ldapsaisie/src/includes/class/class.LSauthMethod.php

<?php
/*******************************************************************************
 * Copyright (C) 2007 Easter-eggs
 * http://ldapsaisie.labs.libre-entreprise.org
 *
 * Author: See AUTHORS file in top-level directory.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

******************************************************************************/

LSsession :: loadLSclass('LSlog_staticLoggerClass');

/**
 * Base of a authentication provider for LSauth
 *
 * @author Benjamin Renard <brenard@easter-eggs.com>
 */
class LSauthMethod extends LSlog_staticLoggerClass {

  protected $authData = array();

  // Boolean flag to specify if this LSauthMethod support API mode
  protected static $api_mode_supported = false;

  public function __construct() {
    // Load config (without warning if not found)
    $conf_file = LS_CONF_DIR."LSauth/config.".get_class($this).".php";
    if (LSsession :: includeFile($conf_file, false, false))
      self :: log_debug(get_class($this)." :: __construct(): config file ($conf_file) loaded");
    else
      self :: log_debug(get_class($this)." :: __construct(): config file ($conf_file) not found");
    return true;
  }

  /**
   * Check Auth Data
   *
   * Return authentication data or false
   *
   * @retval Array|false Array of authentication data or False
   **/
  public function getAuthData() {
    // Do nothing in the standard LSauthMethod class
    // This method have to define $this -> authData['username']
    return false;
  }

  /**
   * Check authentication
   *
   * @retval LSldapObject|false The LSldapObject of the user authificated or false
   */
  public function authenticate() {
    $authobjects = LSauth :: username2LSobjects($this -> authData['username']);
    if (!$authobjects || !is_array($authobjects)) {
      LSerror :: addErrorCode('LSauth_01');
      self :: log_debug("No user found for provided username '".$this -> authData['username']."'");
    }
    elseif (count($authobjects) > 1) {
      self :: log_debug('Multiple users match with provided username: '.implode(', ', array_keys($authobjects)));
      LSerror :: addErrorCode('LSauth_02');
      return false;
    }
    // Authentication succeeded
    return array_pop($authobjects);
  }

 /**
  * Logout
  *
  * @retval boolean True on success or False
  **/
  public function logout() {
     // Do nothing in the standard LSauthMethod class
     return true;
  }

 /**
  * After logout
  *
  * This method is run by LSsession after the local session was
  * was successfully destroyed.
  *
  * @retval void
  **/
  public static function afterLogout() {
    return true;
  }

  /**
   * Get LDAP credentials
   *
   * Return LDAP credentials or false
   *
   * @params[in] $user The LSldapObject of the user authificated
   *
   * @retval Array|false Array of LDAP credentials array('dn','pwd') or False
   **/
  public function getLDAPcredentials($user) {
    if (isset($this -> authData['password'])) {
      return array(
        'dn' => $user -> getDn(),
        'pwd' => $this -> authData['password']
      );
    }
    return false;
  }

  /**
   * Check API mode support of this method
   *
   * @retval boolean True if API mode is support, false otherwise
   */
  static public function apiModeSupported() {
    return static :: $api_mode_supported;
  }

}
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`<?php`
			`/*******************************************************************************`
			`* Copyright (C) 2007 Easter-eggs`
			`* http://ldapsaisie.labs.libre-entreprise.org`
			`*`
			`* Author: See AUTHORS file in top-level directory.`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License version 2`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.`

			`******************************************************************************/`

LSauthMethods : use LSlog_logger 2020-05-08 15:49:36 +02:00			`LSsession :: loadLSclass('LSlog_staticLoggerClass');`

- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`/**`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* Base of a authentication provider for LSauth`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`*`
			`* @author Benjamin Renard <brenard@easter-eggs.com>`
			`*/`
LSauthMethods : use LSlog_logger 2020-05-08 15:49:36 +02:00			`class LSauthMethod extends LSlog_staticLoggerClass {`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00
Add API feature Some major changes have been made to handle this new feature : - LSsession now have a flag about API mode. The displayTemplate() and displayAjaxReturn() methods have been adjust to correctly handle this mode. - LSauth system have been adjust to handle a custom API mode : - LSauthMethod can support or not this mode : the $api_mode_supported permit to defined if supported (default, false). Currently, only HTTP (default in API mode) and annonymous mode support it. - An api_access parameter permit to configure witch type of user LSobject types could use the API. This flag must be set to True to allow a type of LSobject (default: False). In a same way, a web_access parameter now permit to disable Web access for some types of users (but this parameter is optional and its default value is True). - The HTTP method is the privileged first method for API mode. In this mode, if auth data aren't present in environment, it will request it by triggered a 403 HTTP error. Realm can be configured with new LSAUTHMETHOD_HTTP_API_REALM constant. - The LStemplate system handle API mode to correctly react on errors: it return a JSON answer instead of HTML page. Error pages also now return adjusted HTTP code (404 or 500). - The LSurl system have been adjust to handle API mode : - On declaring handlers, we could now specify if it's an API view with new $api_mode paremeter of add_handler() method - The LSurlRequest object have a new attribute to check if it's an API request - The error_404() method handle the API mode to return JSON answer. Furthermore, if no handlers matched with the requested URL, API mode is automatically enabled if the requested URL starts with 'api/'. - LSform implement it own API mode flag and a new submited flag that be toggle via the new setSubmited() method. Some major changes also occured on LSformElement classes to specifically handle API input/output for each types of attributes: - a new getApiValue() method permit to retrieve the API value of the attribute (on show API view) - the getPostData() method now have to correctly handle API input for the attribute (on create/modify API views). A programmatic way have been adopted for each types of attributes. - The LSimport and LScli create/modify commands also evolved to enable API mode of the LSform. This permit to take advantage of the new capability of LSform/LSformElement to handle input values with a programmatic way. - New routes have been add to handle API views. All this new routes start with 'api/1.0/' and use the same URL schema as the web UI. The API currently permit to search/show/add/modify/remove LSobjects and manages their relations. 2021-02-03 14:40:28 +01:00			`protected $authData = array();`

			`// Boolean flag to specify if this LSauthMethod support API mode`
			`protected static $api_mode_supported = false;`
Code cleaning 2020-04-29 15:54:21 +02:00
Explicitly defined class methods visibility and upgrade PHP class constructor syntax 2019-03-12 11:42:53 +01:00			`public function __construct() {`
LSauthMethod: don't warn if config file not found 2020-05-07 11:34:44 +02:00			`// Load config (without warning if not found)`
			`$conf_file = LS_CONF_DIR."LSauth/config.".get_class($this).".php";`
			`if (LSsession :: includeFile($conf_file, false, false))`
LSauthMethods : use LSlog_logger 2020-05-08 15:49:36 +02:00			`self :: log_debug(get_class($this)." :: __construct(): config file ($conf_file) loaded");`
LSauthMethod: don't warn if config file not found 2020-05-07 11:34:44 +02:00			`else`
LSauthMethods : use LSlog_logger 2020-05-08 15:49:36 +02:00			`self :: log_debug(get_class($this)." :: __construct(): config file ($conf_file) not found");`
Explicitly defined class methods visibility and upgrade PHP class constructor syntax 2019-03-12 11:42:53 +01:00			`return true;`
			`}`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`/**`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* Check Auth Data`
Code cleaning 2020-04-29 15:54:21 +02:00			`*`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* Return authentication data or false`
Code cleaning 2020-04-29 15:54:21 +02:00			`*`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* @retval Array\|false Array of authentication data or False`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`**/`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`public function getAuthData() {`
			`// Do nothing in the standard LSauthMethod class`
			`// This method have to define $this -> authData['username']`
			`return false;`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`}`
Code cleaning 2020-04-29 15:54:21 +02:00
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`/**`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* Check authentication`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`*`
Code cleaning 2020-04-29 15:54:21 +02:00			`* @retval LSldapObject\|false The LSldapObject of the user authificated or false`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`*/`
			`public function authenticate() {`
LSauth: Add possibility to configure more than one LSobject type as user 2020-05-12 19:23:24 +02:00			`$authobjects = LSauth :: username2LSobjects($this -> authData['username']);`
LSauthMethod :: authenticate(): fix PHP warning 2020-08-19 15:11:49 +02:00			`if (!$authobjects \|\| !is_array($authobjects)) {`
LSauth: Add possibility to configure more than one LSobject type as user 2020-05-12 19:23:24 +02:00			`LSerror :: addErrorCode('LSauth_01');`
			`self :: log_debug("No user found for provided username '".$this -> authData['username']."'");`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`}`
LSauth: Add possibility to configure more than one LSobject type as user 2020-05-12 19:23:24 +02:00			`elseif (count($authobjects) > 1) {`
			`self :: log_debug('Multiple users match with provided username: '.implode(', ', array_keys($authobjects)));`
			`LSerror :: addErrorCode('LSauth_02');`
			`return false;`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`}`
LSauth: Add possibility to configure more than one LSobject type as user 2020-05-12 19:23:24 +02:00			`// Authentication succeeded`
LSauthMethod: fix default authenticate() method 2020-05-12 20:59:21 +02:00			`return array_pop($authobjects);`
- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`}`
Code cleaning 2020-04-29 15:54:21 +02:00
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`/**`
			`* Logout`
Code cleaning 2020-04-29 15:54:21 +02:00			`*`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* @retval boolean True on success or False`
			`**/`
			`public function logout() {`
			`// Do nothing in the standard LSauthMethod class`
			`return true;`
			`}`
LSsession : Add useUserCredentials parameter 2014-11-18 13:16:38 +01:00
Add LSauth :: afterLogout() trigger 2019-03-27 18:02:04 +01:00			`/**`
			`* After logout`
			`*`
			`* This method is run by LSsession after the local session was`
			`* was successfully destroyed.`
			`*`
			`* @retval void`
			`**/`
			`public static function afterLogout() {`
			`return true;`
			`}`

LSsession : Add useUserCredentials parameter 2014-11-18 13:16:38 +01:00			`/**`
			`* Get LDAP credentials`
			`*`
			`* Return LDAP credentials or false`
			`*`
			`* @params[in] $user The LSldapObject of the user authificated`
			`*`
			`* @retval Array\|false Array of LDAP credentials array('dn','pwd') or False`
			`**/`
			`public function getLDAPcredentials($user) {`
Explicitly defined class methods visibility and upgrade PHP class constructor syntax 2019-03-12 11:42:53 +01:00			`if (isset($this -> authData['password'])) {`
			`return array(`
			`'dn' => $user -> getDn(),`
			`'pwd' => $this -> authData['password']`
			`);`
			`}`
LSsession : Add useUserCredentials parameter 2014-11-18 13:16:38 +01:00			`return false;`
			`}`
Code cleaning 2019-03-11 22:42:20 +01:00
Add API feature Some major changes have been made to handle this new feature : - LSsession now have a flag about API mode. The displayTemplate() and displayAjaxReturn() methods have been adjust to correctly handle this mode. - LSauth system have been adjust to handle a custom API mode : - LSauthMethod can support or not this mode : the $api_mode_supported permit to defined if supported (default, false). Currently, only HTTP (default in API mode) and annonymous mode support it. - An api_access parameter permit to configure witch type of user LSobject types could use the API. This flag must be set to True to allow a type of LSobject (default: False). In a same way, a web_access parameter now permit to disable Web access for some types of users (but this parameter is optional and its default value is True). - The HTTP method is the privileged first method for API mode. In this mode, if auth data aren't present in environment, it will request it by triggered a 403 HTTP error. Realm can be configured with new LSAUTHMETHOD_HTTP_API_REALM constant. - The LStemplate system handle API mode to correctly react on errors: it return a JSON answer instead of HTML page. Error pages also now return adjusted HTTP code (404 or 500). - The LSurl system have been adjust to handle API mode : - On declaring handlers, we could now specify if it's an API view with new $api_mode paremeter of add_handler() method - The LSurlRequest object have a new attribute to check if it's an API request - The error_404() method handle the API mode to return JSON answer. Furthermore, if no handlers matched with the requested URL, API mode is automatically enabled if the requested URL starts with 'api/'. - LSform implement it own API mode flag and a new submited flag that be toggle via the new setSubmited() method. Some major changes also occured on LSformElement classes to specifically handle API input/output for each types of attributes: - a new getApiValue() method permit to retrieve the API value of the attribute (on show API view) - the getPostData() method now have to correctly handle API input for the attribute (on create/modify API views). A programmatic way have been adopted for each types of attributes. - The LSimport and LScli create/modify commands also evolved to enable API mode of the LSform. This permit to take advantage of the new capability of LSform/LSformElement to handle input values with a programmatic way. - New routes have been add to handle API views. All this new routes start with 'api/1.0/' and use the same URL schema as the web UI. The API currently permit to search/show/add/modify/remove LSobjects and manages their relations. 2021-02-03 14:40:28 +01:00			`/**`
			`* Check API mode support of this method`
			`*`
			`* @retval boolean True if API mode is support, false otherwise`
			`*/`
			`static public function apiModeSupported() {`
			`return static :: $api_mode_supported;`
			`}`

- LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change 2009-10-31 02:33:01 +01:00			`}`