icingaweb2/library/Icinga/Authentication/User/ExternalBackend.php

<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */

namespace Icinga\Authentication\User;

use Icinga\Data\ConfigObject;
use Icinga\User;

/**
 * Test login with external authentication mechanism, e.g. Apache
 */
class ExternalBackend implements UserBackendInterface
{
    /**
     * The name of this backend
     *
     * @var string
     */
    protected $name;

    /**
     * Regexp expression to strip values from a username
     *
     * @var string
     */
    protected $stripUsernameRegexp;

    /**
     * Create new authentication backend of type "external"
     *
     * @param ConfigObject $config
     */
    public function __construct(ConfigObject $config)
    {
        $this->stripUsernameRegexp = $config->get('strip_username_regexp');
    }

    /**
     * Set this backend's name
     *
     * @param   string  $name
     *
     * @return  $this
     */
    public function setName($name)
    {
        $this->name = $name;
        return $this;
    }

    /**
     * Return this backend's name
     *
     * @return  string
     */
    public function getName()
    {
        return $this->name;
    }

    /**
     * Authenticate the given user
     *
     * @param   User        $user
     * @param   string      $password
     *
     * @return  bool                        True on success, false on failure
     *
     * @throws  AuthenticationException     In case authentication is not possible due to an error
     */
    public function authenticate(User $user, $password = null)
    {
        if (isset($_SERVER['REMOTE_USER'])) {
            $username = $_SERVER['REMOTE_USER'];
            $user->setRemoteUserInformation($username, 'REMOTE_USER');

            if ($this->stripUsernameRegexp) {
                $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
                if ($stripped !== false) {
                    // TODO(el): PHP issues a warning when PHP cannot compile the regular expression. Should we log an
                    // additional message in that case?
                    $username = $stripped;
                }
            }

            $user->setUsername($username);
            return true;
        }

        return false;
    }
}
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`<?php`
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL 2015-02-04 10:46:36 +01:00			`/* Icinga Web 2 \| (c) 2013-2015 Icinga Development Team \| GPLv2+ */`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00
Move concrete UserBackend classes to Icinga\Authentication\User refs #8826 2015-04-21 12:51:31 +02:00			`namespace Icinga\Authentication\User;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`use Icinga\Data\ConfigObject;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`use Icinga\User;`

			`/**`
			`* Test login with external authentication mechanism, e.g. Apache`
			`*/`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`class ExternalBackend implements UserBackendInterface`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`{`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`/**`
			`* The name of this backend`
			`*`
			`* @var string`
			`*/`
			`protected $name;`

Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`/**`
			`* Regexp expression to strip values from a username`
			`*`
			`* @var string`
			`*/`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`protected $stripUsernameRegexp;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00
			`/**`
Rename authentication type "autologin" to "external" refs #8274 2015-01-27 09:49:36 +01:00			`* Create new authentication backend of type "external"`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`* @param ConfigObject $config`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*/`
Adjust usages of Icinga\Application\Config refs #7147 2014-11-18 13:11:52 +01:00			`public function __construct(ConfigObject $config)`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`{`
			`$this->stripUsernameRegexp = $config->get('strip_username_regexp');`
			`}`

			`/**`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* Set this backend's name`
			`*`
			`* @param string $name`
Autologin: Fix PHPDoc 2014-06-11 15:33:33 +02:00			`*`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* @return $this`
			`*/`
			`public function setName($name)`
			`{`
			`$this->name = $name;`
			`return $this;`
			`}`

			`/**`
			`* Return this backend's name`
Autologin: Fix PHPDoc 2014-06-11 15:33:33 +02:00			`*`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* @return string`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*/`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`public function getName()`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`{`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`return $this->name;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`}`

			`/**`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* Authenticate the given user`
			`*`
			`* @param User $user`
			`* @param string $password`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* @return bool True on success, false on failure`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*`
ExternalBackend: Implement UserBackendInterface refs #8826 2015-05-04 12:15:50 +02:00			`* @throws AuthenticationException In case authentication is not possible due to an error`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`*/`
ExternalBackend: Drop redundant method hasUser refs #8826 2015-04-21 13:15:06 +02:00			`public function authenticate(User $user, $password = null)`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`{`
Autologin: Use REMOTE_USER for authentication It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable and the authentication type for negogiation methods (Kerberos for example) is neither Basic nor Digest. We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups. 2014-06-11 14:47:15 +02:00			`if (isset($_SERVER['REMOTE_USER'])) {`
			`$username = $_SERVER['REMOTE_USER'];`
AutoLogin/Logout: Remove own session namespace Store data in the user and implement interface to left backends store remote information. fixes #6461 2014-07-30 12:35:55 +02:00			`$user->setRemoteUserInformation($username, 'REMOTE_USER');`
ExternalBackend: Drop redundant method hasUser refs #8826 2015-04-21 13:15:06 +02:00
Make regular expression pattern in autologin backend being fully optional 2014-10-20 15:14:14 +02:00			`if ($this->stripUsernameRegexp) {`
Autologin: Actually set the username upon authentication Before, when using autologin the username of the authenticated user always was the empty string. 2014-06-11 15:27:36 +02:00			`$stripped = preg_replace($this->stripUsernameRegexp, '', $username);`
			`if ($stripped !== false) {`
			`// TODO(el): PHP issues a warning when PHP cannot compile the regular expression. Should we log an`
			`// additional message in that case?`
			`$username = $stripped;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`}`
			`}`
ExternalBackend: Drop redundant method hasUser refs #8826 2015-04-21 13:15:06 +02:00
Autologin: Actually set the username upon authentication Before, when using autologin the username of the authenticated user always was the empty string. 2014-06-11 15:27:36 +02:00			`$user->setUsername($username);`
			`return true;`
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081 2014-06-03 17:59:22 +02:00			`}`

			`return false;`
			`}`
			`}`