/**
* Performs the actual authentication, calling parent if web request's data is missing
*
* @param string $usermail the mail address of the user to authenticate (entered or from Shibboleth)
* @param string $password the password entered into the login form, empty in case of Shibboleth
* @param sfWebRequest $request the current web request
*
*/
public function authenticate($usermail, $password, $request = NULL)
{
$authenticated = false;
// if Shibboleth Data is missing, hand back to default auth
if (NULL === $request) {
$authenticated = parent::authenticate($usermail, $password);
// Load user
$criteria = new Criteria();
$criteria->add(QubitUser::EMAIL, $usermail);
$user = QubitUser::getOne($criteria);
} else {
$params = $request->getPathInfoArray();
if (strlen($params['Shib-Session-Index']) >= 8) {
$authenticated = true;
// Load user using username or, if one doesn't exist, create it
$criteria = new Criteria();
$criteria->add(QubitUser::EMAIL, $usermail);
if (null === ($user = QubitUser::getOne($criteria))) {
$user = $this->createUserFromShibInfo($request);
}
$this->updateUserFromShibInfo($request, $user);
} else {
return false;
}
}
// Sign in user if authentication was successful
if ($authenticated) {
$this->signIn($user);
}
return $authenticated;
}
public function execute($filterChain)
{
if ($this->isFirstCall()) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
$this->sendHeaders();
exit;
}
$user = QubitUser::checkCredentials($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $error);
if (null === $user) {
$this->sendHeaders();
return;
}
$user = new myUser(new sfEventDispatcher(), new sfNoStorage());
$user->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
// We'll need username/email details later
sfContext::getInstance()->request->setAttribute('user', $user);
}
$filterChain->execute();
}
