[tt-rss.git] / plugins / auth_remote / init.php

<?php
class Auth_Remote extends Plugin implements IAuthModule {

	private $host;
	/* @var Auth_Base $base */
	private $base;

	function about() {
		return array(1.0,
			"Authenticates against remote password (e.g. supplied by Apache)",
			"fox",
			true);
	}

	/* @var PluginHost $host */
	function init($host ) {
		$this->host = $host;
		$this->base = new Auth_Base();

		$host->add_hook($host::HOOK_AUTH_USER, $this);
	}

	function get_login_by_ssl_certificate() {
		$cert_serial = get_ssl_certificate_id();

		if ($cert_serial) {
			$sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs, ttrss_users
				WHERE pref_name = 'SSL_CERT_SERIAL' AND value = ? AND
				owner_uid = ttrss_users.id");
			$sth->execute([$cert_serial]);

			if ($row = $sth->fetch()) {
				return $row['login'];
			}
		}

		return "";
	}

	/**
	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
	 */
	function authenticate($login, $password) {
		$try_login = $_SERVER["REMOTE_USER"];

		// php-cgi
		if (!$try_login) $try_login = $_SERVER["REDIRECT_REMOTE_USER"];
		if (!$try_login) $try_login = $_SERVER["PHP_AUTH_USER"];

		if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();

		if ($try_login) {
			$user_id = $this->base->auto_create_user($try_login, $password);

			if ($user_id) {
				$_SESSION["fake_login"] = $try_login;
				$_SESSION["fake_password"] = "******";
				$_SESSION["hide_hello"] = true;
				$_SESSION["hide_logout"] = true;

				// LemonLDAP can send user informations via HTTP HEADER
				if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
					// update user name
					$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
					if ($fullname){
						$sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
						$sth->execute([$fullname, $user_id]);
					}
					// update user mail
					$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
					if ($email){
						$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
						$sth->execute([$email, $user_id]);
					}
				}

				return $user_id;
			}
		}

		return false;
	}

	function api_version() {
		return 2;
	}

}
Commit	Line	Data
0d421af8	1	<?php
0f28f81f AD	2	class Auth_Remote extends Plugin implements IAuthModule {
0f28f81f AD	3
0f28f81f	4	private $host;
b431d525	5	/* @var Auth_Base $base */
0f28f81f AD	6	private $base;
	7
	8	function about() {
	9	return array(1.0,
	10	"Authenticates against remote password (e.g. supplied by Apache)",
	11	"fox",
	12	true);
	13	}
	14
b431d525 AD	15	/* @var PluginHost $host */
b431d525 AD	16	function init($host ) {
0f28f81f	17	$this->host = $host;
a0ed0d38	18	$this->base = new Auth_Base();
0f28f81f AD	19
	20	$host->add_hook($host::HOOK_AUTH_USER, $this);
	21	}
	22
0d421af8	23	function get_login_by_ssl_certificate() {
b431d525	24	$cert_serial = get_ssl_certificate_id();
0d421af8 AD	25
0d421af8 AD	26	if ($cert_serial) {
b431d525 AD	27	$sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs, ttrss_users
b431d525 AD	28	WHERE pref_name = 'SSL_CERT_SERIAL' AND value = ? AND
0d421af8	29	owner_uid = ttrss_users.id");
b431d525	30	$sth->execute([$cert_serial]);
0d421af8	31
b431d525 AD	32	if ($row = $sth->fetch()) {
b431d525 AD	33	return $row['login'];
0d421af8 AD	34	}
	35	}
	36
	37	return "";
	38	}
	39
21ce7d9e AD	40	/**
	41	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
	42	*/
0d421af8	43	function authenticate($login, $password) {
b431d525	44	$try_login = $_SERVER["REMOTE_USER"];
0d421af8	45
23923ca7	46	// php-cgi
b431d525 AD	47	if (!$try_login) $try_login = $_SERVER["REDIRECT_REMOTE_USER"];
b431d525 AD	48	if (!$try_login) $try_login = $_SERVER["PHP_AUTH_USER"];
23923ca7	49
0d421af8	50	if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
0d421af8 AD	51
0d421af8 AD	52	if ($try_login) {
6f7798b6	53	$user_id = $this->base->auto_create_user($try_login, $password);
0d421af8 AD	54
	55	if ($user_id) {
	56	$_SESSION["fake_login"] = $try_login;
	57	$_SESSION["fake_password"] = "******";
	58	$_SESSION["hide_hello"] = true;
	59	$_SESSION["hide_logout"] = true;
	60
	61	// LemonLDAP can send user informations via HTTP HEADER
	62	if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
	63	// update user name
	64	$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
	65	if ($fullname){
b431d525 AD	66	$sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
b431d525 AD	67	$sth->execute([$fullname, $user_id]);
0d421af8 AD	68	}
	69	// update user mail
	70	$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
	71	if ($email){
b431d525 AD	72	$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
b431d525 AD	73	$sth->execute([$email, $user_id]);
0d421af8 AD	74	}
	75	}
	76
	77	return $user_id;
	78	}
	79	}
	80
	81	return false;
	82	}
106a3de9 AD	83
	84	function api_version() {
	85	return 2;
	86	}
	87
0d421af8	88	}