summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-02-02 19:27:03 +0000
committercweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-02-02 19:27:03 +0000
commitb74c17f1b5df4862d15c6f072ef0049ff61e3713 (patch)
tree16f73661abf00332a6f6921ee1d04941703fc2a9
parent6f7316e4216a19c5b8957a0f397d3aff1919f1f7 (diff)
downloadsemanticscuttle-b74c17f1b5df4862d15c6f072ef0049ff61e3713.tar.gz
semanticscuttle-b74c17f1b5df4862d15c6f072ef0049ff61e3713.tar.bz2
nearly there with auth integration
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@627 b3834d28-1941-0410-a4f8-b48e95affb8f
-rw-r--r--data/config.default.php44
-rw-r--r--src/SemanticScuttle/Service/AuthUser.php218
2 files changed, 262 insertions, 0 deletions
diff --git a/data/config.default.php b/data/config.default.php
index 9febb79..a6b0e68 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -661,4 +661,48 @@ $avahiServiceFilePrefix = 'semanticscuttle-';
*/
$avahiTagName = 'zeroconf';
+
+
+/**
+ * Array of key value pairs to override service class names.
+ * Key is the old service name ("User"), value the new class
+ * name.
+ *
+ * @var array
+ */
+$serviceoverrides = array();
+
+
+
+
+/****************************
+ * External user authentication
+ */
+
+/**
+ * Type of external authentication via PEAR Auth
+ * To use this, you also need to set
+ * $serviceoverrides['User'] = 'SemanticScuttle_Service_AuthUser';
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php
+ *
+ * @var string
+ */
+$authType = null;
+
+/**
+ * Options for external authentication via PEAR Auth
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php
+ *
+ * @var array
+ */
+$authOptions = null;
+
+/**
+ * Enable debugging for PEAR Authentication
+ *
+ * @var boolean
+ */
+$authDebug = false;
?>
diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php
new file mode 100644
index 0000000..79cac9c
--- /dev/null
+++ b/src/SemanticScuttle/Service/AuthUser.php
@@ -0,0 +1,218 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @author Eric Dane <ericdane@users.sourceforge.net>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+require_once 'Auth.php';
+require_once 'SemanticScuttle/Service/User.php';
+
+/**
+ * SemanticScuttle extendet user management service utilizing
+ * the PEAR Auth package to enable authentication against
+ * different services, i.e. LDAP or other databases.
+ *
+ * Requires the Log packages for debugging purposes.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license GPL http://www.gnu.org/licenses/gpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User
+{
+ /**
+ * PEAR Auth instance
+ *
+ * @var Auth
+ */
+ protected $auth = null;
+
+ /**
+ * If we want to debug authentication process
+ *
+ * @var boolean
+ */
+ protected $authdebug = false;
+
+ /**
+ * Authentication type (i.e. LDAP)
+ *
+ * @var string
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php
+ */
+ var $authtype = null;
+
+ /**
+ * Authentication options
+ *
+ * @var array
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php
+ */
+ var $authoptions = null;
+
+
+
+ /**
+ * Returns the single service instance
+ *
+ * @param sql_db $db Database object
+ *
+ * @return SemanticScuttle_Service_AuthUser
+ */
+ public static function getInstance($db)
+ {
+ static $instance;
+ if (!isset($instance)) {
+ $instance = new self($db);
+ }
+ return $instance;
+ }
+
+
+
+ /**
+ * Create new instance
+ *
+ * @var sql_db $db Database object
+ */
+ protected function __construct($db)
+ {
+ parent::__construct($db);
+
+ $this->authtype = $GLOBALS['authType'];
+ $this->authoptions = $GLOBALS['authOptions'];
+ $this->authdebug = $GLOBALS['authDebug'];
+
+ //FIXME: throw error when no authtype set?
+ if (!$this->authtype) {
+ return;
+ }
+ require_once 'Auth.php';
+ $this->auth = new Auth($this->authtype, $this->authoptions);
+ //FIXME: check if it worked (i.e. db connection)
+ if ($this->authdebug) {
+ require_once 'Log.php';
+ $this->auth->logger = Log::singleton(
+ 'display', '', '', array(), PEAR_LOG_DEBUG
+ );
+ $this->auth->enableLogging = true;
+ }
+ $this->auth->setShowLogin(false);
+ }
+
+
+
+ /**
+ * Return current user id based on session or cookie
+ *
+ * @return mixed Integer user id or boolean false when user
+ * could not be found or is not logged on.
+ */
+ public function getCurrentUserId()
+ {
+ if (!$this->auth) {
+ return parent::getCurrentUserId();
+ }
+
+ //FIXME: caching?
+ $name = $this->auth->getUsername();
+ if (!$name) {
+ return false;
+ }
+ return $this->getIdFromUser($name);
+ }
+
+
+
+ /**
+ * Try to authenticate and login a user with
+ * username and password.
+ *
+ * @param string $username Name of user
+ * @param string $password Password
+ * @param boolean $remember If a long-time cookie shall be set
+ *
+ * @return boolean True if the user could be authenticated,
+ * false if not.
+ */
+ public function login($username, $password, $remember = false)
+ {
+ if (!$this->auth) {
+ return parent::login($username, $password, $remember);
+ }
+
+ $ok = $this->loginAuth($username, $password);
+ $password = $this->sanitisePassword($password);
+ $id = $this->getIdFromUser($username);
+ //FIXME: check against auth
+ }
+
+
+ /**
+ * Uses PEAR's Auth class to authenticate the user against a container.
+ * This allows us to use LDAP, a different database or some other
+ * external system.
+ *
+ * @param string $username Username to check
+ * @param string $password Password to check
+ *
+ * @return boolean If the user has been authenticated or not
+ */
+ public function loginAuth($username, $password)
+ {
+ $this->auth->post = array(
+ 'username' => $username,
+ 'password' => $password,
+ );
+ $this->auth->start();
+
+ if (!$this->auth->checkAuth()) {
+ return false;
+ }
+
+ //put user in database
+ if (!$this->getUserByUsername($username)) {
+ $this->addUser(
+ $username, $password,
+ $username . '@' . $GLOBALS['authemaildomain']
+ );
+ }
+ //FIXME: what if the user changed his password?
+ //FIXME: what if the user does not need an email domain?
+
+ return true;
+ }
+
+
+
+
+ /**
+ * Logs the current user out of the system.
+ *
+ * @return void
+ */
+ public function logout()
+ {
+ parent::logout();
+
+ if ($this->auth) {
+ $this->auth->logout();
+ $this->auth = null;
+ }
+ }
+
+}
+?> \ No newline at end of file