2014-06-03 17:59:22 +02:00
|
|
|
<?php
|
2015-02-04 10:46:36 +01:00
|
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
2014-06-03 17:59:22 +02:00
|
|
|
|
|
|
|
namespace Icinga\Authentication\Backend;
|
|
|
|
|
|
|
|
use Icinga\Authentication\UserBackend;
|
2014-11-18 13:11:52 +01:00
|
|
|
use Icinga\Data\ConfigObject;
|
2014-06-03 17:59:22 +02:00
|
|
|
use Icinga\User;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test login with external authentication mechanism, e.g. Apache
|
|
|
|
*/
|
2015-01-27 09:49:36 +01:00
|
|
|
class ExternalBackend extends UserBackend
|
2014-06-03 17:59:22 +02:00
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Regexp expression to strip values from a username
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $stripUsernameRegexp;
|
|
|
|
|
|
|
|
/**
|
2015-01-27 09:49:36 +01:00
|
|
|
* Create new authentication backend of type "external"
|
2014-06-03 17:59:22 +02:00
|
|
|
*
|
2014-11-18 13:11:52 +01:00
|
|
|
* @param ConfigObject $config
|
2014-06-03 17:59:22 +02:00
|
|
|
*/
|
2014-11-18 13:11:52 +01:00
|
|
|
public function __construct(ConfigObject $config)
|
2014-06-03 17:59:22 +02:00
|
|
|
{
|
|
|
|
$this->stripUsernameRegexp = $config->get('strip_username_regexp');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2014-06-11 15:33:33 +02:00
|
|
|
* Count the available users
|
|
|
|
*
|
2015-01-27 09:49:36 +01:00
|
|
|
* Authenticaton backends of type "external" will always return 1
|
2014-06-11 15:33:33 +02:00
|
|
|
*
|
|
|
|
* @return int
|
2014-06-03 17:59:22 +02:00
|
|
|
*/
|
|
|
|
public function count()
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test whether the given user exists
|
|
|
|
*
|
|
|
|
* @param User $user
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function hasUser(User $user)
|
|
|
|
{
|
2014-06-11 14:47:15 +02:00
|
|
|
if (isset($_SERVER['REMOTE_USER'])) {
|
|
|
|
$username = $_SERVER['REMOTE_USER'];
|
2014-07-30 12:35:55 +02:00
|
|
|
$user->setRemoteUserInformation($username, 'REMOTE_USER');
|
2014-10-20 15:14:14 +02:00
|
|
|
if ($this->stripUsernameRegexp) {
|
2014-06-11 15:27:36 +02:00
|
|
|
$stripped = preg_replace($this->stripUsernameRegexp, '', $username);
|
|
|
|
if ($stripped !== false) {
|
|
|
|
// TODO(el): PHP issues a warning when PHP cannot compile the regular expression. Should we log an
|
|
|
|
// additional message in that case?
|
|
|
|
$username = $stripped;
|
2014-06-03 17:59:22 +02:00
|
|
|
}
|
|
|
|
}
|
2014-06-11 15:27:36 +02:00
|
|
|
$user->setUsername($username);
|
|
|
|
return true;
|
2014-06-03 17:59:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Authenticate
|
|
|
|
*
|
2014-06-11 15:33:33 +02:00
|
|
|
* @param User $user
|
|
|
|
* @param string $password
|
2014-06-03 17:59:22 +02:00
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2014-06-11 15:04:15 +02:00
|
|
|
public function authenticate(User $user, $password = null)
|
2014-06-03 17:59:22 +02:00
|
|
|
{
|
|
|
|
return $this->hasUser($user);
|
|
|
|
}
|
|
|
|
}
|