private function initLDAP($secure = true, $rdn = null, $pwd = null)
{
return initLDAP($secure, $rdn, $pwd, array($this, "ldapError"));
}
/**
* realization of authenticate() from iRestAuthModule
*/
public function authenticate()
{
//if ( ! isset($this->_userid) ) {
if (true) {
if (!is_null($this->getParam("userid")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
// SAML Token auth
$keys = new Default_Model_APIKeys();
$keys->filter->key->equals($this->getParam("apikey"));
if (count($keys->items) === 1) {
if ($this->_validateAPIKey($keys->items[0])) {
$u = new Default_Model_UserCredentials();
$u->filter->researcherid->equals($this->getParam("userid"))->and($u->filter->sessionid->equals($this->getParam("sessionid"))->and($u->filter->token->equals($this->getParam("passwd"))));
if (count($u->items) > 0) {
$u = new Default_Model_Researchers();
$u->filter->id->equals($this->getParam("userid"));
if (count($u->items) > 0) {
$this->_userid = $u->items[0]->id;
$this->_userGroups = $u->items[0]->actorGroups;
return $this->_validateAPIKeyAuthMethod($keys->items[0], $u->items[0]);
}
}
}
}
} elseif (!is_null($this->getParam("username")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
// EGI SSO Account auth
$keys = new Default_Model_APIKeys();
$keys->filter->key->equals(trim($this->getParam("apikey")));
if (count($keys->items) === 1) {
if ($this->_validateAPIKey($keys->items[0])) {
//$u = new Default_Model_Researchers();
//$u->filter->username->equals($this->getParam("username"));
$u = new Default_Model_UserAccounts();
$u->filter->account_type->equals('egi-sso-ldap')->and($u->filter->accountid->equals($this->getParam("username")));
if (count($u->items) > 0) {
$username = $this->getParam("username");
$userid = $u->items[0]->researcherid;
$u = $u->items[0]->researcher;
$this->_userGroups = $u->actorGroups;
} else {
$username = null;
}
if ($username !== null) {
$username = "******" . $username . ",ou=people,dc=egi,dc=eu";
$password = $this->getParam('passwd');
$ds = initLDAP(true, $username, $password, 'RestResource::ldapErrorFunc');
if (is_resource($ds)) {
//login info was valid
ldap_close($ds);
// error_log('API call authenticated');
$this->_userid = $userid;
$_GET['userid'] = $userid;
return $this->_validateAPIKeyAuthMethod($keys->items[0], $u);
} else {
error_log('API call authentication failed');
}
}
}
}
} elseif (!is_null($this->getParam("accesstoken"))) {
$actor = AccessTokens::getActorByToken($this->getParam("accesstoken"), true);
if ($actor !== null) {
if ($actor->type === "ppl") {
$this->_userid = $actor->id;
$_GET['userid'] = $actor->id;
return true;
}
} else {
error_log("API call authentication failed: cannot map access token to actor (invalid token?)");
}
}
$this->_userid = 0;
return false;
} else {
return $this->_userid !== 0;
}
}
