1<?php 2 3/** 4 * Manages user authentication with Apache's SSO authentication, e.g. mod_sspi 5 * or mod_auth_kerb. 6 * 7 * This Source Code Form is subject to the terms of the Mozilla Public License, 8 * v. 2.0. If a copy of the MPL was not distributed with this file, You can 9 * obtain one at http://mozilla.org/MPL/2.0/. 10 * 11 * @package phpMyFAQ 12 * @author Thorsten Rinne <thorsten@phpmyfaq.de> 13 * @copyright 2011-2020 phpMyFAQ Team 14 * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 15 * @link https://www.phpmyfaq.de 16 * @since 2011-06-22 17 */ 18 19namespace phpMyFAQ\Auth; 20 21use phpMyFAQ\Auth; 22use phpMyFAQ\User; 23 24/** 25 * Class Sso 26 * 27 * @package phpMyFAQ\Auth 28 */ 29class AuthSso extends Auth implements AuthDriverInterface 30{ 31 /** 32 * Always returns true because of SSO. 33 * 34 * @param string $login Loginname 35 * @param string $pass Password 36 * 37 * @return bool 38 */ 39 public function changePassword($login, $pass): bool 40 { 41 return true; 42 } 43 44 /** 45 * Always returns true because of SSO. 46 * 47 * @param string $login Loginname 48 * 49 * @return bool 50 */ 51 public function delete($login): bool 52 { 53 return true; 54 } 55 56 /** 57 * Checks if the username of the remote user is equal to the login name. 58 * 59 * @param string $login Loginname 60 * @param string $pass Password 61 * @param array $optionalData Optional data 62 * 63 * @return bool 64 */ 65 public function checkPassword($login, $pass, array $optionalData = null): bool 66 { 67 if (!isset($_SERVER['REMOTE_USER'])) { 68 return false; 69 } else { 70 // Check if "DOMAIN\user", "user@DOMAIN" or only "user" 71 $remoteUser = explode('\\', $_SERVER['REMOTE_USER']); 72 if (is_array($remoteUser) && count($remoteUser) > 1) { 73 $user = $remoteUser[1]; 74 } else { 75 $remoteUser = explode('@', $_SERVER['REMOTE_USER']); 76 if (is_array($remoteUser) && count($remoteUser) > 1) { 77 $user = $remoteUser[0]; 78 } else { 79 $user = $_SERVER['REMOTE_USER']; 80 } 81 } 82 if ($user === $login) { 83 $this->add($login, $pass); 84 85 return true; 86 } else { 87 return false; 88 } 89 } 90 } 91 92 /** 93 * Always returns true because of SSO. 94 * 95 * @param string $login 96 * @param string $pass 97 * @param string $domain 98 * @return bool 99 * @throws 100 */ 101 public function add($login, $pass, $domain = ''): bool 102 { 103 if ($this->config->get('ldap.ldapSupport')) { 104 // LDAP/AD + SSO 105 $authLdap = new AuthLdap($this->config); 106 $result = $authLdap->add($login, null, $domain); 107 108 return $result; 109 } else { 110 // SSO without LDAP/AD 111 $user = new User($this->config); 112 $result = $user->createUser($login, null, $domain); 113 114 if ($result) { 115 $user->setStatus('active'); 116 } 117 118 // Set user information 119 $user->setUserData( 120 array( 121 'display_name' => $login, 122 ) 123 ); 124 125 return $result; 126 } 127 } 128 129 /** 130 * Returns 1, if $_SERVER['REMOTE_USER'] is set. 131 * 132 * @param string $login Loginname 133 * @param array $optionalData Optional data 134 * 135 * @return int 136 */ 137 public function checkLogin($login, array $optionalData = null): int 138 { 139 return isset($_SERVER['REMOTE_USER']) ? 1 : 0; 140 } 141} 142