private function LoginValidator::testCredentials in Lightweight Directory Access Protocol (LDAP) 8.3
Credentials are tested.
Return value
int Returns the authentication result.
1 call to LoginValidator::testCredentials()
- LoginValidator::processLogin in ldap_authentication/
src/ Controller/ LoginValidator.php - Perform the actual logging in.
File
- ldap_authentication/
src/ Controller/ LoginValidator.php, line 298
Class
- LoginValidator
- Handles the actual testing of credentials and authentication of users.
Namespace
Drupal\ldap_authentication\ControllerCode
private function testCredentials($password) {
$authenticationResult = self::AUTHENTICATION_FAILURE_GENERIC;
foreach (LdapAuthenticationConfiguration::getEnabledAuthenticationServers() as $server) {
$authenticationResult = self::AUTHENTICATION_FAILURE_GENERIC;
$this->serverDrupalUser = Server::load($server);
$this->detailLog
->log('%username: Trying server %id with %bind_method', [
'%username' => $this->authName,
'%id' => $this->serverDrupalUser
->id(),
'%bind_method' => $this->serverDrupalUser
->getFormattedBind(),
], 'ldap_authentication');
if (!$this
->connectToServer()) {
continue;
}
$bindStatus = $this
->bindToServer($password);
// @FIXME: We can do this better.
if ($bindStatus != 'success') {
$authenticationResult = $bindStatus;
// If bind fails, onto next server.
continue;
}
// Check if user exists in LDAP.
$this->ldapUser = $this->serverDrupalUser
->matchUsernameToExistingLdapEntry($this->authName);
if (!$this->ldapUser) {
$this->detailLog
->log('%username: User not found for server %id with %bind_method.', [
'%username' => $this->authName,
'%error' => $this->serverDrupalUser
->formattedError($this->serverDrupalUser
->ldapErrorNumber()),
'%bind_method' => $this->serverDrupalUser
->getFormattedBind(),
'%id' => $this->serverDrupalUser
->id(),
], 'ldap_authentication');
if ($this->serverDrupalUser
->hasError()) {
$authenticationResult = self::AUTHENTICATION_FAILURE_SERVER;
break;
}
$authenticationResult = self::AUTHENTICATION_FAILURE_FIND;
// Next server, please.
continue;
}
if (!$this
->checkAllowedExcluded($this->authName, $this->ldapUser)) {
$authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;
// Regardless of how many servers, disallowed user fails.
break;
}
// Test the password.
$credentials_pass = $this
->testUserPassword($password);
if (!$credentials_pass) {
$authenticationResult = self::AUTHENTICATION_FAILURE_CREDENTIALS;
// Next server, please.
continue;
}
else {
$authenticationResult = self::AUTHENTICATION_SUCCESS;
if ($this->serverDrupalUser
->get('bind_method') == 'anon_user') {
// After successful bind, lookup user again to get private attributes.
$this->ldapUser = $this->serverDrupalUser
->matchUsernameToExistingLdapEntry($this->authName);
}
if ($this->serverDrupalUser
->get('bind_method') == 'service_account' || $this->serverDrupalUser
->get('bind_method') == 'anon_user') {
$this->serverDrupalUser
->disconnect();
}
// Success.
break;
}
// End of loop through servers.
}
$this->detailLog
->log('%username: Authentication result is "%err_text"', [
'%username' => $this->authName,
'%err_text' => $this
->authenticationHelpText($authenticationResult) . ' ' . $this
->additionalDebuggingResponse($authenticationResult),
], 'ldap_authentication');
if ($authenticationResult != self::AUTHENTICATION_SUCCESS) {
$this
->failureResponse($authenticationResult);
}
return $authenticationResult;
}