partkeepr

fork of partkeepr
git clone https://git.e1e0.net/partkeepr.git
Log | Files | Refs | Submodules | README | LICENSE
commit 854eb47966f770dd736e270453f23a27f28bd807
parent 5338129e364fd6c81ed914ebee83980c0f8040fb
Author: Felicitus <felicitus@felicitus.org>
Date:   Sun, 25 Mar 2012 05:05:09 +0200

Added HTTP auth feature

Diffstat:

Mconfig.php.template | 12+++++++++++-


Msrc/frontend/index.php | 32++++++++++++++++++++++++++++----


Msrc/frontend/js/Components/Session/SessionManager.js | 10++++++++--


Msrc/frontend/js/PartKeepr.js | 23+++++++++++++++--------


4 files changed, 62 insertions(+), 15 deletions(-)

diff --git a/config.php.template b/config.php.template
@@ -125,6 +125,15 @@ Configuration::setOption("partkeepr.frontend.allow_password_change", true);
 /**
  * Specifies the separator for category paths. If you change this, you need to rebuild the category paths by
  * executing the script scripts/UpdateCategoryPathCache.php
- * 
  */
 Configuration::setOption("partkeepr.category.path_separator", " ➤ ");
+
+/**
+ * Set to true if authentication via HTTP is wanted.
+ *
+ * Authentication is then completely handled by your web server. Non-existant users are created automatically.
+ * Make sure you have admin rights transferred prior switching to HTTP auth.
+ *
+ * As soon as you set HTTP auth, you can no longer login and logout in PartKeepr, as this is handled by your web server.
+ */
+Configuration::setOption("partkeepr.auth.http", false);+
\ No newline at end of file
diff --git a/src/frontend/index.php b/src/frontend/index.php
@@ -1,9 +1,11 @@
 <?php
 namespace de\RaumZeitLabor\PartKeepr\Frontend;
 
-use de\RaumZeitLabor\PartKeepr\Service\ServiceManager;
-use de\RaumZeitLabor\PartKeepr\PartKeepr;
-use de\RaumZeitLabor\PartKeepr\Util\Configuration;
+use de\RaumZeitLabor\PartKeepr\User\User,
+	de\RaumZeitLabor\PartKeepr\Service\ServiceManager,
+	de\RaumZeitLabor\PartKeepr\PartKeepr,
+	de\RaumZeitLabor\PartKeepr\Session\SessionManager,
+	de\RaumZeitLabor\PartKeepr\Util\Configuration;
 
 include("../src/backend/de/RaumZeitLabor/PartKeepr/PartKeepr.php");
 
@@ -15,6 +17,28 @@ $aParameters["doctrine_dbal_version"] = \Doctrine\DBAL\Version::VERSION;
 $aParameters["doctrine_common_version"] = \Doctrine\Common\Version::VERSION;
 $aParameters["php_version"] = phpversion();
 
+if (Configuration::getOption("partkeepr.auth.http", false) === true) {
+	if (!isset($_SERVER["PHP_AUTH_USER"])) {
+		// @todo Redirect to permission denied page 
+	}
+	
+	try {
+		$user = User::loadByName($_SERVER['PHP_AUTH_USER']);
+	} catch (\Doctrine\ORM\NoResultException $e) {
+		$user = new User;
+		$user->setUsername($_SERVER['PHP_AUTH_USER']);
+		$user->setPassword("invalid");
+		
+		PartKeepr::getEM()->persist($user);
+		PartKeepr::getEM()->flush();
+	}
+	
+
+	$session = SessionManager::getInstance()->startSession($user);
+	
+	$aParameters["auto_start_session"] = $session->getSessionID();
+}
+
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
         "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
@@ -86,10 +110,10 @@ if (Configuration::getOption("partkeepr.frontend.autologin.enabled", false) === 
 ?>
 window.autoLoginUsername = "<?php echo Configuration::getOption("partkeepr.frontend.autologin.username"); ?>";
 window.autoLoginPassword = "<?php echo Configuration::getOption("partkeepr.frontend.autologin.password"); ?>";
-window.parameters = <?php echo json_encode($aParameters); ?>;
 <?php
 }
 ?>
+window.parameters = <?php echo json_encode($aParameters); ?>;
 </script>
 </body>
 </html> 
\ No newline at end of file
diff --git a/src/frontend/js/Components/Session/SessionManager.js b/src/frontend/js/Components/Session/SessionManager.js
@@ -1,7 +1,7 @@
 /**
  * Represents a session against the PartKeepr Server.
  */
-Ext.define("PartKeepr.Session", {
+Ext.define("PartKeepr.SessionManager", {
 	extend: 'Ext.util.Observable',
 	 
 	/**
@@ -71,12 +71,18 @@ Ext.define("PartKeepr.Session", {
 	 * @param response The session ID
 	 */
 	onAfterLogin: function (response) {
-		this.session = response.sessionid;
+		this.setSession(response.sessionid);
 		this.loginDialog.destroy();
 		
 		this.fireEvent("login");
 	},
 	/**
+	 * Sets the session
+	 */
+	setSession: function (sessionid) {
+		this.session = sessionid;
+	},
+	/**
 	 * Returns the current session
 	 * 
 	 * @returns the session, or null if no session is available
diff --git a/src/frontend/js/PartKeepr.js b/src/frontend/js/PartKeepr.js
@@ -20,19 +20,26 @@ Ext.application({
     	PartKeepr.setMaxUploadSize(window.maxUploadSize);
     	PartKeepr.setAvailableImageFormats(window.availableImageFormats);
 
-    	// If auto login is wanted (for e.g. demo systems), put it in here
+    	this.sessionManager = new PartKeepr.SessionManager();
     	
-    	
-    	this.sessionManager = new PartKeepr.Session();
-    	this.sessionManager.on("login", this.onLogin, this);
-    	
-    	if (window.autoLoginUsername) {
-    		this.sessionManager.login(window.autoLoginUsername, window.autoLoginPassword);
+    	/* Automatic session starting is active. This disables login/logout functionality. */
+    	if (window.parameters.auto_start_session) {
+    		this.getSessionManager().setSession(window.parameters.auto_start_session);
+    		this.getStatusbar().connectionButton.hide();
+    		this.onLogin();
     	} else {
-    		this.sessionManager.login();
+        	// If auto login is wanted (for e.g. demo systems), put it in here
+        	this.sessionManager.on("login", this.onLogin, this);
+        	
+        	if (window.autoLoginUsername) {
+        		this.sessionManager.login(window.autoLoginUsername, window.autoLoginPassword);
+        	} else {
+        		this.sessionManager.login();
+        	}
     	}
     	
     	
+    	
         Ext.fly(document.body).on('contextmenu', this.onContextMenu, this);
     },
     onContextMenu: function (e, target) {