Esempio n. 1
0
 /**
  * Authenticate request
  *
  * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
  * @return void
  * @throws Exception
  */
 private function authenticate($request)
 {
     switch (strtolower($this->authN_type)) {
         case 'cas':
             // Use CAS authentication.
             $casAuth = new UsfAuthCAS($this->config['cas']);
             $casAuth->auth();
             //Authorization check
             $this->isAuthorized = $casAuth->isAuthorized($this->authZ_roles);
             //Add the username and entitlements to the request
             $request = $request->withHeader('AUTH_PRINCIPAL', $casAuth->getPrincipal());
             $request = $request->withHeader('AUTH_ENTITLEMENTS', $casAuth->getEntitlements());
             //Add all Attributes
             foreach ($casAuth->getAttributes() as $key => $value) {
                 $request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
             }
             break;
         case 'token':
             // Use the USF Token Auth library.
             $tokenAuth = new UsfAuthToken($this->config['token']['app_id'], $this->config['token']['token_url']);
             $tokenAuth->setRequestMethod($request->getMethod());
             $tokenAuth->setReferrer($request->getHeader('HTTP_REFERER'));
             //Validate request token
             $tokenAuth->validateRequest($request->getHeader('HTTP_X_AUTH_TOKEN'));
             //Authorization check
             $this->isAuthorized = $tokenAuth->isAuthorized($this->authZ_roles);
             //Add the username and entitlements to the request
             $request = $request->withHeader('AUTH_PRINCIPAL', $tokenAuth->getPrincipal());
             $request = $request->withHeader('AUTH_ENTITLEMENTS', $tokenAuth->getEntitlements());
             //Add all Attributes
             foreach ($tokenAuth->getAttributes() as $key => $value) {
                 $request = $request->withHeader('AUTH_ATTR_' . strtoupper($key), $value);
             }
             break;
         case 'hmac':
             // HMAC authentication: https://github.com/acquia/http-hmac-spec
             $hmacAuth = new UsfAuthHmac($this->config['hmac']['keyRegistry']);
             if (!empty($this->config['hmac']['timeout'])) {
                 $hmacAuth->setTimeout($this->config['hmac']['timeout']);
             }
             $hmacAuth->setRequestWrapper(new Psr7Request($request));
             try {
                 $hmacAuth->authenticate();
                 $this->isAuthorized = true;
             } catch (\Exception $exception) {
                 $this->isAuthorized = false;
             }
             //Add the username to the request
             $request = $request->withHeader('AUTH_PRINCIPAL', $hmacAuth->getPrincipal());
             break;
         case 'permitall':
             // No authentication - let everyone in.
             $this->isAuthorized = true;
             break;
         case 'denyall':
             // No authentication - keep everyone out.
             $this->isAuthorized = false;
             break;
         default:
             throw new \Exception("Unknown Authentication type: " . $this->authN_type, 500);
             break;
     }
     return $request;
 }
Esempio n. 2
0
 /**
  * Authenticate request
  *
  * @param Environment $env Slim environment
  * @return void
  * @throws Exception
  */
 private function _authenticate($env)
 {
     switch (strtolower($this->authN_type)) {
         case 'cas':
             // Use CAS authentication.
             $casAuth = new UsfAuthCAS($env['auth.config.cas']);
             $casAuth->auth();
             //Add the username and attributes to the Slim environment
             $env['principal.name'] = $casAuth->getPrincipal();
             $env['principal.attributes'] = $casAuth->getAttributes();
             $env['principal.entitlements'] = $casAuth->getEntitlements();
             //Authorization check
             if (!$casAuth->isAuthorized($this->authZ_roles)) {
                 $this->_denyAccess();
             }
             break;
         case 'token':
             // Use the USF Token Auth library.
             $tokenAuth = new UsfAuthToken($env['auth.config.token']['app_id'], $env['auth.config.token']['token_url']);
             $tokenAuth->setRequestMethod($env['REQUEST_METHOD']);
             $tokenAuth->setReferrer($env['HTTP_REFERER']);
             // Setup CORS headers
             $cors_config = $this->_corsConfig($env);
             $tokenAuth->setCorsConfig($cors_config);
             //Validate request token
             $tokenAuth->validateRequest($env['HTTP_X_AUTH_TOKEN']);
             //Add the username and attributes to the Slim environment
             $env['principal.name'] = $tokenAuth->getPrincipal();
             $env['principal.attributes'] = $tokenAuth->getAttributes();
             $env['principal.entitlements'] = $tokenAuth->getEntitlements();
             //Authorization check
             if (!$tokenAuth->isAuthorized($this->authZ_roles)) {
                 $this->_denyAccess();
             }
             //Add CORS headers
             $tokenAuth->addCorsHeaders();
             break;
         case 'hmac':
             // HMAC authentication: https://github.com/acquia/http-hmac-spec
             $hmacAuth = new UsfAuthHmac($env['auth.hmac.keyRegistry']);
             if (!empty($env['auth.hmac.timeout'])) {
                 $hmacAuth->setTimeout($env['auth.hmac.timeout']);
             }
             $hmacAuth->setRequestWrapper(new Slim2Request($this->app->request));
             try {
                 $hmacAuth->authenticate();
             } catch (Exception $exception) {
                 throw new Exception('Resource ' . $this->app->request->getResourceUri() . ' using ' . $this->app->request->getMethod() . ' authentication failed.', 401);
             }
             //Add the username to the Slim environment
             $env['principal.name'] = $hmacAuth->getPrincipal();
             break;
         case 'permitall':
             // No authentication - let everyone in.
             break;
         case 'denyall':
             // No authentication - keep everyone out.
             $this->_denyAccess();
             break;
         default:
             throw new Exception("Unknown Authentication type: " . $this->authN_type, 500);
             break;
     }
 }