public static function handler($data = null)
{
if (isset($_SESSION['done_autoauth'])) {
return;
}
if (empty($_SERVER['SSL_CLIENT_RAW_CERT'])) {
return self::done();
}
if (Session::isLoggedIn()) {
return self::done();
}
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']);
if ($userId == NULL) {
return self::done();
}
$users = new users(ConnectionFactory::get('mongo'));
$user = $users->get($userId, false);
if (empty($user)) {
return;
}
if (!in_array('autoauth', $user['auths'])) {
return self::done();
}
if ($user['status'] == users::ACCT_LOCKED) {
return self::done();
}
Session::setBatchVars($user);
return self::done();
}
private function checkCAP($username, $password)
{
$user = $this->get($username);
// Check password authentication
if (empty($user)) {
return false;
}
if (!in_array('cert+pass', $user['auths'])) {
return false;
}
if ($user['password'] != $this->hash($password, $username)) {
return false;
}
// Check certificate authentication
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']);
if ($userId == null) {
return false;
}
if ($userId != $user['_id']) {
return false;
}
return $user;
}
