From 5fd9bd4931931da1f1acda79eea73958d0efd046 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Thu, 15 Oct 2009 05:50:10 -0600
Subject: [PATCH] IMP transparent auth improvements.

Document what credentials IMP uses internally for auth.
Provide ability to override default transparent authentication (via
hordeauth) with userId/credentials values returned from
preauthenticate().
---
 imp/config/hooks.php.dist | 32 ++++++++++++++++++++++++++++++++
 imp/lib/Auth.php          | 16 +++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/imp/config/hooks.php.dist b/imp/config/hooks.php.dist
index d5089f964..4e2c86c33 100644
--- a/imp/config/hooks.php.dist
+++ b/imp/config/hooks.php.dist
@@ -14,6 +14,38 @@
 class IMP_Hooks
 {
     /**
+     * AUTHENTICATION HOOK: pre-authentication actions.
+     *
+     * See horde/config/hooks.php.dist for more information.
+     *
+     * IMP uses the following credentials:
+     *   'password' - (string) The password for mail server authentication.
+     *   'server' - (string) [optional] Use this server key (see
+     *              config/servers.php).
+     *   'transparent' - (boolean) If $credentials['authMethod'] is
+     *                   'transparent', and you would like IMP to use
+     *                   the userId/credentials generated in the
+     *                   preauthentication hook, this must be true. If false,
+     *                   IMP will try to authenticate using hordeauth.
+     */
+//     function preauthenticate($userId, $credentials)
+//     {
+//         return true;
+//     }
+
+
+    /**
+     * AUTHENTICATION HOOK: post-authentication actions.
+     *
+     * See horde/config/hooks.php.dist for more information.
+     */
+     function postauthenticate($userId, $credentials)
+//     {
+//         return true;
+//     }
+
+
+    /**
      * PREFERENCE HOOK: Dynamically set the signature preference.
      *
      * @param string $username  The username.
diff --git a/imp/lib/Auth.php b/imp/lib/Auth.php
index bef0036ff..7a07fed55 100644
--- a/imp/lib/Auth.php
+++ b/imp/lib/Auth.php
@@ -87,11 +87,25 @@ class IMP_Auth
     /**
      * Perform transparent authentication.
      *
+     * @param Horde_Auth_Application $auth_ob  The authentication object.
+     *
      * @return boolean  Whether transparent login is supported.
      * @throws Horde_Auth_Exception
      */
-    static public function transparent()
+    static public function transparent($auth_ob)
     {
+        /* It is possible that preauthenticate() set the credentials.
+         * If so, use that information instead of hordeauth. */
+        if ($auth_ob->getCredential('transparent')) {
+            $credentials = $auth_ob->getCredential();
+            if (!isset($credentials['server'])) {
+                $credentials['server'] = self::getAutoLoginServer();
+            }
+            self::_createSession($auth_ob->getCredential());
+            return true;
+        }
+
+        /* Attempt hordeauth authentication. */
         $credentials = self::_canAutoLogin();
         if ($credentials === false) {
             return false;
-- 
2.11.0