public function authenticate() { $this->auth_domain = gCOSI_AUTH_LDAP_HOST; $this->load->helper('ldap'); $LDAPAttributes = array(); $LDAPMessage = ""; $successful = authenticateWithLDAP($this->params['username'], $this->params['password'], $LDAPAttributes, $LDAPMessage); if ($successful) { $role = $this->cosi_db->get_where('roles', array('role_id' => $this->params['username'], 'authentication_service_id' => gCOSI_AUTH_METHOD_LDAP)); if ($role->num_rows() == 0) { throw new Exception('Role ' . $this->params['username'] . ' not found!'); } $user = $role->row(1); $this->return_roles($user); } else { throw new Exception('Login failed. Bad credentials'); } }
/** * Return an array containing the success/failure of authentication * using the parameters below. If a valid combination is supplied, also * supplied a list of activities, functional and organisational roles * which are associated with that user as well as other details specific to the * authentication method (such as LDAP information, name, token, etc). * * @param $username Username to authenticate * @param $password Plaintext password to use to authenticate * @param $method Authentication method to use (built-in/ldap/shib...etc) */ function authenticate($username, $password, $method = gCOSI_AUTH_METHOD_SHIBBOLETH) { $result = $this->cosi_db->get_where("roles", array("role_id" => $username, "role_type_id" => "ROLE_USER", "enabled" => DB_TRUE)); if ($result->num_rows() > 0) { $method = trim($result->row(1)->authentication_service_id); //update persistent-id if (isset($_SERVER['persistent-id'])) { $this->cosi_db->where('role_id', $username); $this->cosi_db->update('roles', array('persistent_id' => $_SERVER['persistent-id'])); } //update email if (isset($_SERVER['mail'])) { $this->cosi_db->where('role_id', $username)->update('roles', array('email' => $_SERVER['mail'])); } elseif (isset($_SERVER['email'])) { $this->cosi_db->where('role_id', $username)->update('roles', array('email' => $_SERVER['email'])); } } else { if ($method == gCOSI_AUTH_METHOD_SHIBBOLETH) { //if first shib login //check if there's an existing one $name = isset($_SERVER['displayName']) ? $_SERVER['displayName'] : 'No Name Given'; if ($name != 'No Name Given') { $result = $this->cosi_db->get_where('roles', array('name' => $name, 'authentication_service_id' => gCOSI_AUTH_METHOD_SHIBBOLETH)); if ($result->num_rows() > 0) { //there's an existing user, update the edupersontargetID $role_id = trim($result->row(1)->role_id); // log_message('info','role_id is '. $role_id); $username = $role_id; if (isset($_SERVER['persistent-id'])) { $this->cosi_db->where('role_id', $role_id); $this->cosi_db->update('roles', array('persistent_id' => $_SERVER['persistent-id'])); } if (isset($_SERVER['mail'])) { $this->cosi_db->where('role_id', $username)->update('roles', array('email' => $_SERVER['mail'])); } elseif (isset($_SERVER['email'])) { $this->cosi_db->where('role_id', $username)->update('roles', array('email' => $_SERVER['email'])); } } else { //there's no user has the same name, create the user if (isset($_SERVER['mail'])) { $email = $_SERVER['mail']; } elseif (isset($_SERVER['email'])) { $email = $_SERVER['email']; } else { $email = ''; } $data = array('role_id' => $username, 'role_type_id' => 'ROLE_USER', 'authentication_service_id' => $method, 'enabled' => DB_TRUE, 'name' => $name, 'shared_token' => isset($_SERVER['shib-shared-token']) ? $_SERVER['shib-shared-token'] : '', 'persistent_id' => isset($_SERVER['persistent-id']) ? $_SERVER['persistent-id'] : '', 'email' => $email); //send alert email to admin $subject = 'A new shibboleth user has been automatically registered'; $message = 'A new shibboleth user with the name of ' . $name . ' has been automatically registered.'; if (isset($_SERVER['persistent-id'])) { $message .= 'With the persistent ID of: ' . $_SERVER['persistent-id'] . '.'; } if (isset($_SERVER['shib-shared-token'])) { $message .= 'With the shared token of: ' . $_SERVER['shib-shared-token'] . '.'; } if (isset($_SERVER['mail'])) { $message .= 'With the email of: ' . $email . '.'; } $to = get_config_item('site_admin_email'); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to, $subject, $message, $headers); $this->cosi_db->insert('roles', $data); $this->registerAffiliation($username, 'SHIB_AUTHENTICATED', 'SYSTEM'); $result = $this->cosi_db->get_where("roles", array("role_id" => $username, "role_type_id" => "ROLE_USER", "enabled" => DB_TRUE)); } } else { //no name given throw new Exception('Bad Credentials. No name given'); } } } //return array('result'=>0,'message'=>json_encode($result)); if ($method === gCOSI_AUTH_METHOD_BUILT_IN) { if ($username == '') { throw new Exception('Authentication Failed (0)'); } if ($password == '') { throw new Exception('Authentication Failed (1)'); } $result = $this->cosi_db->get_where("roles", array("role_id" => $username, "role_type_id" => "ROLE_USER", "authentication_service_id" => gCOSI_AUTH_METHOD_BUILT_IN, "enabled" => DB_TRUE)); if ($result->num_rows() > 0) { $valid_users = $this->cosi_db->get_where("authentication_built_in", array("role_id" => $username, "passphrase_sha1" => sha1($password))); if ($valid_users->num_rows() > 0) { $user_results = $this->getRolesAndActivitiesByRoleID($valid_users->row(1)->role_id); return array('result' => 1, 'authentication_service_id' => $method, 'message' => 'Success', 'user_identifier' => $result->row(1)->role_id, 'name' => $result->row(1)->name, 'auth_domain' => gPIDS_IDENTIFIER_SUFFIX, 'last_login' => $result->row(1)->last_login, 'activities' => $user_results['activities'], 'organisational_roles' => $user_results['organisational_roles'], 'functional_roles' => $user_results['functional_roles']); } else { // Invalid password throw new Exception('Authentication Failed (2)'); } } } else { if ($method === gCOSI_AUTH_METHOD_SHIBBOLETH) { if ($username == '') { throw new Exception('Authentication Failed (0)'); } $user_results = $this->getRolesAndActivitiesByRoleID($username); return array('result' => 1, 'authentication_service_id' => $method, 'message' => 'Success', 'auth_method' => $method, 'user_identifier' => $username, 'name' => $result->row(1)->name, 'auth_domain' => 'aaf.edu.au', 'last_login' => $result->row(1)->last_login, 'activities' => $user_results['activities'], 'organisational_roles' => $user_results['organisational_roles'], 'functional_roles' => $user_results['functional_roles']); } else { if ($method === gCOSI_AUTH_METHOD_LDAP) { /* * Try using the LDAP Authentication Methods */ $this->load->helper('ldap'); if ($username == '') { throw new Exception('Authentication Failed (00)'); } if ($password == '') { throw new Exception('Authentication Failed (01)'); } $result = $this->cosi_db->get_where("roles", array("role_id" => $username, "role_type_id" => "ROLE_USER", "authentication_service_id" => gCOSI_AUTH_METHOD_LDAP, "enabled" => DB_TRUE)); if ($result->num_rows() > 0) { $LDAPAttributes = array(); $LDAPMessage = ""; $successful = authenticateWithLDAP($username, $password, $LDAPAttributes, $LDAPMessage); // if (count($LDAPAttributes) > 0) if ($successful) { $user_results = $this->getRolesAndActivitiesByRoleID($username); return array('result' => 1, 'authentication_service_id' => $method, 'message' => 'Success', 'user_identifier' => $username, 'name' => isset($LDAPAttributes['cn'][0]) ? $LDAPAttributes['cn'][0] : $result->row(1)->name, 'auth_domain' => gCOSI_AUTH_LDAP_HOST, 'last_login' => $result->row(1)->last_login, 'activities' => $user_results['activities'], 'organisational_roles' => $user_results['organisational_roles'], 'functional_roles' => $user_results['functional_roles']); } else { // LDAP ERROR (Could not bind) // You may wish to debug by appending $LDAPMessage to this response throw new Exception('Authentication Failed (02)'); } } else { // No such user/disabled throw new Exception('Authentication Failed (03)'); } } else { return array('result' => 0, 'message' => json_encode($result)); } } } }