<?php
/**
* Copyright (C) 2019 Leipzig University Library
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* @author Sebastian Kehr <kehr@ub.uni-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU GPLv2
*/
namespace fid\VuFind\Auth;
use fid\Service\Client;
use fid\Service\ClientException;
use fid\VuFind\Db\Row\User as VuFindUser;
use VuFind\Auth\AbstractBase;
use VuFind\Db\Row\User as UserRow;
use VuFind\Exception\Auth as AuthException;
use Zend\Http\PhpEnvironment\Request;
class Authenticator extends AbstractBase
{
protected const AUTH_ERROR_BAD_CREDENTIALS
= 'fid::auth_error_bad_credentials';
protected const AUTH_ERROR_UNKNOWN_REASON
= 'fid::auth_error_unknown_reason';
protected const AUTH_ERROR_ACCOUNT_BLOCKED
= 'fid::auth_error_account_blocked';
/**
* @var Client
*/
protected $client;
public function __construct(Client $client)
{
$this->client = $client;
}
/**
* @param Request $request
*
* @return VuFindUser|UserRow
* @throws AuthException
* @throws ClientException
*/
public function create($request)
{
return $this->authenticate($request);
}
/**
* @param Request $request
*
* @return VuFindUser|UserRow
* @throws AuthException
* @throws ClientException
*/
public function authenticate($request)
{
$params = $request->getPost();
$username = trim($params->get('username'));
$password = trim($params->get('password'));
try {
$logon = $this->client->logon($username, $password);
} catch (ClientException $exception) {
switch ($exception->getCode()) {
case 401:
throw new AuthException(self::AUTH_ERROR_BAD_CREDENTIALS);
default:
throw new AuthException(self::AUTH_ERROR_UNKNOWN_REASON);
}
}
if (!$this->client->isAuthorized('basic_access')) {
$this->client->logoff();
throw new AuthException(self::AUTH_ERROR_ACCOUNT_BLOCKED);
}
if ($ownerId = $logon->getOwnerId()) {
/** @var VuFindUser $userRow */
$userRow = $this->getUserTable()->getByUsername($ownerId);
return $userRow;
}
// May happen when trying to authenticate as non-database user.
throw new AuthException(self::AUTH_ERROR_UNKNOWN_REASON);
}
/**
* @param string $url
*
* @return string
* @throws ClientException
*/
public function logout($url)
{
$this->client->logoff();
return $url;
}
/**
* @return bool
*/
public function isExpired()
{
return !$this->client->isLoggedOn();
}
public function supportsCreation()
{
return true;
}
public function supportsPasswordRecovery()
{
return true;
}
}