diff --git a/.gitignore b/.gitignore
index a47460047af34a4d26d521bacc1cfa163414722f..84558c9e883637214bf1f2aff7e1c8002c04b140 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,9 @@
.vendor/
.composer.lock
+filelist
+phpstan.neon
+.idea/fusiondirectory-orchestrator.iml
+.idea/modules.xml
+.idea/php.xml
+.idea/vcs.xml
+.idea/codeStyles/codeStyleConfig.xml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e8490204358361b38352d4ec1007746821836a0..8356ce6846381f9e3c7468d37ef7544cad397830 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -93,10 +93,3 @@ trigger-ci-ubuntu-focal:
project: ubuntu/focal-fusiondirectory-orchestrator-dev
branch: "main"
-trigger-ci-centos-7:
- stage: trigger
- only:
- - dev
- trigger:
- project: centos/centos7-fusiondirectory-orchestrator-dev
- branch: "main"
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100755
index 0000000000000000000000000000000000000000..13566b81b018ad684f3a35fee301741b2734c8f4
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/library/TaskController.php b/library/TaskController.php
index 849f5b65c2971b92097a9098e764bcca0987b2cb..2b4ddf358822be6d5f43bc08220b66007114b39f 100644
--- a/library/TaskController.php
+++ b/library/TaskController.php
@@ -55,7 +55,7 @@ class TaskController
switch ($objectType) {
case $objectType:
if (class_exists($objectType)) {
- $endpoint = new $objectType;
+ $endpoint = new $objectType($this->gateway);
$result = $endpoint->processEndPointGet();
}
break;
diff --git a/library/Utils.php b/library/Utils.php
new file mode 100644
index 0000000000000000000000000000000000000000..c241a0aa315a440ec408c01274a904756667a6b3
--- /dev/null
+++ b/library/Utils.php
@@ -0,0 +1,83 @@
+<?php
+
+class Utils
+{
+ private function __construct() {}
+
+ /**
+ * @param array $array
+ * @return array
+ * Note : Recursively filters out empty values and arrays at any depth.
+ */
+ public static function recursiveArrayFilter (array $array): array
+ {
+ // First filter the array for non-empty elements
+ $filtered = array_filter($array, function ($item) {
+ if (is_array($item)) {
+ // Recursively filter the sub-array
+ $item = $this->recursiveArrayFilter($item);
+ // Only retain non-empty arrays
+ return !empty($item);
+ } else {
+ // Retain non-empty scalar values
+ return !empty($item);
+ }
+ });
+
+ return $filtered;
+ }
+
+ /**
+ * Find matching keys between 2 lists.
+ *
+ * @param array|null $elements
+ * @param array $keys
+ * @return array
+ */
+ public static function findMatchingKeys (?array $elements, array $keys): array
+ {
+ $matching = [];
+
+ if (!empty($elements)) {
+ foreach ($elements as $element) {
+ foreach ($keys as $key) {
+ if (!empty($element) && array_key_exists($key, $element)) {
+ $matching[] = $key;
+ }
+ }
+ }
+ }
+
+ return $matching;
+ }
+
+ /**
+ * @param $array
+ * @return array
+ * Note : simply return all values of a multi-dimensional array.
+ */
+ public static function getArrayValuesRecursive ($array)
+ {
+ $values = [];
+ foreach ($array as $value) {
+ if (is_array($value)) {
+ // If value is an array, merge its values recursively
+ $values = array_merge($values, self::getArrayValuesRecursive($value));
+ } else {
+ // If value is not an array, add it to the result
+ $values[] = $value;
+ }
+ }
+ return $values;
+ }
+
+ /**
+ * @param string $text
+ * @return string
+ * Note : This come from jwtToken, as it is completely private - it is cloned here for now.
+ */
+ public static function base64urlEncode (string $text): string
+ {
+ return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text));
+ }
+}
\ No newline at end of file
diff --git a/library/plugins/MailUtils.php b/library/plugins/MailUtils.php
new file mode 100644
index 0000000000000000000000000000000000000000..87f4c6420bcd265b82ffb32d511bd63f66d79422
--- /dev/null
+++ b/library/plugins/MailUtils.php
@@ -0,0 +1,34 @@
+<?php
+
+class MailUtils
+{
+ public function __construct ()
+ {
+ }
+
+ public function sendMail ($setFrom, $setBCC, $recipients, $body, $signature, $subject, $receipt, $attachments)
+ {
+ $mail_controller = new \FusionDirectory\Mail\MailLib($setFrom,
+ $setBCC,
+ $recipients,
+ $body,
+ $signature,
+ $subject,
+ $receipt,
+ $attachments);
+
+ return $mail_controller->sendMail();
+ }
+
+ /**
+ * @return array
+ * Note : A simple retrieval methods of the mail backend configuration set in FusionDirectory
+ */
+ public function getMailObjectConfiguration (TaskGateway $gateway): array
+ {
+ return $gateway->getLdapTasks(
+ "(objectClass=fdTasksConf)",
+ ["fdTasksConfLastExecTime", "fdTasksConfIntervalEmails", "fdTasksConfMaxEmails"]
+ );
+ }
+}
\ No newline at end of file
diff --git a/library/plugins/ReminderTokenUtils.php b/library/plugins/ReminderTokenUtils.php
new file mode 100644
index 0000000000000000000000000000000000000000..bb08d24552400a9edf615d4120908ddb4986fa04
--- /dev/null
+++ b/library/plugins/ReminderTokenUtils.php
@@ -0,0 +1,208 @@
+<?php
+
+class ReminderTokenUtils
+{
+ public function __construct ()
+ {
+ }
+
+ /**
+ * @param string $userDN
+ * @param int $timeStamp
+ * @return string
+ * @throws Exception
+ */
+ public function generateToken (string $userDN, int $timeStamp, TaskGateway $gateway): string
+ {
+ $token = NULL;
+ // Salt has been generated with APG.
+ $salt = '8onOlEsItKond';
+ $payload = json_encode($userDN . $salt);
+ // This allows the token to be different every time.
+ $time = time();
+
+ // Create hmac with sha256 alg and the key provided for JWT token signature in ENV.
+ $token_hmac = hash_hmac("sha256", $time . $payload, $_ENV["SECRET_KEY"], TRUE);
+
+ // We need to have a token allowed to be used within an URL.
+ $token = $this->base64urlEncode($token_hmac);
+
+ // Save token within LDAP
+ $this->saveTokenInLdap($userDN, $token, $timeStamp, $gateway);
+
+ return $token;
+ }
+
+ /**
+ * @param string $userDN
+ * @param string $token
+ * NOTE : UID is the full DN of the user. (uid=...).
+ * @param int $days
+ * @return bool
+ * @throws Exception
+ */
+ private function saveTokenInLdap (string $userDN, string $token, int $days, TaskGateway $gateway): bool
+ {
+ $result = FALSE;
+
+ $currentTimestamp = time();
+ // Calculate the future timestamp by adding days to the current timestamp (We actually adds number of seconds).
+ $futureTimestamp = $currentTimestamp + ($days * 24 * 60 * 60);
+
+ preg_match('/uid=([^,]+),ou=/', $userDN, $matches);
+ $uid = $matches[1];
+ $dn = 'cn=' . $uid . ',' . 'ou=tokens' . ',' . $_ENV["LDAP_BASE"];
+
+ $ldap_entry["objectClass"] = ['top', 'fdTokenEntry'];
+ $ldap_entry["fdTokenUserDN"] = $userDN;
+ $ldap_entry["fdTokenType"] = 'reminder';
+ $ldap_entry["fdToken"] = $token;
+ $ldap_entry["fdTokenTimestamp"] = $futureTimestamp;
+ $ldap_entry["cn"] = $uid;
+
+ // set the dn for the token, only take what's between "uid=" and ",ou="
+
+
+ // Verify if token ou branch exists
+ if (!$this->tokenBranchExist('ou=tokens' . ',' . $_ENV["LDAP_BASE"], $gateway)) {
+ // Create the branch
+ $this->createBranchToken($gateway);
+ }
+
+ // The user token DN creation
+ $userTokenDN = 'cn=' . $uid . ',ou=tokens' . ',' . $_ENV["LDAP_BASE"];
+ // Verify if a token already exists for specified user and remove it to create new one correctly.
+ if ($this->tokenBranchExist($userTokenDN, $gateway)) {
+ // Remove the user token
+ $this->removeUserToken($userTokenDN, $gateway);
+ }
+
+ // Add token to LDAP for specific UID
+ try {
+ $result = ldap_add($gateway->ds, $dn, $ldap_entry); // bool returned
+ } catch (Exception $e) {
+ echo json_encode(["Ldap Error - Token could not be saved!" => "$e"]); // string returned
+ exit;
+ }
+
+ return $result;
+ }
+
+ /**
+ * @param int $subTaskCall
+ * @param int $firstCall
+ * @param int $secondCall
+ * @return int
+ * Note : Simply return the difference between first and second call. (First call can be null).
+ */
+ public function getTokenExpiration (int $subTaskCall, int $firstCall, int $secondCall): int
+ {
+ // if firstCall is empty, secondCall is the timestamp expiry for the token.
+ $result = $secondCall;
+
+ if (!empty($firstCall)) {
+ // Verification if the subTask is the second reminder or the first reminder.
+ if ($subTaskCall === $firstCall) {
+ $result = $firstCall - $secondCall;
+ }
+ }
+
+ return $result;
+ }
+
+ /**
+ * @param $userTokenDN
+ * @return void
+ * Note : Simply remove the token for specific user DN
+ */
+ private function removeUserToken ($userTokenDN, TaskGateway $gateway): void
+ {
+ // Add token to LDAP for specific UID
+ try {
+ $result = ldap_delete($gateway->ds, $userTokenDN); // bool returned
+ } catch (Exception $e) {
+ echo json_encode(["Ldap Error - User token could not be removed!" => "$e"]); // string returned
+ exit;
+ }
+ }
+
+ /**
+ * Create ou=pluginManager LDAP branch
+ * @throws Exception
+ */
+ private function createBranchToken (TaskGateway $gateway): void
+ {
+ try {
+ ldap_add(
+ $gateway->ds, 'ou=tokens' . ',' . $_ENV["LDAP_BASE"],
+ [
+ 'ou' => 'tokens',
+ 'objectClass' => 'organizationalUnit',
+ ]
+ );
+ } catch (Exception $e) {
+
+ echo json_encode(["Ldap Error - Impossible to create the token branch" => "$e"]); // string returned
+ exit;
+ }
+ }
+
+ /**
+ * @param string $token
+ * @param array $mailTemplateForm
+ * @param string $taskDN
+ * @return array
+ */
+ public function generateTokenUrl (string $token, array $mailTemplateForm, string $taskDN): array
+ {
+ //Only take the cn of the main task name :
+ preg_match('/cn=([^,]+),ou=/', $taskDN, $matches);
+ $taskName = $matches[1];
+
+ // Remove the API URI
+ $cleanedUrl = preg_replace('#/rest\.php/v1$#', '', $_ENV['FUSION_DIRECTORY_API_URL']);
+ $url = $cleanedUrl . '/accountProlongation.php?token=' . $token . '&task=' . $taskName;
+
+ $mailTemplateForm['body'] .= $url;
+
+ return $mailTemplateForm;
+ }
+
+ /**
+ * @param string $dn
+ * @return bool
+ * Note : Simply inspect if the branch for token is existing.
+ */
+ private function tokenBranchExist (string $dn, TaskGateway $gateway): bool
+ {
+ $result = FALSE;
+
+ try {
+ $search = ldap_search($gateway->ds, $dn, "(objectClass=*)");
+ // Check if the search was successful
+ if ($search) {
+ // Get the number of entries found
+ $entries = ldap_get_entries($gateway->ds, $search);
+
+ // If entries are found, set result to true
+ if ($entries["count"] > 0) {
+ $result = TRUE;
+ }
+ }
+ } catch (Exception $e) {
+ $result = FALSE;
+ }
+
+ return $result;
+ }
+
+ /**
+ * @param string $text
+ * @return string
+ * Note : This come from jwtToken, as it is completely private - it is cloned here for now.
+ */
+ private function base64urlEncode (string $text): string
+ {
+ return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text));
+ }
+}
\ No newline at end of file
diff --git a/library/plugins/Utils.php b/library/plugins/Utils.php
new file mode 100644
index 0000000000000000000000000000000000000000..10eafe626a4d288e6a5a66a80b54102547b05ca5
--- /dev/null
+++ b/library/plugins/Utils.php
@@ -0,0 +1,59 @@
+<?php
+
+class Utils
+{
+ public function __construct ()
+ {
+ }
+
+ /**
+ * @param array $array
+ * @return array
+ * Note : Recursively filters out empty values and arrays at any depth.
+ */
+ public function recursiveArrayFilter (array $array): array
+ {
+ return array_filter($array, function ($item) {
+ if (is_array($item)) {
+ $item = $this->recursiveArrayFilter($item);
+ }
+ return !empty($item);
+ });
+ }
+
+ /**
+ * Find matching keys between 2 lists.
+ *
+ * @param array|null $elements
+ * @param array $keys
+ * @return array
+ */
+ public function findMatchingKeys (?array $elements, array $keys): array
+ {
+ $matching = [];
+
+ if (!empty($elements)) {
+ foreach ($elements as $element) {
+ foreach ($keys as $key) {
+ if (!empty($element) && array_key_exists($key, $element)) {
+ $matching[] = $key;
+ }
+ }
+ }
+ }
+
+ return $matching;
+ }
+
+ /**
+ * @param $array
+ * @return array
+ * Note : simply return all values of a multi-dimensional array.
+ */
+ public function getArrayValuesRecursive ($array)
+ {
+ return array_reduce($array, function ($carry, $value) {
+ return array_merge($carry, is_array($value) ? $this->getArrayValuesRecursive($value) : [$value]);
+ }, []);
+ }
+}
\ No newline at end of file
diff --git a/plugins/tasks/Archive.php b/plugins/tasks/Archive.php
new file mode 100644
index 0000000000000000000000000000000000000000..2ef3e2f08d4c90222b5bb9b3d42882d13ed8199a
--- /dev/null
+++ b/plugins/tasks/Archive.php
@@ -0,0 +1,137 @@
+<?php
+
+use FusionDirectory\Rest\WebServiceCall;
+
+class Archive implements EndpointInterface
+{
+ private TaskGateway $gateway;
+
+ public function __construct (TaskGateway $gateway)
+ {
+ $this->gateway = $gateway;
+ }
+
+ /**
+ * @return array
+ * Part of the interface of orchestrator plugin to treat GET method
+ */
+ public function processEndPointGet (): array
+ {
+ // Retrieve tasks of type 'archive'
+ return $this->gateway->getObjectTypeTask('archive');
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * @throws Exception
+ * Note: Part of the interface of orchestrator plugin to treat PATCH method
+ */
+ public function processEndPointPatch (array $data = NULL): array
+ {
+ $result = [];
+ $archiveTasks = $this->gateway->getObjectTypeTask('archive');
+
+ // Initialize the WebServiceCall object for login
+ $webServiceCall = new WebServiceCall($_ENV['FUSION_DIRECTORY_API_URL'] . '/login', 'POST');
+ $webServiceCall->setCurlSettings(); // Perform login and set the token
+
+ foreach ($archiveTasks as $task) {
+ try {
+ if (!$this->gateway->statusAndScheduleCheck($task)) {
+ // Skip this task if it does not meet the status and schedule criteria
+ continue;
+ }
+
+ // Receive null or 'toBeArchived'
+ $supannState = $this->getUserSupannAccountStatus($task['fdtasksgranulardn'][0]);
+
+ if ($supannState !== 'toBeArchived') {
+ // The task does not meet the criteria for archiving and can therefore be suppressed
+ $result[$task['dn']]['result'] = "User does not meet the criteria for archiving.";
+ $this->gateway->removeSubTask($task['dn']);
+ continue;
+ }
+
+ // Set the archive endpoint and method using the same WebServiceCall object
+ $archiveUrl = $_ENV['FUSION_DIRECTORY_API_URL'] . '/archive/user/' . rawurlencode($task['fdtasksgranulardn'][0]);
+ $webServiceCall->setCurlSettings($archiveUrl, NULL, 'POST'); // Update settings for the archive request
+ $response = $webServiceCall->execute();
+
+ // Check if the HTTP status code is 204
+ if ($webServiceCall->getHttpStatusCode() === 204) {
+ $result[$task['dn']]['result'] = "User successfully archived.";
+ $this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], '2');
+ } else {
+ throw new Exception("Unexpected HTTP status code: " . $webServiceCall->getHttpStatusCode());
+ }
+ } catch (Exception $e) {
+ $result[$task['dn']]['result'] = "Error archiving user: " . $e->getMessage();
+ $this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], $e->getMessage());
+ }
+ }
+
+ return $result;
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * Note: Part of the interface of orchestrator plugin to treat POST method
+ */
+ public function processEndPointPost (array $data = NULL): array
+ {
+ return [];
+ }
+
+ /**
+ * @param array|null $data
+ * @return array
+ * Note: Part of the interface of orchestrator plugin to treat DELETE method
+ */
+ public function processEndPointDelete (array $data = NULL): array
+ {
+ return [];
+ }
+
+ /**
+ * Retrieve the supannAccountStatus of a user
+ * @param string $userDn
+ * @return string|null
+ */
+ private function getUserSupannAccountStatus (string $userDn): ?string
+ {
+ $supannState = $this->gateway->getLdapTasks(
+ '(objectClass=supannPerson)',
+ ['supannRessourceEtatDate'],
+ '',
+ $userDn
+ );
+
+ if ($this->hasToBeArchived($supannState)) {
+ return 'toBeArchived';
+ }
+
+ return NULL;
+ }
+
+ private function hasToBeArchived (array $supannState): bool
+ {
+ if (!isset($supannState[0]['supannressourceetatdate']) || !is_array($supannState[0]['supannressourceetatdate'])) {
+ return FALSE;
+ }
+
+ foreach ($supannState[0]['supannressourceetatdate'] as $key => $value) {
+ // Skip non-numeric keys (e.g., 'count')
+ if (!is_numeric($key)) {
+ continue;
+ }
+
+ if (strpos($value, '{COMPTE}I:toBeArchived') !== FALSE) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+ }
+}
\ No newline at end of file
diff --git a/plugins/tasks/Audit.php b/plugins/tasks/Audit.php
index 6e51ae7e26d1dcc5413f6ee01972d7f317bc0893..94818316140c49b7b8f0ed19d0a8373639baa358 100644
--- a/plugins/tasks/Audit.php
+++ b/plugins/tasks/Audit.php
@@ -4,10 +4,12 @@ class Audit implements EndpointInterface
{
private TaskGateway $gateway;
+ private Utils $utils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->utils = new Utils();
}
/**
@@ -47,7 +49,7 @@ class Audit implements EndpointInterface
$result = $this->processAuditDeletion($this->gateway->getObjectTypeTask('Audit'));
// Recursive function to filter out empty arrays at any depth
- $nonEmptyResults = $this->recursiveArrayFilter($result);
+ $nonEmptyResults = $this->utils->recursiveArrayFilter($result);
if (!empty($nonEmptyResults)) {
return $nonEmptyResults;
@@ -119,27 +121,4 @@ class Audit implements EndpointInterface
return $audit;
}
-
- /**
- * @param array $array
- * @return array
- * Note : Recursively filters out empty values and arrays at any depth.
- */
- private function recursiveArrayFilter (array $array): array
- {
- // First filter the array for non-empty elements
- $filtered = array_filter($array, function ($item) {
- if (is_array($item)) {
- // Recursively filter the sub-array
- $item = $this->recursiveArrayFilter($item);
- // Only retain non-empty arrays
- return !empty($item);
- } else {
- // Retain non-empty scalar values
- return !empty($item);
- }
- });
-
- return $filtered;
- }
}
\ No newline at end of file
diff --git a/plugins/tasks/Notifications.php b/plugins/tasks/Notifications.php
index f78ef5ecac235d5b426a56db527e881821d2f1c1..a01196c58b922eedd92b707d2145801d5b3e45bd 100644
--- a/plugins/tasks/Notifications.php
+++ b/plugins/tasks/Notifications.php
@@ -4,10 +4,15 @@ class Notifications implements EndpointInterface
{
private TaskGateway $gateway;
+ private string $errorMessage = 'No matching audited attributes with monitored attributes, safely removed!';
+ private Utils $utils;
+ private MailUtils $mailUtils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->utils = new Utils();
+ $this->mailUtils = new MailUtils();
}
/**
@@ -69,26 +74,7 @@ class Notifications implements EndpointInterface
// Generate the mail form with all mail controller requirements
$mailTemplateForm = $this->generateMainTaskMailTemplate($notificationsMainTask);
- // Simply retrieve the list of audited attributes
- $auditAttributes = $this->decodeAuditAttributes($task);
-
- // Recovering monitored attributes list from the defined notification task.
- $monitoredAttrs = $notificationsMainTask[0]['fdtasksnotificationsattributes'];
- // Reformat supann
- $monitoredSupannResource = $this->getSupannResourceState($notificationsMainTask[0]);
-
- // Simply remove keys with 'count' reported by ldap.
- $this->gateway->unsetCountKeys($monitoredAttrs);
- $this->gateway->unsetCountKeys($monitoredSupannResource);
-
- // Find matching attributes between audited and monitored attributes
- $matchingAttrs = $this->findMatchingAttributes($auditAttributes, $monitoredAttrs);
-
- // Verify Supann resource state if applicable
- if ($this->shouldVerifySupannResource($monitoredSupannResource, $auditAttributes)) {
- // Adds it to the mating attrs for further notification process.
- $matchingAttrs[] = 'supannRessourceEtat';
- }
+ $matchingAttrs = $this->getMatchingAttrs($notificationsMainTask, $task);
if (!empty($matchingAttrs)) {
// Fill an array with UID of audited user and related matching attributes
@@ -103,7 +89,7 @@ class Notifications implements EndpointInterface
} else { // Simply remove the subTask has no notifications are required
$result[$task['dn']]['Removed'] = $this->gateway->removeSubTask($task['dn']);
- $result[$task['dn']]['Status'] = 'No matching audited attributes with monitored attributes, safely removed!';
+ $result[$task['dn']]['Status'] = $this->errorMessage;
}
}
}
@@ -115,6 +101,32 @@ class Notifications implements EndpointInterface
return $result;
}
+ private function getMatchingAttrs (array $notificationsMainTask, array $task): array
+ {
+ // Simply retrieve the list of audited attributes
+ $auditAttributes = $this->decodeAuditAttributes($task);
+
+ // Recovering monitored attributes list from the defined notification task.
+ $monitoredAttrs = $notificationsMainTask[0]['fdtasksnotificationsattributes'];
+ // Reformat supann
+ $monitoredSupannResource = $this->getSupannResourceState($notificationsMainTask[0]);
+
+ // Simply remove keys with 'count' reported by ldap.
+ $this->gateway->unsetCountKeys($monitoredAttrs);
+ $this->gateway->unsetCountKeys($monitoredSupannResource);
+
+ // Find matching attributes between audited and monitored attributes
+ $matchingAttrs = $this->utils->findMatchingKeys($auditAttributes, $monitoredAttrs);
+
+ // Verify Supann resource state if applicable
+ if ($this->shouldVerifySupannResource($monitoredSupannResource, $auditAttributes)) {
+ // Adds it to the mating attrs for further notification process.
+ $matchingAttrs[] = 'supannRessourceEtat';
+ }
+
+ return $matchingAttrs;
+ }
+
/**
* Determine if Supann resource verification is needed.
*
@@ -165,30 +177,6 @@ class Notifications implements EndpointInterface
return $auditAttributes;
}
- /**
- * Find matching attributes between audit and monitored attributes.
- *
- * @param array|null $auditAttributes
- * @param array $monitoredAttrs
- * @return array
- */
- private function findMatchingAttributes (?array $auditAttributes, array $monitoredAttrs): array
- {
- $matchingAttrs = [];
-
- if (!empty($auditAttributes)) {
- foreach ($auditAttributes as $attributeName) {
- foreach ($monitoredAttrs as $monitoredAttr) {
- if (!empty($attributeName) && array_key_exists($monitoredAttr, $attributeName)) {
- $matchingAttrs[] = $monitoredAttr;
- }
- }
- }
- }
-
- return $matchingAttrs;
- }
-
/**
* @param array $supannResource
* @param array $auditedAttrs
@@ -197,45 +185,15 @@ class Notifications implements EndpointInterface
*/
private function verifySupannState (array $supannResource, array $auditedAttrs): bool
{
- $result = FALSE;
-
//Construct Supann Resource State as string
+ $monitoredSupannState = '{' . $supannResource['resource'][0] . '}' . $supannResource['state'][0];
if (!empty($supannResource['subState'][0])) {
- $monitoredSupannState = '{' . $supannResource['resource'][0] . '}' . $supannResource['state'][0] . ':' . $supannResource['subState'][0];
- } else {
- $monitoredSupannState = '{' . $supannResource['resource'][0] . '}' . $supannResource['state'][0];
+ $monitoredSupannState = $monitoredSupannState . ':' . $supannResource['subState'][0];
}
// Get all the values only of a multidimensional array.
- $auditedValues = $this->getArrayValuesRecursive($auditedAttrs);
-
- if (in_array($monitoredSupannState, $auditedValues)) {
- $result = TRUE;
- } else {
- $result = FALSE;
- }
-
- return $result;
- }
-
- /**
- * @param $array
- * @return array
- * Note : simply return all values of a multi-dimensional array.
- */
- public function getArrayValuesRecursive ($array)
- {
- $values = [];
- foreach ($array as $value) {
- if (is_array($value)) {
- // If value is an array, merge its values recursively
- $values = array_merge($values, $this->getArrayValuesRecursive($value));
- } else {
- // If value is not an array, add it to the result
- $values[] = $value;
- }
- }
- return $values;
+ $auditedValues = $this->utils->getArrayValuesRecursive($auditedAttrs);
+ return in_array($monitoredSupannState, $auditedValues);
}
/**
@@ -364,19 +322,14 @@ class Notifications implements EndpointInterface
foreach ($notifications as $data) {
$numberOfRecipients = count($data['mailForm']['recipients']);
-
- $mail_controller = new \FusionDirectory\Mail\MailLib(
- $data['mailForm']['setFrom'],
- NULL,
- $data['mailForm']['recipients'],
- $data['mailForm']['body'],
- $data['mailForm']['signature'],
- $data['mailForm']['subject'],
- $data['mailForm']['receipt'],
- NULL
- );
-
- $mailSentResult = $mail_controller->sendMail();
+ $setFrom = $data['mailForm']['setFrom'];
+ $recipients = $data['mailForm']['recipients'];
+ $body = $data['mailForm']['body'];
+ $signature = $data['mailForm']['signature'];
+ $subject = $data['mailForm']['subject'];
+ $receipt = $data['mailForm']['receipt'];
+
+ $mailSentResult = $this->mailUtils->sendMail($setFrom, NULL, $recipients, $body, $signature, $subject, $receipt, NULL);
$result[] = $this->processMailResponseAndUpdateTasks($mailSentResult, $data, $fdTasksConf);
// Verification anti-spam max mails to be sent and quit loop if matched.
diff --git a/plugins/tasks/Reminder.php b/plugins/tasks/Reminder.php
index ca46b55f8de1ba26f451dc9c2469008287cc1c6e..180eca7d5bf34d8f84c19f4d302089012aef0382 100644
--- a/plugins/tasks/Reminder.php
+++ b/plugins/tasks/Reminder.php
@@ -4,10 +4,12 @@ class Reminder implements EndpointInterface
{
private TaskGateway $gateway;
+ private ReminderTokenUtils $reminderTokenUtils;
public function __construct (TaskGateway $gateway)
{
$this->gateway = $gateway;
+ $this->reminderTokenUtils = new ReminderTokenUtils();
}
/**
@@ -109,13 +111,13 @@ class Reminder implements EndpointInterface
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['uid'] = $task['fdtasksgranulardn'][0];
// Create timeStamp expiration for token
- $tokenExpire = $this->getTokenExpiration($task['fdtasksgranularhelper'][0],
+ $tokenExpire = $this->reminderTokenUtils->getTokenExpiration($task['fdtasksgranularhelper'][0],
$remindersMainTask[0]['fdtasksreminderfirstcall'][0],
$remindersMainTask[0]['fdtasksremindersecondcall'][0]);
// Create token for SubTask
- $token = $this->generateToken($task['fdtasksgranulardn'][0], $tokenExpire);
+ $token = $this->reminderTokenUtils->generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
// Edit the mailForm with the url link containing the token
- $tokenMailTemplateForm = $this->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
+ $tokenMailTemplateForm = $this->reminderTokenUtils->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
// Recipient email form
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['mail'] = $tokenMailTemplateForm;
@@ -136,13 +138,13 @@ class Reminder implements EndpointInterface
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['uid'] = $task['fdtasksgranulardn'][0];
// Create timeStamp expiration for token
- $tokenExpire = $this->getTokenExpiration($task['fdtasksgranularhelper'][0],
+ $tokenExpire = $this->reminderTokenUtils->getTokenExpiration($task['fdtasksgranularhelper'][0],
$remindersMainTask[0]['fdtasksreminderfirstcall'][0],
$remindersMainTask[0]['fdtasksremindersecondcall'][0]);
// Create token for SubTask
- $token = $this->generateToken($task['fdtasksgranulardn'][0], $tokenExpire);
+ $token = $this->reminderTokenUtils->generateToken($task['fdtasksgranulardn'][0], $tokenExpire, $this->gateway);
// Edit the mailForm with the url link containing the token
- $tokenMailTemplateForm = $this->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
+ $tokenMailTemplateForm = $this->reminderTokenUtils->generateTokenUrl($token, $mailTemplateForm, $remindersMainTaskName);
// Recipient email form
$reminders[$remindersMainTaskName]['subTask'][$task['cn'][0]]['mail'] = $tokenMailTemplateForm;
@@ -217,207 +219,6 @@ class Reminder implements EndpointInterface
return $result;
}
- /**
- * @param string $token
- * @param array $mailTemplateForm
- * @param string $taskDN
- * @return array
- */
- private function generateTokenUrl (string $token, array $mailTemplateForm, string $taskDN): array
- {
- //Only take the cn of the main task name :
- preg_match('/cn=([^,]+),ou=/', $taskDN, $matches);
- $taskName = $matches[1];
-
- // Remove the API URI
- $cleanedUrl = preg_replace('#/rest\.php/v1$#', '', $_ENV['FUSION_DIRECTORY_API_URL']);
- $url = $cleanedUrl . '/accountProlongation.php?token=' . $token . '&task=' . $taskName;
-
- $mailTemplateForm['body'] .= $url;
-
- return $mailTemplateForm;
- }
-
- /**
- * @param int $subTaskCall
- * @param int $firstCall
- * @param int $secondCall
- * @return int
- * Note : Simply return the difference between first and second call. (First call can be null).
- */
- private function getTokenExpiration (int $subTaskCall, int $firstCall, int $secondCall): int
- {
- // if firstCall is empty, secondCall is the timestamp expiry for the token.
- $result = $secondCall;
-
- if (!empty($firstCall)) {
- // Verification if the subTask is the second reminder or the first reminder.
- if ($subTaskCall === $firstCall) {
- $result = $firstCall - $secondCall;
- }
- }
-
- return $result;
- }
-
- /**
- * @param string $userDN
- * @param int $timeStamp
- * @return string
- * @throws Exception
- */
- private function generateToken (string $userDN, int $timeStamp): string
- {
- $token = NULL;
- // Salt has been generated with APG.
- $salt = '8onOlEsItKond';
- $payload = json_encode($userDN . $salt);
- // This allows the token to be different every time.
- $time = time();
-
- // Create hmac with sha256 alg and the key provided for JWT token signature in ENV.
- $token_hmac = hash_hmac("sha256", $time . $payload, $_ENV["SECRET_KEY"], TRUE);
-
- // We need to have a token allowed to be used within an URL.
- $token = $this->base64urlEncode($token_hmac);
-
- // Save token within LDAP
- $this->saveTokenInLdap($userDN, $token, $timeStamp);
-
- return $token;
- }
-
- /**
- * @param string $userDN
- * @param string $token
- * NOTE : UID is the full DN of the user. (uid=...).
- * @param int $days
- * @return bool
- * @throws Exception
- */
- private function saveTokenInLdap (string $userDN, string $token, int $days): bool
- {
- $result = FALSE;
-
- $currentTimestamp = time();
- // Calculate the future timestamp by adding days to the current timestamp (We actually adds number of seconds).
- $futureTimestamp = $currentTimestamp + ($days * 24 * 60 * 60);
-
- preg_match('/uid=([^,]+),ou=/', $userDN, $matches);
- $uid = $matches[1];
- $dn = 'cn=' . $uid . ',' . 'ou=tokens' . ',' . $_ENV["LDAP_BASE"];
-
- $ldap_entry["objectClass"] = ['top', 'fdTokenEntry'];
- $ldap_entry["fdTokenUserDN"] = $userDN;
- $ldap_entry["fdTokenType"] = 'reminder';
- $ldap_entry["fdToken"] = $token;
- $ldap_entry["fdTokenTimestamp"] = $futureTimestamp;
- $ldap_entry["cn"] = $uid;
-
- // set the dn for the token, only take what's between "uid=" and ",ou="
-
-
- // Verify if token ou branch exists
- if (!$this->tokenBranchExist('ou=tokens' . ',' . $_ENV["LDAP_BASE"])) {
- // Create the branch
- $this->createBranchToken();
- }
-
- // The user token DN creation
- $userTokenDN = 'cn=' . $uid . ',ou=tokens' . ',' . $_ENV["LDAP_BASE"];
- // Verify if a token already exists for specified user and remove it to create new one correctly.
- if ($this->tokenBranchExist($userTokenDN)) {
- // Remove the user token
- $this->removeUserToken($userTokenDN);
- }
-
- // Add token to LDAP for specific UID
- try {
- $result = ldap_add($this->gateway->ds, $dn, $ldap_entry); // bool returned
- } catch (Exception $e) {
- echo json_encode(["Ldap Error - Token could not be saved!" => "$e"]); // string returned
- exit;
- }
-
- return $result;
- }
-
- /**
- * @param $userTokenDN
- * @return void
- * Note : Simply remove the token for specific user DN
- */
- private function removeUserToken ($userTokenDN): void
- {
- // Add token to LDAP for specific UID
- try {
- $result = ldap_delete($this->gateway->ds, $userTokenDN); // bool returned
- } catch (Exception $e) {
- echo json_encode(["Ldap Error - User token could not be removed!" => "$e"]); // string returned
- exit;
- }
- }
-
- /**
- * Create ou=pluginManager LDAP branch
- * @throws Exception
- */
- protected function createBranchToken (): void
- {
- try {
- ldap_add(
- $this->gateway->ds, 'ou=tokens' . ',' . $_ENV["LDAP_BASE"],
- [
- 'ou' => 'tokens',
- 'objectClass' => 'organizationalUnit',
- ]
- );
- } catch (Exception $e) {
-
- echo json_encode(["Ldap Error - Impossible to create the token branch" => "$e"]); // string returned
- exit;
- }
- }
-
-
- /**
- * @param string $dn
- * @return bool
- * Note : Simply inspect if the branch for token is existing.
- */
- private function tokenBranchExist (string $dn): bool
- {
- $result = FALSE;
-
- try {
- $search = ldap_search($this->gateway->ds, $dn, "(objectClass=*)");
- // Check if the search was successful
- if ($search) {
- // Get the number of entries found
- $entries = ldap_get_entries($this->gateway->ds, $search);
-
- // If entries are found, set result to true
- if ($entries["count"] > 0) {
- $result = TRUE;
- }
- }
- } catch (Exception $e) {
- $result = FALSE;
- }
-
- return $result;
- }
-
- /**
- * @param string $text
- * @return string
- * Note : This come from jwtToken, as it is completely private - it is cloned here for now.
- */
- private function base64urlEncode (string $text): string
- {
- return str_replace(["+", "/", "="], ["A", "B", ""], base64_encode($text));
- }
-
/**
* @param string $dn
* @return string
@@ -592,26 +393,6 @@ class Reminder implements EndpointInterface
return DateTime::createFromFormat('Ymd', $dateString);
}
- /**
- * @param $array
- * @return array
- * Note : simply return all values of a multi-dimensional array.
- */
- public function getArrayValuesRecursive ($array)
- {
- $values = [];
- foreach ($array as $value) {
- if (is_array($value)) {
- // If value is an array, merge its values recursively
- $values = array_merge($values, $this->getArrayValuesRecursive($value));
- } else {
- // If value is not an array, add it to the result
- $values[] = $value;
- }
- }
- return $values;
- }
-
/**
* @param string $mainTaskDn
* @return array