af089af55136ec6bea8a9b71a9e8b3945c680ab1
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / sv1 / class.tx_rsaauth_sv1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009 Dmitry Dulepov <dmitry@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24 /**
25 * [CLASS/FUNCTION INDEX of SCRIPT]
26 *
27 * $Id: class.tx_rsaauth_sv1.php 19610 2009-04-28 12:53:15Z dmitry $
28 */
29
30 require_once(t3lib_extMgm::extPath('sv') . 'class.tx_sv_auth.php');
31 require_once(t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php');
32 require_once(t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php');
33
34 // Include backends
35
36 /**
37 * Service "RSA authentication" for the "rsaauth" extension. This service will
38 * authenticate a user using hos password encoded with one time public key. It
39 * uses the standard TYPO3 service to do all dirty work. Firsts, it will decode
40 * the password and then pass it to the parent service ('sv'). This ensures that it
41 * always works, even if other TYPO3 internals change.
42 *
43 * @author Dmitry Dulepov <dmitry@typo3.org>
44 * @package TYPO3
45 * @subpackage tx_rsaauth
46 */
47 class tx_rsaauth_sv1 extends tx_sv_auth {
48
49 /**
50 * An RSA backend.
51 *
52 * @var tx_rsaauth_abstract_backend
53 */
54 protected $backend = null;
55
56 /**
57 * Standard extension key for the service
58 *
59 * @var string
60 */
61 public $extKey = 'rsaauth'; // The extension key.
62
63 /**
64 * Standard prefix id for the service
65 *
66 * @var string
67 */
68 public $prefixId = 'tx_rsaauth_sv1'; // Same as class name
69
70 /**
71 * Standard relative path for the service
72 *
73 * @var string
74 */
75 public $scriptRelPath = 'sv1/class.tx_rsaauth_sv1.php'; // Path to this script relative to the extension dir.
76
77 /**
78 * Authenticates a user. The function decrypts the password, runs evaluations
79 * on it and passes to the parent authentication service.
80 *
81 * @param array $userRecord User record
82 * @return int Code that shows if user is really authenticated.
83 * @see t3lib_userAuth::checkAuthentication()
84 */
85 public function authUser(array $userRecord) {
86 $result = 100;
87
88 if ($this->pObj->security_level == 'rsa') {
89
90 $storage = tx_rsaauth_storagefactory::getStorage();
91 /* @var $storage tx_rsaauth_abstract_storage */
92
93 // Set failure status by default
94 $result = -1;
95
96 // Preprocess the password
97 $password = $this->login['uident'];
98 $key = $storage->get();
99 if ($key != null && substr($password, 0, 4) == 'rsa:') {
100 // Decode password and pass to parent
101 $decryptedPassword = $this->backend->decrypt($key, substr($password, 4));
102 if ($decryptedPassword != null) {
103 // Run the password through the eval function
104 $decryptedPassword = $this->runPasswordEvaluations($decryptedPassword);
105 if ($decryptedPassword != null) {
106 $this->login['uident'] = $decryptedPassword;
107 if (parent::authUser($userRecord)) {
108 $result = 200;
109 }
110 }
111 }
112 // Reset the password to its original value
113 $this->login['uident'] = $password;
114 // Remove the key
115 $storage->put(null);
116 }
117 }
118 return $result;
119 }
120
121 /**
122 * Initializes the service.
123 *
124 * @return boolean
125 */
126 public function init() {
127 $available = parent::init();
128 if ($available) {
129 // Get the backend
130 $this->backend = tx_rsaauth_backendfactory::getBackend();
131 if (is_null($this->backend)) {
132 $available = false;
133 }
134 }
135
136 return $available;
137 }
138
139 /**
140 * Runs password evaluations. This is necessary because other extensions can
141 * modify the way the password is stored in the database. We check for all
142 * evaluations for the password column and run those.
143 *
144 * Notes:
145 * - we call t3lib_TCEmain::checkValue_input_Eval() but it is risky: if a hook
146 * relies on BE_USER, it will fail. No hook should do this, so we risk it.
147 * - we cannot use t3lib_TCEmain::checkValue_input_Eval() for running all
148 * evaluations because it does not create md5 hashes.
149 *
150 * @param string $password Evaluated password
151 * @return void
152 * @see t3lib_TCEmain::checkValue_input_Eval()
153 */
154 protected function runPasswordEvaluations($password) {
155 $table = $this->pObj->user_table;
156 t3lib_div::loadTCA($table);
157 $conf = &$GLOBALS['TCA'][$table]['columns'][$this->pObj->userident_column]['config'];
158 $evaluations = $conf['eval'];
159 if ($evaluations) {
160 $tce = null;
161 foreach (t3lib_div::trimExplode(',', $evaluations, true) as $evaluation) {
162 switch ($evaluation) {
163 case 'md5':
164 $password = md5($password);
165 break;
166 case 'upper':
167 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
168 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj);
169 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset);
170 $password = $csConvObj->conv_case($charset, $password, 'toUpper');
171 break;
172 case 'lower':
173 // We do not pass this to TCEmain because TCEmain will use objects unavailable in FE
174 $csConvObj = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->csConvObj : $GLOBALS['TSFE']->csConvObj);
175 $charset = (TYPO3_MODE == 'BE' ? $GLOBALS['LANG']->charSet : $GLOBALS['TSFE']->metaCharset);
176 $password = $csConvObj->conv_case($charset, $password, 'toLower');
177 break;
178 case 'password':
179 case 'required':
180 // Do nothing!
181 break;
182 default:
183 // We must run these evaluations through TCEmain to avoid
184 // code duplication and ensure that any custom evaluations
185 // are called in a proper context
186 if ($tce == null) {
187 $tce = t3lib_div::makeInstance('t3lib_TCEmain');
188 /* @var $tce t3lib_TCEmain */
189 }
190 $result = $tce->checkValue_input_Eval($password, array($evaluation), $conf['is_in']);
191 if (!isset($result['value'])) {
192 // Failure!!!
193 return null;
194 }
195 $password = $result['value'];
196 }
197 }
198 }
199 return $password;
200 }
201 }
202
203 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']) {
204 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/rsaauth/sv1/class.tx_rsaauth_sv1.php']);
205 }
206
207 ?>