mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-11-26 11:52:59 +01:00
Improve LSauthMethod::HTTP to support multiple methods to retreive user and password from HTTP server
This commit is contained in:
parent
b9452f2057
commit
c551b954fe
6 changed files with 130 additions and 9 deletions
|
@ -46,5 +46,59 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>LSAUTHMETHOD_HTTP_METHOD</term>
|
||||||
|
<listitem>
|
||||||
|
<simpara>Permet de définir la méthode utilisée par le serveur HTTP pour
|
||||||
|
passer à PHP l'identifiant de l'utilisateur connecté et son mot de passe.
|
||||||
|
Cette constance peut pendre les valeurs suivantes :
|
||||||
|
<variablelist>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>PHP_PASS</term>
|
||||||
|
<listitem>
|
||||||
|
<simpara>Dans cette méthode, le serveur HTTP défini les variables
|
||||||
|
d'environnement <literal>PHP_AUTH_USER</literal> et <literal>
|
||||||
|
PHP_AUTH_PW</literal>. Cette méthode est la méthode par défaut et
|
||||||
|
convient en cas d'utilisation de <literal>mod_php</literal>.</simpara>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>REMOTE_USER</term>
|
||||||
|
<listitem>
|
||||||
|
<simpara>Dans cette méthode, le serveur HTTP défini la variable
|
||||||
|
d'environnement <literal>REMOTE_USER</literal>. Cette variable ne contient
|
||||||
|
que l'identifiant de l'utilisateur connecté. Cette méthode ne peut donc
|
||||||
|
être utilisée que conjointement avec l'activation du paramètre
|
||||||
|
<literal>LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE</literal>.
|
||||||
|
</simpara>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>AUTHORIZATION</term>
|
||||||
|
<listitem>
|
||||||
|
<simpara>Dans cette méthode, le serveur HTTP passe le contenu de l'entête
|
||||||
|
HTTP <literal>Authorization</literal> dans la variable d'environnement
|
||||||
|
<literal>HTTP_AUTHORIZATION</literal>. Cette méthode convient en cas d'
|
||||||
|
utilisation de PHP en mode CGI ou encore via PHP-FPM. Pour utiliser cette
|
||||||
|
méthode, il faudra adapter la configuration du serveur HTTP. Par exemple,
|
||||||
|
pour Apache HTTPd, vous pouvez utiliser le module <literal>rewrite</literal>
|
||||||
|
et la règle de réécriture suivante :
|
||||||
|
<programlisting linenumbering="unnumbered">
|
||||||
|
<![CDATA[RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]]]>
|
||||||
|
</programlisting>
|
||||||
|
</simpara>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
</simpara>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
|
@ -28,3 +28,21 @@
|
||||||
|
|
||||||
// Don't check HTTP server's login/password by LDAP authentication challenge
|
// Don't check HTTP server's login/password by LDAP authentication challenge
|
||||||
//define('LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE',true);
|
//define('LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE',true);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Set the HTTP server's method to pass authentifcated user/password informations
|
||||||
|
* to PHP :
|
||||||
|
* - PHP_PASS : server define the PHP_AUTH_USER and PHP_AUTH_PW environnement
|
||||||
|
* variables. This is the default way using mod_php.
|
||||||
|
* - REMOTE_USER : server define the REMOTE_USER environnement variable. By using
|
||||||
|
* this method, only the user is pass by HTTP server to PHP and it
|
||||||
|
* could be only used if you enable the "don't check HTTP server's
|
||||||
|
* login/password by LDAP authentication challenge" option.
|
||||||
|
* - AUTHORIZATION : server pass HTTP Authorization header value to PHP by setting
|
||||||
|
* the HTTP_AUTHORIZATION environnement variable. This way could
|
||||||
|
* be use when using PHP in CGI-mode or with PHP-FPM. When using
|
||||||
|
* Apache, you could pass this information by using the rewrite module
|
||||||
|
* and setting the following rewrite rule :
|
||||||
|
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||||
|
*/
|
||||||
|
//define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_PASS');
|
||||||
|
|
|
@ -43,13 +43,47 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
|
||||||
* @retval Array|false Array of authentication data or False
|
* @retval Array|false Array of authentication data or False
|
||||||
**/
|
**/
|
||||||
public function getAuthData() {
|
public function getAuthData() {
|
||||||
|
if (!defined('LSAUTHMETHOD_HTTP_METHOD'))
|
||||||
|
define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_AUTH');
|
||||||
|
|
||||||
|
switch(constant('LSAUTHMETHOD_HTTP_METHOD')) {
|
||||||
|
case 'AUTHORIZATION':
|
||||||
|
if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||||
|
$authData = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
|
||||||
|
if (is_array($authData) && count($authData) == 2) {
|
||||||
|
$this -> authData = array(
|
||||||
|
'username' => $authData[0],
|
||||||
|
'password' => $authData[1],
|
||||||
|
);
|
||||||
|
}
|
||||||
|
return $this -> authData;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'HTTP_AUTHORIZATION');
|
||||||
|
break;
|
||||||
|
case 'REMOTE_USER':
|
||||||
|
if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
|
||||||
|
$this -> authData = array(
|
||||||
|
'username' => $_SERVER['REMOTE_USER'],
|
||||||
|
'password' => false,
|
||||||
|
);
|
||||||
|
return $this -> authData;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'REMOTE_USER');
|
||||||
|
break;
|
||||||
|
case 'PHP_AUTH':
|
||||||
|
default:
|
||||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||||
$this -> authData = array(
|
$this -> authData = array(
|
||||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||||
'password' => $_SERVER['PHP_AUTH_PW']
|
'password' => $_SERVER['PHP_AUTH_PW'],
|
||||||
);
|
);
|
||||||
return $this -> authData;
|
return $this -> authData;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'PHP_AUTH_USER');
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -69,3 +103,10 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Error Codes
|
||||||
|
*/
|
||||||
|
LSerror :: defineError('LSauthMethod_HTTP_01',
|
||||||
|
_("LSauthMethod_HTTP : the %{var} environnement variable is missing.")
|
||||||
|
);
|
||||||
|
|
Binary file not shown.
|
@ -7,8 +7,8 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: LdapSaisie\n"
|
"Project-Id-Version: LdapSaisie\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2018-08-31 17:08+0200\n"
|
"POT-Creation-Date: 2018-09-07 18:40+0200\n"
|
||||||
"PO-Revision-Date: 2018-08-31 17:10+0200\n"
|
"PO-Revision-Date: 2018-09-07 18:41+0200\n"
|
||||||
"Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
|
"Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
|
||||||
"Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
|
"Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
|
||||||
"org>\n"
|
"org>\n"
|
||||||
|
@ -1426,6 +1426,10 @@ msgstr "Afficher la fenêtre de recherche et de sélection étendue."
|
||||||
msgid "Invalid value"
|
msgid "Invalid value"
|
||||||
msgstr "Valeur invalide"
|
msgstr "Valeur invalide"
|
||||||
|
|
||||||
|
#: includes/class/class.LSauthMethod_HTTP.php:111
|
||||||
|
msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
|
||||||
|
msgstr "LSauthMethod_HTTP : la variable d'environnement %{var} est manquante."
|
||||||
|
|
||||||
#: includes/class/class.LSformElement_mail.php:51
|
#: includes/class/class.LSformElement_mail.php:51
|
||||||
msgid "Send a mail from here."
|
msgid "Send a mail from here."
|
||||||
msgstr "Envoyer un mail depuis l'interface."
|
msgstr "Envoyer un mail depuis l'interface."
|
||||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: PACKAGE VERSION\n"
|
"Project-Id-Version: PACKAGE VERSION\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2018-08-31 17:07+0200\n"
|
"POT-Creation-Date: 2018-09-07 18:40+0200\n"
|
||||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||||
|
@ -1215,6 +1215,10 @@ msgstr ""
|
||||||
msgid "Invalid value"
|
msgid "Invalid value"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: includes/class/class.LSauthMethod_HTTP.php:111
|
||||||
|
msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: includes/class/class.LSformElement_mail.php:51
|
#: includes/class/class.LSformElement_mail.php:51
|
||||||
msgid "Send a mail from here."
|
msgid "Send a mail from here."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
Loading…
Reference in a new issue