seeddms-code/inc/inc.ClassAuthenticationMiddleware.php
2024-10-27 06:35:57 +01:00

109 lines
3.5 KiB
PHP

<?php
/**
* MyDMS. Document Management System
* Copyright (C) 2002-2005 Markus Westphal
* Copyright (C) 2006-2008 Malcolm Cowe
* Copyright (C) 2010 Matteo Lucarelli
* Copyright (C) 2010-2024 Uwe Steinmann
*
* PHP version 8
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* @category SeedDMS
* @package SeedDMS
* @author Uwe Steinmann <info@seeddms.org>
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @link https://www.seeddms.org Main Site
*/
/* Middleware for authentication based on session */
class SeedDMS_Auth_Middleware_Session { /* {{{ */
private $container;
public function __construct($container) {
$this->container = $container;
}
/**
* Example middleware invokable class
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function __invoke($request, $response, $next) {
// $this->container has the DI
$dms = $this->container->dms;
$settings = $this->container->config;
$logger = $this->container->logger;
$userobj = null;
if ($this->container->has('userobj')) {
$userobj = $this->container->userobj;
}
if ($userobj) {
$response = $next($request, $response);
return $response;
}
$logger->log("Invoke middleware for method " . $request->getMethod() . " on '" . $request->getUri()->getPath() . "'", PEAR_LOG_INFO);
require_once("inc/inc.ClassSession.php");
$session = new SeedDMS_Session($dms->getDb());
if (isset($_COOKIE["mydms_session"])) {
$dms_session = $_COOKIE["mydms_session"];
$logger->log("Session key: " . $dms_session, PEAR_LOG_DEBUG);
if (!$resArr = $session->load($dms_session)) {
/* Delete Cookie */
setcookie("mydms_session", $dms_session, time() - 3600, $settings->_httpRoot);
$logger->log("Session for id '" . $dms_session . "' has gone", PEAR_LOG_ERR);
return $response->withStatus(403);
}
/* Load user data */
$userobj = $dms->getUser($resArr["userID"]);
if (!is_object($userobj)) {
/* Delete Cookie */
setcookie("mydms_session", $dms_session, time() - 3600, $settings->_httpRoot);
if ($settings->_enableGuestLogin) {
if (!($userobj = $dms->getUser($settings->_guestID))) {
return $response->withStatus(403);
}
} else {
return $response->withStatus(403);
}
}
if ($userobj->isAdmin()) {
if ($resArr["su"]) {
if (!($userobj = $dms->getUser($resArr["su"]))) {
return $response->withStatus(403);
}
}
}
$dms->setUser($userobj);
} else {
return $response->withStatus(403);
}
$this->container['userobj'] = $userobj;
$response = $next($request, $response);
return $response;
}
} /* }}} */