nearly there with auth integration

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@627 b3834d28-1941-0410-a4f8-b48e95affb8f

2 files changed, 262 insertions, 0 deletions

diff --git a/data/config.default.php b/data/config.default.php
index 9febb79..a6b0e68 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -661,4 +661,48 @@ $avahiServiceFilePrefix = 'semanticscuttle-';
  */
 $avahiTagName = 'zeroconf';
 
+
+
+/**
+ * Array of key value pairs to override service class names.
+ * Key is the old service name ("User"), value the new class
+ * name.
+ *
+ * @var array
+ */
+$serviceoverrides = array();
+
+
+
+
+/****************************
+ * External user authentication
+ */
+
+/**
+ * Type of external authentication via PEAR Auth
+ * To use this, you also need to set
+ * $serviceoverrides['User'] = 'SemanticScuttle_Service_AuthUser';
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php
+ *
+ * @var string
+ */
+$authType = null;
+
+/**
+ * Options for external authentication via PEAR Auth
+ *
+ * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php
+ *
+ * @var array
+ */
+$authOptions = null;
+
+/**
+ * Enable debugging for PEAR Authentication
+ *
+ * @var boolean
+ */
+$authDebug = false;
 ?>
diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php
new file mode 100644
index 0000000..79cac9c
--- /dev/null
+++ b/src/SemanticScuttle/Service/AuthUser.php
@@ -0,0 +1,218 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @author   Eric Dane <ericdane@users.sourceforge.net>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+
+require_once 'Auth.php';
+require_once 'SemanticScuttle/Service/User.php';
+
+/**
+ * SemanticScuttle extendet user management service utilizing
+ * the PEAR Auth package to enable authentication against
+ * different services, i.e. LDAP or other databases.
+ *
+ * Requires the Log packages for debugging purposes.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User
+{
+    /**
+     * PEAR Auth instance
+     *
+     * @var Auth
+     */
+    protected $auth = null;
+
+    /**
+     * If we want to debug authentication process
+     *
+     * @var boolean
+     */
+    protected $authdebug = false;
+
+    /**
+    * Authentication type (i.e. LDAP)
+    *
+    * @var string
+    *
+    * @link http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php
+    */
+    var $authtype = null;
+    
+    /**
+    * Authentication options
+    *
+    * @var array
+    *
+    * @link http://pear.php.net/manual/en/package.authentication.auth.intro.php
+    */
+    var $authoptions = null;
+
+
+
+    /**
+     * Returns the single service instance
+     *
+     * @param sql_db $db Database object
+     *
+     * @return SemanticScuttle_Service_AuthUser
+     */
+    public static function getInstance($db)
+    {
+        static $instance;
+        if (!isset($instance)) {
+            $instance = new self($db);
+        }
+        return $instance;
+    }
+
+
+
+    /**
+     * Create new instance
+     *
+     * @var sql_db $db Database object
+     */
+    protected function __construct($db)
+    {
+        parent::__construct($db);
+
+        $this->authtype    = $GLOBALS['authType'];
+        $this->authoptions = $GLOBALS['authOptions'];
+        $this->authdebug   = $GLOBALS['authDebug'];
+
+        //FIXME: throw error when no authtype set?
+        if (!$this->authtype) {
+            return;
+        }
+        require_once 'Auth.php';
+        $this->auth = new Auth($this->authtype, $this->authoptions);
+        //FIXME: check if it worked (i.e. db connection)
+        if ($this->authdebug) {
+            require_once 'Log.php';
+            $this->auth->logger = Log::singleton(
+                'display', '', '', array(), PEAR_LOG_DEBUG
+            );
+            $this->auth->enableLogging = true;
+        }
+        $this->auth->setShowLogin(false);
+    }
+
+
+
+    /**
+     * Return current user id based on session or cookie
+     *
+     * @return mixed Integer user id or boolean false when user
+     *               could not be found or is not logged on.
+     */
+    public function getCurrentUserId()
+    {
+        if (!$this->auth) {
+            return parent::getCurrentUserId();
+        }
+
+        //FIXME: caching?
+        $name = $this->auth->getUsername();
+        if (!$name) {
+            return false;
+        }
+        return $this->getIdFromUser($name);
+    }
+
+
+
+    /**
+     * Try to authenticate and login a user with
+     * username and password.
+     *
+     * @param string  $username Name of user
+     * @param string  $password Password
+     * @param boolean $remember If a long-time cookie shall be set
+     *
+     * @return boolean True if the user could be authenticated,
+     *                 false if not.
+     */
+    public function login($username, $password, $remember = false)
+    {
+        if (!$this->auth) {
+            return parent::login($username, $password, $remember);
+        }
+
+        $ok = $this->loginAuth($username, $password);
+        $password = $this->sanitisePassword($password);
+        $id       = $this->getIdFromUser($username);
+        //FIXME: check against auth
+    }
+
+
+    /**
+    * Uses PEAR's Auth class to authenticate the user against a container.
+    * This allows us to use LDAP, a different database or some other
+    * external system.
+    *
+    * @param string $username Username to check
+    * @param string $password Password to check
+    *
+    * @return boolean If the user has been authenticated or not
+    */
+    public function loginAuth($username, $password)
+    {
+        $this->auth->post = array(
+            'username' => $username,
+            'password' => $password,
+        );
+        $this->auth->start();
+
+        if (!$this->auth->checkAuth()) {
+            return false;
+        }
+
+        //put user in database
+        if (!$this->getUserByUsername($username)) {
+            $this->addUser(
+                $username, $password,
+                $username . '@' . $GLOBALS['authemaildomain']
+            );
+        }
+        //FIXME: what if the user changed his password?
+        //FIXME: what if the user does not need an email domain?
+
+        return true;
+     }
+
+
+
+
+    /**
+     * Logs the current user out of the system.
+     *
+     * @return void
+     */
+    public function logout()
+    {
+        parent::logout();
+
+        if ($this->auth) {
+            $this->auth->logout();
+            $this->auth = null;
+        }
+    }
+
+}
+?>
\ No newline at end of file