|
TYPO3 API
SVNRelease
|
00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 2009-2011 Dmitry Dulepov <dmitry@typo3.org> 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * 00017 * This script is distributed in the hope that it will be useful, 00018 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00019 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00020 * GNU General Public License for more details. 00021 * 00022 * This copyright notice MUST APPEAR in all copies of the script! 00023 ***************************************************************/ 00024 /** 00025 * [CLASS/FUNCTION INDEX of SCRIPT] 00026 * 00027 * $Id: class.tx_rsaauth_sv1.php 10120 2011-01-18 20:03:36Z ohader $ 00028 */ 00029 00030 require_once(t3lib_extMgm::extPath('sv') . 'class.tx_sv_auth.php'); 00031 require_once(t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php'); 00032 require_once(t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php'); 00033 00034 // Include backends 00035 00036 /** 00037 * Service "RSA authentication" for the "rsaauth" extension. This service will 00038 * authenticate a user using hos password encoded with one time public key. It 00039 * uses the standard TYPO3 service to do all dirty work. Firsts, it will decode 00040 * the password and then pass it to the parent service ('sv'). This ensures that it 00041 * always works, even if other TYPO3 internals change. 00042 * 00043 * @author Dmitry Dulepov <dmitry@typo3.org> 00044 * @package TYPO3 00045 * @subpackage tx_rsaauth 00046 */ 00047 class tx_rsaauth_sv1 extends tx_sv_auth { 00048 00049 /** 00050 * An RSA backend. 00051 * 00052 * @var tx_rsaauth_abstract_backend 00053 */ 00054 protected $backend = null; 00055 00056 /** 00057 * Standard extension key for the service 00058 * 00059 * @var string 00060 */ 00061 public $extKey = 'rsaauth'; // The extension key. 00062 00063 /** 00064 * Standard prefix id for the service 00065 * 00066 * @var string 00067 */ 00068 public $prefixId = 'tx_rsaauth_sv1'; // Same as class name 00069 00070 /** 00071 * Standard relative path for the service 00072 * 00073 * @var string 00074 */ 00075 public $scriptRelPath = 'sv1/class.tx_rsaauth_sv1.php'; // Path to this script relative to the extension dir. 00076 00077 /** 00078 * Authenticates a user. The function decrypts the password, runs evaluations 00079 * on it and passes to the parent authentication service. 00080 * 00081 * @param array $userRecord User record 00082 * @return int Code that shows if user is really authenticated. 00083 * @see t3lib_userAuth::checkAuthentication() 00084 */ 00085 public function authUser(array $userRecord) { 00086 $result = 100; 00087 00088 if ($this->pObj->security_level == 'rsa') { 00089 00090 $storage = tx_rsaauth_storagefactory::getStorage(); 00091 /* @var $storage tx_rsaauth_abstract_storage */ 00092 00093 // Set failure status by default 00094 $result = -1; 00095 00096 // Preprocess the password 00097 $password = $this->login['uident']; 00098 $key = $storage->get(); 00099 if ($key != null && substr($password, 0, 4) == 'rsa:') { 00100 // Decode password and pass to parent 00101 $decryptedPassword = $this->backend->decrypt($key, substr($password, 4)); 00102 if ($decryptedPassword != null) { 00103 // Run the password through the eval function 00104 $decryptedPassword = $this->runPasswordEvaluations($decryptedPassword); 00105 if ($decryptedPassword != null) { 00106 $this->login['uident'] = $decryptedPassword; 00107 if (parent::authUser($userRecord)) { 00108 $result = 200; 00109 } 00110 } 00111 } 00112 // Reset the password to its original value 00113 $this->login['uident'] = $password; 00114 // Remove the key 00115 $storage->put(null); 00116 } 00117 } 00118 return $result; 00119 } 00120 00121 /** 00122 * Initializes the service. 00123 * 00124 * @return boolean 00125 */ 00126 public function init() { 00127 $available = parent::init(); 00128 if ($available) { 00129 // Get the backend 00130 $this->backend = tx_rsaauth_backendfactory::getBackend(); 00131 if (is_null($this->backend)) { 00132 $available = false; 00133 } 00134 } 00135 00136 return $available; 00137 } 00138 00139 /** 00140 * Runs password evaluations. This is necessary because other extensions can 00141 * modify the way the password is stored in the database. We check for all 00142 * evaluations for the password column and run those. 00143 * 00144 * Notes: 00145 * - we call t3lib_TCEmain::checkValue_input_Eval() but it is risky: if a hook 00146 * relies on BE_USER, it will fail. No hook should do this, so we risk it. 00147 * - we cannot use t3lib_TCEmain::checkValue_input_Eval() for running all 00148 * evaluations because it does not create md5 hashes. 00149 * 00150 * @param string $password Evaluated password 00151 * @return void 00152 * @see t3lib_TCEmain::checkValue_input_Eval() 00153 */ 00154 protected function runPasswordEvaluations($password) { 00155 $table = $this->pObj->user_table; 00156 t3lib_div::loadTCA($table); 00157 $conf = &$GLOBALS['TCA'][$table]['columns'][$this->pObj->userident_column]['config']; 00158 $evaluations = $conf['eval']; 00159 if ($evaluations) { 00160 $tce = null; 00161 foreach (t3lib_div::trimExplode(',', $evaluations, true) as $evaluation) { 00162 switch ($evaluation) { 00163 case 'md5': 00164 $password = md5($password); 00165 break; 00166 case 'upper': 00167 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE 00168 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj); 00169 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset); 00170 $password = $csConvObj->conv_case($charset, $password, 'toUpper'); 00171 break; 00172 case 'lower': 00173 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE 00174 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj); 00175 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset); 00176 $password = $csConvObj->conv_case($charset, $password, 'toLower'); 00177 break; 00178 case 'password': 00179 case 'required': 00180 // Do nothing! 00181 break; 00182 default: 00183 // We must run these evaluations through TCEmain to avoid 00184 // code duplication and ensure that any custom evaluations 00185 // are called in a proper context 00186 if ($tce == null) { 00187 /* @var $tce t3lib_TCEmain */ 00188 $tce = t3lib_div::makeInstance('t3lib_TCEmain'); 00189 } 00190 $result = $tce->checkValue_input_Eval($password, array($evaluation), $conf['is_in']); 00191 if (!isset($result['value'])) { 00192 // Failure!!! 00193 return null; 00194 } 00195 $password = $result['value']; 00196 } 00197 } 00198 } 00199 return $password; 00200 } 00201 } 00202 00203 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php'])) { 00204 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']); 00205 } 00206 00207 ?>
1.8.0