/tine20/Tinebase/Auth.php
PHP | 397 lines | 176 code | 45 blank | 176 comment | 32 complexity | e286cde03494baa1cb2f9127d95c8e1b MD5 | raw file
- <?php
- /**
- * Tine 2.0
- *
- * @package Tinebase
- * @subpackage Auth
- * @license http://www.gnu.org/licenses/agpl.html AGPL Version 3
- * @copyright Copyright (c) 2007-2010 Metaways Infosystems GmbH (http://www.metaways.de)
- * @author Lars Kneschke <l.kneschke@metaways.de>
- */
- /**
- * main authentication class
- *
- * @todo 2010-05-20 cweiss: the default option handling looks like a big mess -> someone needs to tidy up here!
- *
- * @package Tinebase
- * @subpackage Auth
- */
- class Tinebase_Auth
- {
- /**
- * constant for Sql auth
- *
- */
- const SQL = 'Sql';
-
- /**
- * constant for LDAP auth
- *
- */
- const LDAP = 'Ldap';
- /**
- * constant for IMAP auth
- *
- */
- const IMAP = 'Imap';
- /**
- * General Failure
- */
- const FAILURE = Zend_Auth_Result::FAILURE;
- /**
- * Failure due to identity not being found.
- */
- const FAILURE_IDENTITY_NOT_FOUND = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
- /**
- * Failure due to identity being ambiguous.
- */
- const FAILURE_IDENTITY_AMBIGUOUS = Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS;
- /**
- * Failure due to invalid credential being supplied.
- */
- const FAILURE_CREDENTIAL_INVALID = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
- /**
- * Failure due to uncategorized reasons.
- */
- const FAILURE_UNCATEGORIZED = Zend_Auth_Result::FAILURE_UNCATEGORIZED;
-
- /**
- * Failure due the account is disabled
- */
- const FAILURE_DISABLED = -100;
- /**
- * Failure due the account is expired
- */
- const FAILURE_PASSWORD_EXPIRED = -101;
-
- /**
- * Failure due the account is temporarly blocked
- */
- const FAILURE_BLOCKED = -102;
-
- /**
- * database connection failure
- */
- const FAILURE_DATABASE_CONNECTION = -103;
-
- /**
- * Authentication success.
- */
- const SUCCESS = Zend_Auth_Result::SUCCESS;
- /**
- * the name of the authenticationbackend
- *
- * @var string
- */
- protected static $_backendType;
-
- /**
- * Holds the backend configuration options.
- * Property is lazy loaded from {@see Tinebase_Config} on first access via
- * getter {@see getBackendConfiguration()}
- *
- * @var array | optional
- */
- private static $_backendConfiguration;
-
- /**
- * Holds the backend configuration options.
- * Property is lazy loaded from {@see Tinebase_Config} on first access via
- * getter {@see getBackendConfiguration()}
- *
- * @var array | optional
- */
- private static $_backendConfigurationDefaults = array(
- self::SQL => array(
- 'tryUsernameSplit' => '1',
- 'accountCanonicalForm' => '2',
- 'accountDomainName' => '',
- 'accountDomainNameShort' => '',
- ),
- self::LDAP => array(
- 'host' => '',
- 'username' => '',
- 'password' => '',
- 'bindRequiresDn' => true,
- 'baseDn' => '',
- 'accountFilterFormat' => NULL,
- 'accountCanonicalForm' => '2',
- 'accountDomainName' => '',
- 'accountDomainNameShort' => '',
- ),
- self::IMAP => array(
- 'host' => '',
- 'port' => 143,
- 'ssl' => 'tls',
- 'domain' => '',
- ),
- );
-
- /**
- * the instance of the authenticationbackend
- *
- * @var Tinebase_Auth_Interface
- */
- protected $_backend;
-
- /**
- * the constructor
- *
- * don't use the constructor. use the singleton
- */
- private function __construct() {
- $this->setBackend();
- }
-
- /**
- * don't clone. Use the singleton.
- *
- */
- private function __clone() {}
- /**
- * holds the instance of the singleton
- *
- * @var Tinebase_Auth
- */
- private static $_instance = NULL;
-
- /**
- * the singleton pattern
- *
- * @return Tinebase_Auth
- */
- public static function getInstance()
- {
- if (self::$_instance === NULL) {
- self::$_instance = new Tinebase_Auth;
- }
-
- return self::$_instance;
- }
-
- /**
- * authenticate user
- *
- * @param string $_username
- * @param string $_password
- * @return Zend_Auth_Result
- */
- public function authenticate($_username, $_password)
- {
- if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Trying to authenticate '. $_username);
-
- $this->_backend->setIdentity($_username);
- $this->_backend->setCredential($_password);
-
- $result = Zend_Auth::getInstance()->authenticate($this->_backend);
-
- if($result->isValid()) {
- if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Authentication of '. $_username . ' succeeded');
- } else {
- if (Tinebase_Core::isLogLevel(Zend_Log::WARN)) Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Authentication of '. $_username . ' failed');
- }
-
- return $result;
- }
-
- /**
- * check if password is valid
- *
- * @param string $_username
- * @param string $_password
- * @return boolean
- */
- public function isValidPassword($_username, $_password)
- {
- $this->_backend->setIdentity($_username);
- $this->_backend->setCredential($_password);
-
- $result = $this->_backend->authenticate();
- if ($result->isValid()) {
- return true;
- }
-
- return false;
- }
-
- /**
- * returns the configured rs backend
- *
- * @return string
- */
- public static function getConfiguredBackend()
- {
- if (!isset(self::$_backendType)) {
- if (Setup_Controller::getInstance()->isInstalled('Tinebase')) {
- self::setBackendType(Tinebase_Config::getInstance()->getConfig(Tinebase_Config::AUTHENTICATIONBACKENDTYPE, null, self::SQL)->value);
- } else {
- self::setBackendType(self::SQL);
- }
- }
-
- return self::$_backendType;
- }
-
- /**