Skip to content

Commit

Permalink
Add getStartDate and getEndDate methods
Browse files Browse the repository at this point in the history
  • Loading branch information
@coudot
coudot committed Dec 27, 2024
1 parent 5f4ce80 commit 2fc003b
Show file tree
Hide file tree
Showing 4 changed files with 124 additions and 23 deletions.
10 changes: 10 additions & 0 deletions src/Ltb/Directory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,4 +89,14 @@ public function getDnAttribute() : string;
* Is account valid? Relies on start and end validity dates
*/
public function isAccountValid($ldap, $dn) : bool;

/*
* Get validity start date
*/
public function getStartDate($ldap, $dn) : ?DateTime;

/*
* Get validity end date
*/
public function getEndDate($ldap, $dn) : ?DateTime;
}
42 changes: 31 additions & 11 deletions src/Ltb/Directory/ActiveDirectory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,28 +332,48 @@ public function getDnAttribute() : string {

public function isAccountValid($ldap, $dn) : bool {

# Get entry
$time = time();
$startdate = $this->getStartDate($ldap, $dn);
$enddate = $this->getEndDate($ldap, $dn);

if ( isset($startdate) ) {
if ( $time <= $startdate->getTimestamp() ) {
return false;
}
}

if ( isset($enddate) ) {
if ( $time >= $enddate->getTimestamp() ) {
return false;
}
}

return true;
}

public function getStartDate($ldap, $dn) : ?DateTime {

// No start date in AD
return null;
}

public function getEndDate($ldap, $dn) : ?DateTime {

$search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('accountExpires'));
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ( $errno ) {
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
return false;
return null;
} else {
$entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
}

if (!isset($entry[0]['accountexpires'])) {
return true;
if (!isset($entry[0]['accountexpires']) or ($entry[0]['accountexpires'][0] == 0) or ($entry[0]['accountexpires'][0] == 9223372036854775807)) {
return null;
}

$enddate = \Ltb\Date::adDate2phpDate($entry[0]['accountexpires'][0]);

if ( time() < $enddate->getTimestamp() ) {
return true;
}

return false;
return $enddate ? $enddate : null;
}

}
54 changes: 42 additions & 12 deletions src/Ltb/Directory/OpenLDAP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,33 +333,63 @@ public function getDnAttribute() : string {

public function isAccountValid($ldap, $dn) : bool {

# Get entry
$search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdStartTime', 'pwdEndTime'));
$time = time();
$startdate = $this->getStartDate($ldap, $dn);
$enddate = $this->getEndDate($ldap, $dn);

if ( isset($startdate) ) {
if ( $time <= $startdate->getTimestamp() ) {
return false;
}
}

if ( isset($enddate) ) {
if ( $time >= $enddate->getTimestamp() ) {
return false;
}
}

return true;
}

public function getStartDate($ldap, $dn) : ?DateTime {

$startdate = null;
$search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdStartTime'));
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ( $errno ) {
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
return false;
return null;
} else {
$entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
}

$time = time();

if ( isset($entry[0]['pwdstarttime']) ) {
$startdate = \Ltb\Date::ldapDate2phpDate($entry[0]['pwdstarttime'][0]);
if ( $time <= $startdate->getTimestamp() ) {
return false;
}
}

return $startdate ? $startdate : null;
}

public function getEndDate($ldap, $dn) : ?DateTime {

$enddate = null;
$search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdEndTime'));
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);

if ( $errno ) {
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
return null;
} else {
$entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
}

if ( isset($entry[0]['pwdendtime']) ) {
$enddate = \Ltb\Date::ldapDate2phpDate($entry[0]['pwdendtime'][0]);
if ( $time >= $enddate->getTimestamp() ) {
return false;
}
}

return true;
return $enddate ? $enddate : null;
}

}
41 changes: 41 additions & 0 deletions tests/Ltb/DirectoryTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1120,4 +1120,45 @@ public function test_activedirectory_isvalid_enddate_after(): void
$this->assertTrue($isAccountValid, "Account should be valid");
}

public function test_activedirectory_isvalid_enddate_zero(): void
{
$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');
$phpLDAPMock->shouldreceive([
'ldap_read' => null,
'ldap_errno' => 0,
'ldap_get_entries' => [
'count' => 1,
0 => [
'accountexpires' => [
'count' => 1,
0 => 0,
]
]
]
]);

$isAccountValid = (new Ltb\Directory\ActiveDirectory)->isAccountValid(null, null);
$this->assertTrue($isAccountValid, "Account should be valid");
}

public function test_activedirectory_isvalid_enddate_full(): void
{
$phpLDAPMock = Mockery::mock('overload:Ltb\PhpLDAP');
$phpLDAPMock->shouldreceive([
'ldap_read' => null,
'ldap_errno' => 0,
'ldap_get_entries' => [
'count' => 1,
0 => [
'accountexpires' => [
'count' => 1,
0 => 9223372036854775807,
]
]
]
]);

$isAccountValid = (new Ltb\Directory\ActiveDirectory)->isAccountValid(null, null);
$this->assertTrue($isAccountValid, "Account should be valid");
}
}

0 comments on commit 2fc003b

Please sign in to comment.