Any code needed to authenticate to backend as the actual user.
public authenticate ( string $username, string $password, string $domain = null ) : mixed | ||
$username | string | The username to authenticate as |
$password | string | The password |
$domain | string | The user domain (unused in this driver). |
return | mixed | Boolean true on success, boolean false on credential failure or Horde_ActiveSync::AUTH_REASON_* constant on policy failure. |
/** * Authenticate to Horde * * @param string $username The username to authenticate as (as passed by * the device). * @param string $password The password * @param string $domain The user domain (unused in this driver). * * @return mixed Boolean true on success, boolean false on credential * failure or Horde_ActiveSync::AUTH_REASON_* * constant on policy failure. */ public function authenticate($username, $password, $domain = null) { global $injector, $conf; $this->_logger->info(sprintf('[%s] Horde_Core_ActiveSync_Driver::authenticate() attempt for %s', $this->_pid, $username)); // First try transparent/X509. Happens for authtype == 'cert' || 'basic_cert' if ($conf['activesync']['auth']['type'] != 'basic') { if (!$this->_auth->transparent()) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed ActiveSync client certificate for user %s.', $username)); return false; } if ($username != $GLOBALS['registry']->getAuth()) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Access granted based on transparent authentication of user %s, but ActiveSync client is requesting access for %s.', $GLOBALS['registry']->getAuth(), $username)); $GLOBALS['registry']->clearAuth(); return false; } $this->_logger->info(sprintf('Access granted based on transparent authentication for %s. Client certificate name: %s', $GLOBALS['registry']->getAuth(), $username)); } // Now check Basic. Happens for authtype == 'basic' || 'basic_cert' if ($conf['activesync']['auth']['type'] != 'cert' && !$this->_auth->authenticate($username, array('password' => $password))) { $injector->getInstance('Horde_Log_Logger')->notice(sprintf('Login failed from ActiveSync client for user %s.', $username)); return false; } // Get the username from the registry so we capture it after any // hooks were run on it. $username = $GLOBALS['registry']->getAuth(); $perms = $injector->getInstance('Horde_Perms'); if ($perms->exists('horde:activesync')) { // Check permissions to ActiveSync if (!$this->_getPolicyValue('activesync', $perms->getPermissions('horde:activesync', $username))) { $this->_logger->info(sprintf("Access denied for user %s per policy settings.", $username)); return Horde_ActiveSync::AUTH_REASON_USER_DENIED; } } return parent::authenticate($username, $password, $domain); }