/**
* Authenticates a user (Check various conditions for the user that might invalidate its
* authentication, e.g., password match, domain, IP, etc.).
*
* @param array $user Data of user.
* @return int|FALSE
*/
public function authUser(array $user)
{
if (!Configuration::isInitialized()) {
// Early return since LDAP is not configured
return static::STATUS_AUTHENTICATION_FAILURE_CONTINUE;
}
if (TYPO3_MODE === 'BE') {
$status = Configuration::getValue('BEfailsafe') ? static::STATUS_AUTHENTICATION_FAILURE_CONTINUE : static::STATUS_AUTHENTICATION_FAILURE_BREAK;
} else {
$status = static::STATUS_AUTHENTICATION_FAILURE_CONTINUE;
}
$enableFrontendSso = TYPO3_MODE === 'FE' && (bool) $this->config['enableFESSO'] && !empty($_SERVER['REMOTE_USER']);
if (($this->login['uident'] && $this->login['uname'] || $enableFrontendSso) && !empty($user['tx_igldapssoauth_dn'])) {
if (isset($user['tx_igldapssoauth_from'])) {
$status = static::STATUS_AUTHENTICATION_SUCCESS_BREAK;
} elseif (TYPO3_MODE === 'BE' && Configuration::getValue('BEfailsafe')) {
return static::STATUS_AUTHENTICATION_FAILURE_CONTINUE;
} else {
// Failed login attempt (wrong password) - write that to the log!
static::getLogger()->warning('Password not accepted: ' . array('username' => $this->login['uname'], 'remote' => sprintf('%s (%s)', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'])));
$status = static::STATUS_AUTHENTICATION_FAILURE_BREAK;
}
// Checking the domain (lockToDomain)
if ($status && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {
// Lock domain didn't match, so error:
static::getLogger()->error(sprintf('Locked domain "%s" did not match "%s"', $user['lockToDomain'], $this->authInfo['HTTP_HOST']), array('username' => $user[$this->db_user['username_column']], 'remote' => sprintf('%s (%s)', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'])));
$status = static::STATUS_AUTHENTICATION_FAILURE_BREAK;
}
}
return $status;
}
