ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Protected Attributes
Sabre\DAV\Auth\Plugin Class Reference

This plugin provides Authentication for a WebDAV server. More...

+ Inheritance diagram for Sabre\DAV\Auth\Plugin:
+ Collaboration diagram for Sabre\DAV\Auth\Plugin:

Public Member Functions

 __construct (Backend\BackendInterface $authBackend=null)
 Creates the authentication plugin. More...
 
 addBackend (Backend\BackendInterface $authBackend)
 Adds an authentication backend to the plugin. More...
 
 initialize (Server $server)
 Initializes the plugin. More...
 
 getPluginName ()
 Returns a plugin name. More...
 
 getCurrentPrincipal ()
 Returns the currently logged-in principal. More...
 
 beforeMethod (RequestInterface $request, ResponseInterface $response)
 This method is called before any HTTP method and forces users to be authenticated. More...
 
 check (RequestInterface $request, ResponseInterface $response)
 Checks authentication credentials, and logs the user in if possible. More...
 
 challenge (RequestInterface $request, ResponseInterface $response)
 This method sends authentication challenges to the user. More...
 
 getLoginFailedReasons ()
 Returns a list of reasons why login was unsuccessful. More...
 
 getPluginInfo ()
 Returns a bunch of meta-data about the plugin. More...
 
- Public Member Functions inherited from Sabre\DAV\ServerPlugin
 initialize (Server $server)
 This initializes the plugin. More...
 
 getFeatures ()
 This method should return a list of server-features. More...
 
 getHTTPMethods ($path)
 Use this method to tell the server this plugin defines additional HTTP methods. More...
 
 getPluginName ()
 Returns a plugin name. More...
 
 getSupportedReportSet ($uri)
 Returns a list of reports this plugin supports. More...
 
 getPluginInfo ()
 Returns a bunch of meta-data about the plugin. More...
 

Data Fields

 $autoRequireLogin = true
 By default this plugin will require that the user is authenticated, and refuse any access if the user is not authenticated. More...
 

Protected Attributes

 $backends
 authentication backends More...
 
 $currentPrincipal
 
 $loginFailedReasons
 

Detailed Description

This plugin provides Authentication for a WebDAV server.

It works by providing a Auth\Backend class. Several examples of these classes can be found in the Backend directory.

It's possible to provide more than one backend to this plugin. If more than one backend was provided, each backend will attempt to authenticate. Only if all backends fail, we throw a 401.

Copyright
Copyright (C) fruux GmbH (https://fruux.com/)
Author
Evert Pot (http://evertpot.com/) @license http://sabre.io/license/ Modified BSD License

Definition at line 25 of file Plugin.php.

Constructor & Destructor Documentation

◆ __construct()

Sabre\DAV\Auth\Plugin::__construct ( Backend\BackendInterface  $authBackend = null)

Creates the authentication plugin.

Parameters
Backend\BackendInterface$authBackend

Definition at line 59 of file Plugin.php.

59 {
60
61 if (!is_null($authBackend)) {
62 $this->addBackend($authBackend);
63 }
64
65 }
$authBackend
$authBackend
Definition: addressbookserver.php:32
Sabre\DAV\Auth\Plugin\addBackend
addBackend(Backend\BackendInterface $authBackend)
Adds an authentication backend to the plugin.
Definition: Plugin.php:73

References $authBackend, and Sabre\DAV\Auth\Plugin\addBackend().

+ Here is the call graph for this function:

Member Function Documentation

◆ addBackend()

Sabre\DAV\Auth\Plugin::addBackend ( Backend\BackendInterface  $authBackend)

Adds an authentication backend to the plugin.

Parameters
Backend\BackendInterface$authBackend
Returns
void

Definition at line 73 of file Plugin.php.

73 {
74
75 $this->backends[] = $authBackend;
76
77 }

References $authBackend.

Referenced by Sabre\DAV\Auth\Plugin\__construct().

+ Here is the caller graph for this function:

◆ beforeMethod()

Sabre\DAV\Auth\Plugin::beforeMethod ( RequestInterface  $request,
ResponseInterface  $response 
)

This method is called before any HTTP method and forces users to be authenticated.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
bool

Definition at line 130 of file Plugin.php.

130 {
131
132 if ($this->currentPrincipal) {
133
134 // We already have authentication information. This means that the
135 // event has already fired earlier, and is now likely fired for a
136 // sub-request.
137 //
138 // We don't want to authenticate users twice, so we simply don't do
139 // anything here. See Issue #700 for additional reasoning.
140 //
141 // This is not a perfect solution, but will be fixed once the
142 // "currently authenticated principal" is information that's not
143 // not associated with the plugin, but rather per-request.
144 //
145 // See issue #580 for more information about that.
146 return;
147
148 }
149
150 $authResult = $this->check($request, $response);
151
152 if ($authResult[0]) {
153 // Auth was successful
154 $this->currentPrincipal = $authResult[1];
155 $this->loginFailedReasons = null;
156 return;
157 }
158
159
160
161 // If we got here, it means that no authentication backend was
162 // successful in authenticating the user.
163 $this->currentPrincipal = null;
164 $this->loginFailedReasons = $authResult[1];
165
166 if ($this->autoRequireLogin) {
167 $this->challenge($request, $response);
168 throw new NotAuthenticated(implode(', ', $authResult[1]));
169 }
170
171 }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
Sabre\DAV\Auth\Plugin\check
check(RequestInterface $request, ResponseInterface $response)
Checks authentication credentials, and logs the user in if possible.
Definition: Plugin.php:191
Sabre\DAV\Auth\Plugin\challenge
challenge(RequestInterface $request, ResponseInterface $response)
This method sends authentication challenges to the user.
Definition: Plugin.php:232
$response
$response
Definition: proxy_ylocal.php:39

References $response, Sabre\DAV\Auth\Plugin\challenge(), and Sabre\DAV\Auth\Plugin\check().

+ Here is the call graph for this function:

◆ challenge()

Sabre\DAV\Auth\Plugin::challenge ( RequestInterface  $request,
ResponseInterface  $response 
)

This method sends authentication challenges to the user.

This method will for example cause a HTTP Basic backend to set a WWW-Authorization header, indicating to the client that it should authenticate.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
array

Definition at line 232 of file Plugin.php.

232 {
233
234 foreach ($this->backends as $backend) {
235 $backend->challenge($request, $response);
236 }
237
238 }

References $request, and $response.

Referenced by Sabre\DAV\Auth\Plugin\beforeMethod().

+ Here is the caller graph for this function:

◆ check()

Sabre\DAV\Auth\Plugin::check ( RequestInterface  $request,
ResponseInterface  $response 
)

Checks authentication credentials, and logs the user in if possible.

This method returns an array. The first item in the array is a boolean indicating if login was successful.

If login was successful, the second item in the array will contain the current principal url/path of the logged in user.

If login was not successful, the second item in the array will contain a an array with strings. The strings are a list of reasons why login was unsuccessful. For every auth backend there will be one reason, so usually there's just one.

Parameters
RequestInterface$request
ResponseInterface$response
Returns
array

Definition at line 191 of file Plugin.php.

191 {
192
193 if (!$this->backends) {
194 throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
195 }
196 $reasons = [];
197 foreach ($this->backends as $backend) {
198
199 $result = $backend->check(
200 $request,
201 $response
202 );
203
204 if (!is_array($result) || count($result) !== 2 || !is_bool($result[0]) || !is_string($result[1])) {
205 throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
206 }
207
208 if ($result[0]) {
209 $this->currentPrincipal = $result[1];
210 // Exit early
211 return [true, $result[1]];
212 }
213 $reasons[] = $result[1];
214
215 }
216
217 return [false, $reasons];
218
219 }
$result
$result
Definition: CleanUpTest.php:463

References $request, $response, and $result.

Referenced by Sabre\DAV\Auth\Plugin\beforeMethod().

+ Here is the caller graph for this function:

◆ getCurrentPrincipal()

Sabre\DAV\Auth\Plugin::getCurrentPrincipal ( )

Returns the currently logged-in principal.

This will return a string such as:

principals/username principals/users/username

This method will return null if nobody is logged in.

Returns
string|null

Definition at line 117 of file Plugin.php.

117 {
118
119 return $this->currentPrincipal;
120
121 }

References Sabre\DAV\Auth\Plugin\$currentPrincipal.

◆ getLoginFailedReasons()

Sabre\DAV\Auth\Plugin::getLoginFailedReasons ( )

Returns a list of reasons why login was unsuccessful.

This method will return the login failed reasons for the last login operation. One for each auth backend.

This method returns null if the last authentication attempt was successful, or if there was no authentication attempt yet.

Returns
string[]|null

Definition at line 258 of file Plugin.php.

258 {
259
260 return $this->loginFailedReasons;
261
262 }

References Sabre\DAV\Auth\Plugin\$loginFailedReasons.

◆ getPluginInfo()

Sabre\DAV\Auth\Plugin::getPluginInfo ( )

Returns a bunch of meta-data about the plugin.

Providing this information is optional, and is mainly displayed by the Browser plugin.

The description key in the returned array may contain html and will not be sanitized.

Returns
array

Reimplemented from Sabre\DAV\ServerPlugin.

Definition at line 275 of file Plugin.php.

275 {
276
277 return [
278 'name' => $this->getPluginName(),
279 'description' => 'Generic authentication plugin',
280 'link' => 'http://sabre.io/dav/authentication/',
281 ];
282
283 }
Sabre\DAV\Auth\Plugin\getPluginName
getPluginName()
Returns a plugin name.
Definition: Plugin.php:99

References Sabre\DAV\Auth\Plugin\getPluginName().

+ Here is the call graph for this function:

◆ getPluginName()

Sabre\DAV\Auth\Plugin::getPluginName ( )

Returns a plugin name.

Using this name other plugins will be able to access other plugins using DAV\Server::getPlugin

Returns
string

Reimplemented from Sabre\DAV\ServerPlugin.

Definition at line 99 of file Plugin.php.

99 {
100
101 return 'auth';
102
103 }

Referenced by Sabre\DAV\Auth\Plugin\getPluginInfo().

+ Here is the caller graph for this function:

◆ initialize()

Sabre\DAV\Auth\Plugin::initialize ( Server  $server)

Initializes the plugin.

This function is automatically called by the server

Parameters
Server$server
Returns
void

Reimplemented from Sabre\DAV\ServerPlugin.

Definition at line 85 of file Plugin.php.

85 {
86
87 $server->on('beforeMethod', [$this, 'beforeMethod'], 10);
88
89 }
$server
$server
Definition: sabredav.php:48

References $server.

Field Documentation

◆ $autoRequireLogin

Sabre\DAV\Auth\Plugin::$autoRequireLogin = true

By default this plugin will require that the user is authenticated, and refuse any access if the user is not authenticated.

If this setting is set to false, we let the user through, whether they are authenticated or not.

This is useful if you want to allow both authenticated and unauthenticated access to your server.

Parameters
bool

Definition at line 39 of file Plugin.php.

◆ $backends

Sabre\DAV\Auth\Plugin::$backends
protected

authentication backends

Definition at line 44 of file Plugin.php.

◆ $currentPrincipal

Sabre\DAV\Auth\Plugin::$currentPrincipal
protected

Definition at line 52 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\getCurrentPrincipal().

◆ $loginFailedReasons

Sabre\DAV\Auth\Plugin::$loginFailedReasons
protected

Definition at line 245 of file Plugin.php.

Referenced by Sabre\DAV\Auth\Plugin\getLoginFailedReasons().

The documentation for this class was generated from the following file: