/** * Identify * * We are authoritative and so we stop event propagation as we have fully identified the user * * @param Event $event * @return int */ public function discern(Event $event) { if (session_status() === PHP_SESSION_ACTIVE && $event instanceof Identify && isset($_SESSION[$this->namespace]['identity'])) { $event->identity()->setIdentified($_SESSION[$this->namespace]['identity']); $event->stopPropagation(); } }
/** * Handles setting the error on the credentials * * @param Event $event * @param int $code * @param string $message * @return void */ private function setErrorOnEvent(Event $event, $code, $message) { if ($this->breakChainOnFailure) { $event->stopPropagation(); } $event->triggerError($code, "[{$this->name}] {$message}"); return; }
/** * Attempts to identify the user based on the passed in credentials * * @param Event $event * @return bool */ public function discern(Event $event) { if ($event instanceof Identify) { $identity = $event->identity(); if (isset($this->data[$identity->identity()])) { $identity->setIdentified($this->data[$identity->identity()]); } else { $this->setErrorOnEvent($event, Sentry::NOT_FOUND, "Identity Not Found"); } } }
/** * Authenticates the credentials * * The ip must be set in order for this to bother test * * @param Event $event * @return int */ public function discern(Event $event) { if ($event instanceof Identify && isset($this->ip)) { $ip = ip2long($this->ip); $identity = $event->identity(); foreach ($this->allowedCidrBlocks as $cidr) { list($quad, $bits) = explode('/', $cidr); $bits = 32 - intval($bits); if ($ip >> $bits == ip2long($quad) >> $bits) { $obj = new \stdClass(); $obj->ip = $ip; $identity->setIdentified($obj); } } } }
/** * Returns whether or not the given identity/credential are valid * * @param Event $event * @return mixed|void */ public function discern(Event $event) { if (!$event instanceof Authenticate) { return; } $identity = $event->identity(); $imap = imap_open($this->server, $identity->identity() . $this->appendToUsername, $identity->credential()); if ($imap === false) { if (strpos(imap_last_error(), 'Connection timed out') !== false) { $this->setErrorOnEvent($event, Sentry::INTERNAL, "Connection timed out"); } else { $this->setErrorOnEvent($event, Sentry::INVALID, "Invalid Credentials"); } } imap_close($imap); }
/** * Returns whether or not the given identity/credential are valid * * @param Event $event * @return boolean */ public function discern(Event $event) { if (!$event instanceof Authenticate) { return; } $identity = $event->identity(); $search = ['{{username}}', '{{password}}']; $replace = [urlencode($identity->identity()), urlencode($identity->credential())]; $url = str_replace($search, $replace, $this->url); // I do not like the use @ but this the only way to suppress the warning $response = @file_get_contents($url); if ($response === false) { $this->setErrorOnEvent($event, Sentry::INTERNAL, "Unable to contact the url: {$this->url}"); return; } if (strpos($response, $this->matchStringInResponse) === false) { $this->setErrorOnEvent($event, Sentry::INVALID, "Invalid credentials"); } }
/** * Handles setting the error on the credentials * * Returns STATUS_ERROR unless BreakChainOnFailure is set * * @param $ldap * @param Event $event * @param int $code * @param string $message * @return int */ private function setErrorOnEvent($ldap, $event, $code, $message) { if ($this->breakChainOnFailure) { $event->stopPropagation(); } $event->triggerError($code, "[{$this->name}] {$message}"); if (is_resource($ldap)) { ldap_unbind($ldap); } }
/** * Triggers the event and returns the identity * * @param Event $event * @return Identity */ private function triggerAndReturnIdentity(Event $event) { if (empty($this->sentries)) { $event->triggerError(Sentry::INVALID, "No sentries available"); } else { /** @var Sentry $sentry */ foreach ($this->sentries as $sentry) { $sentry->discern($event); if ($event->isPropagationStopped()) { break; } } } /** @var Identity $identity */ $identity = $event->identity(); if ($event->hasError()) { $identity->addError($event->error()); } return $identity; }