/**
* Authenticates the remote user
* The sent HTTP authentication information is used to on Backend->Logon().
* As second step the GET-User verified by Backend->Setup() for permission check
* Request::GetGETUser() is usually the same as the Request::GetAuthUser().
* If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin
* permissions on GETUsers data store. Only then the Setup() will be sucessfull.
* This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges.
*
* @access public
* @return
* @throws AuthenticationRequiredException
*/
public static function Authenticate()
{
self::$userIsAuthenticated = false;
$backend = ZPush::GetBackend();
if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) {
throw new AuthenticationRequiredException("Access denied. Username or password incorrect");
}
// mark this request as "authenticated"
self::$userIsAuthenticated = true;
// check Auth-User's permissions on GETUser's store
if ($backend->Setup(Request::GetGETUser(), true) == false) {
throw new AuthenticationRequiredException(sprintf("Not enough privileges of '%s' to setup for user '%s': Permission denied", Request::GetAuthUser(), Request::GetGETUser()));
}
}
/**
* Authenticates the remote user
* The sent HTTP authentication information is used to on Backend->Logon().
* As second step the GET-User verified by Backend->Setup() for permission check
* Request::GetGETUser() is usually the same as the Request::GetAuthUser().
* If the GETUser is different from the AuthUser, the AuthUser MUST HAVE admin
* permissions on GETUsers data store. Only then the Setup() will be sucessfull.
* This allows the user 'john' to do operations as user 'joe' if he has sufficient privileges.
*
* @access public
* @return
* @throws AuthenticationRequiredException
*/
public static function Authenticate()
{
self::$userIsAuthenticated = false;
// when a certificate is sent, allow authentication only as the certificate owner
if (defined("CERTIFICATE_OWNER_PARAMETER") && isset($_SERVER[CERTIFICATE_OWNER_PARAMETER]) && strtolower($_SERVER[CERTIFICATE_OWNER_PARAMETER]) != strtolower(Request::GetAuthUser())) {
throw new AuthenticationRequiredException(sprintf("Access denied. Access is allowed only for the certificate owner '%s'", $_SERVER[CERTIFICATE_OWNER_PARAMETER]));
}
$backend = ZPush::GetBackend();
if ($backend->Logon(Request::GetAuthUser(), Request::GetAuthDomain(), Request::GetAuthPassword()) == false) {
throw new AuthenticationRequiredException("Access denied. Username or password incorrect");
}
// mark this request as "authenticated"
self::$userIsAuthenticated = true;
}
