From 2fda20e67daad055e2fba2ec8c6d663dd2671c79 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 12:41:17 -0500 Subject: [PATCH 01/12] Debug logging --- backend/Services/Auth/Adapters/Header.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 98c0106..1258565 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -9,6 +9,7 @@ use Filegator\Services\Auth\Adapters\JsonFile; use Filegator\Services\Auth\User; +use Filegator\Services\Logger\LoggerInterface; class Header extends JsonFile { @@ -16,14 +17,21 @@ class Header extends JsonFile protected $fullname_header_key; protected $non_header_users; protected $user_defaults; - + + public function __construct(LoggerInterface $logger) + { + $this->logger = $logger; + } + public function init(array $config = []) { parent::init($config); + $this->logger->log("INIT THE HEADER AUTH: ".$config["username_header_key"]); $this->username_header_key = strtolower($config["username_header_key"]); $this->fullname_header_key = strtolower($config["fullname_header_key"]); $this->ignore_users = $config["ignore_users"] ?? []; $this->user_defaults = $config["user_defaults"] ?? []; + } private function useNormalAuth($username): bool @@ -89,7 +97,7 @@ public function authenticate($username, $password): bool public function user(): ?User { if (! $this->session) return null; - + $user = $this->session->get(self::SESSION_KEY, null); if (! $user) return null; From 2c1739f9a76da89b41b877d3fdfa34112a23cae4 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 12:47:26 -0500 Subject: [PATCH 02/12] debug --- backend/Services/Auth/Adapters/Header.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 1258565..dca40e8 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -26,7 +26,7 @@ public function __construct(LoggerInterface $logger) public function init(array $config = []) { parent::init($config); - $this->logger->log("INIT THE HEADER AUTH: ".$config["username_header_key"]); + $this->logger->debug("INIT THE HEADER AUTH: ".$config["username_header_key"]); $this->username_header_key = strtolower($config["username_header_key"]); $this->fullname_header_key = strtolower($config["fullname_header_key"]); $this->ignore_users = $config["ignore_users"] ?? []; @@ -42,19 +42,22 @@ private function useNormalAuth($username): bool private function headerUser(): array { $headers = array_change_key_case(getallheaders(), CASE_LOWER); + $this->logger->debug($headers); $header_username_exists = array_key_exists($this->username_header_key, $headers); $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); if (!$header_username_exists) { - error_log(print_r($this->username_header_key." header is not set", true)); + $this->logger->error(print_r($this->username_header_key." header is not set", true)); } if (!$header_fullname_exists) { - error_log(print_r($this->fullname_header_key." header is not set", true)); + $this->logger->error(print_r($this->fullname_header_key." header is not set", true)); } if (!$header_username_exists || !$header_fullname_exists) return null; $username_header = $headers[$this->username_header_key]; $fullname_header = $headers[$this->fullname_header_key]; + $this->logger->error("USERNAME: ".$username_header); + $this->logger->error("FULLNAME: ".$fullname_header); if(!isset($username_header) || empty($username_header)) return null; if(!isset($fullname_header) || empty($fullname_header)) return null; @@ -76,7 +79,7 @@ private function userHash($user): string public function authenticate($username, $password): bool { if ($this->useNormalAuth($username)) { - error_log(print_r("** ".$username." user is configured to use normal authentication, skipping header auth", true)); + $this->logger->info(print_r("** ".$username." user is configured to use normal authentication, skipping header auth", true)); return parent::authenticate($username, $password); } From e4d35fac0c12baf5520b02b52a432ce5a8021a72 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 12:50:52 -0500 Subject: [PATCH 03/12] debug --- backend/Services/Auth/Adapters/Header.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index dca40e8..e31024e 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -42,22 +42,22 @@ private function useNormalAuth($username): bool private function headerUser(): array { $headers = array_change_key_case(getallheaders(), CASE_LOWER); - $this->logger->debug($headers); + $this->logger->log($headers); $header_username_exists = array_key_exists($this->username_header_key, $headers); $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); if (!$header_username_exists) { - $this->logger->error(print_r($this->username_header_key." header is not set", true)); + $this->logger->log(print_r($this->username_header_key." header is not set", true)); } if (!$header_fullname_exists) { - $this->logger->error(print_r($this->fullname_header_key." header is not set", true)); + $this->logger->log(print_r($this->fullname_header_key." header is not set", true)); } if (!$header_username_exists || !$header_fullname_exists) return null; $username_header = $headers[$this->username_header_key]; $fullname_header = $headers[$this->fullname_header_key]; - $this->logger->error("USERNAME: ".$username_header); - $this->logger->error("FULLNAME: ".$fullname_header); + $this->logger->log("USERNAME: ".$username_header); + $this->logger->log("FULLNAME: ".$fullname_header); if(!isset($username_header) || empty($username_header)) return null; if(!isset($fullname_header) || empty($fullname_header)) return null; From 33fa76f4cfe71bd08e8c33b5bd6c2f78c0c972f4 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 12:51:58 -0500 Subject: [PATCH 04/12] debug --- backend/Services/Auth/Adapters/Header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index e31024e..016af0d 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -26,7 +26,7 @@ public function __construct(LoggerInterface $logger) public function init(array $config = []) { parent::init($config); - $this->logger->debug("INIT THE HEADER AUTH: ".$config["username_header_key"]); + $this->logger->log("INIT THE HEADER AUTH: ".$config["username_header_key"]); $this->username_header_key = strtolower($config["username_header_key"]); $this->fullname_header_key = strtolower($config["fullname_header_key"]); $this->ignore_users = $config["ignore_users"] ?? []; From c98ce6b7805778cf1a3a8fa54a31acf6edee3fa7 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 12:54:57 -0500 Subject: [PATCH 05/12] debug --- backend/Services/Auth/Adapters/Header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 016af0d..8f3cd66 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -42,7 +42,7 @@ private function useNormalAuth($username): bool private function headerUser(): array { $headers = array_change_key_case(getallheaders(), CASE_LOWER); - $this->logger->log($headers); + $this->logger->log(implode(" ", $headers)); $header_username_exists = array_key_exists($this->username_header_key, $headers); $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); From e8e50f45a1e5357f3f6cdfae917e8bfae8e56a3e Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 13:22:55 -0500 Subject: [PATCH 06/12] debug --- backend/Services/Auth/Adapters/Header.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 8f3cd66..1bd8ca7 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -31,6 +31,7 @@ public function init(array $config = []) $this->fullname_header_key = strtolower($config["fullname_header_key"]); $this->ignore_users = $config["ignore_users"] ?? []; $this->user_defaults = $config["user_defaults"] ?? []; + $this->logger->log(implode("--", $this)); } @@ -41,8 +42,10 @@ private function useNormalAuth($username): bool private function headerUser(): array { - $headers = array_change_key_case(getallheaders(), CASE_LOWER); - $this->logger->log(implode(" ", $headers)); + $this->logger->log(implode("::", getallheaders())); + $headers = getallheaders(); + array_change_key_case($headers, CASE_LOWER); + $this->logger->log(implode("++", $headers)); $header_username_exists = array_key_exists($this->username_header_key, $headers); $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); From a030538ccd1af96145b0df5a0195eb04145ae8f2 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 13:24:29 -0500 Subject: [PATCH 07/12] debug --- backend/Services/Auth/Adapters/Header.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 1bd8ca7..b156b9b 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -31,8 +31,6 @@ public function init(array $config = []) $this->fullname_header_key = strtolower($config["fullname_header_key"]); $this->ignore_users = $config["ignore_users"] ?? []; $this->user_defaults = $config["user_defaults"] ?? []; - $this->logger->log(implode("--", $this)); - } private function useNormalAuth($username): bool From 000f4168ee7d9d50b4291ee71ce0f18e2772faa9 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 13:33:01 -0500 Subject: [PATCH 08/12] debug --- backend/Services/Auth/Adapters/Header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index b156b9b..0985b08 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -41,7 +41,7 @@ private function useNormalAuth($username): bool private function headerUser(): array { $this->logger->log(implode("::", getallheaders())); - $headers = getallheaders(); + $headers = getallheaders()->getArrayCopy(); array_change_key_case($headers, CASE_LOWER); $this->logger->log(implode("++", $headers)); $header_username_exists = array_key_exists($this->username_header_key, $headers); From f6654d44f8f4301bed41bb3017833addb3ae0ea4 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 13:39:55 -0500 Subject: [PATCH 09/12] debug --- backend/Services/Auth/Adapters/Header.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 0985b08..ae093b9 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -26,9 +26,8 @@ public function __construct(LoggerInterface $logger) public function init(array $config = []) { parent::init($config); - $this->logger->log("INIT THE HEADER AUTH: ".$config["username_header_key"]); - $this->username_header_key = strtolower($config["username_header_key"]); - $this->fullname_header_key = strtolower($config["fullname_header_key"]); + $this->username_header_key = $config["username_header_key"]; + $this->fullname_header_key = $config["fullname_header_key"]; $this->ignore_users = $config["ignore_users"] ?? []; $this->user_defaults = $config["user_defaults"] ?? []; } @@ -40,10 +39,9 @@ private function useNormalAuth($username): bool private function headerUser(): array { - $this->logger->log(implode("::", getallheaders())); - $headers = getallheaders()->getArrayCopy(); - array_change_key_case($headers, CASE_LOWER); - $this->logger->log(implode("++", $headers)); + $headers = getallheaders(); + $age = array("PeterZZZ"=>"35","BeNNy"=>"37","JoeEEeeEE"=>"43"); + $this->logger->log(implode("", array_change_key_case($age, CASE_LOWER))); $header_username_exists = array_key_exists($this->username_header_key, $headers); $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); From b8af3f0e9007a259fb2d1f7b39ac7e0033cb96ca Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 16:31:24 -0500 Subject: [PATCH 10/12] Working version with autologin --- backend/Services/Auth/Adapters/Header.php | 114 +++++++++++++++++----- 1 file changed, 92 insertions(+), 22 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index ae093b9..eb6429c 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -2,14 +2,15 @@ /* * This is a custom auth handler that will receive headers for the username and fullname - * If the headers are missing, login will fail. - * If the headers are present, login will succeed, and user will be added. + * If the headers are missing, the user will be presented with the login + * If the headers are present, login will be done automatically, and the user will be added to the system */ namespace Filegator\Services\Auth\Adapters; use Filegator\Services\Auth\Adapters\JsonFile; use Filegator\Services\Auth\User; use Filegator\Services\Logger\LoggerInterface; +use Filegator\Services\Session\SessionStorageInterface as Session; class Header extends JsonFile { @@ -17,9 +18,11 @@ class Header extends JsonFile protected $fullname_header_key; protected $non_header_users; protected $user_defaults; + protected $cookie_key; - public function __construct(LoggerInterface $logger) + public function __construct(Session $session, LoggerInterface $logger) { + parent::__construct($session); $this->logger = $logger; } @@ -28,6 +31,7 @@ public function init(array $config = []) parent::init($config); $this->username_header_key = $config["username_header_key"]; $this->fullname_header_key = $config["fullname_header_key"]; + $this->cookie_key = $config["cookie_key"] ?? "Cookie"; $this->ignore_users = $config["ignore_users"] ?? []; $this->user_defaults = $config["user_defaults"] ?? []; } @@ -37,26 +41,46 @@ private function useNormalAuth($username): bool return in_array($username, $this->ignore_users); } + private function cookieHeaders($headers) { + $all_headers = $headers; + if (!array_key_exists(strtolower($this->cookie_key), $all_headers)) { + return []; + } + + $headers_from_cookie = explode('; ', $all_headers["cookie"]); + $headers = []; + + foreach ($headers_from_cookie as $cookie) { + list($key, $value) = explode('=', $cookie, 2); + $headers[$key] = $value; + } + + return $headers; + } + private function headerUser(): array { - $headers = getallheaders(); - $age = array("PeterZZZ"=>"35","BeNNy"=>"37","JoeEEeeEE"=>"43"); - $this->logger->log(implode("", array_change_key_case($age, CASE_LOWER))); - $header_username_exists = array_key_exists($this->username_header_key, $headers); - $header_fullname_exists = array_key_exists($this->fullname_header_key, $headers); + $headers = array_change_key_case(getallheaders(), CASE_LOWER); + $cookie_headers = array_change_key_case($this->cookieHeaders($headers), CASE_LOWER); + $username_header_key = strtolower($this->username_header_key); + $fullname_header_key = strtolower($this->fullname_header_key); + // $this->logger->log("HEADERS:"); + // $this->logger->log(json_encode($headers)); + // $this->logger->log("COOKIEHEADERS:"); + // $this->logger->log(json_encode($cookie_headers)); + $header_username_exists = (array_key_exists($username_header_key, $headers) or array_key_exists($username_header_key, $cookie_headers)); + $header_fullname_exists = (array_key_exists($fullname_header_key, $headers) or array_key_exists($fullname_header_key, $cookie_headers)); if (!$header_username_exists) { - $this->logger->log(print_r($this->username_header_key." header is not set", true)); + $this->logger->log($this->username_header_key." username header is not set"); } if (!$header_fullname_exists) { - $this->logger->log(print_r($this->fullname_header_key." header is not set", true)); + $this->logger->log($this->fullname_header_key." full name header is not set"); } if (!$header_username_exists || !$header_fullname_exists) return null; - $username_header = $headers[$this->username_header_key]; - $fullname_header = $headers[$this->fullname_header_key]; - $this->logger->log("USERNAME: ".$username_header); - $this->logger->log("FULLNAME: ".$fullname_header); + $username_header = $headers[$username_header_key] ?? $cookie_headers[$username_header_key]; + $fullname_header = $headers[$fullname_header_key] ?? $cookie_headers[$fullname_header_key]; if(!isset($username_header) || empty($username_header)) return null; if(!isset($fullname_header) || empty($fullname_header)) return null; @@ -78,37 +102,83 @@ private function userHash($user): string public function authenticate($username, $password): bool { if ($this->useNormalAuth($username)) { - $this->logger->info(print_r("** ".$username." user is configured to use normal authentication, skipping header auth", true)); + $this->logger->log("** ".$username." user is configured to use normal authentication, skipping header auth"); return parent::authenticate($username, $password); } $header_user = $this->headerUser(); if (!isset($header_user)) return false; + // $this->logger->log("HEADERUSER:"); + // $this->logger->log(json_encode($header_user)); + $existing_user = $this->find($header_user["username"]); + // $this->logger->log("EXISTINGUSER:"); + // $this->logger->log(json_encode($existing_user)); if (!isset($existing_user)) { + // $this->logger->log("CREATENEWUSER"); $new_user = $this->mapToUserObject($header_user); $existing_user = $this->add($new_user, ""); // Password isn't used } + // $this->logger->log("EXISTINGUSER2:"); + // $this->logger->log(json_encode($existing_user)); $this->store($existing_user); $this->session->set(self::SESSION_HASH, $this->userHash($existing_user)); return true; } + protected function sessionUser() { + return $this->session->get(self::SESSION_KEY, null); + } + public function user(): ?User { + // $this->logger->log("USER:1"); if (! $this->session) return null; + // $this->logger->log("USER:2"); + + $session_user = $this->sessionUser(); + // $this->logger->log("USER:3"); + if ($session_user) { + // $this->logger->log("USER:4"); + $hash = $this->session->get(self::SESSION_HASH, null); + return ($hash == $this->userHash($session_user)) ? $session_user : null; + } + + // $this->logger->log("USER:5"); + $header_user = $this->headerUser(); + if ($header_user) { + // $this->logger->log("USER:6"); + $header_username = $header_user["username"]; + $authenticated = $this->authenticate($header_username, ""); + // $this->logger->log("USER:7"); + if ($authenticated) { + $authenticated_user = $this->sessionUser(); + // $this->logger->log("USER:8"); + $this->logger->log("Authenticated user [".$authenticated_user->getUsername()."] with F5 header"); + return $authenticated_user; + } + } + + $this->logger->log("USER:7"); + return null; - $user = $this->session->get(self::SESSION_KEY, null); - if (! $user) return null; + // if ($this->useNormalAuth($user->getUsername())) return parent::user(); + // $this->logger->log("USER:3"); + // if (! $user) return null; + // $this->logger->log("USER:4"); - if ($this->useNormalAuth($user->getUsername())) return parent::user(); + // if ($this->useNormalAuth($user->getUsername())) return parent::user(); + // $this->logger->log("USER:5"); - $existing_user = $this->find($user->getUsername()); - if (! $existing_user) return null; + // $existing_user = $this->find($user->getUsername()); + // $this->logger->log("USER:6"); + // if (! $existing_user) return null; + // $this->logger->log("USER:7"); - $hash = $this->session->get(self::SESSION_HASH, null); - return ($hash == $this->userHash($existing_user)) ? $user : null; + // $hash = $this->session->get(self::SESSION_HASH, null); + // $this->logger->log("USER:8"); + // return ($hash == $this->userHash($existing_user)) ? $user : null; } } From 4ba57b03223c2871577ab14a264fa03218aae9c1 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Mon, 4 Mar 2024 16:37:40 -0500 Subject: [PATCH 11/12] Updated authed log string --- backend/Services/Auth/Adapters/Header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index eb6429c..8736a3b 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -156,7 +156,7 @@ public function user(): ?User if ($authenticated) { $authenticated_user = $this->sessionUser(); // $this->logger->log("USER:8"); - $this->logger->log("Authenticated user [".$authenticated_user->getUsername()."] with F5 header"); + $this->logger->log("Authenticated user [".$authenticated_user->getUsername()."] with ".$this->username_header_key." header"); return $authenticated_user; } } From 0e1d3b5709d50d9c92dc494bb040e9c840fe3a98 Mon Sep 17 00:00:00 2001 From: Jeremy Snyder Date: Tue, 5 Mar 2024 11:23:08 -0500 Subject: [PATCH 12/12] cleanup --- backend/Services/Auth/Adapters/Header.php | 77 +++++++++-------------- 1 file changed, 28 insertions(+), 49 deletions(-) diff --git a/backend/Services/Auth/Adapters/Header.php b/backend/Services/Auth/Adapters/Header.php index 8736a3b..9ea5c96 100644 --- a/backend/Services/Auth/Adapters/Header.php +++ b/backend/Services/Auth/Adapters/Header.php @@ -58,36 +58,38 @@ private function cookieHeaders($headers) { return $headers; } - private function headerUser(): array + private function trimQuotes($value): string + { + if (! isset($value)) return $value; + return trim($value, '\'"'); + } + + private function headerUser(): ?array { $headers = array_change_key_case(getallheaders(), CASE_LOWER); $cookie_headers = array_change_key_case($this->cookieHeaders($headers), CASE_LOWER); $username_header_key = strtolower($this->username_header_key); $fullname_header_key = strtolower($this->fullname_header_key); - // $this->logger->log("HEADERS:"); - // $this->logger->log(json_encode($headers)); - // $this->logger->log("COOKIEHEADERS:"); - // $this->logger->log(json_encode($cookie_headers)); $header_username_exists = (array_key_exists($username_header_key, $headers) or array_key_exists($username_header_key, $cookie_headers)); $header_fullname_exists = (array_key_exists($fullname_header_key, $headers) or array_key_exists($fullname_header_key, $cookie_headers)); if (!$header_username_exists) { $this->logger->log($this->username_header_key." username header is not set"); + return null; } if (!$header_fullname_exists) { - $this->logger->log($this->fullname_header_key." full name header is not set"); + $this->logger->log($this->fullname_header_key." full name header is not set, falling back to username header"); } - if (!$header_username_exists || !$header_fullname_exists) return null; $username_header = $headers[$username_header_key] ?? $cookie_headers[$username_header_key]; - $fullname_header = $headers[$fullname_header_key] ?? $cookie_headers[$fullname_header_key]; + $fullname_header = $headers[$fullname_header_key] ?? $cookie_headers[$fullname_header_key] ?? $username_header; if(!isset($username_header) || empty($username_header)) return null; if(!isset($fullname_header) || empty($fullname_header)) return null; return [ - "username" => $username_header, - "name" => $fullname_header, + "username" => $this->trimQuotes($username_header), + "name" => $this->trimQuotes($fullname_header), "role" => $this->user_defaults["role"] ?? "user", "homedir" => $this->user_defaults["homedir"] ?? "/share", "permissions" => $this->user_defaults["permissions"] ?? "read", @@ -99,32 +101,35 @@ private function userHash($user): string return $user->getHomedir().$user->getRole().$user->getUsername(); } + private function setSessionHash($user) { + $this->session->set(self::SESSION_HASH, $this->userHash($user)); + } + public function authenticate($username, $password): bool { if ($this->useNormalAuth($username)) { - $this->logger->log("** ".$username." user is configured to use normal authentication, skipping header auth"); - return parent::authenticate($username, $password); + $this->logger->log("** [".$username."] user is configured to use normal authentication, skipping header auth"); + $authenticated = parent::authenticate($username, $password); + if ($authenticated) { + $authenticated_user = parent::user(); + if (isset($authenticated_user)) { + $this->setSessionHash($authenticated_user); + } + } + return $authenticated; } $header_user = $this->headerUser(); if (!isset($header_user)) return false; - // $this->logger->log("HEADERUSER:"); - // $this->logger->log(json_encode($header_user)); - $existing_user = $this->find($header_user["username"]); - // $this->logger->log("EXISTINGUSER:"); - // $this->logger->log(json_encode($existing_user)); if (!isset($existing_user)) { - // $this->logger->log("CREATENEWUSER"); $new_user = $this->mapToUserObject($header_user); $existing_user = $this->add($new_user, ""); // Password isn't used } - // $this->logger->log("EXISTINGUSER2:"); - // $this->logger->log(json_encode($existing_user)); $this->store($existing_user); - $this->session->set(self::SESSION_HASH, $this->userHash($existing_user)); + $this->setSessionHash($existing_user); return true; } @@ -134,51 +139,25 @@ protected function sessionUser() { public function user(): ?User { - // $this->logger->log("USER:1"); if (! $this->session) return null; - // $this->logger->log("USER:2"); $session_user = $this->sessionUser(); - // $this->logger->log("USER:3"); - if ($session_user) { - // $this->logger->log("USER:4"); + if (isset($session_user)) { $hash = $this->session->get(self::SESSION_HASH, null); return ($hash == $this->userHash($session_user)) ? $session_user : null; } - // $this->logger->log("USER:5"); $header_user = $this->headerUser(); - if ($header_user) { - // $this->logger->log("USER:6"); + if (isset($header_user)) { $header_username = $header_user["username"]; $authenticated = $this->authenticate($header_username, ""); - // $this->logger->log("USER:7"); if ($authenticated) { $authenticated_user = $this->sessionUser(); - // $this->logger->log("USER:8"); $this->logger->log("Authenticated user [".$authenticated_user->getUsername()."] with ".$this->username_header_key." header"); return $authenticated_user; } } - $this->logger->log("USER:7"); return null; - - // if ($this->useNormalAuth($user->getUsername())) return parent::user(); - // $this->logger->log("USER:3"); - // if (! $user) return null; - // $this->logger->log("USER:4"); - - // if ($this->useNormalAuth($user->getUsername())) return parent::user(); - // $this->logger->log("USER:5"); - - // $existing_user = $this->find($user->getUsername()); - // $this->logger->log("USER:6"); - // if (! $existing_user) return null; - // $this->logger->log("USER:7"); - - // $hash = $this->session->get(self::SESSION_HASH, null); - // $this->logger->log("USER:8"); - // return ($hash == $this->userHash($existing_user)) ? $user : null; } }