forked from matomo-org/plugin-LoginHttpAuth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Auth.php
85 lines (74 loc) · 1.98 KB
/
Auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Plugins\LoginHttpAuth;
use Piwik\AuthResult;
use Piwik\DB;
use Piwik\Plugins\Login;
use Piwik\Plugins\UsersManager\Model;
class Auth extends \Piwik\Plugins\Login\Auth
{
/**
* @var Model
*/
private $userModel;
/**
* Constructor.
*
* @param Model|null $userModel
*/
public function __construct(Model $userModel = null)
{
parent::__construct();
if ($userModel === null) {
$userModel = new Model();
}
$this->userModel = $userModel;
}
/**
* Authentication module's name
*
* @return string
*/
public function getName()
{
return 'LoginHttpAuth';
}
/**
* Authenticates user
*
* @return \Piwik\AuthResult
*/
public function authenticate()
{
$httpLogin = $this->getHttpAuthLogin();
if (!empty($httpLogin)) {
$user = $this->userModel->getUser($httpLogin);
if(empty($user)) {
return new AuthResult(AuthResult::FAILURE, $httpLogin, null);
}
$code = !empty($user['superuser_access']) ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
return new AuthResult($code, $httpLogin, $user['token_auth']);
}
return parent::authenticate();
}
protected function getHttpAuthLogin()
{
$httpLogin = false;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$httpLogin = $_SERVER['PHP_AUTH_USER'];
} elseif (isset($_ENV['AUTH_USER'])) {
$httpLogin = $_ENV['AUTH_USER'];
} elseif (isset($_ENV['REMOTE_USER'])) {
$httpLogin = $_ENV['REMOTE_USER'];
} elseif (isset($_ENV['REDIRECT_REMOTE_USER'])) {
$httpLogin = $_ENV['REDIRECT_REMOTE_USER'];
}
return $httpLogin;
}
}