*/ /** * Friendica addon * * Module: Proxy Auth * * Authenticate a user against reverse proxy headers * For use when authentication is handled by webserver modules or a reverse proxy */ use Friendica\Core\Hook; use Friendica\DI; use Friendica\Model\User; function proxyauth_install(){ Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' ); Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' ); } function proxyauth_uninstall(){ Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' ); Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' ); } function proxyauth_hook( $a, &$b ){ $acc = proxyauth_auth(); if ( ! empty( $acc ) ){ $b['user_record'] = $acc[0]; $b['authenticated'] = 1; } return; } function proxyauth_logout( $a ){ DI::cookie()->clear(); DI::session()->clear(); info( DI::l10n()->t( 'Logging out') ); DI::baseUrl()->redirect( '/logout_sso' ); } function proxyauth_auth(){ $uid = $_SERVER['HTTP_UID'] ?? NULL; $mail = $_SERVER['HTTP_MAIL'] ?? NULL; $name = $_SERVER['HTTP_CN'] ?? NULL; if ( is_null( $uid ) ){ return false; } $acc = proxyauth_get_user( $uid ); if ( ! empty( $acc ) ){ return $acc; } proxyauth_create_user( $uid, $mail, $name ); return proxyauth_get_user( $uid ); } function proxyauth_create_user( $uid, $mail, $name ){ $pass = hash( 'sha512', random_( 256 ) ); User::create( array( 'username' => $name, 'nickname' => $uid, 'email' => $mail, 'password' => $pass, 'verified' => 1 ) ); } function proxyauth_get_user( $uid ){ return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $uid); }