/** * Authenticates the remote user * The sent HTTP authentication information is used to on Backend->Logon(). * As second step the GET-User verified by Backend->Setup() for permission check * Request::GetGETUser() is usually the same as the Request::GetAuthUser(). * If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin * permissions on GETUsers data store. Only then the Setup() will be sucessfull. * This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges. * * @access public * @return * @throws AuthenticationRequiredException */ public static function Authenticate() { self::$userIsAuthenticated = false; $backend = ZPush::GetBackend(); if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) { throw new AuthenticationRequiredException("Access denied. Username or password incorrect"); } // mark this request as "authenticated" self::$userIsAuthenticated = true; // check Auth-User's permissions on GETUser's store if ($backend->Setup(Request::GetGETUser(), true) == false) { throw new AuthenticationRequiredException(sprintf("Not enough privileges of '%s' to setup for user '%s': Permission denied", Request::GetAuthUser(), Request::GetGETUser())); } }
/** * Authenticates the remote user * The sent HTTP authentication information is used to on Backend->Logon(). * As second step the GET-User verified by Backend->Setup() for permission check * Request::GetGETUser() is usually the same as the Request::GetAuthUser(). * If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin * permissions on GETUsers data store. Only then the Setup() will be sucessfull. * This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges. * * @access public * @return * @throws AuthenticationRequiredException */ public static function Authenticate() { self::$userIsAuthenticated = false; // when a certificate is sent, allow authentication only as the certificate owner if (defined("CERTIFICATE_OWNER_PARAMETER") && isset($_SERVER[CERTIFICATE_OWNER_PARAMETER]) && strtolower($_SERVER[CERTIFICATE_OWNER_PARAMETER]) != strtolower(Request::GetAuthUser())) { throw new AuthenticationRequiredException(sprintf("Access denied. Access is allowed only for the certificate owner '%s'", $_SERVER[CERTIFICATE_OWNER_PARAMETER])); } $backend = ZPush::GetBackend(); if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) { throw new AuthenticationRequiredException("Access denied. Username or password incorrect"); } // mark this request as "authenticated" self::$userIsAuthenticated = true; }