131 lines
3.7 KiB
PHP
131 lines
3.7 KiB
PHP
<?php
|
|
/**
|
|
* Name: Proxy Auth
|
|
* Description: Authenticate a user against reverse proxy headers
|
|
* Version: 1.2
|
|
* Author: Mark Wane <https://social.cool110.xyz/profile/mark>
|
|
*/
|
|
|
|
/**
|
|
* Friendica addon
|
|
*
|
|
* Module: Proxy Auth
|
|
*
|
|
* Authenticate a user against reverse proxy headers
|
|
* For use when authentication is handled by webserver modules or a reverse proxy
|
|
*/
|
|
|
|
use Friendica\Core\Hook;
|
|
use Friendica\DI;
|
|
use Friendica\Model\User;
|
|
use Friendica\Core\System;
|
|
use Friendica\Util\ConfigFileLoader;
|
|
|
|
function proxyauth_install(){
|
|
Hook::register( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' );
|
|
Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
|
|
Hook::register( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' );
|
|
Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
|
|
}
|
|
|
|
function proxyauth_uninstall(){
|
|
Hook::unregister( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' );
|
|
Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
|
|
Hook::unregister( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' );
|
|
Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
|
|
}
|
|
|
|
function proxyauth_config( $a, $l ){
|
|
$a->getConfigCache()->load( $l->loadAddonConfig( 'proxyauth' ) );
|
|
}
|
|
|
|
function proxyauth_hook( $a, &$b ){
|
|
$acc = proxyauth_auth();
|
|
|
|
if ( ! empty( $acc ) ){
|
|
$b['user_record'] = $acc[0];
|
|
$b['authenticated'] = 1;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
function proxyauth_login( $a, &$o ){
|
|
$replace = DI::config()->get( 'proxyauth', 'replace_form' );
|
|
$text = DI::config()->get( 'proxyauth', 'button_text' );
|
|
$remember = DI::config()->get( 'proxyauth', 'remember' );
|
|
|
|
if ( $replace ){
|
|
$o = ' <form id="login-form" action="https://social.cool110.xyz/login" role="form" method="post">
|
|
<div id="login-group" role="group" aria-labelledby="login-head">
|
|
<input type="hidden" name="auth-params" value="login" />
|
|
<div id="login-submit-wrapper">
|
|
<input type="submit" name="submit" id="login-submit-button" value="' . $text . '" />
|
|
</div>
|
|
<input type="hidden" name="remember" value="' . (int) $remember . '" />
|
|
</div>
|
|
</form>';
|
|
}
|
|
}
|
|
|
|
function proxyauth_logout( $a ){
|
|
$domain = DI::config()->get( 'proxyauth', 'sso_domain' );
|
|
$url = DI::config()->get( 'proxyauth', 'logout_url' );
|
|
|
|
DI::cookie()->clear();
|
|
DI::session()->clear();
|
|
info( DI::l10n()->t( 'Logging out') );
|
|
if ( ! stripos( $_SERVER['HTTP_REFERER'], $domain ) ) {
|
|
if ( '' != $url ){
|
|
System::externalRedirect( $url );
|
|
} else {
|
|
DI::baseUrl()->redirect( '/logout_sso' );
|
|
}
|
|
}
|
|
}
|
|
|
|
function proxyauth_auth(){
|
|
$create = DI::config()->get( 'proxyauth', 'create_account' );
|
|
$uid_header = DI::config()->get( 'proxyauth', 'username_header' );
|
|
$mail_header = DI::config()->get( 'proxyauth', 'email_header' );
|
|
$name_header = DI::config()->get( 'proxyauth', 'fullame_header' );
|
|
|
|
$uid = $_SERVER[ $uid_header ] ?? NULL;
|
|
$mail = $_SERVER[ $mail_header ] ?? NULL;
|
|
$name = $_SERVER[ $name_header ] ?? NULL;
|
|
|
|
if ( is_null( $uid ) ){
|
|
return false;
|
|
}
|
|
|
|
$acc = proxyauth_get_user( $uid );
|
|
|
|
if ( ! empty( $acc ) ){
|
|
return $acc;
|
|
}
|
|
|
|
if ( $create ){
|
|
proxyauth_create_user( $uid, $mail, $name );
|
|
return proxyauth_get_user( $uid );
|
|
} else {
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
function proxyauth_create_user( $uid, $mail, $name ){
|
|
// Generate random password
|
|
$pass = hash( 'sha512', random_bytes( 256 ) );
|
|
|
|
User::create( array(
|
|
'username' => $name,
|
|
'nickname' => $uid,
|
|
'email' => $mail,
|
|
'password' => $pass,
|
|
'verified' => 1
|
|
) );
|
|
}
|
|
|
|
function proxyauth_get_user( $uid ){
|
|
return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $uid);
|
|
}
|