/**
  * Authenticates the remote user
  * The sent HTTP authentication information is used to on Backend->Logon().
  * As second step the GET-User verified by Backend->Setup() for permission check
  * Request::GetGETUser() is usually the same as the Request::GetAuthUser().
  * If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin
  * permissions on GETUsers data store. Only then the Setup() will be sucessfull.
  * This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges.
  *
  * @access public
  * @return
  * @throws AuthenticationRequiredException
  */
 public static function Authenticate()
 {
     self::$userIsAuthenticated = false;
     $backend = ZPush::GetBackend();
     if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) {
         throw new AuthenticationRequiredException("Access denied. Username or password incorrect");
     }
     // mark this request as "authenticated"
     self::$userIsAuthenticated = true;
     // check Auth-User's permissions on GETUser's store
     if ($backend->Setup(Request::GetGETUser(), true) == false) {
         throw new AuthenticationRequiredException(sprintf("Not enough privileges of '%s' to setup for user '%s': Permission denied", Request::GetAuthUser(), Request::GetGETUser()));
     }
 }
Beispiel #2
0
 /**
  * Authenticates the remote user
  * The sent HTTP authentication information is used to on Backend->Logon().
  * As second step the GET-User verified by Backend->Setup() for permission check
  * Request::GetGETUser() is usually the same as the Request::GetAuthUser().
  * If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin
  * permissions on GETUsers data store. Only then the Setup() will be sucessfull.
  * This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges.
  *
  * @access public
  * @return
  * @throws AuthenticationRequiredException
  */
 public static function Authenticate()
 {
     self::$userIsAuthenticated = false;
     // when a certificate is sent, allow authentication only as the certificate owner
     if (defined("CERTIFICATE_OWNER_PARAMETER") && isset($_SERVER[CERTIFICATE_OWNER_PARAMETER]) && strtolower($_SERVER[CERTIFICATE_OWNER_PARAMETER]) != strtolower(Request::GetAuthUser())) {
         throw new AuthenticationRequiredException(sprintf("Access denied. Access is allowed only for the certificate owner '%s'", $_SERVER[CERTIFICATE_OWNER_PARAMETER]));
     }
     $backend = ZPush::GetBackend();
     if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) {
         throw new AuthenticationRequiredException("Access denied. Username or password incorrect");
     }
     // mark this request as "authenticated"
     self::$userIsAuthenticated = true;
 }