From 2ed2dcac9de8bd8bae31e244f320385db432bff1 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Sat, 31 Oct 2009 01:33:01 +0000
Subject: [PATCH] - LSauth : Change to be extensible - LSauthHTTP : Add new
 class to manage HTTP authentification - LSsession : Update consequently to
 LSauth change

---
 trunk/conf/config.inc.php                 |   5 ++
 trunk/includes/class/class.LSauth.php     |  43 ++++++++-
 trunk/includes/class/class.LSauthHTTP.php |  93 ++++++++++++++++++++
 trunk/includes/class/class.LSsession.php  | 101 ++++++++++++++--------
 trunk/templates/default/blank.tpl         |  16 ++--
 trunk/templates/default/top.tpl           |   2 +-
 6 files changed, 211 insertions(+), 49 deletions(-)
 create mode 100644 trunk/includes/class/class.LSauthHTTP.php

diff --git a/trunk/conf/config.inc.php b/trunk/conf/config.inc.php
index 215e13eb..c2c43616 100644
--- a/trunk/conf/config.inc.php
+++ b/trunk/conf/config.inc.php
@@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array(
             'filter'   => '(objectClass=*)',
             'scope'    => 'sub'
       ),
+/*
+      'LSauth' => array (
+        'method' => 'HTTP'
+      ),
+*/
       'LSprofiles' => array (
         'admin' => array (
           'o=ls' => array (
diff --git a/trunk/includes/class/class.LSauth.php b/trunk/includes/class/class.LSauth.php
index 38979a35..1b4a9e96 100644
--- a/trunk/includes/class/class.LSauth.php
+++ b/trunk/includes/class/class.LSauth.php
@@ -29,6 +29,31 @@
  */
 class LSauth {
   
+  static private $authData=NULL;
+  
+  var $params = array (
+    'displayLoginForm' => true,
+    'displayLogoutBtn' => true
+  );
+  
+  /**
+   * Check Post Data
+   * 
+   * @retval boolean True if post data permit the authentification or False
+   **/
+  public function getPostData() {
+    if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
+      $this -> authData = array(
+        'username' => $_POST['LSsession_user'],
+        'password' => $_POST['LSsession_pwd'],
+        'ldapserver' => $_POST['LSsession_ldapserver'],
+        'topDn' => $_POST['LSsession_topDn']
+      );
+      return true;
+    }
+    return;
+  }
+  
   /**
    * Check user login
    *
@@ -37,11 +62,11 @@ class LSauth {
    *
    * @retval LSldapObject|false The LSldapObject of the user authificated or false 
    */
-  public static function authenticate($username,$password) {
+  public function authenticate() {
     if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
       $authobject = new LSsession :: $ldapServer['authObjectType']();
       $result = $authobject -> searchObject(
-        $username,
+        $this -> authData['username'],
         LSsession :: getTopDn(),
         LSsession :: $ldapServer['authObjectFilter']
       );
@@ -56,7 +81,7 @@ class LSauth {
         // duplication d'authentité
         LSerror :: addErrorCode('LSauth_02');
       }
-      elseif ( self :: checkUserPwd($result[0],$password) ) {
+      elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
         // Authentication succeeded
         return $result[0];
       }
@@ -85,6 +110,18 @@ class LSauth {
     return LSldap :: checkBind($object -> getValue('dn'),$pwd);
   }
   
+  /**
+   * Define if login form can be displayed or not
+   * 
+   * @retval boolean
+   **/
+  public function __get($key) {
+    if ($key=='params') {
+      return $this -> params;
+    }
+    return;
+  }
+  
 }
 
 /*
diff --git a/trunk/includes/class/class.LSauthHTTP.php b/trunk/includes/class/class.LSauthHTTP.php
new file mode 100644
index 00000000..c5bc7317
--- /dev/null
+++ b/trunk/includes/class/class.LSauthHTTP.php
@@ -0,0 +1,93 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * Gestion de l'authentification d'un utilisateur suite à une authentification 
+ * HTTP
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthHTTP extends LSauth {
+  
+  var $params = array (
+    'displayLoginForm' => false,
+    'displayLogoutBtn' => false
+  );
+  
+  /**
+   * Check Post Data
+   * 
+   * @retval array|False Array of post data if exist or False
+   **/
+  public function getPostData() {
+    if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+      $this -> authData = array(
+        'username' => $_SERVER['PHP_AUTH_USER'],
+        'password' => $_SERVER['PHP_AUTH_PW'],
+        'ldapserver' => $_REQUEST['LSsession_ldapserver'],
+        'topDn' => $_REQUEST['LSsession_topDn']
+      );
+      return true;
+    }
+    return;
+  }
+  
+  /**
+   * Check user login
+   *
+   * @param[in] $username The username
+   * @param[in] $password The password
+   *
+   * @retval LSldapObject|false The LSldapObject of the user authificated or false 
+   */
+  public function authenticate() {
+    if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
+      $authobject = new LSsession :: $ldapServer['authObjectType']();
+      $result = $authobject -> searchObject(
+        $this ->  authData['username'],
+        LSsession :: getTopDn(),
+        LSsession :: $ldapServer['authObjectFilter']
+      );
+      $nbresult=count($result);
+      
+      if ($nbresult==0) {
+        // identifiant incorrect
+        LSdebug('identifiant incorrect');
+        LSerror :: addErrorCode('LSauth_01');
+      }
+      else if ($nbresult>1) {
+        // duplication d'authentité
+        LSerror :: addErrorCode('LSauth_02');
+      }
+      else {
+        // Authentication succeeded
+        return $result[0];
+      }
+    }
+    else {
+      LSerror :: addErrorCode('LSauth_03');
+    }
+    return;
+  }
+  
+}
+?>
diff --git a/trunk/includes/class/class.LSsession.php b/trunk/includes/class/class.LSsession.php
index 7cb6b473..bc527d34 100644
--- a/trunk/includes/class/class.LSsession.php
+++ b/trunk/includes/class/class.LSsession.php
@@ -20,7 +20,7 @@
 
 ******************************************************************************/
 
-/**
+/** 
  * Gestion des sessions
  *
  * Cette classe gère les sessions d'utilisateurs.
@@ -50,6 +50,9 @@ class LSsession {
   // Les droits d'accès de l'utilisateur
   private static $LSaccess = array();
   
+  // Authentification parameters
+  private static $authParams = array();
+  
   // Les fichiers temporaires
   private static $tmp_file = array();
   
@@ -466,6 +469,7 @@ class LSsession {
       self :: $rdn          = $_SESSION['LSsession']['rdn'];
       self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
       self :: $tmp_file     = $_SESSION['LSsession']['tmp_file'];
+      self :: $authParams   = $_SESSION['LSsession']['authParams'];
       
       if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
         self :: setLdapServer(self :: $ldapServerId);
@@ -509,39 +513,48 @@ class LSsession {
     }
     else {
       // Session inexistante
-      if (isset($_POST['LSsession_user'])) {
-        if (isset($_POST['LSsession_ldapserver'])) {
-          self :: setLdapServer($_POST['LSsession_ldapserver']);
+      if (isset($_POST['LSsession_ldapserver'])) {
+        self :: setLdapServer($_POST['LSsession_ldapserver']);
+      }
+      else {
+        self :: setLdapServer(0);
+      }
+      
+      // Connexion au serveur LDAP
+      if (self :: LSldapConnect()) {
+
+        // topDn
+        if ( $_POST['LSsession_topDn'] != '' ){
+          self :: $topDn = $_POST['LSsession_topDn'];
         }
         else {
-          self :: setLdapServer(0);
+          self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
         }
-        
-        // Connexion au serveur LDAP
-        if (self :: LSldapConnect()) {
+        $_SESSION['LSsession_topDn']=self :: $topDn;
 
-          // topDn
-          if ( $_POST['LSsession_topDn'] != '' ){
-            self :: $topDn = $_POST['LSsession_topDn'];
-          }
-          else {
-            self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
-          }
-          $_SESSION['LSsession_topDn']=self :: $topDn;
-
-          
-          if (isset($_GET['LSsession_recoverPassword'])) {
-            $recoveryPasswordInfos = self :: recoverPasswd(
-                                        $_REQUEST['LSsession_user'],
-                                        $_GET['recoveryHash']
-                                     );
-          }
-          else {
-            if (self :: loadLSclass('LSauth')) {
-              $LSuserObject = LSauth :: authenticate(
-                $_REQUEST['LSsession_user'],
-                $_REQUEST['LSsession_pwd']
-              );
+        if (isset($_GET['LSsession_recoverPassword'])) {
+          $recoveryPasswordInfos = self :: recoverPasswd(
+                                      $_REQUEST['LSsession_user'],
+                                      $_GET['recoveryHash']
+                                   );
+        }
+        else {
+          if (self :: loadLSclass('LSauth')) {
+            if (isset(self :: $ldapServer['LSauth']['method'])) {
+              $LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
+              if (!self :: loadLSclass($LSauthClass)) {
+                LSerror :: addErrorCode('LSsession_08',$LSauthClass);
+                $LSauthClass = 'LSauth';
+              }
+            }
+            else {
+              $LSauthClass = 'LSauth';
+            }
+            
+            $authObj = new $LSauthClass();
+            self :: $authParams = $authObj->params;
+            if ($authObj -> getPostData()) {
+              $LSuserObject = $authObj -> authenticate();
               if ($LSuserObject) {
                 // Authentification réussi
                 self :: $LSuserObject = $LSuserObject;
@@ -555,10 +568,13 @@ class LSsession {
               }
             }
           }
+          else {
+            LSerror :: addErrorCode('LSsession_05','LSauth');
+          }
         }
-        else {
-          LSerror :: addErrorCode('LSsession_09');
-        }
+      }
+      else {
+        LSerror :: addErrorCode('LSsession_09');
       }
       if (self :: $ldapServerId) {
         $GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
@@ -567,9 +583,13 @@ class LSsession {
       if (isset($_GET['LSsession_recoverPassword'])) {
         self :: displayRecoverPasswordForm($recoveryPasswordInfos);
       }
-      else {
+      elseif(self :: $authParams['displayLoginForm']) {
         self :: displayLoginForm();
       }
+      else {
+        self :: setTemplate('blank.tpl');
+        LSerror :: addErrorCode('LSsession_10');
+      }
       return;
     }
   }
@@ -811,7 +831,8 @@ class LSsession {
       'ldapServerId' => self :: $ldapServerId,
       'ldapServer' => self :: $ldapServer,
       'LSprofiles' => self :: $LSprofiles,
-      'LSaccess' => self :: $LSaccess
+      'LSaccess' => self :: $LSaccess,
+      'authParams' => self :: $authParams
     );
   }
   
@@ -1317,6 +1338,8 @@ class LSsession {
     $GLOBALS['Smarty'] -> assign('LSlang',self :: $lang);
     $GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
     $GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
+    
+    $GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
 
     // Infos
     if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
@@ -2088,11 +2111,15 @@ class LSsession {
     LSerror :: defineError('LSsession_07',
     _("LSsession : Impossible to identify you : Duplication of identities.")
     );
-    // 08
+    LSerror :: defineError('LSsession_08',
+    _("LSsession : Can't load class of authentification (%{class}).")
+    );
     LSerror :: defineError('LSsession_09',
     _("LSsession : Can't connect to LDAP server.")
     );
-    // 10
+    LSerror :: defineError('LSsession_10',
+    _("LSsession : Impossible to authenticate you.")
+    );
     LSerror :: defineError('LSsession_11',
     _("LSsession : Your are not authorized to do this action.")
     );
diff --git a/trunk/templates/default/blank.tpl b/trunk/templates/default/blank.tpl
index c0cb0b35..9721cbe8 100644
--- a/trunk/templates/default/blank.tpl
+++ b/trunk/templates/default/blank.tpl
@@ -1,20 +1,20 @@
+<?xml version="1.0"?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
 <html>
   <head>
+    <meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
     <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <link rel="icon" type="image/png" href="images/default/favicon.png" />
     <link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
     <link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
     {$LSsession_css}
-    {$LSsession_js}
   </head>
 <body>
-<div id='LSerror'>
-{$LSerrors}
-</div>
-<div id='LSdebug'>
-  <a href='#' id='LSdebug_hidden'>X</a> 
-  <div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
-</div>
+
+{include file='LSdefault.tpl'}
+
+{$LSsession_js}
+
 </body>
 </html>
diff --git a/trunk/templates/default/top.tpl b/trunk/templates/default/top.tpl
index 872f6ca1..518340cf 100644
--- a/trunk/templates/default/top.tpl
+++ b/trunk/templates/default/top.tpl
@@ -45,7 +45,7 @@
       </select>
       <input type='submit' value='->'/>
     </form>
-    {$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>
+    {$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
     </td>
   </tr>
   <tr>