mark
/
proxyauth
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
proxyauth/proxyauth.php

131 lines
3.7 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Name: Proxy Auth
* Description: Authenticate a user against reverse proxy headers
* Version: 1.2
* Author: Mark Wane <https://social.cool110.xyz/profile/mark>
*/
/**
* Friendica addon
*
* Module: Proxy Auth
*
* Authenticate a user against reverse proxy headers
* For use when authentication is handled by webserver modules or a reverse proxy
*/
use Friendica\Core\Hook;
use Friendica\DI;
use Friendica\Model\User;
use Friendica\Core\System;
use Friendica\Util\ConfigFileLoader;
function proxyauth_install(){
Hook::register( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' );
Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
Hook::register( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' );
Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
}
function proxyauth_uninstall(){
Hook::unregister( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' );
Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
Hook::unregister( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' );
Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
}
function proxyauth_config( $a, $l ){
$a->getConfigCache()->load( $l->loadAddonConfig( 'proxyauth' ) );
}
function proxyauth_hook( $a, &$b ){
$acc = proxyauth_auth();
if ( ! empty( $acc ) ){
$b['user_record'] = $acc[0];
$b['authenticated'] = 1;
}
return;
}
function proxyauth_login( $a, &$o ){
$replace = DI::config()->get( 'proxyauth', 'replace_form' );
$text = DI::config()->get( 'proxyauth', 'button_text' );
$remember = DI::config()->get( 'proxyauth', 'remember' );
if ( $replace ){
$o = ' <form id="login-form" action="https://social.cool110.xyz/login" role="form" method="post">
<div id="login-group" role="group" aria-labelledby="login-head">
<input type="hidden" name="auth-params" value="login" />
<div id="login-submit-wrapper">
<input type="submit" name="submit" id="login-submit-button" value="' . $text . '" />
</div>
<input type="hidden" name="remember" value="' . (int) $remember . '" />
</div>
</form>';
}
}
function proxyauth_logout( $a ){
$domain = DI::config()->get( 'proxyauth', 'sso_domain' );
$url = DI::config()->get( 'proxyauth', 'logout_url' );
DI::cookie()->clear();
DI::session()->clear();
info( DI::l10n()->t( 'Logging out') );
if ( ! stripos( $_SERVER['HTTP_REFERER'], $domain ) ) {
if ( '' != $url ){
System::externalRedirect( $url );
} else {
DI::baseUrl()->redirect( '/logout_sso' );
}
}
}
function proxyauth_auth(){
$create = DI::config()->get( 'proxyauth', 'create_account' );
$uid_header = DI::config()->get( 'proxyauth', 'username_header' );
$mail_header = DI::config()->get( 'proxyauth', 'email_header' );
$name_header = DI::config()->get( 'proxyauth', 'fullame_header' );
$uid = $_SERVER[ $uid_header ] ?? NULL;
$mail = $_SERVER[ $mail_header ] ?? NULL;
$name = $_SERVER[ $name_header ] ?? NULL;
if ( is_null( $uid ) ){
return false;
}
$acc = proxyauth_get_user( $uid );
if ( ! empty( $acc ) ){
return $acc;
}
if ( $create ){
proxyauth_create_user( $uid, $mail, $name );
return proxyauth_get_user( $uid );
} else {
return NULL;
}
}
function proxyauth_create_user( $uid, $mail, $name ){
// Generate random password
$pass = hash( 'sha512', random_bytes( 256 ) );
User::create( array(
'username' => $name,
'nickname' => $uid,
'email' => $mail,
'password' => $pass,
'verified' => 1
) );
}
function proxyauth_get_user( $uid ){
return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $uid);
}
Reference in New Issue View Git Blame Copy Permalink