Skip to content
Snippets Groups Projects
Commit 1c3b2df2 authored by Peter Rotich's avatar Peter Rotich Committed by Peter Rotich
Browse files

Add ability for the backends to continue authenticated user session 

Checks the session for authkey and asks the backend that generated it to
validate it and return authenticated user.
parent 48186524
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 91 additions and 0 deletions
include/class.auth.php
+ 91
0
View file @ 1c3b2df2
...@@ -186,8 +186,13 @@ abstract class AuthenticationBackend { ...@@ -186,8 +186,13 @@ abstract class AuthenticationBackend {
return null; return null;
} }
protected function validate($auth) {
return null;
}
abstract function authenticate($username, $password); abstract function authenticate($username, $password);
abstract function login($user, $bk); abstract function login($user, $bk);
abstract static function getUser(); //Validates authenticated users.
abstract function getAllowedBackends($userid); abstract function getAllowedBackends($userid);
abstract protected function getAuthKey($user); abstract protected function getAuthKey($user);
} }
...@@ -284,6 +289,28 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend { ...@@ -284,6 +289,28 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
return true; return true;
} }
static function getUser() {
if (!isset($_SESSION['_auth']['staff'])
|| !$_SESSION['_auth']['staff']['key'])
return null;
list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);
if (!($bk=static::getBackend($id)) //get the backend
|| !$bk->supportsAuthentication() //Make sure it can authenticate
|| !($staff = $bk->validate($auth)) //Get AuthicatedUser
|| !($staff instanceof Staff)
|| $staff->getId() != $_SESSION['_auth']['staff']['id'] // check ID
)
return null;
$staff->setAuthKey($_SESSION['_auth']['staff']['key']);
return $staff;
}
protected function getAuthKey($staff) { protected function getAuthKey($staff) {
return null; return null;
} }
...@@ -348,6 +375,28 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend { ...@@ -348,6 +375,28 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return null; return null;
} }
static function getUser() {
if (!isset($_SESSION['_auth']['user'])
|| !$_SESSION['_auth']['user']['key'])
return null;
list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']);
$bk=static::getBackend($id);
$user=$bk->validate($auth);
if (!($bk=static::getBackend($id)) //get the backend
|| !$bk->supportsAuthentication() //Make sure it can authenticate
|| !($user=$bk->validate($auth)) //Get AuthicatedUser
|| !($user instanceof AuthenticatedUser) // Make sure it user
|| $user->getId() != $_SESSION['_auth']['user']['id'] // check ID
)
return null;
$user->setAuthKey($_SESSION['_auth']['user']['key']);
return $user;
}
} }
/** /**
...@@ -380,6 +429,10 @@ abstract class AuthStrikeBackend extends AuthenticationBackend { ...@@ -380,6 +429,10 @@ abstract class AuthStrikeBackend extends AuthenticationBackend {
return false; return false;
} }
static function getUser() {
return null;
}
function supportsAuthentication() { function supportsAuthentication() {
return false; return false;
} }
...@@ -510,6 +563,12 @@ class osTicketAuthentication extends StaffAuthenticationBackend { ...@@ -510,6 +563,12 @@ class osTicketAuthentication extends StaffAuthenticationBackend {
return $staff->getUsername(); //FIXME: return $staff->getUsername(); //FIXME:
} }
protected function validate($authkey) {
if (($staff = new StaffSession($authkey)) && $staff->getId())
return $staff;
}
} }
StaffAuthenticationBackend::register(osTicketAuthentication); StaffAuthenticationBackend::register(osTicketAuthentication);
...@@ -555,6 +614,38 @@ class AuthTokenAuthentication extends UserAuthenticationBackend { ...@@ -555,6 +614,38 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
return $authkey; return $authkey;
} }
protected function validate($authkey) {
$regex = '/^(?P<type>\w{1})(?P<id>\d+)t(?P<tid>\d+)h(?P<hash>.*)$/i';
$matches = array();
if (!preg_match($regex, $authkey, $matches))
return false;
$user = null;
switch ($matches['type']) {
case 'c': //Collaborator
if (($c = Collaborator::lookup(
array('userId' => $matches['id'],
'ticketId' => $matches['tid'])))
&& ($c->getTicketId() == $matches['tid']))
$user = new ClientSession($c);
break;
case 'o': //Ticket owner
if (($ticket = Ticket::lookup($matches['tid']))
&& ($c = $ticket->getClient())
&& ($c->getId() == $matches['id']))
$user = new ClientSession($c);
break;
}
if(!$user
|| strcasecmp(md5($user->getUsername().$this->id), $matches['hash']))
return null;
return $user;
}
static private function __authtoken($token) { static private function __authtoken($token) {
switch ($token[0]) { switch ($token[0]) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment