Example #1
0
 /**
  * Identify
  *
  * We are authoritative and so we stop event propagation as we have fully identified the user
  *
  * @param Event $event
  * @return int
  */
 public function discern(Event $event)
 {
     if (session_status() === PHP_SESSION_ACTIVE && $event instanceof Identify && isset($_SESSION[$this->namespace]['identity'])) {
         $event->identity()->setIdentified($_SESSION[$this->namespace]['identity']);
         $event->stopPropagation();
     }
 }
Example #2
0
 /**
  * Attempts to identify the user based on the passed in credentials
  *
  * @param Event $event
  * @return bool
  */
 public function discern(Event $event)
 {
     if ($event instanceof Identify) {
         $identity = $event->identity();
         if (isset($this->data[$identity->identity()])) {
             $identity->setIdentified($this->data[$identity->identity()]);
         } else {
             $this->setErrorOnEvent($event, Sentry::NOT_FOUND, "Identity Not Found");
         }
     }
 }
Example #3
0
 /**
  * Authenticates the credentials
  *
  * The ip must be set in order for this to bother test
  *
  * @param Event $event
  * @return int
  */
 public function discern(Event $event)
 {
     if ($event instanceof Identify && isset($this->ip)) {
         $ip = ip2long($this->ip);
         $identity = $event->identity();
         foreach ($this->allowedCidrBlocks as $cidr) {
             list($quad, $bits) = explode('/', $cidr);
             $bits = 32 - intval($bits);
             if ($ip >> $bits == ip2long($quad) >> $bits) {
                 $obj = new \stdClass();
                 $obj->ip = $ip;
                 $identity->setIdentified($obj);
             }
         }
     }
 }
Example #4
0
 /**
  * Returns whether or not the given identity/credential are valid
  *
  * @param Event $event
  * @return mixed|void
  */
 public function discern(Event $event)
 {
     if (!$event instanceof Authenticate) {
         return;
     }
     $identity = $event->identity();
     $imap = imap_open($this->server, $identity->identity() . $this->appendToUsername, $identity->credential());
     if ($imap === false) {
         if (strpos(imap_last_error(), 'Connection timed out') !== false) {
             $this->setErrorOnEvent($event, Sentry::INTERNAL, "Connection timed out");
         } else {
             $this->setErrorOnEvent($event, Sentry::INVALID, "Invalid Credentials");
         }
     }
     imap_close($imap);
 }
Example #5
0
 /**
  * Returns whether or not the given identity/credential are valid
  *
  * @param Event $event
  * @return boolean
  */
 public function discern(Event $event)
 {
     if (!$event instanceof Authenticate) {
         return;
     }
     $identity = $event->identity();
     $search = ['{{username}}', '{{password}}'];
     $replace = [urlencode($identity->identity()), urlencode($identity->credential())];
     $url = str_replace($search, $replace, $this->url);
     // I do not like the use @ but this the only way to suppress the warning
     $response = @file_get_contents($url);
     if ($response === false) {
         $this->setErrorOnEvent($event, Sentry::INTERNAL, "Unable to contact the url: {$this->url}");
         return;
     }
     if (strpos($response, $this->matchStringInResponse) === false) {
         $this->setErrorOnEvent($event, Sentry::INVALID, "Invalid credentials");
     }
 }
Example #6
0
 /**
  * Checks that the LDAP entry has one of the listed groups
  *
  * @param       $ldap
  * @param Event $event
  * @return mixed
  */
 private function checkGroups($ldap, Event $event)
 {
     $searchResult = ldap_search($ldap, $this->baseDn, sprintf("%s=%s", $this->identityField, $event->identity()->identity()), ['memberOf']);
     if ($searchResult === false) {
         // failed to search (unknown reason)
         $code = Sentry::INTERNAL;
         $reason = "Unable to search for groups on {$this->server}";
     } else {
         $code = Sentry::INVALID;
         $reason = "Identity has no groups assigned";
         $attrs = ldap_get_attributes($ldap, ldap_first_entry($ldap, $searchResult));
         ldap_free_result($searchResult);
         if (isset($attrs['memberOf']['count']) && $attrs['memberOf']['count'] > 0) {
             foreach ($this->groups as $group) {
                 if (in_array($group, $attrs['memberOf'])) {
                     // return early if a member of any group
                     return true;
                 }
             }
             // if we haven't returned by now there is a problem
             $reason = "Not in allowed groups";
         }
     }
     $this->setErrorOnEvent($ldap, $event, $code, $reason);
 }