LibreNMS/Authentication/HttpAuthAuthorizer.php

<?php

namespace LibreNMS\Authentication;

use LibreNMS\Config;
use LibreNMS\Exceptions\AuthenticationException;

class HttpAuthAuthorizer extends MysqlAuthorizer
{
    protected static $HAS_AUTH_USERMANAGEMENT = 1;
    protected static $CAN_UPDATE_USER = 1;
    protected static $CAN_UPDATE_PASSWORDS = 0;
    protected static $AUTH_IS_EXTERNAL = 1;

    public function authenticate($username, $password)
    {
        if ($this->userExists($username)) {
            return true;
        }

        throw new AuthenticationException('No matching user found and http_auth_guest is not set');
    }

    public function userExists($username, $throw_exception = false)
    {
        if (parent::userExists($username)) {
            return true;
        }

        if (Config::has('http_auth_guest') && parent::userExists(Config::get('http_auth_guest'))) {
            return true;
        }

        return false;
    }


    public function getUserlevel($username)
    {
        $user_level = parent::getUserlevel($username);

        if ($user_level) {
            return $user_level;
        }

        if (Config::has('http_auth_guest')) {
            return parent::getUserlevel(Config::get('http_auth_guest'));
        }

        return 0;
    }


    public function getUserid($username)
    {
        $user_id = parent::getUserid($username);

        if ($user_id) {
            return $user_id;
        }

        if (Config::has('http_auth_guest')) {
            return parent::getUserid(Config::get('http_auth_guest'));
        }

        return -1;
    }
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`<?php`

			`namespace LibreNMS\Authentication;`

			`use LibreNMS\Config;`
			`use LibreNMS\Exceptions\AuthenticationException;`

refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`class HttpAuthAuthorizer extends MysqlAuthorizer`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`{`
			`protected static $HAS_AUTH_USERMANAGEMENT = 1;`
			`protected static $CAN_UPDATE_USER = 1;`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`protected static $CAN_UPDATE_PASSWORDS = 0;`
Single Sign-On Authentication Mechanism (#7601) * Allow the URL a user is sent to after logging out to be customised This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout). * Allow auth plugins to return a username This is a bit cleaner than the current auth flow, which special cases e.g. http authentication * Add some tests, defaults and documentation * Add single sign-on authentication mechanism * Make HTTPAuth use the authExternal/getExternalUsername methods * Add to acknowledgements * Add reset method to Auth 2017-11-29 02:40:17 +00:00			`protected static $AUTH_IS_EXTERNAL = 1;`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
			`public function authenticate($username, $password)`
			`{`
			`if ($this->userExists($username)) {`
			`return true;`
			`}`

			`throw new AuthenticationException('No matching user found and http_auth_guest is not set');`
			`}`

			`public function userExists($username, $throw_exception = false)`
			`{`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`if (parent::userExists($username)) {`
			`return true;`
			`}`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`if (Config::has('http_auth_guest') && parent::userExists(Config::get('http_auth_guest'))) {`
			`return true;`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`}`

refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`return false;`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`}`


			`public function getUserlevel($username)`
			`{`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`$user_level = parent::getUserlevel($username);`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
			`if ($user_level) {`
			`return $user_level;`
			`}`

			`if (Config::has('http_auth_guest')) {`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`return parent::getUserlevel(Config::get('http_auth_guest'));`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`}`

			`return 0;`
			`}`


			`public function getUserid($username)`
			`{`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`$user_id = parent::getUserid($username);`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
			`if ($user_id) {`
			`return $user_id;`
			`}`

			`if (Config::has('http_auth_guest')) {`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`return parent::getUserid(Config::get('http_auth_guest'));`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`}`

			`return -1;`
			`}`
			`}`