private function AuthenticateLdap($request)
{
if (!isset($request['Login']) || empty($request['Login'])) {
throw new Exception("Login is missing");
}
if (!isset($request['Password']) || empty($request['Password'])) {
throw new Exception("Password is missing");
}
if (!isset($request['EnvID']) || empty($request['EnvID'])) {
throw new Exception("Environment ID is missing");
}
if (\Scalr::config('scalr.auth_mode') != 'ldap') {
throw new Exception("LDAP auth not enabled on Scalr");
}
$ldap = \Scalr::getContainer()->ldap($request['Login'], $request['Password']);
$tldap = 0;
$start = microtime(true);
$result = $ldap->isValidUser();
$tldap = microtime(true) - $start;
if ($result) {
//Provides that login is always with domain suffix
$request['Login'] = $ldap->getUsername();
$this->debug['ldapUsername'] = $request['Login'];
$this->Environment = Scalr_Environment::init()->loadById($request['EnvID']);
$start = microtime(true);
$groups = $ldap->getUserGroups();
$tldap += microtime(true) - $start;
header(sprintf('X-Scalr-LDAP-Query-Time: %0.4f sec', $tldap));
$this->debug['ldapGroups'] = json_encode($groups);
//Get User
$this->user = Scalr_Account_User::init()->loadByEmail($request['Login'], $this->Environment->clientId);
if (!$this->user) {
$this->user = new Scalr_Account_User();
$this->user->type = Scalr_Account_User::TYPE_TEAM_USER;
$this->user->status = Scalr_Account_User::STATUS_ACTIVE;
$this->user->create($request['Login'], $this->Environment->clientId);
}
$this->user->applyLdapGroups($groups);
$this->debug['ldapEnvId'] = $this->Environment->id;
$this->user->getPermissions()->setEnvironmentId($this->Environment->id)->validate($this->Environment);
$this->debug['ldapAuth'] = 1;
//We must set environment to DI Container.
$this->setDiContainer();
} else {
throw new Exception("Incorrect login or password (1)");
}
}