summaryrefslogtreecommitdiff
path: root/app/Model/Authentication.php
blob: a0e9684f4796575d5fd207d4d3e6b89eda6a63ad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php

namespace Model;

use Core\Request;
use Auth\Database;
use SimpleValidator\Validator;
use SimpleValidator\Validators;

/**
 * Authentication model
 *
 * @package  model
 * @author   Frederic Guillot
 */
class Authentication extends Base
{
    /**
     * Load automatically an authentication backend
     *
     * @access public
     * @param  string   $name    Backend class name
     * @return mixed
     */
    public function backend($name)
    {
        if (! isset($this->container[$name])) {
            $class = '\Auth\\'.ucfirst($name);
            $this->container[$name] = new $class($this->container);
        }

        return $this->container[$name];
    }

    /**
     * Check if the current user is authenticated
     *
     * @access public
     * @param  string    $controller    Controller
     * @param  string    $action        Action name
     * @return bool
     */
    public function isAuthenticated($controller, $action)
    {
        // If the action is public we don't need to do any checks
        if ($this->acl->isPublicAction($controller, $action)) {
            return true;
        }

        // If the user is already logged it's ok
        if ($this->acl->isLogged()) {

            // We update each time the RememberMe cookie tokens
            if ($this->backend('rememberMe')->hasCookie()) {
                $this->backend('rememberMe')->refresh();
            }

            return true;
        }

        // We try first with the RememberMe cookie
        if ($this->backend('rememberMe')->authenticate()) {
            return true;
        }

        // Then with the ReverseProxy authentication
        if (REVERSE_PROXY_AUTH && $this->backend('reverseProxy')->authenticate()) {
            return true;
        }

        return false;
    }

    /**
     * Authenticate a user by different methods
     *
     * @access public
     * @param  string  $username  Username
     * @param  string  $password  Password
     * @return boolean
     */
    public function authenticate($username, $password)
    {
        // Try first the database auth and then LDAP if activated
        if ($this->backend('database')->authenticate($username, $password)) {
            return true;
        }
        else if (LDAP_AUTH && $this->backend('ldap')->authenticate($username, $password)) {
            return true;
        }

        return false;
    }

    /**
     * Validate user login form
     *
     * @access public
     * @param  array   $values           Form values
     * @return array   $valid, $errors   [0] = Success or not, [1] = List of errors
     */
    public function validateForm(array $values)
    {
        $v = new Validator($values, array(
            new Validators\Required('username', t('The username is required')),
            new Validators\MaxLength('username', t('The maximum length is %d characters', 50), 50),
            new Validators\Required('password', t('The password is required')),
        ));

        $result = $v->execute();
        $errors = $v->getErrors();

        if ($result) {

            if ($this->authenticate($values['username'], $values['password'])) {

                // Setup the remember me feature
                if (! empty($values['remember_me'])) {

                    $credentials = $this->backend('rememberMe')
                                        ->create($this->acl->getUserId(), Request::getIpAddress(), Request::getUserAgent());

                    $this->backend('rememberMe')->writeCookie($credentials['token'], $credentials['sequence'], $credentials['expiration']);
                }
            }
            else {
                $result = false;
                $errors['login'] = t('Bad username or password');
            }
        }

        return array(
            $result,
            $errors
        );
    }
}