[Ldap] Add users extra_fields in ldap component

Simperfit · Simperfit · commit bcfff0479755 · 2019-06-22T10:34:40.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/UserProvider/LdapFactory.php
@@ -36,6 +36,7 @@ public function create(ContainerBuilder $container, $id, $config)
             ->replaceArgument(5, $config['uid_key'])
             ->replaceArgument(6, $config['filter'])
             ->replaceArgument(7, $config['password_attribute'])
+            ->replaceArgument(8, $config['extra_fields'])
         ;
     }
 
@@ -52,6 +53,9 @@ public function addConfiguration(NodeDefinition $node)
                 ->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end()
                 ->scalarNode('search_dn')->end()
                 ->scalarNode('search_password')->end()
+                ->arrayNode('extra_fields')
+                    ->prototype('scalar')->end()
+                ->end()
                 ->arrayNode('default_roles')
                     ->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
                     ->requiresAtLeastOneElement()
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -184,6 +184,7 @@
             <argument /> <!-- uid key -->
             <argument /> <!-- filter -->
             <argument /> <!-- password_attribute -->
+            <argument /> <!-- extra_fields (email etc) -->
         </service>
 
         <service id="security.user.provider.chain" class="Symfony\Component\Security\Core\User\ChainUserProvider" abstract="true" />
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml
@@ -21,6 +21,7 @@ security:
                 search_password: ''
                 default_roles: ROLE_USER
                 uid_key: uid
+                extra_fields: ['email']
 
     firewalls:
         main:
diff --git a/src/Symfony/Component/Ldap/CHANGELOG.md b/src/Symfony/Component/Ldap/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+4.4.0
+-----
+
+* Added the "extra_fields" option, an array of custom fields to pull from the LDAP server
+
 4.3.0
 -----
 
diff --git a/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php b/src/Symfony/Component/Security/Core/Tests/User/LdapUserProviderTest.php
@@ -334,6 +334,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
             ->will($this->returnValue(new Entry('foo', [
                     'sAMAccountName' => ['foo'],
                     'userpassword' => ['bar'],
+                    'email' => ['elsa@symfony.com'],
                 ]
             )))
         ;
@@ -353,7 +354,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
             ->will($this->returnValue($query))
         ;
 
-        $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');
+        $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);
         $this->assertInstanceOf(
             'Symfony\Component\Security\Core\User\User',
             $provider->loadUserByUsername('foo')
diff --git a/src/Symfony/Component/Security/Core/User/LdapUserProvider.php b/src/Symfony/Component/Security/Core/User/LdapUserProvider.php
@@ -34,8 +34,9 @@ class LdapUserProvider implements UserProviderInterface
     private $uidKey;
     private $defaultSearch;
     private $passwordAttribute;
+    private $extraFields;
 
-    public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null)
+    public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
     {
         if (null === $uidKey) {
             $uidKey = 'sAMAccountName';
@@ -53,6 +54,7 @@ public function __construct(LdapInterface $ldap, string $baseDn, string $searchD
         $this->uidKey = $uidKey;
         $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
         $this->passwordAttribute = $passwordAttribute;
+        $this->extraFields = $extraFields;
     }
 
     /**
@@ -123,12 +125,17 @@ public function supportsClass($class)
     protected function loadUser($username, Entry $entry)
     {
         $password = null;
+        $extraFields = [];
 
         if (null !== $this->passwordAttribute) {
             $password = $this->getAttributeValue($entry, $this->passwordAttribute);
         }
 
-        return new User($username, $password, $this->defaultRoles);
+        foreach ($this->extraFields as $field) {
+            $extraFields[$field] = $this->getAttributeValue($entry, $field);
+        }
+
+        return new User($username, $password, $this->defaultRoles, true, true, true, true, $extraFields);
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/User/User.php b/src/Symfony/Component/Security/Core/User/User.php
@@ -27,8 +27,9 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
     private $credentialsNonExpired;
     private $accountNonLocked;
     private $roles;
+    private $extraFields;
 
-    public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true)
+    public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true, array $extraFields = [])
     {
         if ('' === $username || null === $username) {
             throw new \InvalidArgumentException('The username cannot be empty.');
@@ -41,6 +42,7 @@ public function __construct(?string $username, ?string $password, array $roles =
         $this->credentialsNonExpired = $credentialsNonExpired;
         $this->accountNonLocked = $userNonLocked;
         $this->roles = $roles;
+        $this->extraFields = $extraFields;
     }
 
     public function __toString()
@@ -118,6 +120,11 @@ public function eraseCredentials()
     {
     }
 
+    public function getExtraFields()
+    {
+        return $this->extraFields;
+    }
+
     /**
      * {@inheritdoc}
      */

Original file line number	Diff line number	Diff line change
`@@ -334,6 +334,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()`
`334`	`334`	`->will($this->returnValue(new Entry('foo', [`
`335`	`335`	`'sAMAccountName' => ['foo'],`
`336`	`336`	`'userpassword' => ['bar'],`
	`337`	`+ 'email' => ['[email protected]'],`
`337`	`338`	`]`
`338`	`339`	`)))`
`339`	`340`	`;`
`@@ -353,7 +354,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()`
`353`	`354`	`->will($this->returnValue($query))`
`354`	`355`	`;`
`355`	`356`
`356`		`- $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');`
	`357`	`+ $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);`
`357`	`358`	`$this->assertInstanceOf(`
`358`	`359`	`'Symfony\Component\Security\Core\User\User',`
`359`	`360`	`$provider->loadUserByUsername('foo')`