1*a1a3b679SAndreas Boehler<?php 2*a1a3b679SAndreas Boehler 3*a1a3b679SAndreas Boehlernamespace Sabre\DAV\Auth\Backend; 4*a1a3b679SAndreas Boehler 5*a1a3b679SAndreas Boehleruse Sabre\HTTP\RequestInterface; 6*a1a3b679SAndreas Boehleruse Sabre\HTTP\ResponseInterface; 7*a1a3b679SAndreas Boehler 8*a1a3b679SAndreas Boehler/** 9*a1a3b679SAndreas Boehler * Apache authenticator 10*a1a3b679SAndreas Boehler * 11*a1a3b679SAndreas Boehler * This authentication backend assumes that authentication has been 12*a1a3b679SAndreas Boehler * configured in apache, rather than within SabreDAV. 13*a1a3b679SAndreas Boehler * 14*a1a3b679SAndreas Boehler * Make sure apache is properly configured for this to work. 15*a1a3b679SAndreas Boehler * 16*a1a3b679SAndreas Boehler * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/). 17*a1a3b679SAndreas Boehler * @author Evert Pot (http://evertpot.com/) 18*a1a3b679SAndreas Boehler * @license http://sabre.io/license/ Modified BSD License 19*a1a3b679SAndreas Boehler */ 20*a1a3b679SAndreas Boehlerclass Apache implements BackendInterface { 21*a1a3b679SAndreas Boehler 22*a1a3b679SAndreas Boehler /** 23*a1a3b679SAndreas Boehler * This is the prefix that will be used to generate principal urls. 24*a1a3b679SAndreas Boehler * 25*a1a3b679SAndreas Boehler * @var string 26*a1a3b679SAndreas Boehler */ 27*a1a3b679SAndreas Boehler protected $principalPrefix = 'principals/'; 28*a1a3b679SAndreas Boehler 29*a1a3b679SAndreas Boehler /** 30*a1a3b679SAndreas Boehler * When this method is called, the backend must check if authentication was 31*a1a3b679SAndreas Boehler * successful. 32*a1a3b679SAndreas Boehler * 33*a1a3b679SAndreas Boehler * The returned value must be one of the following 34*a1a3b679SAndreas Boehler * 35*a1a3b679SAndreas Boehler * [true, "principals/username"] 36*a1a3b679SAndreas Boehler * [false, "reason for failure"] 37*a1a3b679SAndreas Boehler * 38*a1a3b679SAndreas Boehler * If authentication was successful, it's expected that the authentication 39*a1a3b679SAndreas Boehler * backend returns a so-called principal url. 40*a1a3b679SAndreas Boehler * 41*a1a3b679SAndreas Boehler * Examples of a principal url: 42*a1a3b679SAndreas Boehler * 43*a1a3b679SAndreas Boehler * principals/admin 44*a1a3b679SAndreas Boehler * principals/user1 45*a1a3b679SAndreas Boehler * principals/users/joe 46*a1a3b679SAndreas Boehler * principals/uid/123457 47*a1a3b679SAndreas Boehler * 48*a1a3b679SAndreas Boehler * If you don't use WebDAV ACL (RFC3744) we recommend that you simply 49*a1a3b679SAndreas Boehler * return a string such as: 50*a1a3b679SAndreas Boehler * 51*a1a3b679SAndreas Boehler * principals/users/[username] 52*a1a3b679SAndreas Boehler * 53*a1a3b679SAndreas Boehler * @param RequestInterface $request 54*a1a3b679SAndreas Boehler * @param ResponseInterface $response 55*a1a3b679SAndreas Boehler * @return array 56*a1a3b679SAndreas Boehler */ 57*a1a3b679SAndreas Boehler function check(RequestInterface $request, ResponseInterface $response) { 58*a1a3b679SAndreas Boehler 59*a1a3b679SAndreas Boehler $remoteUser = $request->getRawServerValue('REMOTE_USER'); 60*a1a3b679SAndreas Boehler if (is_null($remoteUser)) { 61*a1a3b679SAndreas Boehler $remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER'); 62*a1a3b679SAndreas Boehler } 63*a1a3b679SAndreas Boehler if (is_null($remoteUser)) { 64*a1a3b679SAndreas Boehler return [false, 'No REMOTE_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly']; 65*a1a3b679SAndreas Boehler } 66*a1a3b679SAndreas Boehler 67*a1a3b679SAndreas Boehler return [true, $this->principalPrefix . $remoteUser]; 68*a1a3b679SAndreas Boehler 69*a1a3b679SAndreas Boehler } 70*a1a3b679SAndreas Boehler 71*a1a3b679SAndreas Boehler /** 72*a1a3b679SAndreas Boehler * This method is called when a user could not be authenticated, and 73*a1a3b679SAndreas Boehler * authentication was required for the current request. 74*a1a3b679SAndreas Boehler * 75*a1a3b679SAndreas Boehler * This gives you the opportunity to set authentication headers. The 401 76*a1a3b679SAndreas Boehler * status code will already be set. 77*a1a3b679SAndreas Boehler * 78*a1a3b679SAndreas Boehler * In this case of Basic Auth, this would for example mean that the 79*a1a3b679SAndreas Boehler * following header needs to be set: 80*a1a3b679SAndreas Boehler * 81*a1a3b679SAndreas Boehler * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV'); 82*a1a3b679SAndreas Boehler * 83*a1a3b679SAndreas Boehler * Keep in mind that in the case of multiple authentication backends, other 84*a1a3b679SAndreas Boehler * WWW-Authenticate headers may already have been set, and you'll want to 85*a1a3b679SAndreas Boehler * append your own WWW-Authenticate header instead of overwriting the 86*a1a3b679SAndreas Boehler * existing one. 87*a1a3b679SAndreas Boehler * 88*a1a3b679SAndreas Boehler * @param RequestInterface $request 89*a1a3b679SAndreas Boehler * @param ResponseInterface $response 90*a1a3b679SAndreas Boehler * @return void 91*a1a3b679SAndreas Boehler */ 92*a1a3b679SAndreas Boehler function challenge(RequestInterface $request, ResponseInterface $response) { 93*a1a3b679SAndreas Boehler 94*a1a3b679SAndreas Boehler } 95*a1a3b679SAndreas Boehler 96*a1a3b679SAndreas Boehler} 97