mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-31 02:36:28 +00:00
179 lines
5.6 KiB
PHP
179 lines
5.6 KiB
PHP
<?php
|
|
|
|
/**
|
|
* RemoteUserGuard.php
|
|
* Copyright (c) 2020 james@firefly-iii.org
|
|
*
|
|
* This file is part of Firefly III (https://github.com/firefly-iii).
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace FireflyIII\Support\Authentication;
|
|
|
|
use FireflyIII\Exceptions\FireflyException;
|
|
use FireflyIII\Support\Facades\Preferences;
|
|
use FireflyIII\User;
|
|
use Illuminate\Contracts\Auth\Authenticatable;
|
|
use Illuminate\Contracts\Auth\Guard;
|
|
use Illuminate\Contracts\Auth\UserProvider;
|
|
use Illuminate\Contracts\Foundation\Application;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
/**
|
|
* Class RemoteUserGuard
|
|
*/
|
|
class RemoteUserGuard implements Guard
|
|
{
|
|
protected Application $application;
|
|
protected ?User $user;
|
|
|
|
/**
|
|
* Create a new authentication guard.
|
|
*/
|
|
public function __construct(protected UserProvider $provider, Application $app)
|
|
{
|
|
/** @var null|Request $request */
|
|
$request = $app->get('request');
|
|
// Log::debug(sprintf('Created RemoteUserGuard for %s "%s"', $request?->getMethod(), $request?->getRequestUri()));
|
|
$this->application = $app;
|
|
$this->user = null;
|
|
}
|
|
|
|
public function authenticate(): void
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
if ($this->user instanceof User) {
|
|
Log::debug(sprintf('%s is found: #%d, "%s".', $this->user::class, $this->user->id, $this->user->email));
|
|
|
|
return;
|
|
}
|
|
// Get the user identifier from $_SERVER or apache filtered headers
|
|
$header = config('auth.guard_header', 'REMOTE_USER');
|
|
$userID = request()->server($header) ?? null;
|
|
|
|
if (function_exists('apache_request_headers')) {
|
|
Log::debug('Use apache_request_headers to find user ID.');
|
|
$userID = request()->server($header) ?? apache_request_headers()[$header] ?? null;
|
|
}
|
|
|
|
if (null === $userID || '' === $userID) {
|
|
Log::error(sprintf('No user in header "%s".', $header));
|
|
|
|
throw new FireflyException('The guard header was unexpectedly empty. See the logs.');
|
|
}
|
|
|
|
Log::debug(sprintf('User ID found in header is "%s"', $userID));
|
|
|
|
/** @var User $retrievedUser */
|
|
$retrievedUser = $this->provider->retrieveById($userID);
|
|
|
|
// store email address if present in header and not already set.
|
|
$header = config('auth.guard_email');
|
|
|
|
if (null !== $header) {
|
|
$emailAddress = (string)(request()->server($header) ?? apache_request_headers()[$header] ?? null);
|
|
$preference = Preferences::getForUser($retrievedUser, 'remote_guard_alt_email');
|
|
|
|
if ('' !== $emailAddress && null === $preference && $emailAddress !== $userID) {
|
|
Preferences::setForUser($retrievedUser, 'remote_guard_alt_email', $emailAddress);
|
|
}
|
|
// if the pref isn't null and the object returned isn't null, update the email address.
|
|
if ('' !== $emailAddress && null !== $preference && $emailAddress !== $preference->data) {
|
|
Preferences::setForUser($retrievedUser, 'remote_guard_alt_email', $emailAddress);
|
|
}
|
|
}
|
|
|
|
Log::debug(sprintf('Result of getting user from provider: %s', $retrievedUser->email));
|
|
$this->user = $retrievedUser;
|
|
}
|
|
|
|
public function check(): bool
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
return $this->user() instanceof User;
|
|
}
|
|
|
|
public function guest(): bool
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
return !$this->check();
|
|
}
|
|
|
|
public function hasUser(): bool
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
throw new FireflyException('Did not implement RemoteUserGuard::hasUser()');
|
|
}
|
|
|
|
/**
|
|
* @SuppressWarnings("PHPMD.ShortMethodName")
|
|
*/
|
|
public function id(): int|string|null
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
return $this->user?->id;
|
|
}
|
|
|
|
public function setUser(Authenticatable|User|null $user): void // @phpstan-ignore-line
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
if ($user instanceof User) {
|
|
$this->user = $user;
|
|
|
|
return;
|
|
}
|
|
Log::error(sprintf('Did not set user at %s', __METHOD__));
|
|
}
|
|
|
|
public function user(): ?User
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
$user = $this->user;
|
|
if (!$user instanceof User) {
|
|
Log::debug('User is NULL');
|
|
|
|
return null;
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* @throws FireflyException
|
|
*
|
|
* @SuppressWarnings("PHPMD.UnusedFormalParameter")
|
|
*/
|
|
public function validate(array $credentials = []): bool
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
throw new FireflyException('Did not implement RemoteUserGuard::validate()');
|
|
}
|
|
|
|
public function viaRemember(): bool
|
|
{
|
|
// Log::debug(sprintf('Now at %s', __METHOD__));
|
|
|
|
return false;
|
|
}
|
|
}
|