Improve LSauthMethod::HTTP to support multiple methods to retreive user and password from HTTP server

2024-11-22 18:09:06 +01:00 · 2018-09-07 18:42:24 +02:00 · 2018-09-07 18:42:24 +02:00 · c551b954fe
commit c551b954fe
parent b9452f2057
6 changed files with 130 additions and 9 deletions
--- a/doc/conf/LSauthMethod/LSauthMethod_HTTP.docbook
+++ b/doc/conf/LSauthMethod/LSauthMethod_HTTP.docbook
@ -46,5 +46,59 @@
  </listitem>
 </varlistentry>
 <varlistentry>
  <term>LSAUTHMETHOD_HTTP_METHOD</term>
  <listitem>
    <simpara>Permet de définir la méthode utilisée par le serveur HTTP pour
    passer à PHP l'identifiant de l'utilisateur connecté et son mot de passe.
    Cette constance peut pendre les valeurs suivantes :
    <variablelist>
 <varlistentry>
  <term>PHP_PASS</term>
  <listitem>
    <simpara>Dans cette méthode, le serveur HTTP défini les variables
    d'environnement <literal>PHP_AUTH_USER</literal> et <literal>
    PHP_AUTH_PW</literal>. Cette méthode est la méthode par défaut et
    convient en cas d'utilisation de <literal>mod_php</literal>.</simpara>
  </listitem>
 </varlistentry>
 <varlistentry>
  <term>REMOTE_USER</term>
  <listitem>
    <simpara>Dans cette méthode, le serveur HTTP défini la variable
    d'environnement <literal>REMOTE_USER</literal>. Cette variable ne contient
    que l'identifiant de l'utilisateur connecté. Cette méthode ne peut donc
    être utilisée que conjointement avec l'activation du paramètre
    <literal>LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE</literal>.
    </simpara>
  </listitem>
 </varlistentry>
 <varlistentry>
  <term>AUTHORIZATION</term>
  <listitem>
    <simpara>Dans cette méthode, le serveur HTTP passe le contenu de l'entête
    HTTP <literal>Authorization</literal> dans la variable d'environnement
    <literal>HTTP_AUTHORIZATION</literal>. Cette méthode convient en cas d'
    utilisation de PHP en mode CGI ou encore via PHP-FPM. Pour utiliser cette
    méthode, il faudra adapter la configuration du serveur HTTP. Par exemple,
    pour Apache HTTPd, vous pouvez utiliser le module <literal>rewrite</literal>
    et la règle de réécriture suivante :
    <programlisting linenumbering="unnumbered">
 <![CDATA[RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]]]>
    </programlisting>
    </simpara>
  </listitem>
 </varlistentry>
    </variablelist>
    </simpara>
  </listitem>
 </varlistentry>
 </variablelist>
 </sect2>
--- a/public_html/conf/LSauth/config.LSauthMethod_HTTP.php
+++ b/public_html/conf/LSauth/config.LSauthMethod_HTTP.php
@ -28,3 +28,21 @@
 // Don't check HTTP server's login/password by LDAP authentication challenge
 //define('LSAUTHMETHOD_HTTP_TRUST_WITHOUT_PASSWORD_CHALLENGE',true);
 /*
 * Set the HTTP server's method to pass authentifcated user/password informations
 * to PHP :
 *  - PHP_PASS : server define the PHP_AUTH_USER and PHP_AUTH_PW environnement
 *               variables. This is the default way using mod_php.
 *  - REMOTE_USER : server define the REMOTE_USER environnement variable. By using
 *               this method, only the user is pass by HTTP server to PHP and it
 *               could be only used if you enable the "don't check HTTP server's
 *               login/password by LDAP authentication challenge" option.
 *  - AUTHORIZATION : server pass HTTP Authorization header value to PHP by setting
 *               the HTTP_AUTHORIZATION environnement variable. This way could
 *               be use when using PHP in CGI-mode or with PHP-FPM. When using
 *               Apache, you could pass this information by using the rewrite module
 *               and setting the following rewrite rule :
 *               RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 */
 //define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_PASS');
--- a/public_html/includes/class/class.LSauthMethod_HTTP.php
+++ b/public_html/includes/class/class.LSauthMethod_HTTP.php
@ -43,12 +43,46 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
   * @retval Array|false Array of authentication data or False
   **/
  public function getAuthData() {
-    if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+    if (!defined('LSAUTHMETHOD_HTTP_METHOD'))
-      $this -> authData = array(
+      define('LSAUTHMETHOD_HTTP_METHOD', 'PHP_AUTH');
-        'username' => $_SERVER['PHP_AUTH_USER'],
+
-        'password' => $_SERVER['PHP_AUTH_PW']
+    switch(constant('LSAUTHMETHOD_HTTP_METHOD')) {
-      );
+      case 'AUTHORIZATION':
-      return $this -> authData;
+        if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
          $authData = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
          if (is_array($authData) && count($authData) == 2) {
            $this -> authData = array(
              'username' => $authData[0],
              'password' => $authData[1],
            );
          }
          return $this -> authData;
        }
        else
          LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'HTTP_AUTHORIZATION');
        break;
      case 'REMOTE_USER':
        if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
          $this -> authData = array(
            'username' => $_SERVER['REMOTE_USER'],
            'password' => false,
          );
          return $this -> authData;
        }
        else
          LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'REMOTE_USER');
        break;
      case 'PHP_AUTH':
      default:
        if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
          $this -> authData = array(
            'username' => $_SERVER['PHP_AUTH_USER'],
            'password' => $_SERVER['PHP_AUTH_PW'],
          );
          return $this -> authData;
        }
        else
          LSerror :: addErrorCode('LSauthMethod_HTTP_01', 'PHP_AUTH_USER');
    }
    return;
  }
@ -69,3 +103,10 @@ class LSauthMethod_HTTP extends LSauthMethod_basic {
  }
 }
 /*
 * Error Codes
 */
 LSerror :: defineError('LSauthMethod_HTTP_01',
 _("LSauthMethod_HTTP : the %{var} environnement variable is missing.")
 );
--- a/public_html/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo
+++ b/public_html/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo
--- a/public_html/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po
+++ b/public_html/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po
@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: LdapSaisie\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-08-31 17:08+0200\n"
+"POT-Creation-Date: 2018-09-07 18:40+0200\n"
-"PO-Revision-Date: 2018-08-31 17:10+0200\n"
+"PO-Revision-Date: 2018-09-07 18:41+0200\n"
 "Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
 "Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
 "org>\n"
@ -1426,6 +1426,10 @@ msgstr "Afficher la fenêtre de recherche et de sélection étendue."
 msgid "Invalid value"
 msgstr "Valeur invalide"
 #: includes/class/class.LSauthMethod_HTTP.php:111
 msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
 msgstr "LSauthMethod_HTTP : la variable d'environnement %{var} est manquante."
 #: includes/class/class.LSformElement_mail.php:51
 msgid "Send a mail from here."
 msgstr "Envoyer un mail depuis l'interface."
--- a/public_html/lang/ldapsaisie.pot
+++ b/public_html/lang/ldapsaisie.pot
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-08-31 17:07+0200\n"
+"POT-Creation-Date: 2018-09-07 18:40+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -1215,6 +1215,10 @@ msgstr ""
 msgid "Invalid value"
 msgstr ""
 #: includes/class/class.LSauthMethod_HTTP.php:111
 msgid "LSauthMethod_HTTP : the %{var} environnement variable is missing."
 msgstr ""
 #: includes/class/class.LSformElement_mail.php:51
 msgid "Send a mail from here."
 msgstr ""