/**
* Authenticate request
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @return void
* @throws Exception
*/
private function authenticate($request)
{
switch (strtolower($this->authN_type)) {
case 'cas':
// Use CAS authentication.
$casAuth = new UsfAuthCAS($this->config['cas']);
$casAuth->auth();
//Authorization check
$this->isAuthorized = $casAuth->isAuthorized($this->authZ_roles);
//Add the username and entitlements to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $casAuth->getPrincipal());
$request = $request->withHeader('AUTH_ENTITLEMENTS', $casAuth->getEntitlements());
//Add all Attributes
foreach ($casAuth->getAttributes() as $key => $value) {
$request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
}
break;
case 'token':
// Use the USF Token Auth library.
$tokenAuth = new UsfAuthToken($this->config['token']['app_id'], $this->config['token']['token_url']);
$tokenAuth->setRequestMethod($request->getMethod());
$tokenAuth->setReferrer($request->getHeader('HTTP_REFERER'));
//Validate request token
$tokenAuth->validateRequest($request->getHeader('HTTP_X_AUTH_TOKEN'));
//Authorization check
$this->isAuthorized = $tokenAuth->isAuthorized($this->authZ_roles);
//Add the username and entitlements to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $tokenAuth->getPrincipal());
$request = $request->withHeader('AUTH_ENTITLEMENTS', $tokenAuth->getEntitlements());
//Add all Attributes
foreach ($tokenAuth->getAttributes() as $key => $value) {
$request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
}
break;
case 'hmac':
// HMAC authentication: https://github.com/acquia/http-hmac-spec
$hmacAuth = new UsfAuthHmac($this->config['hmac']['keyRegistry']);
if (!empty($this->config['hmac']['timeout'])) {
$hmacAuth->setTimeout($this->config['hmac']['timeout']);
}
$hmacAuth->setRequestWrapper(new Psr7Request($request));
try {
$hmacAuth->authenticate();
$this->isAuthorized = true;
} catch (\Exception $exception) {
$this->isAuthorized = false;
}
//Add the username to the request
$request = $request->withHeader('AUTH_PRINCIPAL', $hmacAuth->getPrincipal());
break;
case 'permitall':
// No authentication - let everyone in.
$this->isAuthorized = true;
break;
case 'denyall':
// No authentication - keep everyone out.
$this->isAuthorized = false;
break;
default:
throw new \Exception("Unknown Authentication type: " . $this->authN_type, 500);
break;
}
return $request;
}
/**
* Authenticate request
*
* @param Environment $env Slim environment
* @return void
* @throws Exception
*/
private function _authenticate($env)
{
switch (strtolower($this->authN_type)) {
case 'cas':
// Use CAS authentication.
$casAuth = new UsfAuthCAS($env['auth.config.cas']);
$casAuth->auth();
//Add the username and attributes to the Slim environment
$env['principal.name'] = $casAuth->getPrincipal();
$env['principal.attributes'] = $casAuth->getAttributes();
$env['principal.entitlements'] = $casAuth->getEntitlements();
//Authorization check
if (!$casAuth->isAuthorized($this->authZ_roles)) {
$this->_denyAccess();
}
break;
case 'token':
// Use the USF Token Auth library.
$tokenAuth = new UsfAuthToken($env['auth.config.token']['app_id'], $env['auth.config.token']['token_url']);
$tokenAuth->setRequestMethod($env['REQUEST_METHOD']);
$tokenAuth->setReferrer($env['HTTP_REFERER']);
// Setup CORS headers
$cors_config = $this->_corsConfig($env);
$tokenAuth->setCorsConfig($cors_config);
//Validate request token
$tokenAuth->validateRequest($env['HTTP_X_AUTH_TOKEN']);
//Add the username and attributes to the Slim environment
$env['principal.name'] = $tokenAuth->getPrincipal();
$env['principal.attributes'] = $tokenAuth->getAttributes();
$env['principal.entitlements'] = $tokenAuth->getEntitlements();
//Authorization check
if (!$tokenAuth->isAuthorized($this->authZ_roles)) {
$this->_denyAccess();
}
//Add CORS headers
$tokenAuth->addCorsHeaders();
break;
case 'hmac':
// HMAC authentication: https://github.com/acquia/http-hmac-spec
$hmacAuth = new UsfAuthHmac($env['auth.hmac.keyRegistry']);
if (!empty($env['auth.hmac.timeout'])) {
$hmacAuth->setTimeout($env['auth.hmac.timeout']);
}
$hmacAuth->setRequestWrapper(new Slim2Request($this->app->request));
try {
$hmacAuth->authenticate();
} catch (Exception $exception) {
throw new Exception('Resource ' . $this->app->request->getResourceUri() . ' using ' . $this->app->request->getMethod() . ' authentication failed.', 401);
}
//Add the username to the Slim environment
$env['principal.name'] = $hmacAuth->getPrincipal();
break;
case 'permitall':
// No authentication - let everyone in.
break;
case 'denyall':
// No authentication - keep everyone out.
$this->_denyAccess();
break;
default:
throw new Exception("Unknown Authentication type: " . $this->authN_type, 500);
break;
}
}