2 /***************************************************************
5 * (c) 2009 Dmitry Dulepov <dmitry@typo3.org>
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
25 * [CLASS/FUNCTION INDEX of SCRIPT]
27 * $Id: class.tx_rsaauth_sv1.php 19610 2009-04-28 12:53:15Z dmitry $
30 require_once(t3lib_extMgm
::extPath('sv') . 'class.tx_sv_auth.php');
31 require_once(t3lib_extMgm
::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php');
32 require_once(t3lib_extMgm
::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php');
37 * Service "RSA authentication" for the "rsaauth" extension. This service will
38 * authenticate a user using hos password encoded with one time public key. It
39 * uses the standard TYPO3 service to do all dirty work. Firsts, it will decode
40 * the password and then pass it to the parent service ('sv'). This ensures that it
41 * always works, even if other TYPO3 internals change.
43 * @author Dmitry Dulepov <dmitry@typo3.org>
45 * @subpackage tx_rsaauth
47 class tx_rsaauth_sv1
extends tx_sv_auth
{
52 * @var tx_rsaauth_abstract_backend
54 protected $backend = null;
57 * Standard extension key for the service
61 public $extKey = 'rsaauth'; // The extension key.
64 * Standard prefix id for the service
68 public $prefixId = 'tx_rsaauth_sv1'; // Same as class name
71 * Standard relative path for the service
75 public $scriptRelPath = 'sv1/class.tx_rsaauth_sv1.php'; // Path to this script relative to the extension dir.
78 * Authenticates a user. The function decrypts the password, runs evaluations
79 * on it and passes to the parent authentication service.
81 * @param array $userRecord User record
82 * @return int Code that shows if user is really authenticated.
83 * @see t3lib_userAuth::checkAuthentication()
85 public function authUser(array $userRecord) {
88 if ($this->pObj
->security_level
== 'rsa') {
90 $storage = tx_rsaauth_storagefactory
::getStorage();
91 /* @var $storage tx_rsaauth_abstract_storage */
93 // Set failure status by default
96 // Preprocess the password
97 $password = $this->login
['uident'];
98 $key = $storage->get();
99 if ($key != null && substr($password, 0, 4) == 'rsa:') {
100 // Decode password and pass to parent
101 $decryptedPassword = $this->backend
->decrypt($key, substr($password, 4));
102 if ($decryptedPassword != null) {
103 // Run the password through the eval function
104 $decryptedPassword = $this->runPasswordEvaluations($decryptedPassword);
105 if ($decryptedPassword != null) {
106 $this->login
['uident'] = $decryptedPassword;
107 if (parent
::authUser($userRecord)) {
112 // Reset the password to its original value
113 $this->login
['uident'] = $password;
122 * Initializes the service.
126 public function init() {
127 $available = parent
::init();
130 $this->backend
= tx_rsaauth_backendfactory
::getBackend();
131 if (is_null($this->backend
)) {
140 * Runs password evaluations. This is necessary because other extensions can
141 * modify the way the password is stored in the database. We check for all
142 * evaluations for the password column and run those.
145 * - we call t3lib_TCEmain::checkValue_input_Eval() but it is risky: if a hook
146 * relies on BE_USER, it will fail. No hook should do this, so we risk it.
147 * - we cannot use t3lib_TCEmain::checkValue_input_Eval() for running all
148 * evaluations because it does not create md5 hashes.
150 * @param string $password Evaluated password
152 * @see t3lib_TCEmain::checkValue_input_Eval()
154 protected function runPasswordEvaluations($password) {
155 $table = $this->pObj
->user_table
;
156 t3lib_div
::loadTCA($table);
157 $conf = &$GLOBALS['TCA'][$table]['columns'][$this->pObj
->userident_column
]['config'];
158 $evaluations = $conf['eval'];
161 foreach (t3lib_div
::trimExplode(',', $evaluations, true) as $evaluation) {
162 switch ($evaluation) {
164 $password = md5($password);
167 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
168 $csConvObj = (TYPO3_MODE
== 'BE' ?
$GLOBALS['LANG']->csConvObj
: $GLOBALS['TSFE']->csConvObj
);
169 $charset = (TYPO3_MODE
== 'BE' ?
$GLOBALS['LANG']->charSet
: $GLOBALS['TSFE']->metaCharset
);
170 $password = $csConvObj->conv_case($charset, $password, 'toUpper');
173 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
174 $csConvObj = (TYPO3_MODE
== 'BE' ?
$GLOBALS['LANG']->csConvObj
: $GLOBALS['TSFE']->csConvObj
);
175 $charset = (TYPO3_MODE
== 'BE' ?
$GLOBALS['LANG']->charSet
: $GLOBALS['TSFE']->metaCharset
);
176 $password = $csConvObj->conv_case($charset, $password, 'toLower');
183 // We must run these evaluations through TCEmain to avoid
184 // code duplication and ensure that any custom evaluations
185 // are called in a proper context
187 $tce = t3lib_div
::makeInstance('t3lib_TCEmain');
188 /* @var $tce t3lib_TCEmain */
190 $result = $tce->checkValue_input_Eval($password, array($evaluation), $conf['is_in']);
191 if (!isset($result['value'])) {
195 $password = $result['value'];
203 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']) {
204 include_once($TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']);