authhtpasswd : Add support to authenticate the user from a .htpasswd file, created by "htpasswd" command. Allow to add easily a new user if the admin password is lost
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2279 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
59
Tests/authhtpasswdTest.php
Normal file
59
Tests/authhtpasswdTest.php
Normal file
@@ -0,0 +1,59 @@
|
||||
<?php
|
||||
/** DomFramework - Tests
|
||||
@package domframework
|
||||
@author Dominique Fournier <dominique@fournier38.fr> */
|
||||
|
||||
/** Test the authhtpasswd.php file */
|
||||
class test_authhtpasswd extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function test_clean ()
|
||||
{
|
||||
@unlink ("/tmp/htpasswd.file");
|
||||
file_put_contents ("/tmp/htpasswd.file",
|
||||
'toto@toto.com:$2y$05$dO7qyX4simzg3pMgWyqHgeAjFauXEyUdPdyrwDMVNj4fTuE24TGuq'
|
||||
."\n".
|
||||
'titi@titi.com:$2y$05$dO7qyX4simzg3pMgWyqHgeAjFauXEyUdPdyrwDMVNj4fTuE24TGuq'
|
||||
."\n"
|
||||
);
|
||||
}
|
||||
|
||||
public function test_connect ()
|
||||
{
|
||||
$authhtpasswd = new authhtpasswd ();
|
||||
$authhtpasswd->htpasswdFile = "/tmp/htpasswd.file";
|
||||
$res = $authhtpasswd->connect ();
|
||||
$this->assertEquals ($res, null);
|
||||
}
|
||||
|
||||
public function test_authentication1 ()
|
||||
{
|
||||
$authhtpasswd = new authhtpasswd ();
|
||||
$authhtpasswd->htpasswdFile = "/tmp/htpasswd.file";
|
||||
$res = $authhtpasswd->authentication ("toto@toto.com", "toto123");
|
||||
$this->assertEquals ($res, true);
|
||||
}
|
||||
|
||||
public function test_authentication2 ()
|
||||
{
|
||||
$authhtpasswd = new authhtpasswd ();
|
||||
$authhtpasswd->htpasswdFile = "/tmp/htpasswd.file";
|
||||
$this->setExpectedException ("Exception");
|
||||
$res = $authhtpasswd->authentication ("UNKNOWN@toto.com", "toto123");
|
||||
}
|
||||
|
||||
public function test_authentication3 ()
|
||||
{
|
||||
$authhtpasswd = new authhtpasswd ();
|
||||
$authhtpasswd->htpasswdFile = "/tmp/htpasswd.file";
|
||||
$this->setExpectedException ("Exception");
|
||||
$res = $authhtpasswd->authentication ("toto@toto.com", "BAD PASSWD");
|
||||
}
|
||||
|
||||
public function test_authentication4 ()
|
||||
{
|
||||
$authhtpasswd = new authhtpasswd ();
|
||||
$authhtpasswd->htpasswdFile = "/tmp/htpasswd.file";
|
||||
$res = $authhtpasswd->authentication ("titi@titi.com", "toto123");
|
||||
$this->assertEquals ($res, true);
|
||||
}
|
||||
}
|
||||
84
authhtpasswd.php
Normal file
84
authhtpasswd.php
Normal file
@@ -0,0 +1,84 @@
|
||||
<?php
|
||||
/** DomFramework
|
||||
@package domframework
|
||||
@author Dominique Fournier <dominique@fournier38.fr> */
|
||||
|
||||
/** User authentication against .htpasswd file
|
||||
A .htpasswd can be created by the 'htpasswd' command for Apache, and contain
|
||||
toto@toto.com:$2y$05$uHCUNqicE7Pku3MK1qZaDuJxP/pocqCcEAnacZBjsfWgW9EcuG5y2
|
||||
*/
|
||||
class authhtpasswd extends auth
|
||||
{
|
||||
/** The .htpasswd file to use for authentication */
|
||||
public $htpasswdFile;
|
||||
|
||||
public function connect ()
|
||||
{
|
||||
if (! file_exists ($this->htpasswdFile))
|
||||
throw new Exception (sprintf (dgettext("domframework",
|
||||
"The HTPasswd file '%s' is not found"),
|
||||
$this->htpasswdFile), 500);
|
||||
if (! is_readable ($this->htpasswdFile))
|
||||
throw new Exception (sprintf (dgettext("domframework",
|
||||
"The HTPasswd file '%s' is not readable"),
|
||||
$this->htpasswdFile), 500);
|
||||
}
|
||||
|
||||
/** Try to authenticate the email/password of the user
|
||||
@param string $email Email to authenticate
|
||||
@param string $password Password to authenticate */
|
||||
public function authentication ($email, $password)
|
||||
{
|
||||
// Redo the checks of connect to not have a property to add
|
||||
$this->connect ();
|
||||
$file = file_get_contents ($this->htpasswdFile);
|
||||
$lines = explode ("\n", $file);
|
||||
foreach ($lines as $line)
|
||||
{
|
||||
// Comment line : skip it
|
||||
if ($line{0} === "#")
|
||||
continue;
|
||||
$line = trim ($line);
|
||||
$user = strstr ($line, ":", true);
|
||||
$cryptedPassword = substr (strstr ($line, ':'), 1);
|
||||
if ($user === $email)
|
||||
{
|
||||
if (crypt ($password, $cryptedPassword) !== $cryptedPassword)
|
||||
throw new Exception ("Bad password for '$email'", 401);
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
throw new Exception ("Unable to find the user : '$email'", 401);
|
||||
}
|
||||
|
||||
/** Return all the parameters recorded for the authenticate user */
|
||||
public function getdetails ()
|
||||
{
|
||||
throw new Exception (dgettext ("domframework",
|
||||
"The details can't be provided by HTPasswd file"),
|
||||
404);
|
||||
}
|
||||
|
||||
/** Method to change the password
|
||||
@param string $oldpassword The old password (to check if the user have the
|
||||
rights to change the password)
|
||||
@param string $newpassword The new password to be recorded */
|
||||
public function changepassword ($oldpassword, $newpassword)
|
||||
{
|
||||
throw new Exception (dgettext("domframework",
|
||||
"The password can't be change for HTPasswd users"),
|
||||
405);
|
||||
}
|
||||
|
||||
/** Method to overwrite the password (without oldpassword check)
|
||||
Must be reserved to the administrators. For the users, use changepassword
|
||||
method
|
||||
@param string $email the user identifier to select
|
||||
@param string $newpassword The new password to be recorded */
|
||||
public function overwritepassword ($email, $newpassword)
|
||||
{
|
||||
throw new Exception (dgettext("domframework",
|
||||
"The password can't be change for HTPasswd users"),
|
||||
405);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user