* to set the credentials in the session.
*
* Transparent authentication should normally never throw an error - false
- * should normally be returned. However, it is also possible that a
- * transparent authentication is the only available auth method; if so,
- * attempting to login via a login page may cause an endless loop. In this
- * case, an Exception should be thrown which will act as a fatal error.
+ * should be returned.
*
* @return boolean Whether transparent login is supported.
* @throws Horde_Auth_Exception
* authentication info present.
*
* @return boolean Whether or not the client is allowed.
- * @throws Horde_Auth_Exception
*/
protected function _transparent()
{
- if (!empty($_SERVER['PHP_AUTH_USER']) &&
- !empty($_SERVER['PHP_AUTH_PW'])) {
- return Horde_Auth::setAuth(Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_USER']), array('password' => Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_PW']), 'transparent' => 1));
+ if (empty($_SERVER['PHP_AUTH_USER']) ||
+ empty($_SERVER['PHP_AUTH_PW'])) {
+ return false;
}
- throw new Horde_Auth_Exception(_("HTTP Authentication not found."));
+ $this->_credentials['userId'] = $_SERVER['PHP_AUTH_USER'];
+ $this->_credentials['credentials'] = array(
+ 'password' => Horde_Util::dispelMagicQuotes($_SERVER['PHP_AUTH_PW'])
+ );
+
+ return true;
}
}
* block.
*
* @return boolean Whether or not the client is allowed.
- * @throws Horde_Auth_Exception
*/
protected function _transparent()
{
if (!isset($_SERVER['REMOTE_ADDR'])) {
- throw new Horde_Auth_Exception(_("IP address not available."));
+ return false;
}
- $client = $_SERVER['REMOTE_ADDR'];
foreach ($this->_params['blocks'] as $cidr) {
- if ($this->_addressWithinCIDR($client, $cidr)) {
- return Horde_Auth::setAuth($cidr, array('transparent' => 1));
+ if ($this->_addressWithinCIDR($_SERVER['REMOTE_ADDR'], $cidr)) {
+ $this->_credentials['userId'] = $cidr;
+ return true;
}
}
- throw new Horde_Auth_Exception(_("IP address not within allowed CIDR block."));
+ return false;
}
/**
}
/**
- * Automatic authentication: Check if the username is set in the
+ * Automatic authentication: check if the username is set in the
* configured header.
*
* @return boolean Whether or not the client is allowed.
- * @throws Horde_Auth_Exception
*/
protected function _transparent()
{
if (empty($_SERVER[$this->_params['username_header']])) {
- throw new Horde_Auth_Exception(_("Shibboleth authentication not available."));
+ return false;
}
$username = $_SERVER[$this->_params['username_header']];
$username = substr($username, 0, $pos);
}
- if (!Horde_Auth::setAuth($username, array('transparent' => 1))) {
- return false;
- }
+ $this->_credentials['userId'] = $username;
// Set password for hordeauth login.
- if ($this->_params['password_holder'] == 'header') {
- Horde_Auth::setCredential('password', $_SERVER[$this->_params['password_header']]);
- } elseif ($this->_params['password_holder'] == 'preferences') {
- Horde_Auth::setCredential('password', $GLOBALS['prefs']->getValue($this->_params['password_preference']));
+ switch ($this->_params['password_holder']) {
+ case 'header':
+ $this->_credentials['credentials'] = array(
+ 'password' => $_SERVER[$this->_params['password_header']]
+ );
+ break;
+
+ case 'preferences':
+ $this->_credentials['credentials'] = array(
+ 'password' => $_SERVER[$this->_params['password_preference']]
+ );
}
return true;
projects / horde.git / commitdiff