[Pkg-owncloud-commits] [php-sabredav] 58/64: Supporting multiple auth backends.
David Prévot
taffit at moszumanska.debian.org
Thu Dec 11 15:13:27 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to tag 2.2.0alpha1
in repository php-sabredav.
commit 2c46255a10bdeb7dc98166ee6ce4620888bdc34a
Author: Evert Pot <me at evertpot.com>
Date: Sat Dec 6 22:58:50 2014 -0500
Supporting multiple auth backends.
Fixes #191.
---
lib/DAV/Auth/Backend/AbstractBasic.php | 12 +++++
lib/DAV/Auth/Backend/AbstractDigest.php | 16 +++++++
lib/DAV/Auth/Plugin.php | 82 ++++++++++++++++++++++-----------
3 files changed, 82 insertions(+), 28 deletions(-)
diff --git a/lib/DAV/Auth/Backend/AbstractBasic.php b/lib/DAV/Auth/Backend/AbstractBasic.php
index 7c73bf4..254de2d 100644
--- a/lib/DAV/Auth/Backend/AbstractBasic.php
+++ b/lib/DAV/Auth/Backend/AbstractBasic.php
@@ -52,6 +52,18 @@ abstract class AbstractBasic implements BackendInterface {
abstract protected function validateUserPass($username, $password);
/**
+ * Sets the authentication realm for this backend.
+ *
+ * @param string $realm
+ * @return void
+ */
+ function setRealm($realm) {
+
+ $this->realm = $realm;
+
+ }
+
+ /**
* When this method is called, the backend must check if authentication was
* successful.
*
diff --git a/lib/DAV/Auth/Backend/AbstractDigest.php b/lib/DAV/Auth/Backend/AbstractDigest.php
index d55b4e5..e2e6878 100644
--- a/lib/DAV/Auth/Backend/AbstractDigest.php
+++ b/lib/DAV/Auth/Backend/AbstractDigest.php
@@ -39,6 +39,22 @@ abstract class AbstractDigest implements BackendInterface {
protected $principalPrefix = 'principals/';
/**
+ * Sets the authentication realm for this backend.
+ *
+ * Be aware that for Digest authentication, the realm influences the digest
+ * hash. Choose the realm wisely, because if you change it later, all the
+ * existing hashes will break and nobody can authenticate.
+ *
+ * @param string $realm
+ * @return void
+ */
+ function setRealm($realm) {
+
+ $this->realm = $realm;
+
+ }
+
+ /**
* Returns a users digest hash based on the username and realm.
*
* If the user was not known, null must be returned.
diff --git a/lib/DAV/Auth/Plugin.php b/lib/DAV/Auth/Plugin.php
index 8617d8c..d9d5575 100644
--- a/lib/DAV/Auth/Plugin.php
+++ b/lib/DAV/Auth/Plugin.php
@@ -14,7 +14,12 @@ use
/**
* This plugin provides Authentication for a WebDAV server.
*
- * It relies on a Backend object, which provides user information.
+ * It works by providing a Auth\Backend class. Several examples of these
+ * classes can be found in the Backend directory.
+ *
+ * It's possible to provide more than one backend to this plugin. If more than
+ * one backend was provided, each backend will attempt to authenticate. Only if
+ * all backends fail, we throw a 401.
*
* @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
* @author Evert Pot (http://evertpot.com/)
@@ -23,18 +28,9 @@ use
class Plugin extends ServerPlugin {
/**
- * Reference to main server object
- *
- * @var Server
- */
- protected $server;
-
- /**
- * Authentication backend
- *
- * @var Backend\BackendInterface
+ * authentication backends
*/
- protected $authBackend;
+ protected $backends;
/**
* The currently logged in principal. Will be `null` if nobody is currently
@@ -49,9 +45,23 @@ class Plugin extends ServerPlugin {
*
* @param Backend\BackendInterface $authBackend
*/
- function __construct(Backend\BackendInterface $authBackend) {
+ function __construct(Backend\BackendInterface $authBackend = null) {
- $this->authBackend = $authBackend;
+ if (!is_null($authBackend)) {
+ $this->addBackend($authBackend);
+ }
+
+ }
+
+ /**
+ * Adds an authentication backend to the plugin.
+ *
+ * @param Backend\BackendInterface $authBackend
+ * @return void
+ */
+ function addBackend(Backend\BackendInterface $authBackend) {
+
+ $this->backends[] = $authBackend;
}
@@ -63,8 +73,7 @@ class Plugin extends ServerPlugin {
*/
function initialize(Server $server) {
- $this->server = $server;
- $this->server->on('beforeMethod', [$this,'beforeMethod'], 10);
+ $server->on('beforeMethod', [$this,'beforeMethod'], 10);
}
@@ -130,21 +139,38 @@ class Plugin extends ServerPlugin {
*/
function beforeMethod(RequestInterface $request, ResponseInterface $response) {
- $result = $this->authBackend->check(
- $request,
- $response
- );
+ if (!$this->backends) {
+ throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
+ }
+ $reasons = [];
+ foreach($this->backends as $backend) {
+
+ $result = $backend->check(
+ $request,
+ $response
+ );
+
+ if (!is_array($result) || count($result)!==2 || !is_bool($result[0]) || !is_string($result[1])) {
+ throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
+ }
+
+ if ($result[0]) {
+ $this->currentPrincipal = $result[1];
+ // Exit early
+ return;
+ }
+ $reasons[] = $result[1];
- if (!is_array($result) || count($result)!==2 || !is_bool($result[0]) || !is_string($result[1])) {
- throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
}
- if ($result[0]) {
- $this->currentPrincipal = $result[1];
- } else {
- $this->currentPrincipal = null;
- $this->authBackend->requireAuth($request, $response);
- throw new NotAuthenticated('Authentication failed. Reason: ' . $result[1]);
+
+ // If we got here, it means that no authentication backend was
+ // successful in authenticating the user.
+ $this->currentPrincipal = null;
+
+ foreach($this->backends as $backend) {
+ $backend->requireAuth($request, $response);
}
+ throw new NotAuthenticated(implode(', ', $reasons));
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list