* Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @author Andreas Heigl * @copyright Andreas Heigl * @license http://www.opensource.org/licenses/mit-license.php MIT-License * @since 19.07.2020 * @link http://github.com/heiglandreas/authLDAP */ declare(strict_types=1); namespace Org_Heigl\AuthLdap; use Org_Heigl\AuthLdap\Exception\InvalidLdapUri; use function array_map; use function error_get_last; use function getenv; use function is_array; use function is_string; use function parse_url; use function preg_replace_callback; use function rawurlencode; use function strlen; use function strpos; use function substr; use function trim; use function urldecode; final class LdapUri { private $server; private $scheme; private $port = 389; private string $baseDn; private $username = ''; private $password = ''; private function __construct(string $uri) { if (!preg_match('/^(ldap|ldaps|env)/', $uri)) { throw InvalidLdapUri::wrongSchema($uri); } if (strpos($uri, 'env:') === 0) { $newUri = getenv(substr($uri, 4)); if (false === $newUri) { throw InvalidLdapUri::noEnvironmentVariableSet($uri); } $uri = (string) $newUri; } $uri = $this->injectEnvironmentVariables($uri); $array = parse_url($uri); if (!is_array($array)) { throw InvalidLdapUri::cannotparse($uri); } $url = array_map(static function ($item) { if (is_int($item)) { return $item; } return urldecode($item); }, $array); if (!isset($url['scheme'])) { throw InvalidLdapUri::noSchema($uri); } if (0 !== strpos($url['scheme'], 'ldap')) { throw InvalidLdapUri::wrongSchema($uri); } if (!isset($url['host'])) { throw InvalidLdapUri::noServerProvided($uri); } if (!isset($url['path'])) { throw InvalidLdapUri::noSearchBaseProvided($uri); } if (1 === strlen($url['path'])) { throw InvalidLdapUri::invalidSearchBaseProvided($uri); } $this->server = $url['host']; $this->scheme = $url['scheme']; $this->baseDn = substr($url['path'], 1); if (isset($url['user'])) { $this->username = $url['user']; } if ('' === trim($this->username)) { $this->username = 'anonymous'; } if (isset($url['pass'])) { $this->password = $url['pass']; } if ($this->scheme === 'ldaps' && $this->port === 389) { $this->port = 636; } // When someone sets the port in the URL we overwrite whatever is set. // We have to assume they know what they are doing! if (isset($url['port'])) { $this->port = $url['port']; } } public static function fromString(string $uri): LdapUri { return new LdapUri($uri); } private function injectEnvironmentVariables(string $base): string { return preg_replace_callback('/%env:([^%]+)%/', static function (array $matches) { return rawurlencode(getenv($matches[1])); }, $base); } public function toString(): string { return $this->scheme . '://' . $this->server . ':' . $this->port; } public function __toString() { return $this->toString(); } public function getUsername(): string { return $this->username; } public function getPassword(): string { return $this->password; } public function getBaseDn(): string { return $this->baseDn; } public function isAnonymous(): bool { if ($this->password === '') { return true; } if ($this->username === 'anonymous') { return true; } return false; } }