plugins/auth_remote/init.php

   1 <?php
   2 class Auth_Remote extends Plugin implements IAuthModule {
   3
   4         private $host;
   5         /* @var Auth_Base $base */
   6         private $base;
   7
   8         function about() {
   9                 return array(1.0,
  10                         "Authenticates against remote password (e.g. supplied by Apache)",
  11                         "fox",
  12                         true);
  13         }
  14
  15         /* @var PluginHost $host */
  16         function init($host ) {
  17                 $this->host = $host;
  18                 $this->base = new Auth_Base();
  19
  20                 $host->add_hook($host::HOOK_AUTH_USER, $this);
  21         }
  22
  23         function get_login_by_ssl_certificate() {
  24                 $cert_serial = get_ssl_certificate_id();
  25
  26                 if ($cert_serial) {
  27                         $sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs, ttrss_users
  28                                 WHERE pref_name = 'SSL_CERT_SERIAL' AND value = ? AND
  29                                 owner_uid = ttrss_users.id");
  30                         $sth->execute([$cert_serial]);
  31
  32                         if ($row = $sth->fetch()) {
  33                                 return $row['login'];
  34                         }
  35                 }
  36
  37                 return "";
  38         }
  39
  40         /**
  41          * @SuppressWarnings(PHPMD.UnusedFormalParameter)
  42          */
  43         function authenticate($login, $password) {
  44                 $try_login = $_SERVER["REMOTE_USER"];
  45
  46                 // php-cgi
  47                 if (!$try_login) $try_login = $_SERVER["REDIRECT_REMOTE_USER"];
  48                 if (!$try_login) $try_login = $_SERVER["PHP_AUTH_USER"];
  49
  50                 if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
  51
  52                 if ($try_login) {
  53                         $user_id = $this->base->auto_create_user($try_login, $password);
  54
  55                         if ($user_id) {
  56                                 $_SESSION["fake_login"] = $try_login;
  57                                 $_SESSION["fake_password"] = "******";
  58                                 $_SESSION["hide_hello"] = true;
  59                                 $_SESSION["hide_logout"] = true;
  60
  61                                 // LemonLDAP can send user informations via HTTP HEADER
  62                                 if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
  63                                         // update user name
  64                                         $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
  65                                         if ($fullname){
  66                                                 $sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
  67                                                 $sth->execute([$fullname, $user_id]);
  68                                         }
  69                                         // update user mail
  70                                         $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
  71                                         if ($email){
  72                                                 $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
  73                                                 $sth->execute([$email, $user_id]);
  74                                         }
  75                                 }
  76
  77                                 return $user_id;
  78                         }
  79                 }
  80
  81                 return false;
  82         }
  83
  84         function api_version() {
  85                 return 2;
  86         }
  87
  88 }