From 2f668328fab9a339f69fd95622490c77ffacaddd Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 24 Oct 2025 12:51:10 +0200 Subject: [PATCH] add middleware for basic authentication --- inc/inc.ClassAuthenticationMiddleware.php | 78 ++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) diff --git a/inc/inc.ClassAuthenticationMiddleware.php b/inc/inc.ClassAuthenticationMiddleware.php index 97e74c55f..63cf98914 100644 --- a/inc/inc.ClassAuthenticationMiddleware.php +++ b/inc/inc.ClassAuthenticationMiddleware.php @@ -63,7 +63,7 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */ return $response; } - $logger->log("Invoke middleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO); + $logger->log("Invoke AuthSessionMiddleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO); require_once("inc/inc.ClassSession.php"); $session = new SeedDMS_Session($dms->getDb()); if (isset($_COOKIE["mydms_session"])) { @@ -106,3 +106,79 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */ return $response; } } /* }}} */ + +/** + * Middleware for authentication based on basic authentication + * + **/ +class SeedDMS_Auth_Middleware_Basic { /* {{{ */ + + private $container; + + public function __construct($container) { + $this->container = $container; + } + + /** + * Basic authentication middleware invokable class + * + * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request + * @param \Psr\Http\Message\ResponseInterface $response PSR7 response + * @param callable $next Next middleware + * + * @return \Psr\Http\Message\ResponseInterface + */ + public function __invoke($request, $handler) { + $dms = $this->container->get('dms'); + $settings = $this->container->get('config'); + $logger = $this->container->get('logger'); + $userobj = null; + if ($this->container->has('userobj')) { + $userobj = $this->container->get('userobj'); + } + + if ($userobj) { + $response = $handler->handle($request); + return $response; + } + + $logger->log("Invoke AuthBasicMiddleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO); + $environment = $request->getServerParams(); + if(!empty($environment['HTTP_AUTHORIZATION'])) { + $tmp = explode(' ', $environment['HTTP_AUTHORIZATION'], 2); + switch($tmp[0]) { + case 'Basic': + $logger->log("Basic authentication with ".$tmp[0]."=".$tmp[1], PEAR_LOG_INFO); + $authenticator = $this->container->get('authenticator'); + $kk = explode(':', base64_decode($tmp[1])); + $userobj = $authenticator->authenticate($kk[0], $kk[1]); + if(!$userobj) { + $logger->log("Login with basic authentication for '".$kk[0]."' failed", PEAR_LOG_ERR); + $response = $this->responsefactory->createResponse(); + return $response->withStatus(403); + } + $dms->setUser($userobj); + if($this->container instanceof \Slim\Container) + $this->container['userobj'] = $userobj; + else + $this->container->set('userobj', $userobj); + $logger->log("Login with basic authentication as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); + break; + } + } + $this->container->set('userobj', $userobj); + + if(!$userobj) + $logger->log("Not yet authenticated. Pass on to next middleware", PEAR_LOG_INFO); + else + $logger->log("Authenticated as ".(is_object($userobj) ? $userobj->getLogin() : "annon").". Pass on to next middleware", PEAR_LOG_INFO); + + /* Always pass on to the next middleware. If that middleware does + * authentication, then it should first check if 'userobj' in the container + * is already set. The authentication shipped with seeddms restapi does that + * and skips its own authentication, if userobj already exists. + */ + $response = $handler->handle($request); + return $response; + } +} /* }}} */