diff --git a/data/config.default.php b/data/config.default.php index 9febb79..a6b0e68 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -661,4 +661,48 @@ $avahiServiceFilePrefix = 'semanticscuttle-'; */ $avahiTagName = 'zeroconf'; + + +/** + * Array of key value pairs to override service class names. + * Key is the old service name ("User"), value the new class + * name. + * + * @var array + */ +$serviceoverrides = array(); + + + + +/**************************** + * External user authentication + */ + +/** + * Type of external authentication via PEAR Auth + * To use this, you also need to set + * $serviceoverrides['User'] = 'SemanticScuttle_Service_AuthUser'; + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php + * + * @var string + */ +$authType = null; + +/** + * Options for external authentication via PEAR Auth + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php + * + * @var array + */ +$authOptions = null; + +/** + * Enable debugging for PEAR Authentication + * + * @var boolean + */ +$authDebug = false; ?> diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php new file mode 100644 index 0000000..79cac9c --- /dev/null +++ b/src/SemanticScuttle/Service/AuthUser.php @@ -0,0 +1,218 @@ + + * @author Christian Weiske + * @author Eric Dane + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +require_once 'Auth.php'; +require_once 'SemanticScuttle/Service/User.php'; + +/** + * SemanticScuttle extendet user management service utilizing + * the PEAR Auth package to enable authentication against + * different services, i.e. LDAP or other databases. + * + * Requires the Log packages for debugging purposes. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User +{ + /** + * PEAR Auth instance + * + * @var Auth + */ + protected $auth = null; + + /** + * If we want to debug authentication process + * + * @var boolean + */ + protected $authdebug = false; + + /** + * Authentication type (i.e. LDAP) + * + * @var string + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php + */ + var $authtype = null; + + /** + * Authentication options + * + * @var array + * + * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php + */ + var $authoptions = null; + + + + /** + * Returns the single service instance + * + * @param sql_db $db Database object + * + * @return SemanticScuttle_Service_AuthUser + */ + public static function getInstance($db) + { + static $instance; + if (!isset($instance)) { + $instance = new self($db); + } + return $instance; + } + + + + /** + * Create new instance + * + * @var sql_db $db Database object + */ + protected function __construct($db) + { + parent::__construct($db); + + $this->authtype = $GLOBALS['authType']; + $this->authoptions = $GLOBALS['authOptions']; + $this->authdebug = $GLOBALS['authDebug']; + + //FIXME: throw error when no authtype set? + if (!$this->authtype) { + return; + } + require_once 'Auth.php'; + $this->auth = new Auth($this->authtype, $this->authoptions); + //FIXME: check if it worked (i.e. db connection) + if ($this->authdebug) { + require_once 'Log.php'; + $this->auth->logger = Log::singleton( + 'display', '', '', array(), PEAR_LOG_DEBUG + ); + $this->auth->enableLogging = true; + } + $this->auth->setShowLogin(false); + } + + + + /** + * Return current user id based on session or cookie + * + * @return mixed Integer user id or boolean false when user + * could not be found or is not logged on. + */ + public function getCurrentUserId() + { + if (!$this->auth) { + return parent::getCurrentUserId(); + } + + //FIXME: caching? + $name = $this->auth->getUsername(); + if (!$name) { + return false; + } + return $this->getIdFromUser($name); + } + + + + /** + * Try to authenticate and login a user with + * username and password. + * + * @param string $username Name of user + * @param string $password Password + * @param boolean $remember If a long-time cookie shall be set + * + * @return boolean True if the user could be authenticated, + * false if not. + */ + public function login($username, $password, $remember = false) + { + if (!$this->auth) { + return parent::login($username, $password, $remember); + } + + $ok = $this->loginAuth($username, $password); + $password = $this->sanitisePassword($password); + $id = $this->getIdFromUser($username); + //FIXME: check against auth + } + + + /** + * Uses PEAR's Auth class to authenticate the user against a container. + * This allows us to use LDAP, a different database or some other + * external system. + * + * @param string $username Username to check + * @param string $password Password to check + * + * @return boolean If the user has been authenticated or not + */ + public function loginAuth($username, $password) + { + $this->auth->post = array( + 'username' => $username, + 'password' => $password, + ); + $this->auth->start(); + + if (!$this->auth->checkAuth()) { + return false; + } + + //put user in database + if (!$this->getUserByUsername($username)) { + $this->addUser( + $username, $password, + $username . '@' . $GLOBALS['authemaildomain'] + ); + } + //FIXME: what if the user changed his password? + //FIXME: what if the user does not need an email domain? + + return true; + } + + + + + /** + * Logs the current user out of the system. + * + * @return void + */ + public function logout() + { + parent::logout(); + + if ($this->auth) { + $this->auth->logout(); + $this->auth = null; + } + } + +} +?> \ No newline at end of file