Skip to content
Snippets Groups Projects
Select Git revision
  • 9b6bd7e747bd5ed44d169a8e1baee0e519d209d6
  • main default protected
  • pdf-annotieren
  • pdf-annotieren-2.0
  • issue-4244
  • issues-4244-b
  • pdf-annotieren-old
  • biest-4274
  • issue-2982
  • issue-660
  • issue-3326
  • issue-3270
  • issue-3616
  • 5.1
  • 5.2
  • 5.3
  • 5.4
  • 5.5
  • issue-4255
  • issue-4261
  • issue-4262
  • v5.4.2
  • v5.3.5
  • v5.2.7
  • v5.1.8
  • v5.4.1
  • v5.3.4
  • v5.2.6
  • v5.1.7
  • v5.0.9
  • v5.4
  • v5.3.3
  • v5.2.5
  • v5.1.6
  • v5.0.8
  • v5.3.2
  • v5.2.4
  • v5.1.5
  • v5.0.7
  • v5.3.1
  • v5.2.3
41 results

Authentication.php

Blame
    • Forked from Stud.IP / Stud.IP
    Source project has a limited visibility.
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    Authentication.php 2.91 KiB 
    <?php

namespace JsonApi\Middlewares;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response;

class Authentication
{
    // der Schlüssel des Request-Attributs, in dem der Stud.IP-Nutzer
    // gefunden werden kann:

    // $user = $request->getAttribute(Authentication::USER_KEY);
    const USER_KEY = 'studip-user';

    // a callable accepting two arguments username and password and
    // returning either null or a Stud.IP user object
    /** @var callable */
    private $authenticator;

    /**
     * Der Konstruktor.
     *
     * @param callable $authenticator ein Callable, das den Nutzernamen und
     *                                das Passwort als Argumente erhält und
     *                                damit entweder einen Stud.IP-User-Objekt
     *                                oder null zurückgibt
     */
    public function __construct($authenticator)
    {
        $this->authenticator = $authenticator;
    }

    /**
     * Hier muss die Autorisierung implementiert werden.
     *
     * @param Request        $request das Request-Objekt
     * @param RequestHandler $handler der PSR-15 Request Handler
     *
     * @return ResponseInterface das neue Response-Objekt
     *
     * @SuppressWarnings(PHPMD.Superglobals)
     */
    public function __invoke(Request $request, RequestHandler $handler)
    {
        $guards = [
            new Auth\SessionStrategy(),
            new Auth\HttpBasicAuthStrategy($request, $this->authenticator),
            new Auth\OAuth1Strategy($request, $this->authenticator),
        ];

        foreach ($guards as $guard) {
            if ($guard->check()) {
                $request = $this->provideUser($request, $guard->user());

                return $handler->handle($request);
            }
        }

        return $this->generateChallenges($guards);
    }

    // according to RFC 2616
    private function generateChallenges(array $guards): Response
    {
        $response = new Response(401);

        foreach ($guards as $guard) {
                $response = $guard->addChallenge($response);
        }

        return $response;
    }

    /**
     * @SuppressWarnings(PHPMD.Superglobals)
     */
    private function provideUser(Request $request, \User $user): Request
    {
        if ('nobody' === $GLOBALS['user']->id) {
            $GLOBALS['user'] = new \Seminar_User($user);
            $GLOBALS['auth'] = new \Seminar_Auth();
            $GLOBALS['auth']->auth = [
                'uid' => $user->id,
                'uname' => $user->username,
                'perm' => $user->perms,
            ];
            $GLOBALS['perm'] = new \Seminar_Perm();
            $GLOBALS['MAIL_VALIDATE_BOX'] = false;
            $GLOBALS['sess']->delete();
            setTempLanguage($user->id);
        }

        return $request->withAttribute(self::USER_KEY, $user);
    }
}