[TASK] Use autoloader in rsaauth system extension
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / sv1 / class.tx_rsaauth_sv1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009-2011 Dmitry Dulepov <dmitry@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 require_once(t3lib_extMgm::extPath('sv') . 'class.tx_sv_auth.php');
26
27 // Include backends
28
29 /**
30 * Service "RSA authentication" for the "rsaauth" extension. This service will
31 * authenticate a user using hos password encoded with one time public key. It
32 * uses the standard TYPO3 service to do all dirty work. Firsts, it will decode
33 * the password and then pass it to the parent service ('sv'). This ensures that it
34 * always works, even if other TYPO3 internals change.
35 *
36 * @author Dmitry Dulepov <dmitry@typo3.org>
37 * @package TYPO3
38 * @subpackage tx_rsaauth
39 */
40 class tx_rsaauth_sv1 extends tx_sv_auth {
41
42 /**
43 * An RSA backend.
44 *
45 * @var tx_rsaauth_abstract_backend
46 */
47 protected $backend = NULL;
48
49 /**
50 * Standard extension key for the service
51 *
52 * @var string
53 */
54 public $extKey = 'rsaauth'; // The extension key.
55
56 /**
57 * Standard prefix id for the service
58 *
59 * @var string
60 */
61 public $prefixId = 'tx_rsaauth_sv1'; // Same as class name
62
63 /**
64 * Standard relative path for the service
65 *
66 * @var string
67 */
68 public $scriptRelPath = 'sv1/class.tx_rsaauth_sv1.php'; // Path to this script relative to the extension dir.
69
70 /**
71 * Authenticates a user. The function decrypts the password, runs evaluations
72 * on it and passes to the parent authentication service.
73 *
74 * @param array $userRecord User record
75 * @return int Code that shows if user is really authenticated.
76 * @see t3lib_userAuth::checkAuthentication()
77 */
78 public function authUser(array $userRecord) {
79 $result = 100;
80
81 if ($this->pObj->security_level == 'rsa') {
82
83 $storage = tx_rsaauth_storagefactory::getStorage();
84 /* @var $storage tx_rsaauth_abstract_storage */
85
86 // Set failure status by default
87 $result = -1;
88
89 // Preprocess the password
90 $password = $this->login['uident'];
91 $key = $storage->get();
92 if ($key != NULL && substr($password, 0, 4) == 'rsa:') {
93 // Decode password and pass to parent
94 $decryptedPassword = $this->backend->decrypt($key, substr($password, 4));
95 if ($decryptedPassword != NULL) {
96 // Run the password through the eval function
97 $decryptedPassword = $this->runPasswordEvaluations($decryptedPassword);
98 if ($decryptedPassword != NULL) {
99 $this->login['uident'] = $decryptedPassword;
100 if (parent::authUser($userRecord)) {
101 $result = 200;
102 }
103 }
104 }
105 // Reset the password to its original value
106 $this->login['uident'] = $password;
107 // Remove the key
108 $storage->put(NULL);
109 }
110 }
111 return $result;
112 }
113
114 /**
115 * Initializes the service.
116 *
117 * @return boolean
118 */
119 public function init() {
120 $available = parent::init();
121 if ($available) {
122 // Get the backend
123 $this->backend = tx_rsaauth_backendfactory::getBackend();
124 if (is_null($this->backend)) {
125 $available = FALSE;
126 }
127 }
128
129 return $available;
130 }
131
132 /**
133 * Runs password evaluations. This is necessary because other extensions can
134 * modify the way the password is stored in the database. We check for all
135 * evaluations for the password column and run those.
136 *
137 * Notes:
138 * - we call t3lib_TCEmain::checkValue_input_Eval() but it is risky: if a hook
139 * relies on BE_USER, it will fail. No hook should do this, so we risk it.
140 * - we cannot use t3lib_TCEmain::checkValue_input_Eval() for running all
141 * evaluations because it does not create md5 hashes.
142 *
143 * @param string $password Evaluated password
144 * @return void
145 * @see t3lib_TCEmain::checkValue_input_Eval()
146 */
147 protected function runPasswordEvaluations($password) {
148 $table = $this->pObj->user_table;
149 t3lib_div::loadTCA($table);
150 $conf = &$GLOBALS['TCA'][$table]['columns'][$this->pObj->userident_column]['config'];
151 $evaluations = $conf['eval'];
152 if ($evaluations) {
153 $tce = NULL;
154 foreach (t3lib_div::trimExplode(',', $evaluations, TRUE) as $evaluation) {
155 switch ($evaluation) {
156 case 'md5':
157 $password = md5($password);
158 break;
159 case 'upper':
160 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
161 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj);
162 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset);
163 $password = $csConvObj->conv_case($charset, $password, 'toUpper');
164 break;
165 case 'lower':
166 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
167 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj);
168 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset);
169 $password = $csConvObj->conv_case($charset, $password, 'toLower');
170 break;
171 case 'password':
172 case 'required':
173 // Do nothing!
174 break;
175 default:
176 // We must run these evaluations through TCEmain to avoid
177 // code duplication and ensure that any custom evaluations
178 // are called in a proper context
179 if ($tce == NULL) {
180 /* @var $tce t3lib_TCEmain */
181 $tce = t3lib_div::makeInstance('t3lib_TCEmain');
182 }
183 $result = $tce->checkValue_input_Eval($password, array($evaluation), $conf['is_in']);
184 if (!isset($result['value'])) {
185 // Failure!!!
186 return NULL;
187 }
188 $password = $result['value'];
189 }
190 }
191 }
192 return $password;
193 }
194 }
195
196 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php'])) {
197 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']);
198 }
199
200 ?>