/**
* Identify
*
* We are authoritative and so we stop event propagation as we have fully identified the user
*
* @param Event $event
* @return int
*/
public function discern(Event $event)
{
if (session_status() === PHP_SESSION_ACTIVE && $event instanceof Identify && isset($_SESSION[$this->namespace]['identity'])) {
$event->identity()->setIdentified($_SESSION[$this->namespace]['identity']);
$event->stopPropagation();
}
}
/**
* Handles setting the error on the credentials
*
* @param Event $event
* @param int $code
* @param string $message
* @return void
*/
private function setErrorOnEvent(Event $event, $code, $message)
{
if ($this->breakChainOnFailure) {
$event->stopPropagation();
}
$event->triggerError($code, "[{$this->name}] {$message}");
return;
}
/**
* Attempts to identify the user based on the passed in credentials
*
* @param Event $event
* @return bool
*/
public function discern(Event $event)
{
if ($event instanceof Identify) {
$identity = $event->identity();
if (isset($this->data[$identity->identity()])) {
$identity->setIdentified($this->data[$identity->identity()]);
} else {
$this->setErrorOnEvent($event, Sentry::NOT_FOUND, "Identity Not Found");
}
}
}
/**
* Authenticates the credentials
*
* The ip must be set in order for this to bother test
*
* @param Event $event
* @return int
*/
public function discern(Event $event)
{
if ($event instanceof Identify && isset($this->ip)) {
$ip = ip2long($this->ip);
$identity = $event->identity();
foreach ($this->allowedCidrBlocks as $cidr) {
list($quad, $bits) = explode('/', $cidr);
$bits = 32 - intval($bits);
if ($ip >> $bits == ip2long($quad) >> $bits) {
$obj = new \stdClass();
$obj->ip = $ip;
$identity->setIdentified($obj);
}
}
}
}
/**
* Returns whether or not the given identity/credential are valid
*
* @param Event $event
* @return mixed|void
*/
public function discern(Event $event)
{
if (!$event instanceof Authenticate) {
return;
}
$identity = $event->identity();
$imap = imap_open($this->server, $identity->identity() . $this->appendToUsername, $identity->credential());
if ($imap === false) {
if (strpos(imap_last_error(), 'Connection timed out') !== false) {
$this->setErrorOnEvent($event, Sentry::INTERNAL, "Connection timed out");
} else {
$this->setErrorOnEvent($event, Sentry::INVALID, "Invalid Credentials");
}
}
imap_close($imap);
}
/**
* Returns whether or not the given identity/credential are valid
*
* @param Event $event
* @return boolean
*/
public function discern(Event $event)
{
if (!$event instanceof Authenticate) {
return;
}
$identity = $event->identity();
$search = ['{{username}}', '{{password}}'];
$replace = [urlencode($identity->identity()), urlencode($identity->credential())];
$url = str_replace($search, $replace, $this->url);
// I do not like the use @ but this the only way to suppress the warning
$response = @file_get_contents($url);
if ($response === false) {
$this->setErrorOnEvent($event, Sentry::INTERNAL, "Unable to contact the url: {$this->url}");
return;
}
if (strpos($response, $this->matchStringInResponse) === false) {
$this->setErrorOnEvent($event, Sentry::INVALID, "Invalid credentials");
}
}
/**
* Handles setting the error on the credentials
*
* Returns STATUS_ERROR unless BreakChainOnFailure is set
*
* @param $ldap
* @param Event $event
* @param int $code
* @param string $message
* @return int
*/
private function setErrorOnEvent($ldap, $event, $code, $message)
{
if ($this->breakChainOnFailure) {
$event->stopPropagation();
}
$event->triggerError($code, "[{$this->name}] {$message}");
if (is_resource($ldap)) {
ldap_unbind($ldap);
}
}
/**
* Triggers the event and returns the identity
*
* @param Event $event
* @return Identity
*/
private function triggerAndReturnIdentity(Event $event)
{
if (empty($this->sentries)) {
$event->triggerError(Sentry::INVALID, "No sentries available");
} else {
/** @var Sentry $sentry */
foreach ($this->sentries as $sentry) {
$sentry->discern($event);
if ($event->isPropagationStopped()) {
break;
}
}
}
/** @var Identity $identity */
$identity = $event->identity();
if ($event->hasError()) {
$identity->addError($event->error());
}
return $identity;
}
