sspmod_authcrypt_Auth_Source_Htpasswd Class Reference

Inheritance diagram for sspmod_authcrypt_Auth_Source_Htpasswd:

Collaboration diagram for sspmod_authcrypt_Auth_Source_Htpasswd:

Public Member Functions
	__construct ($info, $config)
	Constructor for this authentication source. More...
Public Member Functions inherited from sspmod_core_Auth_UserPassBase
	__construct ($info, &$config)
	Constructor for this authentication source. More...
	setForcedUsername ($forcedUsername)
	Set forced username. More...
	getLoginLinks ()
	Return login links from configuration. More...
	getRememberUsernameEnabled ()
	Getter for the authsource config option remember.username.enabled. More...
	getRememberUsernameChecked ()
	Getter for the authsource config option remember.username.checked. More...
	isRememberMeEnabled ()
	Check if the "remember me" feature is enabled. More...
	isRememberMeChecked ()
	Check if the "remember me" checkbox should be checked. More...
	authenticate (&$state)
	Initialize login. More...
Public Member Functions inherited from SimpleSAML_Auth_Source
	__construct ($info, &$config)
	Constructor for an authentication source. More...
	getAuthId ()
	Retrieve the ID of this authentication source. More...
	authenticate (&$state)
	Process a request. More...
	reauthenticate (array &$state)
	Reauthenticate an user. More...
	initLogin ($return, $errorURL=null, array $params=array())
	Start authentication. More...
	logout (&$state)
	Log out from this authentication source. More...

Protected Member Functions
	login ($username, $password)
	Attempt to log in using the given username and password. More...
Protected Member Functions inherited from sspmod_core_Auth_UserPassBase
	login ($username, $password)
	Attempt to log in using the given username and password. More...
Protected Member Functions inherited from SimpleSAML_Auth_Source
	addLogoutCallback ($assoc, $state)
	Add a logout callback association. More...
	callLogoutCallback ($assoc)
	Call a logout callback based on association. More...

Private Attributes
	$users
	$attributes = array()

Additional Inherited Members
Static Public Member Functions inherited from sspmod_core_Auth_UserPassBase
static	handleLogin ($authStateId, $username, $password)
	Handle login request. More...
Static Public Member Functions inherited from SimpleSAML_Auth_Source
static	getSourcesOfType ($type)
	Get sources of a specific type. More...
static	completeAuth (&$state)
	Complete authentication. More...
static	loginCompleted ($state)
	Called when a login operation has finished. More...
static	completeLogout (&$state)
	Complete logout. More...
static	getById ($authId, $type=null)
	Retrieve authentication source. More...
static	logoutCallback ($state)
	Called when the authentication source receives an external logout request. More...
static	getSources ()
	Retrieve list of authentication sources. More...
Data Fields inherited from sspmod_core_Auth_UserPassBase
const	STAGEID = 'sspmod_core_Auth_UserPassBase.state'
	The string used to identify our states. More...
const	AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId'
	The key of the AuthId field in the state. More...
Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static	validateSource ($source, $id)
	Make sure that the first element of an auth source is its identifier. More...
Protected Attributes inherited from sspmod_core_Auth_UserPassBase
	$loginLinks
	Links to pages from login page. More...
	$rememberUsernameEnabled = FALSE
	$rememberUsernameChecked = FALSE
	$rememberMeEnabled = FALSE
	$rememberMeChecked = FALSE
Protected Attributes inherited from SimpleSAML_Auth_Source
	$authId

Detailed Description

Definition at line 12 of file Htpasswd.php.

Constructor & Destructor Documentation

__construct()

sspmod_authcrypt_Auth_Source_Htpasswd::__construct	(		$info,
			$config
	)

Constructor for this authentication source.

Parameters

array	$info	Information about this authentication source.
array	$config	Configuration.

Exceptions

Exception

if the htpasswd file is not readable or the static_attributes array is invalid.

Definition at line 39 of file Htpasswd.php.

References $config, $info, array, and SimpleSAML\Utils\Attributes\normalizeAttributesArray().

    {
        assert('is_array($info)');
        assert('is_array($config)');

        // Call the parent constructor first, as required by the interface
        parent::__construct($info, $config);

        $this->users = array();

        if (!$htpasswd = file_get_contents($config['htpasswd_file'])) {
            throw new Exception('Could not read '.$config['htpasswd_file']);
        }

        $this->users = explode("\n", trim($htpasswd));

        try {
            $this->attributes = SimpleSAML\Utils\Attributes::normalizeAttributesArray($config['static_attributes']);
        } catch (Exception $e) {
            throw new Exception('Invalid static_attributes in authentication source '.
                $this->authId.': '.$e->getMessage());
        }
    }

Here is the call graph for this function:

Member Function Documentation

login()

sspmod_authcrypt_Auth_Source_Htpasswd::login (   $username,   $password  )

protected

Attempt to log in using the given username and password.

On a successful login, this function should return the username as 'uid' attribute, and merged attributes from the configuration file. On failure, it should throw an exception. A SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown in case of a wrong username OR a wrong password, to prevent the enumeration of usernames.

Parameters

string	$username	The username the user wrote.
string	$password	The password the user wrote.

Returns

array Associative array with the users attributes.

Exceptions

SimpleSAML_Error_Error

if authentication fails.

Definition at line 80 of file Htpasswd.php.

References $attributes, $password, array, SimpleSAML\Logger\debug(), and SimpleSAML\Logger\warning().

    {
        assert('is_string($username)');
        assert('is_string($password)');

        foreach ($this->users as $userpass) {
            $matches = explode(':', $userpass, 2);
            if ($matches[0] == $username) {
                $crypted = $matches[1];

                // This is about the only attribute we can add
                $attributes = array_merge(array('uid' => array($username)), $this->attributes);

                // Traditional crypt(3)
                if (SimpleSAML\Utils\Crypto::secureCompare($crypted, crypt($password, $crypted))) {
                    SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
                    SimpleSAML\Logger::warning(
                        'CRYPT authentication is insecure. Please consider using something else.'
                    );
                    return $attributes;
                }

                // Apache's custom MD5
                if (APR1_MD5::check($password, $crypted)) {
                    SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
                    return $attributes;
                }

                // SHA1 or plain-text
                if (SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) {
                    SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
                    SimpleSAML\Logger::warning(
                        'SHA1 and PLAIN TEXT authentication are insecure. Please consider using something else.'
                    );
                    return $attributes;
                }
                throw new SimpleSAML_Error_Error('WRONGUSERPASS');
            }
        }
        throw new SimpleSAML_Error_Error('WRONGUSERPASS');
    }

Here is the call graph for this function:

Field Documentation

$attributes

sspmod_authcrypt_Auth_Source_Htpasswd::$attributes = array()

private

Definition at line 28 of file Htpasswd.php.

Referenced by login().

$users

sspmod_authcrypt_Auth_Source_Htpasswd::$users

private

Definition at line 21 of file Htpasswd.php.

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/authcrypt/lib/Auth/Source/Htpasswd.php