[icinga-checkins] icinga.org: icinga-web/next: Auth Basic Provider search headers

git at icinga.org git at icinga.org
Thu Apr 11 15:02:34 CEST 2013


Module: icinga-web
Branch: next
Commit: 9e9ef2310daed1148ec7ae0a8b5dfa1929d33ff8
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=9e9ef2310daed1148ec7ae0a8b5dfa1929d33ff8

Author: Marius Hein <marius.hein at netways.de>
Date:   Thu Apr 11 14:59:11 2013 +0200

Auth Basic Provider search headers

Fix configuration and implementation bug. Auth configuration for
basic auth provider contains "http_uservar" setting which can
contain multiple header to determine current username.
Implementation tests now all items in the list:
REMOTE_USER,PHP_AUTH_USER,REDIRECT_REMOTE_USER

fies #3867

---

 .../HTTPBasicAuthenticationModel.class.php         |  122 ++++++++++++++++---
 1 files changed, 102 insertions(+), 20 deletions(-)

diff --git a/app/modules/AppKit/models/Auth/Provider/HTTPBasicAuthenticationModel.class.php b/app/modules/AppKit/models/Auth/Provider/HTTPBasicAuthenticationModel.class.php
index aadda81..9ed8205 100644
--- a/app/modules/AppKit/models/Auth/Provider/HTTPBasicAuthenticationModel.class.php
+++ b/app/modules/AppKit/models/Auth/Provider/HTTPBasicAuthenticationModel.class.php
@@ -21,33 +21,71 @@
 // -----------------------------------------------------------------------------
 // {{{ICINGA_LICENSE_CODE}}}
 
-
+/**
+ * Class AppKit_Auth_Provider_HTTPBasicAuthenticationModel
+ *
+ * Model that implements authentication based on http headers
+ */
 class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProviderBaseModel implements AppKitIAuthProvider {
-
+    /**
+     * Default parameters
+     * @var array
+     */
     protected $parameters_default = array(
-                                        self::AUTH_MODE => self::MODE_SILENT
-                                    );
+        self::AUTH_MODE => self::MODE_SILENT
+    );
 
-    const DATASOURCE_NAME   = '_SERVER';
+    /**
+     * Datasource name
+     * @var string
+     */
+    const DATASOURCE_NAME = '_SERVER';
 
+    /**
+     * List of sources
+     * @var string[]
+     */
     private static $sources_list = array(
-                                       '_SERVER'
-                                   );
+       '_SERVER'
+   );
 
+    /**
+     * Sources
+     * @var array
+     */
     private static $source_map = array(
-                                     'auth_name'    => 'http_uservar',
-                                     'auth_type'    => 'http_typevar'
-                                 );
+         'auth_name'    => 'http_uservar',
+         'auth_type'    => 'http_typevar'
+     );
 
+    /**
+     * Default sources map
+     * @var array
+     */
     private static $source_map_defaults = array(
-            'auth_name' => 'REMOTE_USER,PHP_AUTH_USER',
-            'auth_type' => 'AUTH_TYPE'
-                                          );
+        'auth_name' => 'REMOTE_USER,PHP_AUTH_USER',
+        'auth_type' => 'AUTH_TYPE'
+    );
 
+    /**
+     * Name of principal
+     * @var string
+     */
     private $auth_name = null;
-    private $auth_type = null;
 
+    /**
+     * Name of authentication type
+     * @var string
+     */
+    private $auth_type = null;
 
+    /**
+     * @param NsmUser $user
+     * @param string $password
+     * @param null $username
+     * @param null $authid
+     * @return bool
+     */
     public function doAuthenticate(NsmUser $user, $password, $username=null, $authid=null) {
         $tuser = $this->loadUserByDQL($user->user_name);
         $username = $user->user_name;
@@ -63,10 +101,20 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
         return false;
     }
 
+    /**
+     * @param mixed $uid
+     * @param null $authid
+     * @return bool
+     */
     public function isAvailable($uid, $authid=null) {
         return true;
     }
 
+    /**
+     * @param mixed $uid
+     * @param bool $authid
+     * @return array
+     */
     public function getUserdata($uid, $authid=false) {
         return array(
                    'user_firstname' => $uid,
@@ -79,6 +127,7 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
 
     /**
      * @return AgaviParameterHolder
+     * @throws AppKitAuthProviderException
      */
     private function getVarSource() {
         $source_name = $this->getParameter('http_source', self::DATASOURCE_NAME);
@@ -95,13 +144,30 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
         }
     }
 
+    /**
+     * Tries to detect username
+     *
+     * Sets appropriate data from header
+     *
+     * @return null|string
+     */
     public function  determineUsername() {
         $source = $this->getVarSource();
 
         foreach(self::$source_map as $class_target => $config_target) {
             $search_keys = AppKitArrayUtil::trimSplit($this->getParameter($config_target, self::$source_map_defaults[$class_target]));
+            $search_value = null;
+
+            //  Looking for multiple keys and use the first match
+            foreach ($search_keys as $search_key) {
+                if ($source->getParameter($search_key) !== null) {
+                    $search_value = $source->getParameter($search_key);
+                    $this->log('Auth.Provider.HTTPBasicAuthentification: Got header data: %s=%s', $search_key, $search_value, AgaviILogger::DEBUG);
+                    break;
+                }
+            }
 
-            if (isset($search_keys[0]) && ($search_value = $source->getParameter($search_keys[0]))) {
+            if ($search_value !== null) {
                 if ($class_target == 'auth_name') {
                     $search_value = strtolower($search_value);
 
@@ -114,6 +180,8 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
                 } else {
                     $this-> { $class_target } = $search_value;
                 }
+            } else {
+                $this->log('Auth.Provider.HTTPBasicAuthentification: No value found for %s/%s', $class_target, $config_target, AgaviILogger::FATAL);
             }
         }
 
@@ -121,23 +189,37 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
             $this->auth_type = strtolower($this->auth_type);
         }
 
-        $this->log('Auth.Provider.HTTPBasicAuthentification: Got data (auth_name=%s, auth_type=%s)', $this->auth_name, $this->auth_type, AgaviLogger::DEBUG);
+        $this->log(
+            'Auth.Provider.HTTPBasicAuthentification: Got data (auth_name=%s, auth_type=%s)',
+            $this->auth_name,
+            $this->auth_type,
+            AgaviLogger::DEBUG
+        );
 
         return $this->auth_name;
     }
 
+    /**
+     * Getter for auth name
+     * @return null|string
+     */
     public function getAuthName() {
         return $this->auth_name;
     }
 
+    /**
+     * Getter for auth type
+     * @return null|string
+     */
     public function getAuthType() {
         return $this->auth_type;
     }
-    
+
+    /**
+     * Getter for realm
+     * @return string|null
+     */
     public function getRealm() {
         return $this->getParameter('http_realm');
     }
-
 }
-
-?>





More information about the icinga-checkins mailing list