tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lib: Add basic access authentication (WIP) 

refs #9660
This commit is contained in:
Eric Lippmann 2015-07-29 17:22:55 +02:00
parent ce2a196c4a
commit cf8c680482
1 changed files with 41 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
library/Icinga/Authentication/Auth.php
View File

@ -79,10 +79,10 @@ class Auth
*/ */
public function isAuthenticated($ignoreSession = false) public function isAuthenticated($ignoreSession = false)
{ {
if ($this->user === null && ! $ignoreSession) { if ($this->user === null && ! $this->authHttp() && ! $ignoreSession) {
$this->authenticateFromSession(); $this->authenticateFromSession();
} }
return is_object($this->user); return $this->user !== null;
} }
public function setAuthenticated(User $user, $persist = true) public function setAuthenticated(User $user, $persist = true)
@ -175,7 +175,7 @@ class Auth
public function getRequest() public function getRequest()
{ {
if ($this->request === null) { if ($this->request === null) {
$this->request = Icinga::app()->getFrontController()->getRequest(); $this->request = Icinga::app()->getRequest();
} }
return $this->request; return $this->request;
} }
@ -224,6 +224,44 @@ class Auth
} }
} }
/**
* Attempt to authenticate a user using HTTP authentication
*
* Supports only the Basic HTTP authentication scheme. This will not challenge the client if authorization is
* missing or invalid yet. XHR will be ignored.
*
* @return bool
*/
protected function authHttp()
{
if ($this->getRequest()->isXmlHttpRequest()) {
return false;
}
$header = $this->getRequest()->getHeader('Authorization');
if (empty($header)) {
return false;
}
list($scheme) = explode(' ', $header, 2);
if ($scheme !== 'Basic') {
return false;
}
$authorization = substr($header, strlen('Basic '));
$credentials = base64_decode($authorization);
$credentials = array_filter(explode(':', $credentials));
if (count($credentials) !== 2) {
// Deny empty username and/or password
return false;
}
$user = new User($credentials[0]);
$password = $credentials[1];
if ($this->getAuthChain()->setSkipExternalBackends(true)->authenticate($user, $password)) {
$this->setAuthenticated($user, false);
return true;
} else {
return false;
}
}
/** /**
* Whether an authenticated user has a given permission * Whether an authenticated user has a given permission
* *