Authenticator.php

<?php
/**
 * Copyright (C) 2019 Leipzig University Library
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * @author  Sebastian Kehr <kehr@ub.uni-leipzig.de>
 * @license http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
 */

namespace fid\VuFind\Auth;

use fid\Service\Client;
use fid\Service\ClientException;
use fid\VuFind\Db\Row\User as VuFindUser;
use VuFind\Auth\AbstractBase;
use VuFind\Db\Row\User as UserRow;
use VuFind\Exception\Auth as AuthException;
use Zend\Http\PhpEnvironment\Request;

class Authenticator extends AbstractBase
{
    protected const AUTH_ERROR_BAD_CREDENTIALS
        = 'fid::auth_error_bad_credentials';

    protected const AUTH_ERROR_UNKNOWN_REASON
        = 'fid::auth_error_unknown_reason';

    protected const AUTH_ERROR_ACCOUNT_BLOCKED
        = 'fid::auth_error_account_blocked';

    /**
     * @var Client
     */
    protected $client;

    public function __construct(Client $client)
    {
        $this->client = $client;
    }

    /**
     * @param Request $request
     *
     * @return VuFindUser|UserRow
     * @throws AuthException
     * @throws ClientException
     */
    public function create($request)
    {
        return $this->authenticate($request);
    }


    /**
     * @param Request $request
     *
     * @return VuFindUser|UserRow
     * @throws AuthException
     * @throws ClientException
     */
    public function authenticate($request)
    {
        $params = $request->getPost();
        $username = trim($params->get('username'));
        $password = trim($params->get('password'));

        try {
            $logon = $this->client->logon($username, $password);
        } catch (ClientException $exception) {
            switch ($exception->getCode()) {
                case 401:
                    throw new AuthException(self::AUTH_ERROR_BAD_CREDENTIALS);
                default:
                    throw new AuthException(self::AUTH_ERROR_UNKNOWN_REASON);
            }
        }

        if (!$this->client->isAuthorized('basic_access')) {
            $this->client->logoff();
            throw new AuthException(self::AUTH_ERROR_ACCOUNT_BLOCKED);
        }

        if ($ownerId = $logon->getOwnerId()) {
            /** @var VuFindUser $userRow */
            $userRow = $this->getUserTable()->getByUsername($ownerId);

            return $userRow;
        }

        // May happen when trying to authenticate as non-database user.
        throw new AuthException(self::AUTH_ERROR_UNKNOWN_REASON);
    }

    /**
     * @param string $url
     *
     * @return string
     * @throws ClientException
     */
    public function logout($url)
    {
        $this->client->logoff();
        return $url;
    }

    /**
     * @return bool
     */
    public function isExpired()
    {
        return !$this->client->isLoggedOn();
    }

    public function supportsCreation()
    {
        return true;
    }

    public function supportsPasswordRecovery()
    {
        return true;
    }
}