Core  3.2
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
Class.openAuthenticator.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @package FDL
5 */
6 /**
7  * openAuthenticator class
8  *
9  * This class provides methods for private key based authentification
10  *
11  * @author Anakeen
12  * @version $Id: $
13  * @package FDL
14  * @subpackage
15  */
16 /**
17  */
18 include_once ('WHAT/Class.Authenticator.php');
19 
20 class openAuthenticator extends Authenticator
21 {
22 
23  const openAuthorizationScheme = "DcpOpen";
24  const openGetId = "dcpopen-authorization";
25  private $privatelogin = false;
26  public $token;
27  public $auth_session = null;
28  /**
29  * no need to ask authentication
30  */
31  public function checkAuthentication()
32  {
33  include_once ('WHAT/Lib.Http.php');
34  $privatekey = static::getTokenId();
35  if (!$privatekey) return Authenticator::AUTH_NOK;
36  $this->privatelogin = $this->getLoginFromPrivateKey($privatekey);
37  if ($this->privatelogin === false) {
38  return Authenticator::AUTH_NOK;
39  }
40 
41  $err = $this->consumeToken($privatekey);
42  if ($err === false) {
43  return Authenticator::AUTH_NOK;
44  }
45 
46  $session = $this->getAuthSession();
47  $session->register('username', $this->getAuthUser());
48  $session->setuid($this->getAuthUser());
49  return Authenticator::AUTH_OK;
50  }
51 
52  public static function getTokenId()
53  {
54  $tokenId = getHttpVars(self::openGetId, getHttpVars("privateid"));
55  if (!$tokenId) {
56  $headers = apache_request_headers();
57 
58  if (!empty($headers["Authorization"])) {
59  $hAuthorization = $headers["Authorization"];
60  } elseif (!empty($headers["authorization"])) {
61  $hAuthorization = $headers["authorization"];
62  }
63  if (!empty($hAuthorization)) {
64 
65  if (preg_match(sprintf("/%s\\s+(.*)$/", self::openAuthorizationScheme) , $hAuthorization, $reg)) {
66  $tokenId = trim($reg[1]);
67  }
68  }
69  }
70  return $tokenId;
71  }
72 
73  public static function getLoginFromPrivateKey($privatekey)
74  {
75  include_once ('WHAT/Class.UserToken.php');
76  include_once ('WHAT/Class.User.php');
77 
78  $token = static::getUserToken($privatekey);
79  if ($token === false) {
80  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Token '%s' not found.", $privatekey));
81  return false;
82  }
83 
84  $uid = $token->userid;
85  $user = new Account('', $uid);
86  if (!is_object($user) || !$user->isAffected()) {
87  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Could not get user with uid '%s' for token '%s'.", $uid, $privatekey));
88  return false;
89  }
90 
91  if (!static::verifyOpenAccess($token)) {
92  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Access deny for user '%s' with token '%s' : context not match.", $user->login, $privatekey));
93 
94  return false;
95  }
96 
97  if (!static::verifyOpenExpire($token)) {
98  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Access deny for user '%s' with token '%s' : token has expired.", $user->login, $privatekey));
99 
100  return false;
101  }
102 
103  return $user->login;
104  }
105  public static function getUserToken($tokenId)
106  {
107 
108  $token = new UserToken('', $tokenId);
109  if (!is_object($token) || !$token->isAffected()) {
110 
111  return false;
112  }
113 
114  return $token;
115  }
116 
117  public static function verifyOpenExpire(\UserToken $token)
118  {
119  $expiredate = $token->expire;
120  if ($expiredate === "infinity") {
121  return true;
122  }
123  $date = new \DateTime($expiredate);
124  $now = new \DateTime();
125 
126  return $now <= $date;
127  }
128  public static function verifyOpenAccess(\UserToken $token)
129  {
130  $rawContext = $token->context;
131 
132  $allow = false;
133 
134  if ($token->type && $token->type !== "CORE") {
135  return false;
136  }
137 
138  if ($rawContext === null) {
139  return true;
140  }
141 
142  if ($rawContext) {
143  $context = unserialize($rawContext);
144  if (is_array($context)) {
145  $allow = true;
146  foreach ($context as $k => $v) {
147  if (getHttpVars($k) !== (string)$v) {
148  $allow = false;
149  }
150  }
151  }
152  }
153 
154  return $allow;
155  }
156 
157  public function consumeToken($privatekey)
158  {
159  include_once ('WHAT/Class.UserToken.php');
160 
161  $token = new UserToken('', $privatekey);
162  if (!is_object($token) || !$token->isAffected()) {
163  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Token '%s' not found.", $privatekey));
164  return false;
165  }
166 
167  $this->token = $token->getValues();
168  if ($token->expendable === 't') {
169  $token->delete();
170  }
171 
172  return $privatekey;
173  }
174 
175  public function checkAuthorization($opt)
176  {
177  return TRUE;
178  }
179  /**
180  * no ask
181  */
182  public function askAuthentication($args)
183  {
184  header("HTTP/1.0 403 Forbidden", true);
185  print ___("Private key identifier is not valid", "authentOpen");
186 
187  return true;
188  }
189 
190  public function getAuthUser()
191  {
192  return $this->privatelogin;
193  }
194  /**
195  * no password needed
196  */
197  public function getAuthPw()
198  {
199  return false;
200  }
201  /**
202  * no logout
203  */
204  public function logout($redir_uri = '')
205  {
206  header("HTTP/1.0 401 Authorization Required");
207  print ___("Authorization Required", "authentOpen");
208  return true;
209  }
210  /**
211  **
212  **
213  *
214  */
215  public function setSessionVar($name, $value)
216  {
217  $session = $this->getAuthSession();
218  $session->register($name, $value);
219  return $session->read($name);
220  }
221  /**
222  **
223  **
224  *
225  */
226  public function getSessionVar($name)
227  {
228  $session = $this->getAuthSession();
229  return $session->read($name);
230  }
231  /**
232  *
233  */
234  public function getAuthSession()
235  {
236  if (!$this->auth_session) {
237  $this->auth_session = new Session(Session::PARAMNAME, false);
238 
239  $this->auth_session->Set();
240  }
241  return $this->auth_session;
242  }
243 }
$args
if(substr($wsh, 0, 1)!= '/') $args
Definition: Api/freedom_import.php:26
openAuthenticator\getLoginFromPrivateKey
static getLoginFromPrivateKey($privatekey)
Definition: Class.openAuthenticator.php:73
___
if(!function_exists('pgettext')) ___($message, $context="")
Definition: Lib.Common.php:46
openAuthenticator\verifyOpenExpire
static verifyOpenExpire(\UserToken $token)
Definition: Class.openAuthenticator.php:117
getHttpVars
getHttpVars($name, $def="", $scope="all")
Definition: Lib.Http.php:124
openAuthenticator\getUserToken
static getUserToken($tokenId)
Definition: Class.openAuthenticator.php:105
print
print
Definition: checklist.php:49
openAuthenticator\verifyOpenAccess
static verifyOpenAccess(\UserToken $token)
Definition: Class.openAuthenticator.php:128
Session\PARAMNAME
const PARAMNAME
Definition: Class.Session.php:49
$err
if($file) if($subject==""&&$file) if($subject=="") $err
Definition: fdl_sendmail.php:78
$value
$value
Definition: change_action.php:32
← centre documentaire © anakeen