function ($item) {
- if (is_array($item)) {
- // Recursively filter the sub-array
- $item = self::recursiveArrayFilter($item);
- // Only retain non-empty arrays
- return !empty($item);
- } else {
- // Retain non-empty scalar values
- return !empty($item);
- }
- });
-
- return $filtered;
- }
-
- /**
- * Find matching keys between 2 lists.
- *
- * @param array|null $elements
- * @param array $keys
- * @return array
- */
- public static function findMatchingKeys (?array $elements, array $keys): array
- {
- $matching = [];
-
- if (!empty($elements)) {
- foreach ($elements as $element) {
- foreach ($keys as $key) {
- if (!empty($element) && array_key_exists($key, $element)) {
- $matching[] = $key;
- }
- }
- }
- }
-
- return $matching;
- }
-
- /**
- * @param $array
- * @return array
- * Note : simply return all values of a multi-dimensional array.
- */
- public static function getArrayValuesRecursive ($array)
- {
- $values = [];
- foreach ($array as $value) {
- if (is_array($value)) {
- // If value is an array, merge its values recursively
- $values = array_merge($values, self::getArrayValuesRecursive($value));
- } else {
- // If value is not an array, add it to the result
- $values[] = $value;
- }
- }
- return $values;
- }
-
- /**
- * @param string $text
- * @return string
- * Note : This come from jwtToken, as it is completely private - it is cloned here for now.
- */
- public static function base64urlEncode (string $text): string
- {
- return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text));
- }
-}
\ No newline at end of file
diff --git a/library/plugins/MailUtils.php b/library/plugins/MailUtils.php
new file mode 100644
index 0000000000000000000000000000000000000000..87f4c6420bcd265b82ffb32d511bd63f66d79422
--- /dev/null
+++ b/library/plugins/MailUtils.php
@@ -0,0 +1,34 @@
+<?php
+
+class MailUtils
+{
+ public function __construct ()
+ {
+ }
+
+ public function sendMail ($setFrom, $setBCC, $recipients, $body, $signature, $subject, $receipt, $attachments)
+ {
+ $mail_controller = new \FusionDirectory\Mail\MailLib($setFrom,
+ $setBCC,
+ $recipients,
+ $body,
+ $signature,
+ $subject,
+ $receipt,
+ $attachments);
+
+ return $mail_controller->sendMail();
+ }
+
+ /**
+ * @return array
+ * Note : A simple retrieval methods of the mail backend configuration set in FusionDirectory
+ */
+ public function getMailObjectConfiguration (TaskGateway $gateway): array
+ {
+ return $gateway->getLdapTasks(
+ "(objectClass=fdTasksConf)",
+ ["fdTasksConfLastExecTime", "fdTasksConfIntervalEmails", "fdTasksConfMaxEmails"]
+ );
+ }
+}
\ No newline at end of file
diff --git a/library/TokenUtils.php b/library/plugins/ReminderTokenUtils.php
similarity index 78%
rename from library/TokenUtils.php
rename to library/plugins/ReminderTokenUtils.php
index 8552514794e1d306864fbd93aab825d67caaa9d1..bb08d24552400a9edf615d4120908ddb4986fa04 100644
--- a/library/TokenUtils.php
+++ b/library/plugins/ReminderTokenUtils.php
@@ -1,8 +1,8 @@
<?php
-class TokenUtils
+class ReminderTokenUtils
{
- private function __construct ()
+ public function __construct ()
{
}
@@ -12,7 +12,7 @@ class TokenUtils
* @return string
* @throws Exception
*/
- public static function generateToken (string $userDN, int $timeStamp, TaskGateway $gateway): string
+ public function generateToken (string $userDN, int $timeStamp, TaskGateway $gateway): string
{
$token = NULL;
// Salt has been generated with APG.
@@ -25,10 +25,10 @@ class TokenUtils
$token_hmac = hash_hmac("sha256", $time . $payload, $_ENV["SECRET_KEY"], TRUE);
// We need to have a token allowed to be used within an URL.
- $token = Utils::base64urlEncode($token_hmac);
+ $token = $this->base64urlEncode($token_hmac);
// Save token within LDAP
- self::saveTokenInLdap($userDN, $token, $timeStamp, $gateway);
+ $this->saveTokenInLdap($userDN, $token, $timeStamp, $gateway);
return $token;
}
@@ -41,7 +41,7 @@ class TokenUtils
* @return bool
* @throws Exception
*/
- public static function saveTokenInLdap (string $userDN, string $token, int $days, TaskGateway $gateway): bool
+ private function saveTokenInLdap (string $userDN, string $token, int $days, TaskGateway $gateway): bool
{
$result = FALSE;
@@ -64,17 +64,17 @@ class TokenUtils
// Verify if token ou branch exists
- if (!self::tokenBranchExist('ou=tokens' . ',' . $_ENV["LDAP_BASE"], $gateway)) {
+ if (!$this->tokenBranchExist('ou=tokens' . ',' . $_ENV["LDAP_BASE"], $gateway)) {
// Create the branch
- self::createBranchToken($gateway);
+ $this->createBranchToken($gateway);
}
// The user token DN creation
$userTokenDN = 'cn=' . $uid . ',ou=tokens' . ',' . $_ENV["LDAP_BASE"];
// Verify if a token already exists for specified user and remove it to create new one correctly.
- if (self::tokenBranchExist($userTokenDN, $gateway)) {
+ if ($this->tokenBranchExist($userTokenDN, $gateway)) {
// Remove the user token
- self::removeUserToken($userTokenDN, $gateway);
+ $this->removeUserToken($userTokenDN, $gateway);
}
// Add token to LDAP for specific UID
@@ -95,7 +95,7 @@ class TokenUtils
* @return int
* Note : Simply return the difference between first and second call. (First call can be null).
*/
- public static function getTokenExpiration (int $subTaskCall, int $firstCall, int $secondCall): int
+ public function getTokenExpiration (int $subTaskCall, int $firstCall, int $secondCall): int
{
// if firstCall is empty, secondCall is the timestamp expiry for the token.
$result = $secondCall;
@@ -115,7 +115,7 @@ class TokenUtils
* @return void
* Note : Simply remove the token for specific user DN
*/
- public static function removeUserToken ($userTokenDN, TaskGateway $gateway): void
+ private function removeUserToken ($userTokenDN, TaskGateway $gateway): void
{
// Add token to LDAP for specific UID
try {
@@ -130,7 +130,7 @@ class TokenUtils
* Create ou=pluginManager LDAP branch
* @throws Exception
*/
- public static function createBranchToken (TaskGateway $gateway): void
+ private function createBranchToken (TaskGateway $gateway): void
{
try {
ldap_add(
@@ -153,7 +153,7 @@ class TokenUtils
* @param string $taskDN
* @return array
*/
- public static function generateTokenUrl (string $token, array $mailTemplateForm, string $taskDN): array
+ public function generateTokenUrl (string $token, array $mailTemplateForm, string $taskDN): array
{
//Only take the cn of the main task name :
preg_match('/cn=([^,]+),ou=/', $taskDN, $matches);
@@ -173,7 +173,7 @@ class TokenUtils
* @return bool
* Note : Simply inspect if the branch for token is existing.
*/
- public static function tokenBranchExist (string $dn, TaskGateway $gateway): bool
+ private function tokenBranchExist (string $dn, TaskGateway $gateway): bool
{
$result = FALSE;
@@ -195,4 +195,14 @@ class TokenUtils
return $result;
}
+
+ /**
+ * @param string $text
+ * @return string
+ * Note : This come from jwtToken, as it is completely private - it is cloned here for now.
+ */
+ private function base64urlEncode (string $text): string
+ {
+ return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text));
+ }
}
\ No newline at end of file
diff --git a/library/plugins/Utils.php b/library/plugins/Utils.php
new file mode 100644
index 0000000000000000000000000000000000000000..10eafe626a4d288e6a5a66a80b54102547b05ca5
--- /dev/null
+++ b/library/plugins/Utils.php
@@ -0,0 +1,59 @@
+<?php
+
+class Utils
+{
+ public function __construct ()
+ {
+ }
+
+ /**
+ * @param array $array
+ * @return array
+ * Note : Recursively filters out empty values and arrays at any depth.
+ */
+ public function recursiveArrayFilter (array $array): array
+ {
+ return array_filter($array, function ($item) {
+ if (is_array($item)) {
+ $item = $this->recursiveArrayFilter($item);
+ }
+ return !empty($item);
+ });
+ }
+
+ /**
+ * Find matching keys between 2 lists.
+ *
+ * @param array|null $elements
+ * @param array $keys
+ * @return array
+ */
+ public function findMatchingKeys (?array $elements, array $keys): array
+ {
+ $matching = [];
+
+ if (!empty($elements)) {
+ foreach ($elements as $element) {
+ foreach ($keys as $key) {
+ if (!empty($element) && array_key_exists($key, $element)) {
+ $matching[] = $key;
+ }
+ }
+ }
+ }
+
+ return $matching;
+ }
+
+ /**
+ * @param $array
+ * @return array
+ * Note : simply return all values of a multi-dimensional array.
+ */
+ public function getArrayValuesRecursive ($array)
+ {
+ return array_reduce($array, function ($carry, $value) {
+ return array_merge($carry, is_array($value) ? $this->getArrayValuesRecursive($value) : [$value]);
+ }, []);
+ }
+}
\ No newline at end of file
diff --git a/plugins/tasks/Archive.php b/plugins/tasks/Archive.php
new file mode 100644
index 0000000000000000000000000000000000000000..2ef3e2f08d4c90222b5bb9b3d42882d13ed8199a
--- /dev/null
+++ b/plugins/tasks/Archive.php
@@ -0,0 +1,137 @@
+<?php
+
+use FusionDirectory\Rest\WebServiceCall;
+
+class Archive implements EndpointInterface
+{
+ private TaskGateway $gateway;
+
+ public function __construct (TaskGateway $gateway)
+ {
+ $this->gateway = $gateway;
+ }
+
+ /**
+ * @return array
+ * Part of the interface of orchestrator plugin to treat GET method
+ */
+ public function processEndPointGet (): array
+ {
+ // Retrieve tasks of type 'archive'
+ return $this->gateway->getObjectTypeTask('archive');
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * @throws Exception
+ * Note: Part of the interface of orchestrator plugin to treat PATCH method
+ */
+ public function processEndPointPatch (array $data = NULL): array
+ {
+ $result = [];
+ $archiveTasks = $this->gateway->getObjectTypeTask('archive');
+
+ // Initialize the WebServiceCall object for login
+ $webServiceCall = new WebServiceCall($_ENV['FUSION_DIRECTORY_API_URL'] . '/login', 'POST');
+ $webServiceCall->setCurlSettings(); // Perform login and set the token
+
+ foreach ($archiveTasks as $task) {
+ try {
+ if (!$this->gateway->statusAndScheduleCheck($task)) {
+ // Skip this task if it does not meet the status and schedule criteria
+ continue;
+ }
+
+ // Receive null or 'toBeArchived'
+ $supannState = $this->getUserSupannAccountStatus($task['fdtasksgranulardn'][0]);
+
+ if ($supannState !== 'toBeArchived') {
+ // The task does not meet the criteria for archiving and can therefore be suppressed
+ $result[$task['dn']]['result'] = "User does not meet the criteria for archiving.";
+ $this->gateway->removeSubTask($task['dn']);
+ continue;
+ }
+
+ // Set the archive endpoint and method using the same WebServiceCall object
+ $archiveUrl = $_ENV['FUSION_DIRECTORY_API_URL'] . '/archive/user/' . rawurlencode($task['fdtasksgranulardn'][0]);
+ $webServiceCall->setCurlSettings($archiveUrl, NULL, 'POST'); // Update settings for the archive request
+ $response = $webServiceCall->execute();
+
+ // Check if the HTTP status code is 204
+ if ($webServiceCall->getHttpStatusCode() === 204) {
+ $result[$task['dn']]['result'] = "User successfully archived.";
+ $this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], '2');
+ } else {
+ throw new Exception("Unexpected HTTP status code: " . $webServiceCall->getHttpStatusCode());
+ }
+ } catch (Exception $e) {
+ $result[$task['dn']]['result'] = "Error archiving user: " . $e->getMessage();
+ $this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], $e->getMessage());
+ }
+ }
+
+ return $result;
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * Note: Part of the interface of orchestrator plugin to treat POST method
+ */
+ public function processEndPointPost (array $data = NULL): array
+ {
+ return [];
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * Note: Part of the interface of orchestrator plugin to treat DELETE method
+ */
+ public function processEndPointDelete (array $data = NULL): array
+ {
+ return [];
+ }
+
+ /**
+ * Retrieve the supannAccountStatus of a user
+ * @param string $userDn
+ * @return string|null
+ */
+ private function getUserSupannAccountStatus (string $userDn): ?string
+ {
+ $supannState = $this->gateway->getLdapTasks(
+ '(objectClass=supannPerson)',
+ ['supannRessourceEtatDate'],
+ '',
+ $userDn
+ );
+
+ if ($this->hasToBeArchived($supannState)) {
+ return 'toBeArchived';
+ }
+
+ return NULL;
+ }
+
+ private function hasToBeArchived (array $supannState): bool
+ {
+ if (!isset($supannState[0]['supannressourceetatdate']) || !is_array($supannState[0]['supannressourceetatdate'])) {
+ return FALSE;
+ }
+
+ foreach ($supannState[0]['supannressourceetatdate'] as $key => $value) {
+ // Skip non-numeric keys (e.g., 'count')
+ if (!is_numeric($key)) {
+ continue;
+ }
+
+ if (strpos($value, '{COMPTE}I:toBeArchived') !== FALSE) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+ }
+}
\ No newline at end of file
diff --git a/plugins/tasks/Audit.php b/plugins/tasks/Audit.php
index c4bbe4033affd9813370aa9fb38a51aec03a7f85..e3556bba2b24dd31497c7beac004d405ef49d669 100644
--- a/plugins/tasks/Audit.php
+++ b/plugins/tasks/Audit.php
@@ -4,10 +4,13 @@ class Audit implements EndpointInterface
{
private TaskGateway $gateway;
+ private string $errorMessage = 'No audit requiring removal';
+ private Utils $utils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->utils = new Utils();
}
/**
@@ -47,13 +50,12 @@ class Audit implements EndpointInterface
$result = $this->processAuditDeletion($this->gateway->getObjectTypeTask('Audit'));
// Recursive function to filter out empty arrays at any depth
- $nonEmptyResults = Utils::recursiveArrayFilter($result);
+ $filteredResults = $this->utils->recursiveArrayFilter($result);
- if (!empty($nonEmptyResults)) {
- return $nonEmptyResults;
- } else {
- return ['No audit requiring removal'];
+ if (empty($filteredResults)) {
+ return [$this->errorMessage];
}
+ return $filteredResults;
}
/**
@@ -63,24 +65,22 @@ class Audit implements EndpointInterface
*/
public function processAuditDeletion (array $auditSubTasks): array
{
- $result = [];
-
- foreach ($auditSubTasks as $task) {
-
- // If the tasks must be treated - status and scheduled - process the sub-tasks
- if ($this->gateway->statusAndScheduleCheck($task)) {
-
- // Retrieve data from the main task.
- $auditMainTask = $this->getAuditMainTask($task['fdtasksgranularmaster'][0]);
- // Simply get the days to retain audit.
- $auditRetention = $auditMainTask[0]['fdaudittasksretention'][0];
-
- // Verification of all audit and their potential removal based on retention days passed, also update subtasks.
- $result[] = $this->checkAuditPassedRetention($auditRetention, $task['dn'], $task['cn'][0]);
- }
- }
+ return array_values(array_map(fn($task) => $this->processScheduledTask($task), array_filter($auditSubTasks, fn($task) => $this->gateway->statusAndScheduleCheck($task))));
+ }
- return $result;
+ /**
+ * @param array $task
+ * @return array
+ * @throws Exception
+ */
+ private function processScheduledTask (array $task): array
+ {
+ // Retrieve data from the main task.
+ $auditMainTask = $this->getAuditMainTask($task['fdtasksgranularmaster'][0]);
+ // Simply get the days to retain audit.
+ $auditRetention = $auditMainTask[0]['fdaudittasksretention'][0];
+ // Verification of all audit and their potential removal based on retention days passed, also update subtasks.
+ return $this->checkAuditPassedRetention($auditRetention, $task['dn'], $task['cn'][0]);
}
/**
diff --git a/plugins/tasks/Notifications.php b/plugins/tasks/Notifications.php
index e17ffe3f162bae5357154a4578e333b3bf77e46d..4547b87f2ab471069783e77b48e8f4e960529e5c 100644
--- a/plugins/tasks/Notifications.php
+++ b/plugins/tasks/Notifications.php
@@ -4,10 +4,12 @@ class Notifications implements EndpointInterface
{
private TaskGateway $gateway;
+ private Utils $utils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->utils = new Utils();
}
/**
@@ -82,7 +84,7 @@ class Notifications implements EndpointInterface
$this->gateway->unsetCountKeys($monitoredSupannResource);
// Find matching attributes between audited and monitored attributes
- $matchingAttrs = Utils::findMatchingKeys($auditAttributes, $monitoredAttrs);
+ $matchingAttrs = $this->utils->findMatchingKeys($auditAttributes, $monitoredAttrs);
// Verify Supann resource state if applicable
if ($this->shouldVerifySupannResource($monitoredSupannResource, $auditAttributes)) {
@@ -183,7 +185,7 @@ class Notifications implements EndpointInterface
}
// Get all the values only of a multidimensional array.
- $auditedValues = Utils::getArrayValuesRecursive($auditedAttrs);
+ $auditedValues = $this->utils->getArrayValuesRecursive($auditedAttrs);
if (in_array($monitoredSupannState, $auditedValues)) {
$result = TRUE;
diff --git a/plugins/tasks/Reminder.php b/plugins/tasks/Reminder.php
index 1faeff7b2f67e7a6566461740190f9dc77209f20..180eca7d5bf34d8f84c19f4d302089012aef0382 100644
--- a/plugins/tasks/Reminder.php
+++ b/plugins/tasks/Reminder.php
@@ -4,10 +4,12 @@ class Reminder implements EndpointInterface
{
private TaskGateway $gateway;
+ private ReminderTokenUtils $reminderTokenUtils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->reminderTokenUtils = new ReminderTokenUtils();
}
/**
@@ -109,13 +111,13 @@ class Reminder implements EndpointInterface
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['uid'] = $task['fdtasksgranulardn'][0];
// Create timeStamp expiration for token
- $tokenExpire = TokenUtils::getTokenExpiration($task['fdtasksgranularhelper'][0],
+ $tokenExpire = $this->reminderTokenUtils->getTokenExpiration($task['fdtasksgranularhelper'][0],
$remindersMainTask[0]['fdtasksreminderfirstcall'][0],
$remindersMainTask[0]['fdtasksremindersecondcall'][0]);
// Create token for SubTask
- $token = TokenUtils::generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
+ $token = $this->reminderTokenUtils->generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
// Edit the mailForm with the url link containing the token
- $tokenMailTemplateForm = TokenUtils::generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
+ $tokenMailTemplateForm = $this->reminderTokenUtils->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
// Recipient email form
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['mail'] = $tokenMailTemplateForm;
@@ -136,13 +138,13 @@ class Reminder implements EndpointInterface
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['uid'] = $task['fdtasksgranulardn'][0];
// Create timeStamp expiration for token
- $tokenExpire = TokenUtils::getTokenExpiration($task['fdtasksgranularhelper'][0],
+ $tokenExpire = $this->reminderTokenUtils->getTokenExpiration($task['fdtasksgranularhelper'][0],
$remindersMainTask[0]['fdtasksreminderfirstcall'][0],
$remindersMainTask[0]['fdtasksremindersecondcall'][0]);
// Create token for SubTask
- $token = TokenUtils::generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
+ $token = $this->reminderTokenUtils->generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
// Edit the mailForm with the url link containing the token
- $tokenMailTemplateForm = TokenUtils::generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
+ $tokenMailTemplateForm = $this->reminderTokenUtils->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
// Recipient email form
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['mail'] = $tokenMailTemplateForm;