[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Joomla! Content Management System
   5   *
   6   * @copyright  (C) 2005 Open Source Matters, Inc. <https://www.joomla.org>
   7   * @license    GNU General Public License version 2 or later; see LICENSE.txt
   8   */
   9  
  10  namespace Joomla\CMS\Authentication;
  11  
  12  use Joomla\CMS\Factory;
  13  use Joomla\CMS\Language\Text;
  14  use Joomla\CMS\Log\Log;
  15  use Joomla\CMS\Plugin\PluginHelper;
  16  use Joomla\Event\DispatcherAwareTrait;
  17  use Joomla\Event\DispatcherInterface;
  18  
  19  // phpcs:disable PSR1.Files.SideEffects
  20  \defined('JPATH_PLATFORM') or die;
  21  // phpcs:enable PSR1.Files.SideEffects
  22  
  23  /**
  24   * Authentication class, provides an interface for the Joomla authentication system
  25   *
  26   * @since  1.7.0
  27   */
  28  class Authentication
  29  {
  30      use DispatcherAwareTrait;
  31  
  32      /**
  33       * This is the status code returned when the authentication is success (permit login)
  34       *
  35       * @var    integer
  36       * @since  1.7.0
  37       */
  38      public const STATUS_SUCCESS = 1;
  39  
  40      /**
  41       * Status to indicate cancellation of authentication (unused)
  42       *
  43       * @var    integer
  44       * @since  1.7.0
  45       */
  46      public const STATUS_CANCEL = 2;
  47  
  48      /**
  49       * This is the status code returned when the authentication failed (prevent login if no success)
  50       *
  51       * @var    integer
  52       * @since  1.7.0
  53       */
  54      public const STATUS_FAILURE = 4;
  55  
  56      /**
  57       * This is the status code returned when the account has expired (prevent login)
  58       *
  59       * @var    integer
  60       * @since  1.7.0
  61       */
  62      public const STATUS_EXPIRED = 8;
  63  
  64      /**
  65       * This is the status code returned when the account has been denied (prevent login)
  66       *
  67       * @var    integer
  68       * @since  1.7.0
  69       */
  70      public const STATUS_DENIED = 16;
  71  
  72      /**
  73       * This is the status code returned when the account doesn't exist (not an error)
  74       *
  75       * @var    integer
  76       * @since  1.7.0
  77       */
  78      public const STATUS_UNKNOWN = 32;
  79  
  80      /**
  81       * @var    Authentication[]  JAuthentication instances container.
  82       * @since  1.7.3
  83       */
  84      protected static $instance = [];
  85  
  86      /**
  87       * Plugin Type to run
  88       *
  89       * @var   string
  90       * @since  4.0.0
  91       */
  92      protected $pluginType;
  93  
  94      /**
  95       * Constructor
  96       *
  97       * @param   string               $pluginType  The plugin type to run authorisation and authentication on
  98       * @param   DispatcherInterface  $dispatcher  The event dispatcher we're going to use
  99       *
 100       * @since   1.7.0
 101       */
 102      public function __construct(string $pluginType = 'authentication', DispatcherInterface $dispatcher = null)
 103      {
 104          // Set the dispatcher
 105          if (!\is_object($dispatcher)) {
 106              $dispatcher = Factory::getContainer()->get('dispatcher');
 107          }
 108  
 109          $this->setDispatcher($dispatcher);
 110          $this->pluginType = $pluginType;
 111  
 112          $isLoaded = PluginHelper::importPlugin($this->pluginType);
 113  
 114          if (!$isLoaded) {
 115              Log::add(Text::_('JLIB_USER_ERROR_AUTHENTICATION_LIBRARIES'), Log::WARNING, 'jerror');
 116          }
 117      }
 118  
 119      /**
 120       * Returns the global authentication object, only creating it
 121       * if it doesn't already exist.
 122       *
 123       * @param   string  $pluginType  The plugin type to run authorisation and authentication on
 124       *
 125       * @return  Authentication  The global Authentication object
 126       *
 127       * @since   1.7.0
 128       */
 129      public static function getInstance(string $pluginType = 'authentication')
 130      {
 131          if (empty(self::$instance[$pluginType])) {
 132              self::$instance[$pluginType] = new static($pluginType);
 133          }
 134  
 135          return self::$instance[$pluginType];
 136      }
 137  
 138      /**
 139       * Finds out if a set of login credentials are valid by asking all observing
 140       * objects to run their respective authentication routines.
 141       *
 142       * @param   array  $credentials  Array holding the user credentials.
 143       * @param   array  $options      Array holding user options.
 144       *
 145       * @return  AuthenticationResponse  Response object with status variable filled in for last plugin or first successful plugin.
 146       *
 147       * @see     AuthenticationResponse
 148       * @since   1.7.0
 149       */
 150      public function authenticate($credentials, $options = array())
 151      {
 152          // Get plugins
 153          $plugins = PluginHelper::getPlugin($this->pluginType);
 154  
 155          // Create authentication response
 156          $response = new AuthenticationResponse();
 157  
 158          /*
 159           * Loop through the plugins and check if the credentials can be used to authenticate
 160           * the user
 161           *
 162           * Any errors raised in the plugin should be returned via the AuthenticationResponse
 163           * and handled appropriately.
 164           */
 165          foreach ($plugins as $plugin) {
 166              $plugin = Factory::getApplication()->bootPlugin($plugin->name, $plugin->type);
 167  
 168              if (!method_exists($plugin, 'onUserAuthenticate')) {
 169                  // Bail here if the plugin can't be created
 170                  Log::add(Text::sprintf('JLIB_USER_ERROR_AUTHENTICATION_FAILED_LOAD_PLUGIN', $plugin->name), Log::WARNING, 'jerror');
 171                  continue;
 172              }
 173  
 174              // Try to authenticate
 175              $plugin->onUserAuthenticate($credentials, $options, $response);
 176  
 177              // If authentication is successful break out of the loop
 178              if ($response->status === self::STATUS_SUCCESS) {
 179                  if (empty($response->type)) {
 180                      $response->type = $plugin->_name ?? $plugin->name;
 181                  }
 182  
 183                  break;
 184              }
 185          }
 186  
 187          if (empty($response->username)) {
 188              $response->username = $credentials['username'];
 189          }
 190  
 191          if (empty($response->fullname)) {
 192              $response->fullname = $credentials['username'];
 193          }
 194  
 195          if (empty($response->password) && isset($credentials['password'])) {
 196              $response->password = $credentials['password'];
 197          }
 198  
 199          return $response;
 200      }
 201  
 202      /**
 203       * Authorises that a particular user should be able to login
 204       *
 205       * @param   AuthenticationResponse  $response  response including username of the user to authorise
 206       * @param   array                   $options   list of options
 207       *
 208       * @return  AuthenticationResponse[]  Array of authentication response objects
 209       *
 210       * @since  1.7.0
 211       * @throws \Exception
 212       */
 213      public function authorise($response, $options = array())
 214      {
 215          // Get plugins in case they haven't been imported already
 216          PluginHelper::importPlugin('user');
 217          $results = Factory::getApplication()->triggerEvent('onUserAuthorisation', array($response, $options));
 218  
 219          return $results;
 220      }
 221  }