173 lines
4.6 KiB
PHP
Executable File
173 lines
4.6 KiB
PHP
Executable File
#!/usr/local/bin/php
|
|
<?php
|
|
#
|
|
# ***** BEGIN GPL LICENSE BLOCK *****
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
# The Original Code is Copyright (C) 2019, Blender Foundation
|
|
# All rights reserved.
|
|
#
|
|
# Contributor(s): Sergey Sharybin.
|
|
#
|
|
# ***** END GPL LICENSE BLOCK *****
|
|
#
|
|
# This scripts implements external AuthBasicProvider which can be used
|
|
# to authentificate users using Phabricator's database.
|
|
#
|
|
# Example configuration:
|
|
#
|
|
# .htaccess file:
|
|
#
|
|
# AuthType Basic
|
|
# AuthName "Please Enter Password"
|
|
# AuthBasicProvider external
|
|
# AuthExternal phabricator
|
|
# Require valid-user
|
|
#
|
|
# It is also required to have the following provider registered in the
|
|
# configuration. There are two ways to do it:
|
|
#
|
|
# 1. Separate conf file in /etc/apache2/conf-enabled
|
|
# Create a file (say, authz_external_phabricator.conf) with the following
|
|
# content:
|
|
#
|
|
# DefineExternalAuth phabricator pipe /path/to/auth_provider.php
|
|
#
|
|
# This method allows to use provider in any VHOST.
|
|
#
|
|
# Downside: from local tests .htaccess file picks the provider nicely,
|
|
# but attempts to specifu the provider in virtual host configuration
|
|
# resulted in issues (seems to be different initialization order between
|
|
# global config in those files and virtual hosts).
|
|
#
|
|
# 2. Define provider in the virtual host definition:
|
|
#
|
|
# <IfModule mod_authnz_external.c>
|
|
# AddExternalAuth phabricator /path/to/auth_provider.php
|
|
# SetExternalAuthMethod phabricator pipe
|
|
# </IfModule>
|
|
#
|
|
# This method allowed to use this auth provider for SVN DAV.
|
|
|
|
$IS_DEBUG = false;
|
|
$PHABRICATOR_ROOT = dirname(dirname(dirname(__FILE__)));
|
|
require_once $PHABRICATOR_ROOT.'/scripts/__init_script__.php';
|
|
|
|
function initLogging() {
|
|
global $IS_DEBUG;
|
|
global $argv;
|
|
for ($i = 1; $i < count($argv); ++$i) {
|
|
if ($argv[$i] == '--debug') {
|
|
$IS_DEBUG = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
function debugLog(string $text) {
|
|
global $IS_DEBUG;
|
|
if (!$IS_DEBUG) {
|
|
return;
|
|
}
|
|
print("${text}\n");
|
|
}
|
|
|
|
function removeSingleTrailingNewline(string $string) {
|
|
if ($string === '') {
|
|
return $string;
|
|
}
|
|
$length = strlen($string);
|
|
if ($string[$length - 1] == "\n") {
|
|
return substr($string, 0, -1);
|
|
}
|
|
return $string;
|
|
}
|
|
|
|
class AuthRequest {
|
|
public $user_name;
|
|
public $password;
|
|
|
|
static function fromStdin() {
|
|
$auth_request = new AuthRequest();
|
|
$stdin = fopen('php://stdin', 'r');
|
|
$auth_request->user_name = removeSingleTrailingNewline(fgets($stdin));
|
|
$auth_request->password = removeSingleTrailingNewline(fgets($stdin));
|
|
return $auth_request;
|
|
}
|
|
};
|
|
|
|
function getUserForAuthRequest(AuthRequest $auth_request) {
|
|
if ($auth_request->user_name === '') {
|
|
return null;
|
|
}
|
|
|
|
$username_or_email = $auth_request->user_name;
|
|
|
|
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
'username = %s',
|
|
$username_or_email);
|
|
|
|
if (!$user) {
|
|
$user = PhabricatorUser::loadOneWithEmailAddress(
|
|
$username_or_email);
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
function createContentSourceForAuth() {
|
|
return PhabricatorContentSource::newForSource(
|
|
PhabricatorUnitTestContentSource::SOURCECONST);
|
|
}
|
|
|
|
function isValidAuth(AuthRequest $auth_request) {
|
|
debugLog("Begin authentification check for user '$auth_request->user_name'");
|
|
$user = getUserForAuthRequest($auth_request);
|
|
if (!$user) {
|
|
debugLog("No PhabricatorUser() object found for requested user.");
|
|
return false;
|
|
}
|
|
|
|
$content_source = createContentSourceForAuth();
|
|
$envelope = new PhutilOpaqueEnvelope($auth_request->password);
|
|
|
|
$engine = id(new PhabricatorAuthPasswordEngine())
|
|
->setViewer($user)
|
|
->setContentSource($content_source)
|
|
->setPasswordType(PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT)
|
|
->setObject($user);
|
|
|
|
if (!$engine->isValidPassword($envelope)) {
|
|
debugLog('Engine reported invalid password.');
|
|
return false;
|
|
}
|
|
|
|
debugLog('Authentirfication passed.');
|
|
|
|
return true;
|
|
}
|
|
|
|
function main() {
|
|
initLogging();
|
|
$auth_request = AuthRequest::fromStdin();
|
|
if (!isValidAuth($auth_request)) {
|
|
exit(1);
|
|
}
|
|
exit(0);
|
|
}
|
|
|
|
main();
|
|
?>
|