mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-23 00:43:48 +01:00
Improve LSauthMethod::HTTP to support multiple methods to retreive user and password from HTTP server
This commit is contained in:
parent
b9452f2057
commit
c551b954fe
6 changed files with 130 additions and 9 deletions
|
@ -46,5 +46,59 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LSAUTHMETHOD_HTTP_METHOD</term>
|
||||
<listitem>
|
||||
<simpara>Permet de définir la méthode utilisée par le serveur HTTP pour
|
||||
passer à PHP l'identifiant de l'utilisateur connecté et son mot de passe.
|
||||
Cette constance peut pendre les valeurs suivantes :
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>PHP_PASS</term>
|
||||
<listitem>
|
||||
<simpara>Dans cette méthode, le serveur HTTP défini les variables
|
||||
d'environnement <literal>PHP_AUTH_USER</literal> et <literal>
|
||||
PHP_AUTH_PW</literal>. Cette méthode est la méthode par défaut et
|
||||
convient en cas d'utilisation de <literal>mod_php</literal>.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>REMOTE_USER</term>
|
||||
<listitem>
|
||||
<simpara>Dans cette méthode, le serveur HTTP défini la variable
|
||||
d'environnement <literal>REMOTE_USER</literal>. Cette variable ne contient
|
||||
que l'identifiant de l'utilisateur connecté. Cette méthode ne peut donc
|
||||
être utilisée que conjointement avec l'activation du paramètre
|
||||
<literal>LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE</literal>.
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>AUTHORIZATION</term>
|
||||
<listitem>
|
||||
<simpara>Dans cette méthode, le serveur HTTP passe le contenu de l'entête
|
||||
HTTP <literal>Authorization</literal> dans la variable d'environnement
|
||||
<literal>HTTP_AUTHORIZATION</literal>. Cette méthode convient en cas d'
|
||||
utilisation de PHP en mode CGI ou encore via PHP-FPM. Pour utiliser cette
|
||||
méthode, il faudra adapter la configuration du serveur HTTP. Par exemple,
|
||||
pour Apache HTTPd, vous pouvez utiliser le module <literal>rewrite</literal>
|
||||
et la règle de réécriture suivante :
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<![CDATA[RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]]]>
|
||||
</programlisting>
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
</variablelist>
|
||||
</sect2>
|
||||
|
|
|
@ -28,3 +28,21 @@
|
|||
|
||||
// Don't check HTTP server's login/password by LDAP authentication challenge
|
||||
//define('LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE',true);
|
||||
|
||||
/*
|
||||
* Set the HTTP server's method to pass authentifcated user/password informations
|
||||
* to PHP :
|
||||
* - PHP_PASS : server define the PHP_AUTH_USER and PHP_AUTH_PW environnement
|
||||
* variables. This is the default way using mod_php.
|
||||
* - REMOTE_USER : server define the REMOTE_USER environnement variable. By using
|
||||
* this method, only the user is pass by HTTP server to PHP and it
|
||||
* could be only used if you enable the "don't check HTTP server's
|
||||
* login/password by LDAP authentication challenge" option.
|
||||
* - AUTHORIZATION : server pass HTTP Authorization header value to PHP by setting
|
||||
* the HTTP_AUTHORIZATION environnement variable. This way could
|
||||
* be use when using PHP in CGI-mode or with PHP-FPM. When using
|
||||
* Apache, you could pass this information by using the rewrite module
|
||||
* and setting the following rewrite rule :
|
||||
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
*/
|
||||
//define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_PASS');
|
||||
|
|
|
@ -43,12 +43,46 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
|
|||
* @retval Array|false Array of authentication data or False
|
||||
**/
|
||||
public function getAuthData() {
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||
'password' => $_SERVER['PHP_AUTH_PW']
|
||||
);
|
||||
return $this -> authData;
|
||||
if (!defined('LSAUTHMETHOD_HTTP_METHOD'))
|
||||
define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_AUTH');
|
||||
|
||||
switch(constant('LSAUTHMETHOD_HTTP_METHOD')) {
|
||||
case 'AUTHORIZATION':
|
||||
if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
$authData = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
|
||||
if (is_array($authData) && count($authData) == 2) {
|
||||
$this -> authData = array(
|
||||
'username' => $authData[0],
|
||||
'password' => $authData[1],
|
||||
);
|
||||
}
|
||||
return $this -> authData;
|
||||
}
|
||||
else
|
||||
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'HTTP_AUTHORIZATION');
|
||||
break;
|
||||
case 'REMOTE_USER':
|
||||
if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['REMOTE_USER'],
|
||||
'password' => false,
|
||||
);
|
||||
return $this -> authData;
|
||||
}
|
||||
else
|
||||
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'REMOTE_USER');
|
||||
break;
|
||||
case 'PHP_AUTH':
|
||||
default:
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||
'password' => $_SERVER['PHP_AUTH_PW'],
|
||||
);
|
||||
return $this -> authData;
|
||||
}
|
||||
else
|
||||
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'PHP_AUTH_USER');
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
@ -69,3 +103,10 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* Error Codes
|
||||
*/
|
||||
LSerror :: defineError('LSauthMethod_HTTP_01',
|
||||
_("LSauthMethod_HTTP : the %{var} environnement variable is missing.")
|
||||
);
|
||||
|
|
Binary file not shown.
|
@ -7,8 +7,8 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: LdapSaisie\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2018-08-31 17:08+0200\n"
|
||||
"PO-Revision-Date: 2018-08-31 17:10+0200\n"
|
||||
"POT-Creation-Date: 2018-09-07 18:40+0200\n"
|
||||
"PO-Revision-Date: 2018-09-07 18:41+0200\n"
|
||||
"Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
|
||||
"Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
|
||||
"org>\n"
|
||||
|
@ -1426,6 +1426,10 @@ msgstr "Afficher la fenêtre de recherche et de sélection étendue."
|
|||
msgid "Invalid value"
|
||||
msgstr "Valeur invalide"
|
||||
|
||||
#: includes/class/class.LSauthMethod_HTTP.php:111
|
||||
msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
|
||||
msgstr "LSauthMethod_HTTP : la variable d'environnement %{var} est manquante."
|
||||
|
||||
#: includes/class/class.LSformElement_mail.php:51
|
||||
msgid "Send a mail from here."
|
||||
msgstr "Envoyer un mail depuis l'interface."
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2018-08-31 17:07+0200\n"
|
||||
"POT-Creation-Date: 2018-09-07 18:40+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -1215,6 +1215,10 @@ msgstr ""
|
|||
msgid "Invalid value"
|
||||
msgstr ""
|
||||
|
||||
#: includes/class/class.LSauthMethod_HTTP.php:111
|
||||
msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
|
||||
msgstr ""
|
||||
|
||||
#: includes/class/class.LSformElement_mail.php:51
|
||||
msgid "Send a mail from here."
|
||||
msgstr ""
|
||||
|
|
Loading…
Reference in a new issue