. */ namespace SP\Providers\Auth; use SP\Core\Application; use SP\Core\Exceptions\SPException; use SP\DataModel\UserLoginData; use SP\Domain\Auth\Services\AuthException; use SP\Providers\Auth\Browser\BrowserAuthInterface; use SP\Providers\Auth\Database\DatabaseAuthInterface; use SP\Providers\Auth\Ldap\LdapAuthInterface; use SP\Providers\Provider; defined('APP_ROOT') || die(); /** * Class Auth * * Esta clase es la encargada de realizar la autentificación de usuarios de sysPass. * * @package SP\Providers\Auth */ class AuthProvider extends Provider implements AuthProviderInterface { /** * @var callable[] */ protected array $auths = []; protected DatabaseAuthInterface $databaseAuth; protected ?BrowserAuthInterface $browserAuth = null; protected ?LdapAuthInterface $ldapAuth = null; public function __construct( Application $application, DatabaseAuthInterface $databaseAuth ) { parent::__construct($application); $this->databaseAuth = $databaseAuth; } /** * Probar los métodos de autentificación * * @param UserLoginData $userLoginData * * @return false|AuthResult[] */ public function doAuth(UserLoginData $userLoginData) { $authsResult = []; foreach ($this->auths as $authName => $auth) { $data = $auth($userLoginData); if ($data instanceof AuthDataBase) { $authsResult[] = new AuthResult($authName, $data); } } return count($authsResult) > 0 ? $authsResult : false; } /** * Auth initializer * * @throws AuthException */ public function initialize(): void { $configData = $this->config->getConfigData(); if ($this->browserAuth && $configData->isAuthBasicEnabled()) { $this->registerAuth( function (UserLoginData $userLoginData) { $this->browserAuth->authenticate($userLoginData); }, 'authBrowser' ); } if ($this->ldapAuth && $configData->isLdapEnabled()) { $this->registerAuth( function (UserLoginData $userLoginData) { $ldapAuthData = $this->ldapAuth->getLdapAuthData(); $ldapAuthData->setAuthenticated($this->ldapAuth->authenticate($userLoginData)); if ($ldapAuthData->getAuthenticated()) { // Comprobamos si la cuenta está bloqueada o expirada if ($ldapAuthData->getExpire() > 0) { $ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_EXPIRED); } elseif (!$ldapAuthData->isInGroup()) { $ldapAuthData->setStatusCode(LdapAuthInterface::ACCOUNT_NO_GROUPS); } } return $ldapAuthData; }, 'authLdap' ); } $this->registerAuth( function (UserLoginData $userLoginData) { return $this->databaseAuth->authenticate($userLoginData); }, 'authDatabase' ); } /** * Registrar un método de autentificación primarios * * @param callable $auth Función de autentificación * @param string $name * * @throws AuthException */ private function registerAuth(callable $auth, string $name): void { if (array_key_exists($name, $this->auths)) { throw new AuthException( __u('Authentication already initialized'), SPException::ERROR, __FUNCTION__ ); } $this->auths[$name] = $auth; } public function withLdapAuth(LdapAuthInterface $ldapAuth): void { $this->ldapAuth = $ldapAuth; } public function withBrowserAuth(BrowserAuthInterface $browserAuth): void { $this->browserAuth = $browserAuth; } }