Source for file HarmoniAuthenticationManager.class.php

Documentation is available at HarmoniAuthenticationManager.class.php

  1. <?php
  2.  
  3. require_once(OKI2."/osid/authentication/AuthenticationManager.php");
  4. require_once(OKI2."/osid/authentication/AuthenticationException.php");
  5.  
  6. require_once(HARMONI.'/oki2/authentication/HarmoniAuthenticationType.class.php');
  7. require_once(HARMONI.'/oki2/shared/HarmoniType.class.php');
  8. require_once(HARMONI.'/oki2/shared/HarmoniTypeIterator.class.php');
  9. require_once(HARMONI."oki2/shared/HarmoniProperties.class.php");
  10.  
  11. require_once(dirname(__FILE__)."/HTTPAuthNamePassTokenCollector.class.php");
  12. require_once(dirname(__FILE__)."/BasicFormNamePassTokenCollector.class.php");
  13. require_once(dirname(__FILE__)."/FormActionNamePassTokenCollector.class.php");
  14.  
  15. /**
  16. * <p>
  17. * AuthenticationManager:
  18. *
  19. * <ul>
  20. * <li>
  21. * gets authentication Types supported by the implementation,
  22. * </li>
  23. * <li>
  24. * authenticates the user using a particular authentication Type,
  25. * </li>
  26. * <li>
  27. * determines if the user is authenticated for a particular authentication
  28. * Type,
  29. * </li>
  30. * <li>
  31. * destroys the user's authentication,
  32. * </li>
  33. * <li>
  34. * returns the Id of the Agent that represents the user.
  35. * </li>
  36. * </ul>
  37. * </p>
  38. *
  39. * <p>
  40. * All implementations of OsidManager (manager) provide methods for accessing
  41. * and manipulating the various objects defined in the OSID package. A manager
  42. * defines an implementation of an OSID. All other OSID objects come either
  43. * directly or indirectly from the manager. New instances of the OSID objects
  44. * are created either directly or indirectly by the manager. Because the OSID
  45. * objects are defined using interfaces, create methods must be used instead
  46. * of the new operator to create instances of the OSID objects. Create methods
  47. * are used both to instantiate and persist OSID objects. Using the
  48. * OsidManager class to define an OSID's implementation allows the application
  49. * to change OSID implementations by changing the OsidManager package name
  50. * used to load an implementation. Applications developed using managers
  51. * permit OSID implementation substitution without changing the application
  52. * source code. As with all managers, use the OsidLoader to load an
  53. * implementation of this interface.
  54. * </p>
  55. *
  56. * <p></p>
  57. *
  58. * <p>
  59. * OSID Version: 2.0
  60. * </p>
  61. *
  62. * @package harmoni.osid_v2.authentication
  63. *
  64. * @copyright Copyright &copy; 2005, Middlebury College
  65. * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL)
  66. *
  67. * @version $Id: HarmoniAuthenticationManager.class.php,v 1.28 2007/09/04 20:25:37 adamfranco Exp $
  68. */
  69. class HarmoniAuthenticationManager
  70. extends AuthenticationManager
  71. {
  72. /**
  73. * Constructor. Ititializes the availible AuthenticationTypes and results.
  74. * @return void
  75. */
  76. function HarmoniAuthenticationManager () {
  77. if (!isset($_SESSION['__AuthenticatedAgents']) || !is_array($_SESSION['__AuthenticatedAgents'])) {
  78. $_SESSION['__AuthenticatedAgents'] = array();
  79. }
  80. $this->_tokenCollectors = array();
  81. $this->_defaultTokenCollector = new HTTPAuthNamePassTokenCollector;
  82. $this->_adminActAsType = new Type("Authentication", "edu.middlebury", "Change User");
  83. }
  84. /**
  85. * Return context of this OsidManager.
  86. *
  87. * @return object OsidContext
  88. *
  89. * @throws object OsidException
  90. *
  91. * @access public
  92. */
  93. function getOsidContext () {
  94. return $this->_osidContext;
  95. }
  96.  
  97. /**
  98. * Assign the context of this OsidManager.
  99. *
  100. * @param object OsidContext $context
  101. *
  102. * @throws object OsidException An exception with one of the following
  103. * messages defined in org.osid.OsidException: {@link }
  104. * org.osid.OsidException#NULL_ARGUMENT NULL_ARGUMENT}
  105. *
  106. * @access public
  107. */
  108. function assignOsidContext ( $context ) {
  109. $this->_osidContext =$context;
  110. }
  111.  
  112. /**
  113. * Assign the configuration of this Manager. Valid configuration options are as
  114. * follows:
  115. * token_collectors (array) An array in which the keys are the serialized
  116. * Type objects that correspond to
  117. * AuthenticationTypes and the values are the
  118. * TokenCollector objects to be used fot that
  119. * AuthenticationType.
  120. *
  121. * @param object Properties $configuration (original type: java.util.Properties)
  122. *
  123. * @throws object OsidException An exception with one of the following
  124. * messages defined in org.osid.OsidException: {@link }
  125. * org.osid.OsidException#OPERATION_FAILED OPERATION_FAILED},
  126. * {@link org.osid.OsidException#PERMISSION_DENIED}
  127. * PERMISSION_DENIED}, {@link }
  128. * org.osid.OsidException#CONFIGURATION_ERROR
  129. * CONFIGURATION_ERROR}, {@link }
  130. * org.osid.OsidException#UNIMPLEMENTED UNIMPLEMENTED}, {@link }
  131. * org.osid.OsidException#NULL_ARGUMENT NULL_ARGUMENT}
  132. *
  133. * @access public
  134. */
  135. function assignConfiguration ( $configuration ) {
  136. $this->_configuration =$configuration;
  137. $configKeys =$this->_configuration->getKeys();
  138. while ($configKeys->hasNextObject()) {
  139. $key = $configKeys->nextObject();
  140. if ($key == 'token_collectors') {
  141. $tokenCollectors =$this->_configuration->getProperty('token_collectors');
  142. ArgumentValidator::validate($tokenCollectors,
  143. ArrayValidatorRuleWithRule::getRule(
  144. ExtendsValidatorRule::getRule("TokenCollector")));
  145. foreach (array_keys($tokenCollectors) as $key) {
  146. $authType = unserialize($key);
  147. $authTypeString = $this->_getTypeString($authType);
  148. $this->_tokenCollectors[$authTypeString] =$tokenCollectors[$key];
  149. }
  150. }
  151. }
  152. }
  153.  
  154. /**
  155. * Get the authentication Types that are supported by the implementation.
  156. *
  157. * @return object TypeIterator
  158. *
  159. * @throws object AuthenticationException An exception
  160. * with one of the following messages defined in
  161. * org.osid.authentication.AuthenticationException may be thrown:
  162. * {@link }
  163. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  164. * OPERATION_FAILED}, {@link }
  165. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  166. * PERMISSION_DENIED}, {@link }
  167. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  168. * CONFIGURATION_ERROR}, {@link }
  169. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  170. * UNIMPLEMENTED}
  171. *
  172. * @access public
  173. */
  174. function getAuthenticationTypes () {
  175. $authNMethodManager = Services::getService("AuthNMethods");
  176. $types = new MultiIteratorIterator;
  177. $adminTypes = array();
  178. $adminTypes[] =$this->_adminActAsType;
  179. $types->addIterator(new HarmoniIterator($adminTypes));
  180. $types->addIterator($authNMethodManager->getAuthNTypes());
  181. return $types;
  182. }
  183.  
  184. /**
  185. * Invoke the authentication process of the specified Type to identify the
  186. * user. It may be necessary to call isUserAuthenticated to check the
  187. * status of authentication. The standard authentication technique of
  188. * limiting the time an user's authentication is valid requires explicit
  189. * queries of the authentication status. It is likely that checking the
  190. * status of authentication will occur more frequently than invoking the
  191. * mechanism to authenticate the user. Separation of the authentication
  192. * process from checking the status of the authentication process is made
  193. * explicit by having the authenticateUser and isUserAuthenticated
  194. * methods.
  195. *
  196. * @param object Type $authenticationType
  197. *
  198. * @throws object AuthenticationException An exception
  199. * with one of the following messages defined in
  200. * org.osid.authentication.AuthenticationException may be thrown:
  201. * {@link }
  202. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  203. * OPERATION_FAILED}, {@link }
  204. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  205. * PERMISSION_DENIED}, {@link }
  206. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  207. * CONFIGURATION_ERROR}, {@link }
  208. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  209. * UNIMPLEMENTED}, {@link }
  210. * org.osid.authentication.AuthenticationException#NULL_ARGUMENT
  211. * NULL_ARGUMENT}, {@link }
  212. * org.osid.authentication.AuthenticationException#UNKNOWN_TYPE
  213. * UNKNOWN_TYPE}
  214. *
  215. * @access public
  216. */
  217. function authenticateUser ( $authenticationType ) {
  218. if ($authenticationType->isEqual($this->_adminActAsType)) {
  219. $this->_authenticateAdminActAsUser();
  220. } else {
  221. $this->_checkType($authenticationType);
  222. $this->destroyAuthenticationForType($authenticationType);
  223. $authNTokens =$this->_getAuthNTokensFromUser($authenticationType);
  224. if ($authNTokens) {
  225. $authNMethodManager = Services::getService("AuthNMethods");
  226. $authNMethod =$authNMethodManager->getAuthNMethodForType($authenticationType);
  227. $isValid = $authNMethod->authenticateTokens($authNTokens);
  228. // If the authentication was successful, get the AgentId from the mapping
  229. // system and record the result.
  230. if ($isValid) {
  231. $agentId =$this->_getAgentIdForAuthNTokens($authNTokens, $authenticationType);
  232. $authenticationTypeString = $this->_getTypeString($authenticationType);
  233. $_SESSION['__AuthenticatedAgents'][$authenticationTypeString]
  234. =$agentId;
  235. // Ensure that the Authorization Cache gets the new users
  236. $isAuthorizedCache = IsAuthorizedCache::instance();
  237. $isAuthorizedCache->dirtyUser();
  238. }
  239. // Log the success or failure
  240. if (Services::serviceRunning("Logging")) {
  241. $loggingManager = Services::getService("Logging");
  242. $log =$loggingManager->getLogForWriting("Authentication");
  243. $formatType = new Type("logging", "edu.middlebury", "AgentsAndNodes",
  244. "A format in which the acting Agent[s] and the target nodes affected are specified.");
  245. $priorityType = new Type("logging", "edu.middlebury", "Event_Notice",
  246. "Normal events.");
  247. if ($isValid) {
  248. $item = new AgentNodeEntryItem("Authentication Sucess", "Authentication Success: <br/>&nbsp;&nbsp;&nbsp;&nbsp;".$authenticationType->getKeyword()." <br/>&nbsp;&nbsp;&nbsp;&nbsp;".$authNTokens->getIdentifier());
  249. $item->addAgentId($agentId);
  250. } else {
  251. $item = new AgentNodeEntryItem("Authentication Failure", "Authentication Failure: <br/>&nbsp;&nbsp;&nbsp;&nbsp;".$authenticationType->getKeyword()." <br/>&nbsp;&nbsp;&nbsp;&nbsp;".$authNTokens->getIdentifier());
  252. }
  253. $log->appendLogWithTypes($item, $formatType, $priorityType);
  254. }
  255. }
  256. }
  257. }
  258. /**
  259. * Check the current authentication status of the user. If the method
  260. * returns true, the user is authenticated. If the method returns false,
  261. * the user is not authenticated. This can indicate that the user could
  262. * not be authenticated or that the user's authentication has timed out.
  263. * The intent is to use the method authenticateUser to invoke the
  264. * authentication process. The standard authentication technique of
  265. * limiting the time an user's authentication is valid requires explicit
  266. * queries of the authentication status. It is likely that checking the
  267. * status of authentication will occur more frequently than invoking the
  268. * mechanism to authenticate the user. Separation of the authentication
  269. * process from checking the status of the authentication process is made
  270. * explicit by having the authenticateUser and isUserAuthenticated
  271. * methods.
  272. *
  273. * @param object Type $authenticationType
  274. *
  275. * @return boolean
  276. *
  277. * @throws object AuthenticationException An exception
  278. * with one of the following messages defined in
  279. * org.osid.authentication.AuthenticationException may be thrown:
  280. * {@link }
  281. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  282. * OPERATION_FAILED}, {@link }
  283. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  284. * PERMISSION_DENIED}, {@link }
  285. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  286. * CONFIGURATION_ERROR}, {@link }
  287. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  288. * UNIMPLEMENTED}, {@link }
  289. * org.osid.authentication.AuthenticationException#NULL_ARGUMENT
  290. * NULL_ARGUMENT}, {@link }
  291. * org.osid.authentication.AuthenticationException#UNKNOWN_TYPE
  292. * UNKNOWN_TYPE}
  293. *
  294. * @access public
  295. */
  296. function isUserAuthenticated ( $authenticationType ) {
  297. $this->_checkType($authenticationType);
  298. if(isset($_SESSION['__AuthenticatedAgents']
  299. [$this->_getTypeString($authenticationType)]))
  300. {
  301. return TRUE;
  302. } else {
  303. return FALSE;
  304. }
  305. }
  306.  
  307. /**
  308. * Get the unique Id of the Agent that represents the user for the
  309. * specified AuthenticationType. Agents are managed using the Agent OSID.
  310. *
  311. * @param object Type $authenticationType
  312. *
  313. * @return object Id
  314. *
  315. * @throws object AuthenticationException An exception
  316. * with one of the following messages defined in
  317. * org.osid.authentication.AuthenticationException may be thrown:
  318. * {@link }
  319. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  320. * OPERATION_FAILED}, {@link }
  321. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  322. * PERMISSION_DENIED}, {@link }
  323. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  324. * CONFIGURATION_ERROR}, {@link }
  325. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  326. * UNIMPLEMENTED}, {@link }
  327. * org.osid.authentication.AuthenticationException#NULL_ARGUMENT
  328. * NULL_ARGUMENT}, {@link }
  329. * org.osid.authentication.AuthenticationException#UNKNOWN_TYPE
  330. * UNKNOWN_TYPE}
  331. *
  332. * @access public
  333. */
  334. function getUserId ( $authenticationType ) {
  335. $this->_checkType($authenticationType);
  336. $idManager = Services::getService("Id");
  337. // If the user is authenticated, look up their Agent Id
  338. if ($this->isUserAuthenticated($authenticationType)) {
  339. return $_SESSION['__AuthenticatedAgents']
  340. [$this->_getTypeString($authenticationType)];
  341. // Otherwise return Id == 0 for the "anonymous user"
  342. } else {
  343. return $idManager->getId("edu.middlebury.agents.anonymous");
  344. }
  345. }
  346. /**
  347. * Answer true if the current user is authenticated with any authentication
  348. * type.
  349. *
  350. * WARNING: NOT IN OSID
  351. *
  352. * @return boolean
  353. * @access public
  354. * @since 7/26/07
  355. */
  356. function isUserAuthenticatedWithAnyType () {
  357. $authTypes =$this->getAuthenticationTypes();
  358. while ($authTypes->hasNext()) {
  359. if ($this->isAuthenticated($authTypes->next()))
  360. return true;
  361. }
  362. return false;
  363. }
  364. /**
  365. * Answer the first authenticated Id found for the current user or anonymous
  366. * if none is found.
  367. *
  368. * WARNING: NOT IN OSID
  369. *
  370. * @return object Id.
  371. * @access public
  372. * @since 7/26/07
  373. */
  374. function getFirstUserId () {
  375. $authTypes =$this->getAuthenticationTypes();
  376. while ($authTypes->hasNext()) {
  377. $authType =$authTypes->next();
  378. if ($this->isUserAuthenticated($authType)) {
  379. $id =$this->getUserId($authType);
  380. return $id;
  381. }
  382. }
  383. $idManager = Services::getService("Id");
  384. return $idManager->getId("edu.middlebury.agents.anonymous");
  385. }
  386.  
  387. /**
  388. * Destroy authentication for all authentication types.
  389. *
  390. * @throws object AuthenticationException An exception
  391. * with one of the following messages defined in
  392. * org.osid.authentication.AuthenticationException may be thrown:
  393. * {@link }
  394. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  395. * OPERATION_FAILED}, {@link }
  396. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  397. * PERMISSION_DENIED}, {@link }
  398. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  399. * CONFIGURATION_ERROR}, {@link }
  400. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  401. * UNIMPLEMENTED}
  402. *
  403. * @access public
  404. */
  405. function destroyAuthentication () {
  406. $_SESSION['__AuthenticatedAgents'] = array();
  407. unset( $_SESSION['__ADMIN_IDS_ACTING_AS_OTHER'],
  408. $_SESSION['__ADMIN_NAMES_ACTING_AS_OTHER']);
  409. }
  410.  
  411. /**
  412. * Destroy authentication for the specified authentication type.
  413. *
  414. * @param object Type $authenticationType
  415. *
  416. * @throws object AuthenticationException An exception
  417. * with one of the following messages defined in
  418. * org.osid.authentication.AuthenticationException may be thrown:
  419. * {@link }
  420. * org.osid.authentication.AuthenticationException#OPERATION_FAILED
  421. * OPERATION_FAILED}, {@link }
  422. * org.osid.authentication.AuthenticationException#PERMISSION_DENIED
  423. * PERMISSION_DENIED}, {@link }
  424. * org.osid.authentication.AuthenticationException#CONFIGURATION_ERROR
  425. * CONFIGURATION_ERROR}, {@link }
  426. * org.osid.authentication.AuthenticationException#UNIMPLEMENTED
  427. * UNIMPLEMENTED}, {@link }
  428. * org.osid.authentication.AuthenticationException#NULL_ARGUMENT
  429. * NULL_ARGUMENT}, {@link }
  430. * org.osid.authentication.AuthenticationException#UNKNOWN_TYPE
  431. * UNKNOWN_TYPE}
  432. *
  433. * @access public
  434. */
  435. function destroyAuthenticationForType ( $authenticationType ) {
  436. $this->_checkType($authenticationType);
  437. unset($_SESSION['__AuthenticatedAgents']
  438. [$this->_getTypeString($authenticationType)]);
  439. if ($authenticationType->isEqual($this->_adminActAsType))
  440. unset( $_SESSION['__ADMIN_IDS_ACTING_AS_OTHER'],
  441. $_SESSION['__ADMIN_NAMES_ACTING_AS_OTHER']);
  442. }
  443. /**
  444. * Validate the type passed to ensure that it is one of our supported ones.
  445. * An error will be thrown if the type is invalid.
  446. *
  447. * @param object Type $type
  448. * @return void
  449. * @access private
  450. * @since 3/15/05
  451. */
  452. function _checkType ( $type ) {
  453. // Check that we have a valid AuthenticationType.
  454. ArgumentValidator::validate($type, ExtendsValidatorRule::getRule("Type"));
  455.  
  456. $typeValid = FALSE;
  457. $authNTypes =$this->getAuthenticationTypes();
  458. while ($authNTypes->hasNext()) {
  459. if ($type->isEqual($authNTypes->next())) {
  460. $typeValid = TRUE;
  461. break;
  462. }
  463. }
  464. if (!$typeValid)
  465. throwError(new Error(AuthenticationException::UNKNOWN_TYPE()
  466. .": ".$this->_getTypeString($type), "AuthenticationManager", 1));
  467. }
  468. /**
  469. * Return a string version of a type.
  470. *
  471. * @param object Type $type
  472. * @return string
  473. * @access private
  474. * @since 3/15/05
  475. */
  476. function _getTypeString ($type) {
  477. return $type->getDomain()
  478. ."::".$type->getAuthority()
  479. ."::".$type->getKeyword();
  480. }
  481. /**
  482. * Get the AgentId that corresponds to the AuthNTokens passed and AuthNType.
  483. * If no Agent is currently mapped to the AuthNTokens, create a new Agent
  484. * and map it to the tokens.
  485. *
  486. * @param object AuthNTokens $authNTokens
  487. * @param object Type $authenticationType
  488. * @return object Id
  489. * @access protected
  490. * @since 3/15/05
  491. */
  492. function _getAgentIdForAuthNTokens ( $authNTokens, $authenticationType ) {
  493. $mappingManager = Services::getService("AgentTokenMapping");
  494. $mapping =$mappingManager->getMappingForTokens($authNTokens, $authenticationType);
  495. // Create a new agent if we don't have one mapped.
  496. if (!$mapping) {
  497. // Get some properties to populate the Agent with:
  498. $authNMethodManager = Services::getService("AuthNMethods");
  499. $authNMethod =$authNMethodManager->getAuthNMethodForType($authenticationType);
  500. $properties =$authNMethod->getPropertiesForTokens($authNTokens);
  501. $dname = $authNMethod->getDisplayNameForTokens($authNTokens);
  502. // Create the agent.
  503. $agentManager = Services::getService("Agent");
  504. $agent =$agentManager->createAgent(
  505. $dname,
  506. new Type ("Authentication", "edu.middlebury.harmoni", "User"),
  507. $properties);
  508. // Create the mapping
  509. $mapping =$mappingManager->createMapping(
  510. $agent->getId(), $authNTokens, $authenticationType);
  511. }
  512. return $mapping->getAgentId();
  513. }
  514.  
  515. /**
  516. * Prompt the user for their authentication tokens and recieve the responce.
  517. *
  518. * @param object Type $authenticationType
  519. * @return object AuthNTokens
  520. * @access private
  521. * @since 3/15/05
  522. */
  523. function _getAuthNTokensFromUser( $authenticationType ) {
  524. if (isset($this->_tokenCollectors[
  525. $this->_getTypeString($authenticationType)]))
  526. {
  527. $tokenCollector =$this->_tokenCollectors[
  528. $this->_getTypeString($authenticationType)];
  529. } else {
  530. $tokenCollector =$this->_defaultTokenCollector;
  531. }
  532. $tokens = $tokenCollector->collectTokens(Type::typeToString($authenticationType));
  533. // if we have tokens, create an AuthNTokens object for them.
  534. if ($tokens) {
  535. $authNMethodManager = Services::getService("AuthNMethods");
  536. $authNMethod =$authNMethodManager->getAuthNMethodForType($authenticationType);
  537. $authNTokens =$authNMethod->createTokens($tokens);
  538. }
  539. // Otherwise return FALSE. Maybe they will come in during the next
  540. // execution cycle
  541. else {
  542. $authNTokens = FALSE;
  543. }
  544. return $authNTokens;
  545. }
  546. /**
  547. * Log out the current user if they have authorization to act as other users,
  548. * and log them in as the new user, setting a session identifier to add to the
  549. * logs.
  550. *
  551. * @param <##>
  552. * @return <##>
  553. * @access public
  554. * @since 12/11/06
  555. */
  556. function _authenticateAdminActAsUser () {
  557. // Check authorization. If the current user is not authorized to act as
  558. // others, stop.
  559. $authZ = Services::getService("AuthZ");
  560. $idManager = Services::getService("Id");
  561. $agentManager = Services::getService("Agent");
  562. if (!$authZ->isUserAuthorized(
  563. $idManager->getId('edu.middlebury.authorization.change_user'),
  564. $idManager->getId('edu.middlebury.authorization.root')))
  565. {
  566. return false;
  567. } else {
  568. // Record the current Agents into the session for logging purposes
  569. $_SESSION['__ADMIN_IDS_ACTING_AS_OTHER'] = array();
  570. $_SESSION['__ADMIN_NAMES_ACTING_AS_OTHER'] = array();
  571. $anonymousId =$idManager->getId('edu.middlebury.agents.anonymous');
  572. $authNTypes =$this->getAuthenticationTypes();
  573. while ($authNTypes->hasNext()) {
  574. $authenticationType =$authNTypes->next();
  575. $id =$this->getUserId($authenticationType);
  576. if (!$id->isEqual($anonymousId)) {
  577. $agent =$agentManager->getAgent($id);
  578. $_SESSION['__ADMIN_IDS_ACTING_AS_OTHER'][] = $id;
  579. $_SESSION['__ADMIN_NAMES_ACTING_AS_OTHER'][] = $agent->getDisplayName();
  580. }
  581. }
  582. // Run the authentication sequence on every other method
  583. $authNTypes =$this->getAuthenticationTypes();
  584. while ($authNTypes->hasNext()) {
  585. $authenticationType =$authNTypes->next();
  586. if (!$authenticationType->isEqual($this->_adminActAsType)) {
  587. // if we have successfully changed our user, log out all other
  588. // Authentication Types so that we are left with just that user.
  589. if ($this->_authenticateAdminActAsUserForType($authenticationType)) {
  590. $authNTypes =$this->getAuthenticationTypes();
  591. while ($authNTypes->hasNext()) {
  592. $authenticationType =$authNTypes->next();
  593. if (!$authenticationType->isEqual($this->_adminActAsType)) {
  594. $this->destroyAuthenticationForType($authenticationType);
  595. }
  596. }
  597. break;
  598. }
  599. }
  600. }
  601. }
  602. }
  603. /**
  604. * Log in a user if the username matches, but without checking the password,
  605. * as part of the admin-act-as process
  606. *
  607. * @param <##>
  608. * @return boolean TRUE if tokens are valid.
  609. * @access public
  610. * @since 12/11/06
  611. */
  612. function _authenticateAdminActAsUserForType ( $authenticationType ) {
  613. $this->_checkType($authenticationType);
  614. // $this->destroyAuthenticationForType($authenticationType);
  615. $authNTokens =$this->_getAuthNTokensFromUser($authenticationType);
  616. if ($authNTokens) {
  617. $authNMethodManager = Services::getService("AuthNMethods");
  618. $authNMethod =$authNMethodManager->getAuthNMethodForType($authenticationType);
  619. // just check if the tokens exist, not if there is a correct password.
  620. $isValid = $authNMethod->tokensExist($authNTokens);
  621. // If the authentication was successful, get the AgentId from the mapping
  622. // system and record the result.
  623. if ($isValid) {
  624. $agentId =$this->_getAgentIdForAuthNTokens($authNTokens, $authenticationType);
  625. $authenticationTypeString = $this->_getTypeString($this->_adminActAsType);
  626. $_SESSION['__AuthenticatedAgents'][$authenticationTypeString]
  627. =$agentId;
  628. // Ensure that the Authorization Cache gets the new users
  629. $isAuthorizedCache = IsAuthorizedCache::instance();
  630. $isAuthorizedCache->dirtyUser();
  631. }
  632. // Log the success or failure
  633. if (Services::serviceRunning("Logging")) {
  634. $loggingManager = Services::getService("Logging");
  635. $log =$loggingManager->getLogForWriting("Authentication");
  636. $formatType = new Type("logging", "edu.middlebury", "AgentsAndNodes",
  637. "A format in which the acting Agent[s] and the target nodes affected are specified.");
  638. $priorityType = new Type("logging", "edu.middlebury", "Event_Notice",
  639. "Normal events.");
  640. if ($isValid) {
  641. $item = new AgentNodeEntryItem("Admin Acting As",
  642. "Admin users: <br/>&nbsp;&nbsp;&nbsp;&nbsp;"
  643. .implode(", ", $_SESSION['__ADMIN_NAMES_ACTING_AS_OTHER'])
  644. ."<br/>Successfully authenticated as: <br/>&nbsp;&nbsp;&nbsp;&nbsp;"
  645. .$authenticationType->getKeyword()
  646. ." <br/>&nbsp;&nbsp;&nbsp;&nbsp;".$authNTokens->getIdentifier());
  647. $item->addAgentId($agentId);
  648. $item->addUserIds();
  649. $log->appendLogWithTypes($item, $formatType, $priorityType);
  650. }
  651. }
  652. return $isValid;
  653. } else {
  654. return false;
  655. }
  656. }
  657. }
  658.  
  659. ?>

Documentation generated on Wed, 19 Sep 2007 10:23:45 -0400 by phpDocumentor 1.3.0RC3