ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Protected Attributes
Sabre\DAV\Auth\Plugin Class Reference

This plugin provides Authentication for a WebDAV server. More...

+ Inheritance diagram for Sabre\DAV\Auth\Plugin:
+ Collaboration diagram for Sabre\DAV\Auth\Plugin:

Public Member Functions

 __construct (Backend\BackendInterface $authBackend=null)
 Creates the authentication plugin. More...
 
 addBackend (Backend\BackendInterface $authBackend)
 Adds an authentication backend to the plugin. More...
 
 initialize (Server $server)
 Initializes the plugin. More...
 
 getPluginName ()
 Returns a plugin name. More...
 
 getCurrentPrincipal ()
 Returns the currently logged-in principal. More...
 
 beforeMethod (RequestInterface $request, ResponseInterface $response)
 This method is called before any HTTP method and forces users to be authenticated. More...
 
 check (RequestInterface $request, ResponseInterface $response)
 Checks authentication credentials, and logs the user in if possible. More...
 
 challenge (RequestInterface $request, ResponseInterface $response)
 This method sends authentication challenges to the user. More...
 
 getLoginFailedReasons ()
 Returns a list of reasons why login was unsuccessful. More...
 
 getPluginInfo ()
 Returns a bunch of meta-data about the plugin. More...
 
- Public Member Functions inherited from Sabre\DAV\ServerPlugin
 initialize (Server $server)
 This initializes the plugin. More...
 
 getFeatures ()
 This method should return a list of server-features. More...
 
 getHTTPMethods ($path)
 Use this method to tell the server this plugin defines additional HTTP methods. More...
 
 getPluginName ()
 Returns a plugin name. More...
 
 getSupportedReportSet ($uri)
 Returns a list of reports this plugin supports. More...
 
 getPluginInfo ()
 Returns a bunch of meta-data about the plugin. More...
 

Data Fields

 $autoRequireLogin = true
 By default this plugin will require that the user is authenticated, and refuse any access if the user is not authenticated. More...
 

Protected Attributes

 $backends
 authentication backends More...
 
 $currentPrincipal
 
 $loginFailedReasons
 

Detailed Description

This plugin provides Authentication for a WebDAV server.

It works by providing a Auth class. Several examples of these classes can be found in the Backend directory.

It's possible to provide more than one backend to this plugin. If more than one backend was provided, each backend will attempt to authenticate. Only if all backends fail, we throw a 401.

Copyright
Copyright (C) fruux GmbH (https://fruux.com/)
Author
Evert Pot (http://evertpot.com/) http://sabre.io/license/ Modified BSD License

Definition at line 25 of file Plugin.php.

Constructor & Destructor Documentation

◆ __construct()

Sabre\DAV\Auth\Plugin::__construct ( Backend\BackendInterface  $authBackend = null)

Creates the authentication plugin.

Parameters
Backend\BackendInterface$authBackend

Definition at line 59 of file Plugin.php.

References $authBackend, and Sabre\DAV\Auth\Plugin\addBackend().

59  {
60 
61  if (!is_null($authBackend)) {
62  $this->addBackend($authBackend);
63  }
64 
65  }
Sabre\DAV\Auth\Plugin\addBackend
addBackend(Backend\BackendInterface $authBackend)
Adds an authentication backend to the plugin.
Definition: Plugin.php:73
$authBackend
$authBackend
Definition: addressbookserver.php:32
+ Here is the call graph for this function:

Member Function Documentation

◆ addBackend()

Sabre\DAV\Auth\Plugin::addBackend ( Backend\BackendInterface  $authBackend)

Adds an authentication backend to the plugin.

Parameters
Backend\BackendInterface$authBackend
Returns
void

Definition at line 73 of file Plugin.php.

References $authBackend.

Referenced by Sabre\DAV\Auth\Plugin\__construct().

73  {
74 
75  $this->backends[] = $authBackend;
76 
77  }
$authBackend
$authBackend
Definition: addressbookserver.php:32
+ Here is the caller graph for this function:

◆ beforeMethod()

Sabre\DAV\Auth\Plugin::beforeMethod ( RequestInterface  $request,
ResponseInterface  $response 
)

This method is called before any HTTP method and forces users to be authenticated.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
bool

Definition at line 130 of file Plugin.php.

References Sabre\DAV\Auth\Plugin\challenge(), and Sabre\DAV\Auth\Plugin\check().

130  {
131 
132  if ($this->currentPrincipal) {
133 
134  // We already have authentication information. This means that the
135  // event has already fired earlier, and is now likely fired for a
136  // sub-request.
137  //
138  // We don't want to authenticate users twice, so we simply don't do
139  // anything here. See Issue #700 for additional reasoning.
140  //
141  // This is not a perfect solution, but will be fixed once the
142  // "currently authenticated principal" is information that's not
143  // not associated with the plugin, but rather per-request.
144  //
145  // See issue #580 for more information about that.
146  return;
147 
148  }
149 
150  $authResult = $this->check($request, $response);
151 
152  if ($authResult[0]) {
153  // Auth was successful
154  $this->currentPrincipal = $authResult[1];
155  $this->loginFailedReasons = null;
156  return;
157  }
158 
159 
160 
161  // If we got here, it means that no authentication backend was
162  // successful in authenticating the user.
163  $this->currentPrincipal = null;
164  $this->loginFailedReasons = $authResult[1];
165 
166  if ($this->autoRequireLogin) {
167  $this->challenge($request, $response);
168  throw new NotAuthenticated(implode(', ', $authResult[1]));
169  }
170 
171  }
Sabre\DAV\Auth\Plugin\check
check(RequestInterface $request, ResponseInterface $response)
Checks authentication credentials, and logs the user in if possible.
Definition: Plugin.php:191
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
Sabre\DAV\Auth\Plugin\challenge
challenge(RequestInterface $request, ResponseInterface $response)
This method sends authentication challenges to the user.
Definition: Plugin.php:232
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:

◆ challenge()

Sabre\DAV\Auth\Plugin::challenge ( RequestInterface  $request,
ResponseInterface  $response 
)

This method sends authentication challenges to the user.

This method will for example cause a HTTP Basic backend to set a WWW-Authorization header, indicating to the client that it should authenticate.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
array

Definition at line 232 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\beforeMethod().

232  {
233 
234  foreach ($this->backends as $backend) {
235  $backend->challenge($request, $response);
236  }
237 
238  }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the caller graph for this function:

◆ check()

Sabre\DAV\Auth\Plugin::check ( RequestInterface  $request,
ResponseInterface  $response 
)

Checks authentication credentials, and logs the user in if possible.

This method returns an array. The first item in the array is a boolean indicating if login was successful.

If login was successful, the second item in the array will contain the current principal url/path of the logged in user.

If login was not successful, the second item in the array will contain a an array with strings. The strings are a list of reasons why login was unsuccessful. For every auth backend there will be one reason, so usually there's just one.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
array

Definition at line 191 of file Plugin.php.

References $result.

Referenced by Sabre\DAV\Auth\Plugin\beforeMethod().

191  {
192 
193  if (!$this->backends) {
194  throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
195  }
196  $reasons = [];
197  foreach ($this->backends as $backend) {
198 
199  $result = $backend->check(
200  $request,
201  $response
202  );
203 
204  if (!is_array($result) || count($result) !== 2 || !is_bool($result[0]) || !is_string($result[1])) {
205  throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
206  }
207 
208  if ($result[0]) {
209  $this->currentPrincipal = $result[1];
210  // Exit early
211  return [true, $result[1]];
212  }
213  $reasons[] = $result[1];
214 
215  }
216 
217  return [false, $reasons];
218 
219  }
$result
$result
Definition: CleanUpTest.php:463
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the caller graph for this function:

◆ getCurrentPrincipal()

Sabre\DAV\Auth\Plugin::getCurrentPrincipal ( )

Returns the currently logged-in principal.

This will return a string such as:

principals/username principals/users/username

This method will return null if nobody is logged in.

Returns
string|null

Definition at line 117 of file Plugin.php.

References Sabre\DAV\Auth\Plugin\$currentPrincipal.

117  {
118 
119  return $this->currentPrincipal;
120 
121  }

◆ getLoginFailedReasons()

Sabre\DAV\Auth\Plugin::getLoginFailedReasons ( )

Returns a list of reasons why login was unsuccessful.

This method will return the login failed reasons for the last login operation. One for each auth backend.

This method returns null if the last authentication attempt was successful, or if there was no authentication attempt yet.

Returns
string[]|null

Definition at line 258 of file Plugin.php.

References Sabre\DAV\Auth\Plugin\$loginFailedReasons.

258  {
259 
260  return $this->loginFailedReasons;
261 
262  }

◆ getPluginInfo()

Sabre\DAV\Auth\Plugin::getPluginInfo ( )

Returns a bunch of meta-data about the plugin.

Providing this information is optional, and is mainly displayed by the Browser plugin.

The description key in the returned array may contain html and will not be sanitized.

Returns
array

Definition at line 275 of file Plugin.php.

References Sabre\DAV\Auth\Plugin\getPluginName().

275  {
276 
277  return [
278  'name' => $this->getPluginName(),
279  'description' => 'Generic authentication plugin',
280  'link' => 'http://sabre.io/dav/authentication/',
281  ];
282 
283  }
Sabre\DAV\Auth\Plugin\getPluginName
getPluginName()
Returns a plugin name.
Definition: Plugin.php:99
+ Here is the call graph for this function:

◆ getPluginName()

Sabre\DAV\Auth\Plugin::getPluginName ( )

Returns a plugin name.

Using this name other plugins will be able to access other plugins using DAV::getPlugin

Returns
string

Definition at line 99 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\getPluginInfo().

99  {
100 
101  return 'auth';
102 
103  }
+ Here is the caller graph for this function:

◆ initialize()

Sabre\DAV\Auth\Plugin::initialize ( Server  $server)

Initializes the plugin.

This function is automatically called by the server

Parameters
Server$server
Returns
void

Definition at line 85 of file Plugin.php.

References Sabre\Event\EventEmitterInterface\on().

85  {
86 
87  $server->on('beforeMethod', [$this, 'beforeMethod'], 10);
88 
89  }
$server
$server
Definition: sabredav.php:48
+ Here is the call graph for this function:

Field Documentation

◆ $autoRequireLogin

Sabre\DAV\Auth\Plugin::$autoRequireLogin = true

By default this plugin will require that the user is authenticated, and refuse any access if the user is not authenticated.

If this setting is set to false, we let the user through, whether they are authenticated or not.

This is useful if you want to allow both authenticated and unauthenticated access to your server.

Parameters
bool

Definition at line 39 of file Plugin.php.

◆ $backends

Sabre\DAV\Auth\Plugin::$backends
protected

authentication backends

Definition at line 44 of file Plugin.php.

◆ $currentPrincipal

Sabre\DAV\Auth\Plugin::$currentPrincipal
protected

Definition at line 52 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\getCurrentPrincipal().

◆ $loginFailedReasons

Sabre\DAV\Auth\Plugin::$loginFailedReasons
protected

Definition at line 245 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\getLoginFailedReasons().

The documentation for this class was generated from the following file: