Adding IpWhitelist Zend_Auth_Adapter and Zend_Controller_Plugin

5673c54d · Tim Steiner · 3f887e03 · 5673c54d · 5673c54d · 5673c54d
Commit 5673c54d authored Dec 21, 2011 by Tim Steiner
--- a/library/Unl/Auth/Adapter/IpWhitelist.php
+++ b/library/Unl/Auth/Adapter/IpWhitelist.php
+<?php
+
+/**
+ * A Zend_Auth_Adapter that will authenticate users based on a whitelist of IP Addresses.
+ * The whitelist is an array where each key is an IP addres and each value is a username.
+ * @author tsteiner
+ *
+ */
+class Unl_Auth_Adapter_IpWhitelist implements Zend_Auth_Adapter_Interface
+{
+	/**
+	 * An array of whitelisted IP addresses.
+	 * @var array
+	 */
+	protected $_whitelist = array();
+	
+	/**
+	 * The client's IP Address.
+	 * @var string
+	 */
+	protected $_clientIp;
+	
+	/**
+	 * @param array $whitelist
+	 */
+	public function __construct($whitelist = array())
+	{
+		$this->setWhitelist($whitelist);
+	}
+	
+	/**
+	 * Sets the whitelist to the supplied array.
+	 * @param array $whitelist
+	 * @throws Zend_Exception
+	 */
+	public function setWhitelist($whitelist)
+	{
+		if (!is_array($whitelist)) {
+			throw new Zend_Exception('Whitelist is not an array!');
+		}
+		$this->_whitelist = array();
+		foreach ($whitelist as $ipAddress => $username) {
+			$this->addToWhitelist($ipAddress, $username);
+		}
+	}
+	
+	/**
+	 * Register an IP address to a user.
+	 * @param string $ipAddress
+	 * @param srting $username
+	 * @throws Zend_Exception
+	 */
+	public function addToWhitelist($ipAddress, $username)
+	{
+		if (!Zend_Validate::is($ipAddress, 'Ip')) {
+			throw new Zend_Exception('The entry "' . $ipAddress . '" is not an IP address!');
+		}
+		$this->_whitelist[$ipAddress] = $username;
+	}
+	
+	public function getClientIpAddress()
+	{
+		if (!$this->_clientIp) {
+			$request = Zend_Controller_Front::getInstance()->getRequest();
+			if ($request instanceof Zend_Controller_Request_Http) {
+				$this->_clientIp = $request->getClientIp();
+			} else if (isset($_SERVER['REMOTE_ADDR'])) {
+				$this->_clientIp = $_SERVER['REMOTE_ADDR'];
+			} else {
+				throw new Zend_Exception('Could not determine client IP address');
+			}
+		}
+		return $this->_clientIp;
+	}
+	
+	public function setClientIpAddress($ipAddress)
+	{
+		if (!Zend_Validate::is($ipAddress, 'Ip')) {
+			throw new Zend_Exception('"' . $ipAddress . '" is not an IP address!');
+		}
+		$this->_clientIp = $ipAddress;
+	}
+	
+	public function authenticate()
+	{
+		foreach ($this->_whitelist as $ipAddress => $username) {
+			if ($this->getClientIpAddress() == $ipAddress) {
+				return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $username, array('Authentication successful.'));
+			}
+		}
+		
+		return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, NULL, array('Client IP address not on whitelist.'));
+	}
+}
\ No newline at end of file
--- a/library/Unl/Controller/Plugin/Auth/Cas.php
+++ b/library/Unl/Controller/Plugin/Auth/Cas.php
@@ -2,8 +2,9 @@

 /**
 * A Zend Controller Plugin that facilitates using transparent CAS authentication.
+ * 
 * To enable this module, add the following lines to your application.ini:
- * resources.frontController.plugins[] = Unl_Controller_Plugin_Authenticate
+ * resources.frontController.plugins[] = Unl_Controller_Plugin_Auth_Cas
 * unl.cas.controller = <name of the controller that extends Unl_Controller_Action_Authenticate>
 * 
 * @author tsteiner

--- a/library/Unl/Controller/Plugin/Auth/IpWhitelist.php
+++ b/library/Unl/Controller/Plugin/Auth/IpWhitelist.php
+<?php
+
+/**
+ * A Zend Controller Plugin that facilitates using transparent IP Whitelist authentication.
+ * 
+ * To enable this module, add the following line to your application.ini:
+ * resources.frontController.plugins[] = Unl_Controller_Plugin_Auth_IpWhitelist
+ * 
+ * and the optional configuration lines:
+ * unl.ipWhitelist.table = <name of the database table that contains the whitelist>
+ * unl.ipWhitelist.column.ipAddress = <name of the column that contains the IP address>
+ * unl.ipWhitelist.column.username = <name of the column that contains the username>
+ *
+ * @author tsteiner
+ *
+ */
+class Unl_Controller_Plugin_Auth_IpWhitelist extends Zend_Controller_Plugin_Abstract
+{
+    public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
+    {
+        // If a user is already logged in, don't try to re-auth.
+        if (Zend_Auth::getInstance()->hasIdentity()) {
+            return;
+        }
+        
+        // Get the database adapter and options from the bootstrap.
+        $bootstrap = Zend_Controller_Front::getInstance()->getParam('bootstrap');
+        $db = $bootstrap->getResource('db');
+        $options = $bootstrap->getOptions();
+        $options = isset($options['unl']['ipWhitelist']) ? $options['unl']['ipWhitelist'] : array();
+        $table           = isset($options['table']) ? $options['table'] : 'ip_whitelist';
+        $ipAddressColumn = isset($options['columns']['ipAddress']) ? $options['columns']['ipAddress'] : 'ip_address';
+        $usernameColumn  = isset($options['columns']['username']) ? $options['columns']['username'] : 'username';
+        
+        // Not configured.  Don't do anything.
+        if (!$db instanceof Zend_Db_Adapter_Abstract) {
+            throw new Zend_Exception('A database resource must be defined to use the IP Whitelist transparent authentication.');
+        }
+        
+        // Query the database for the whitelist.
+        $select = $db->select();
+        $select->from($table, array($ipAddressColumn, $usernameColumn));
+        $whitelistData = $db->fetchAll($select);
+        
+        // Initialize the whitelist auth adapter
+        $whitelistAdapter = new Unl_Auth_Adapter_IpWhitelist();
+        foreach ($whitelistData as $row) {
+            $whitelistAdapter->addToWhitelist($row[$ipAddressColumn], $row[$usernameColumn]);
+        }
+        
+        // Attempt authentication.
+        Zend_Auth::getInstance()->authenticate($whitelistAdapter);
+    }
+}