add middleware for basic authentication

inc/inc.ClassAuthenticationMiddleware.php

@@ -63,7 +63,7 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 			return $response;
 		}
 
-		$logger->log("Invoke middleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO);
+		$logger->log("Invoke AuthSessionMiddleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO);
 		require_once("inc/inc.ClassSession.php");
 		$session = new SeedDMS_Session($dms->getDb());
 		if (isset($_COOKIE["mydms_session"])) {
@@ -106,3 +106,79 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 		return $response;
 	}
 } /* }}} */
+
+/**
+ * Middleware for authentication based on basic authentication
+ *
+ **/
+class SeedDMS_Auth_Middleware_Basic { /* {{{ */
+
+	private $container;
+
+	public function __construct($container) {
+		$this->container = $container;
+	}
+
+	/**
+	 * Basic authentication middleware invokable class
+	 *
+	 * @param  \Psr\Http\Message\ServerRequestInterface $request  PSR7 request
+	 * @param  \Psr\Http\Message\ResponseInterface      $response PSR7 response
+	 * @param  callable                                 $next     Next middleware
+	 *
+	 * @return \Psr\Http\Message\ResponseInterface
+	 */
+	public function __invoke($request, $handler) {
+		$dms = $this->container->get('dms');
+		$settings = $this->container->get('config');
+		$logger = $this->container->get('logger');
+		$userobj = null;
+		if ($this->container->has('userobj')) {
+			$userobj = $this->container->get('userobj');
+		}
+
+		if ($userobj) {
+			$response = $handler->handle($request);
+			return $response;
+		}
+
+		$logger->log("Invoke AuthBasicMiddleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO);
+		$environment = $request->getServerParams();
+		if(!empty($environment['HTTP_AUTHORIZATION'])) {
+			$tmp = explode(' ', $environment['HTTP_AUTHORIZATION'], 2);
+			switch($tmp[0]) {
+			case 'Basic':
+				$logger->log("Basic authentication with ".$tmp[0]."=".$tmp[1], PEAR_LOG_INFO);
+				$authenticator = $this->container->get('authenticator');
+				$kk = explode(':', base64_decode($tmp[1]));
+				$userobj = $authenticator->authenticate($kk[0], $kk[1]);
+				if(!$userobj) {
+					$logger->log("Login with basic authentication for '".$kk[0]."' failed", PEAR_LOG_ERR);
+					$response = $this->responsefactory->createResponse();
+					return $response->withStatus(403);
+				}
+				$dms->setUser($userobj);
+				if($this->container instanceof \Slim\Container)
+					$this->container['userobj'] = $userobj;
+				else
+					$this->container->set('userobj', $userobj);
+				$logger->log("Login with basic authentication as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO);
+				break;
+			}
+		}
+		$this->container->set('userobj', $userobj);
+
+		if(!$userobj)
+			$logger->log("Not yet authenticated. Pass on to next middleware", PEAR_LOG_INFO);
+		else
+			$logger->log("Authenticated as ".(is_object($userobj) ? $userobj->getLogin() : "annon").". Pass on to next middleware", PEAR_LOG_INFO);
+
+		/* Always pass on to the next middleware. If that middleware does
+		 * authentication, then it should first check if 'userobj' in the container
+		 * is already set. The authentication shipped with seeddms restapi does that
+		 * and skips its own authentication, if userobj already exists.
+		 */
+		$response = $handler->handle($request);
+		return $response;
+	}
+} /* }}} */