84 lines
1.9 KiB
PHP
84 lines
1.9 KiB
PHP
<?php
|
|
/**
|
|
* Name: Proxy Auth
|
|
* Description: Authenticate a user against reverse proxy headers
|
|
* Version: 1.0
|
|
* Author: Mark Wane <https://social.cool110.xyz/profile/mark>
|
|
*/
|
|
|
|
/**
|
|
* Friendica addon
|
|
*
|
|
* Module: Proxy Auth
|
|
*
|
|
* Authenticate a user against reverse proxy headers
|
|
* For use when authentication is handled by webserver modules or a reverse proxy
|
|
*/
|
|
|
|
use Friendica\Core\Hook;
|
|
use Friendica\DI;
|
|
use Friendica\Model\User;
|
|
|
|
function proxyauth_install(){
|
|
Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
|
|
Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
|
|
}
|
|
|
|
function proxyauth_uninstall(){
|
|
Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
|
|
Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
|
|
}
|
|
|
|
function proxyauth_hook( $a, &$b ){
|
|
$acc = proxyauth_auth();
|
|
|
|
if ( ! empty( $acc ) ){
|
|
$b['user_record'] = $acc[0];
|
|
$b['authenticated'] = 1;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
function proxyauth_logout( $a ){
|
|
DI::cookie()->clear();
|
|
DI::session()->clear();
|
|
info( DI::l10n()->t( 'Logging out') );
|
|
DI::baseUrl()->redirect( '/logout_sso' );
|
|
}
|
|
|
|
function proxyauth_auth(){
|
|
$uid = $_SERVER['HTTP_UID'] ?? NULL;
|
|
$mail = $_SERVER['HTTP_MAIL'] ?? NULL;
|
|
$name = $_SERVER['HTTP_CN'] ?? NULL;
|
|
|
|
if ( is_null( $uid ) ){
|
|
return false;
|
|
}
|
|
|
|
$acc = proxyauth_get_user( $uid );
|
|
|
|
if ( ! empty( $acc ) ){
|
|
return $acc;
|
|
}
|
|
|
|
proxyauth_create_user( $uid, $mail, $name );
|
|
|
|
return proxyauth_get_user( $uid );
|
|
}
|
|
|
|
function proxyauth_create_user( $uid, $mail, $name ){
|
|
$pass = hash( 'sha512', random_( 256 ) );
|
|
User::create( array(
|
|
'username' => $name,
|
|
'nickname' => $uid,
|
|
'email' => $mail,
|
|
'password' => $pass,
|
|
'verified' => 1
|
|
) );
|
|
}
|
|
|
|
function proxyauth_get_user( $uid ){
|
|
return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $uid);
|
|
}
|