Commit 5673c54d authored by Tim Steiner's avatar Tim Steiner
Browse files

Adding IpWhitelist Zend_Auth_Adapter and Zend_Controller_Plugin

parent 3f887e03
<?php
/**
* A Zend_Auth_Adapter that will authenticate users based on a whitelist of IP Addresses.
* The whitelist is an array where each key is an IP addres and each value is a username.
* @author tsteiner
*
*/
class Unl_Auth_Adapter_IpWhitelist implements Zend_Auth_Adapter_Interface
{
/**
* An array of whitelisted IP addresses.
* @var array
*/
protected $_whitelist = array();
/**
* The client's IP Address.
* @var string
*/
protected $_clientIp;
/**
* @param array $whitelist
*/
public function __construct($whitelist = array())
{
$this->setWhitelist($whitelist);
}
/**
* Sets the whitelist to the supplied array.
* @param array $whitelist
* @throws Zend_Exception
*/
public function setWhitelist($whitelist)
{
if (!is_array($whitelist)) {
throw new Zend_Exception('Whitelist is not an array!');
}
$this->_whitelist = array();
foreach ($whitelist as $ipAddress => $username) {
$this->addToWhitelist($ipAddress, $username);
}
}
/**
* Register an IP address to a user.
* @param string $ipAddress
* @param srting $username
* @throws Zend_Exception
*/
public function addToWhitelist($ipAddress, $username)
{
if (!Zend_Validate::is($ipAddress, 'Ip')) {
throw new Zend_Exception('The entry "' . $ipAddress . '" is not an IP address!');
}
$this->_whitelist[$ipAddress] = $username;
}
public function getClientIpAddress()
{
if (!$this->_clientIp) {
$request = Zend_Controller_Front::getInstance()->getRequest();
if ($request instanceof Zend_Controller_Request_Http) {
$this->_clientIp = $request->getClientIp();
} else if (isset($_SERVER['REMOTE_ADDR'])) {
$this->_clientIp = $_SERVER['REMOTE_ADDR'];
} else {
throw new Zend_Exception('Could not determine client IP address');
}
}
return $this->_clientIp;
}
public function setClientIpAddress($ipAddress)
{
if (!Zend_Validate::is($ipAddress, 'Ip')) {
throw new Zend_Exception('"' . $ipAddress . '" is not an IP address!');
}
$this->_clientIp = $ipAddress;
}
public function authenticate()
{
foreach ($this->_whitelist as $ipAddress => $username) {
if ($this->getClientIpAddress() == $ipAddress) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $username, array('Authentication successful.'));
}
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, NULL, array('Client IP address not on whitelist.'));
}
}
\ No newline at end of file
...@@ -2,8 +2,9 @@ ...@@ -2,8 +2,9 @@
/** /**
* A Zend Controller Plugin that facilitates using transparent CAS authentication. * A Zend Controller Plugin that facilitates using transparent CAS authentication.
*
* To enable this module, add the following lines to your application.ini: * To enable this module, add the following lines to your application.ini:
* resources.frontController.plugins[] = Unl_Controller_Plugin_Authenticate * resources.frontController.plugins[] = Unl_Controller_Plugin_Auth_Cas
* unl.cas.controller = <name of the controller that extends Unl_Controller_Action_Authenticate> * unl.cas.controller = <name of the controller that extends Unl_Controller_Action_Authenticate>
* *
* @author tsteiner * @author tsteiner
......
<?php
/**
* A Zend Controller Plugin that facilitates using transparent IP Whitelist authentication.
*
* To enable this module, add the following line to your application.ini:
* resources.frontController.plugins[] = Unl_Controller_Plugin_Auth_IpWhitelist
*
* and the optional configuration lines:
* unl.ipWhitelist.table = <name of the database table that contains the whitelist>
* unl.ipWhitelist.column.ipAddress = <name of the column that contains the IP address>
* unl.ipWhitelist.column.username = <name of the column that contains the username>
*
* @author tsteiner
*
*/
class Unl_Controller_Plugin_Auth_IpWhitelist extends Zend_Controller_Plugin_Abstract
{
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
// If a user is already logged in, don't try to re-auth.
if (Zend_Auth::getInstance()->hasIdentity()) {
return;
}
// Get the database adapter and options from the bootstrap.
$bootstrap = Zend_Controller_Front::getInstance()->getParam('bootstrap');
$db = $bootstrap->getResource('db');
$options = $bootstrap->getOptions();
$options = isset($options['unl']['ipWhitelist']) ? $options['unl']['ipWhitelist'] : array();
$table = isset($options['table']) ? $options['table'] : 'ip_whitelist';
$ipAddressColumn = isset($options['columns']['ipAddress']) ? $options['columns']['ipAddress'] : 'ip_address';
$usernameColumn = isset($options['columns']['username']) ? $options['columns']['username'] : 'username';
// Not configured. Don't do anything.
if (!$db instanceof Zend_Db_Adapter_Abstract) {
throw new Zend_Exception('A database resource must be defined to use the IP Whitelist transparent authentication.');
}
// Query the database for the whitelist.
$select = $db->select();
$select->from($table, array($ipAddressColumn, $usernameColumn));
$whitelistData = $db->fetchAll($select);
// Initialize the whitelist auth adapter
$whitelistAdapter = new Unl_Auth_Adapter_IpWhitelist();
foreach ($whitelistData as $row) {
$whitelistAdapter->addToWhitelist($row[$ipAddressColumn], $row[$usernameColumn]);
}
// Attempt authentication.
Zend_Auth::getInstance()->authenticate($whitelistAdapter);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment