MultiAuth
extends AbstractBase
in package
MultiAuth Authentication plugin
This module enables chaining of multiple authentication plugins. Authentication plugins are executed in order, and the first successful authentication is returned with the rest ignored. The last error message is used to be returned to the calling function.
The plugin works by being defined as the authentication handler for the system and then defining its own order for plugins. For example, you could edit config.ini like this:
[Authentication] method = MultiAuth
[MultiAuth] method_order = "ILS,LDAP" filters = "username:strtoupper,username:trim,password:trim"
This example uses a combination of ILS and LDAP authentication, checking the ILS first and then failing over to LDAP.
The filters follow the format fieldname:PHP string function, where fieldname is either "username" or "password." In the example, we uppercase the username and trim the username and password fields. This is done to enable common filtering before handing off to the authentication handlers.
Tags
Table of Contents
- $config : Config
- Configuration settings
- $configValidated : bool
- Has the configuration been validated?
- $dbServiceManager : PluginManager
- Database service plugin manager
- $filters : array<string|int, mixed>
- Filter configuration for credentials
- $manager : PluginManager
- Plugin manager for obtaining other authentication objects
- $methods : array<string|int, mixed>
- Authentication methods to try
- $password : string
- Password input
- $translator : TranslatorInterface
- Translator
- $username : string
- Username input
- $userSetterMap : mixed
- Map of database column name to setter method for UserEntityInterface objects.
- authenticate() : UserEntityInterface
- Attempt to authenticate the current user. Throws exception if login fails.
- create() : UserEntityInterface
- Create a new user account from the request.
- getConfig() : Config
- Get configuration (load automatically if not previously set). Throw an exception if the configuration is invalid.
- getDbService() : T
- Get a database service object.
- getDbServiceManager() : PluginManager
- Get the service plugin manager. Throw an exception if it is missing.
- getDelegateAuthMethod() : string|bool
- Returns any authentication method this request should be delegated to.
- getPasswordPolicy() : array<string|int, mixed>
- Get password policy for a new password (e.g. minLength, maxLength)
- getPluginManager() : PluginManager
- Get the manager for loading other authentication plugins.
- getPolicyConfig() : array<string|int, mixed>
- Get a policy configuration
- getSessionInitiator() : bool|string
- Get the URL to establish a session (needed when the internal VuFind login form is inadequate). Returns false when no session initiator is needed.
- getTranslator() : TranslatorInterface
- Get translator object.
- getTranslatorLocale() : string
- Get the locale from the translator.
- getUsernamePolicy() : array<string|int, mixed>
- Get username policy for a new account (e.g. minLength, maxLength)
- getUserService() : UserServiceInterface
- Get access to the user table.
- isExpired() : bool
- Has the user's login expired?
- logout() : string
- Perform cleanup at logout time.
- needsCsrfCheck() : bool
- Whether this authentication method needs CSRF checking for the request.
- preLoginCheck() : void
- Inspect the user's request prior to processing a login request; this is essentially an event hook which most auth modules can ignore. See ChoiceAuth for a use case example.
- resetState() : void
- Reset any internal status; this is essentially an event hook which most auth modules can ignore. See ChoiceAuth for a use case example.
- setConfig() : void
- Set configuration; throw an exception if it is invalid.
- setDbServiceManager() : void
- Set the service plugin manager.
- setPluginManager() : void
- Set the manager for loading other authentication plugins.
- setTranslator() : TranslatorAwareInterface
- Set a translator
- supportsConnectingLibraryCard() : bool
- Does this authentication method support connecting library card of currently authenticated user?
- supportsCreation() : bool
- Does this authentication method support account creation?
- supportsPasswordChange() : bool
- Does this authentication method support password changing
- supportsPasswordRecovery() : bool
- Does this authentication method support password recovery
- translate() : string
- Translate a string (or string-castable object)
- translateWithPrefix() : string
- Translate a string (or string-castable object) using a prefix, or without the prefix if a prefixed translation is not found.
- updatePassword() : UserEntityInterface
- Update a user's password from the request.
- validateCredentials() : bool
- Validate the credentials in the provided request, but do not change the state of the current logged-in user. Return true for valid credentials, false otherwise.
- authUser() : UserEntityInterface
- Do the actual work of authenticating the user (support method for authenticate()).
- debug() : void
- Log a debug message.
- extractTextDomain() : array<string|int, mixed>
- Given a translation string with or without a text domain, return an array with the raw string and the text domain separated.
- filterCredentials() : void
- Load credentials into the object and apply internal filter settings to them.
- getCannedPolicyHint() : string|null
- Return a canned username or password policy hint when available
- getDebugTranslation() : string
- Build a debug-mode translation
- getOrCreateUserByUsername() : UserEntityInterface
- Look up a user by username; create a new entity if no match is found.
- log() : void
- Send a message to the logger.
- logError() : void
- Log an error message.
- logWarning() : void
- Log a warning message.
- sanitizeTranslationKey() : string
- Make sure there are not any illegal characters in the translation key that might prevent successful lookup in language files.
- setUserValueByField() : void
- Set a value in a UserEntityObject using a field name.
- translateString() : string
- Get translation for a string
- validateConfig() : void
- Validate configuration parameters. This is a support method for getConfig(), so the configuration MUST be accessed using $this->config; do not call $this->getConfig() from within this method!
- validatePasswordAgainstPolicy() : void
- Verify that a password fulfills the password policy. Throws exception if the password is invalid.
- validateStringAgainstPolicy() : void
- Verify that a username or password fulfills the given policy. Throws exception if the string is invalid.
- validateUsernameAgainstPolicy() : void
- Verify that a username fulfills the username policy. Throws exception if the username is invalid.
Properties
$config
Configuration settings
protected
Config
$config
= null
$configValidated
Has the configuration been validated?
protected
bool
$configValidated
= false
$dbServiceManager
Database service plugin manager
protected
PluginManager
$dbServiceManager
$filters
Filter configuration for credentials
protected
array<string|int, mixed>
$filters
= []
$manager
Plugin manager for obtaining other authentication objects
protected
PluginManager
$manager
$methods
Authentication methods to try
protected
array<string|int, mixed>
$methods
= []
$password
Password input
protected
string
$password
$translator
Translator
protected
TranslatorInterface
$translator
= null
$username
Username input
protected
string
$username
$userSetterMap
Map of database column name to setter method for UserEntityInterface objects.
protected
mixed
$userSetterMap
= ['cat_username' => 'setCatUsername', 'college' => 'setCollege', 'email' => 'setEmail', 'firstname' => 'setFirstname', 'lastname' => 'setLastname', 'home_library' => 'setHomeLibrary', 'major' => 'setMajor']
Methods
authenticate()
Attempt to authenticate the current user. Throws exception if login fails.
public
authenticate(Request $request) : UserEntityInterface
Parameters
- $request : Request
-
Request object containing account credentials.
Tags
Return values
UserEntityInterface —Object representing logged-in user.
create()
Create a new user account from the request.
public
create(Request $request) : UserEntityInterface
Parameters
- $request : Request
-
Request object containing new account details.
Tags
Return values
UserEntityInterface —New user entity.
getConfig()
Get configuration (load automatically if not previously set). Throw an exception if the configuration is invalid.
public
getConfig() : Config
Tags
Return values
Config —getDbService()
Get a database service object.
public
getDbService(class-string<\VuFind\Db\Service\T> $name) : T
Parameters
- $name : class-string<\VuFind\Db\Service\T>
-
Name of service to retrieve
Tags
Return values
T —getDbServiceManager()
Get the service plugin manager. Throw an exception if it is missing.
public
getDbServiceManager() : PluginManager
Tags
Return values
PluginManager —getDelegateAuthMethod()
Returns any authentication method this request should be delegated to.
public
getDelegateAuthMethod(Request $request) : string|bool
Parameters
- $request : Request
-
Request object.
Tags
Return values
string|bool —getPasswordPolicy()
Get password policy for a new password (e.g. minLength, maxLength)
public
getPasswordPolicy() : array<string|int, mixed>
Return values
array<string|int, mixed> —getPluginManager()
Get the manager for loading other authentication plugins.
public
getPluginManager() : PluginManager
Tags
Return values
PluginManager —getPolicyConfig()
Get a policy configuration
public
getPolicyConfig(string $type) : array<string|int, mixed>
Parameters
- $type : string
-
Policy type (password or username)
Return values
array<string|int, mixed> —getSessionInitiator()
Get the URL to establish a session (needed when the internal VuFind login form is inadequate). Returns false when no session initiator is needed.
public
getSessionInitiator(string $target) : bool|string
Parameters
- $target : string
-
Full URL where external authentication method should send user after login (some drivers may override this).
Tags
Return values
bool|string —getTranslator()
Get translator object.
public
getTranslator() : TranslatorInterface
Return values
TranslatorInterface —getTranslatorLocale()
Get the locale from the translator.
public
getTranslatorLocale([string $default = 'en' ]) : string
Parameters
- $default : string = 'en'
-
Default to use if translator absent.
Return values
string —getUsernamePolicy()
Get username policy for a new account (e.g. minLength, maxLength)
public
getUsernamePolicy() : array<string|int, mixed>
Return values
array<string|int, mixed> —getUserService()
Get access to the user table.
public
getUserService() : UserServiceInterface
Return values
UserServiceInterface —isExpired()
Has the user's login expired?
public
isExpired() : bool
Return values
bool —logout()
Perform cleanup at logout time.
public
logout(string $url) : string
Parameters
- $url : string
-
URL to redirect user to after logging out.
Return values
string —Redirect URL (usually same as $url, but modified in some authentication modules).
needsCsrfCheck()
Whether this authentication method needs CSRF checking for the request.
public
needsCsrfCheck(Request $request) : bool
Parameters
- $request : Request
-
Request object.
Tags
Return values
bool —preLoginCheck()
Inspect the user's request prior to processing a login request; this is essentially an event hook which most auth modules can ignore. See ChoiceAuth for a use case example.
public
preLoginCheck(Request $request) : void
Parameters
- $request : Request
-
Request object.
Tags
Return values
void —resetState()
Reset any internal status; this is essentially an event hook which most auth modules can ignore. See ChoiceAuth for a use case example.
public
resetState() : void
Return values
void —setConfig()
Set configuration; throw an exception if it is invalid.
public
setConfig(Config $config) : void
Parameters
- $config : Config
-
Configuration to set
Tags
Return values
void —setDbServiceManager()
Set the service plugin manager.
public
setDbServiceManager(PluginManager $manager) : void
Parameters
- $manager : PluginManager
-
Plugin manager
Return values
void —setPluginManager()
Set the manager for loading other authentication plugins.
public
setPluginManager(PluginManager $manager) : void
Parameters
- $manager : PluginManager
-
Plugin manager
Return values
void —setTranslator()
Set a translator
public
setTranslator(TranslatorInterface $translator) : TranslatorAwareInterface
Parameters
- $translator : TranslatorInterface
-
Translator
Return values
TranslatorAwareInterface —supportsConnectingLibraryCard()
Does this authentication method support connecting library card of currently authenticated user?
public
supportsConnectingLibraryCard() : bool
Return values
bool —supportsCreation()
Does this authentication method support account creation?
public
supportsCreation() : bool
Return values
bool —supportsPasswordChange()
Does this authentication method support password changing
public
supportsPasswordChange() : bool
Return values
bool —supportsPasswordRecovery()
Does this authentication method support password recovery
public
supportsPasswordRecovery() : bool
Return values
bool —translate()
Translate a string (or string-castable object)
public
translate(string|object|array<string|int, mixed> $target[, array<string|int, mixed> $tokens = [] ][, string $default = null ][, bool $useIcuFormatter = false ][, array<string|int, string> $fallbackDomains = [] ]) : string
Parameters
- $target : string|object|array<string|int, mixed>
-
String to translate or an array of text domain and string to translate
- $tokens : array<string|int, mixed> = []
-
Tokens to inject into the translated string
- $default : string = null
-
Default value to use if no translation is found (null for no default).
- $useIcuFormatter : bool = false
-
Should we use an ICU message formatter instead of the default behavior?
- $fallbackDomains : array<string|int, string> = []
-
Text domains to check if no match is found in the domain specified in $target
Return values
string —translateWithPrefix()
Translate a string (or string-castable object) using a prefix, or without the prefix if a prefixed translation is not found.
public
translateWithPrefix(string $prefix, string|object|array<string|int, mixed> $target[, array<string|int, mixed> $tokens = [] ][, string $default = null ][, bool $useIcuFormatter = false ][, array<string|int, string> $fallbackDomains = [] ]) : string
Parameters
- $prefix : string
-
Translation key prefix
- $target : string|object|array<string|int, mixed>
-
String to translate or an array of text domain and string to translate
- $tokens : array<string|int, mixed> = []
-
Tokens to inject into the translated string
- $default : string = null
-
Default value to use if no translation is found (null for no default).
- $useIcuFormatter : bool = false
-
Should we use an ICU message formatter instead of the default behavior?
- $fallbackDomains : array<string|int, string> = []
-
Text domains to check if no match is found in the domain specified in $target
Return values
string —updatePassword()
Update a user's password from the request.
public
updatePassword(Request $request) : UserEntityInterface
Parameters
- $request : Request
-
Request object containing new account details.
Tags
Return values
UserEntityInterface —Updated user entity.
validateCredentials()
Validate the credentials in the provided request, but do not change the state of the current logged-in user. Return true for valid credentials, false otherwise.
public
validateCredentials(Request $request) : bool
Parameters
- $request : Request
-
Request object containing account credentials.
Tags
Return values
bool —authUser()
Do the actual work of authenticating the user (support method for authenticate()).
protected
authUser(Request $request) : UserEntityInterface
Parameters
- $request : Request
-
Request object containing account credentials.
Tags
Return values
UserEntityInterface —Object representing logged-in user.
debug()
Log a debug message.
protected
debug(string $msg[, array<string|int, mixed> $context = [] ][, bool $prependClass = true ]) : void
Parameters
- $msg : string
-
Log message
- $context : array<string|int, mixed> = []
-
Log context
- $prependClass : bool = true
-
Prepend class name to message?
Return values
void —extractTextDomain()
Given a translation string with or without a text domain, return an array with the raw string and the text domain separated.
protected
extractTextDomain(string|object|array<string|int, mixed> $target) : array<string|int, mixed>
Parameters
- $target : string|object|array<string|int, mixed>
-
String to translate or an array of text domain and string to translate
Return values
array<string|int, mixed> —filterCredentials()
Load credentials into the object and apply internal filter settings to them.
protected
filterCredentials(Request $request) : void
Parameters
- $request : Request
-
Request object containing account credentials.
Return values
void —getCannedPolicyHint()
Return a canned username or password policy hint when available
protected
getCannedPolicyHint(string $type, string|null $pattern) : string|null
Parameters
- $type : string
-
Policy type (password or username)
- $pattern : string|null
-
Current policy pattern
Return values
string|null —getDebugTranslation()
Build a debug-mode translation
protected
getDebugTranslation(string $domain, string $str, array<string|int, mixed> $tokens) : string
Parameters
- $domain : string
-
Text domain
- $str : string
-
String to translate
- $tokens : array<string|int, mixed>
-
Tokens to inject into the translated string
Return values
string —getOrCreateUserByUsername()
Look up a user by username; create a new entity if no match is found.
protected
getOrCreateUserByUsername(string $username) : UserEntityInterface
Parameters
- $username : string
-
Username
Tags
Return values
UserEntityInterface —log()
Send a message to the logger.
protected
log(string $level, string $message[, array<string|int, mixed> $context = [] ][, bool $prependClass = false ]) : void
Parameters
- $level : string
-
Log level
- $message : string
-
Log message
- $context : array<string|int, mixed> = []
-
Log context
- $prependClass : bool = false
-
Prepend class name to message?
Return values
void —logError()
Log an error message.
protected
logError(string $msg[, array<string|int, mixed> $context = [] ][, bool $prependClass = true ]) : void
Parameters
- $msg : string
-
Log message
- $context : array<string|int, mixed> = []
-
Log context
- $prependClass : bool = true
-
Prepend class name to message?
Return values
void —logWarning()
Log a warning message.
protected
logWarning(string $msg[, array<string|int, mixed> $context = [] ][, bool $prependClass = true ]) : void
Parameters
- $msg : string
-
Log message
- $context : array<string|int, mixed> = []
-
Log context
- $prependClass : bool = true
-
Prepend class name to message?
Return values
void —sanitizeTranslationKey()
Make sure there are not any illegal characters in the translation key that might prevent successful lookup in language files.
protected
sanitizeTranslationKey(string $key) : string
Parameters
- $key : string
-
Key to sanitize
Return values
string —Sanitized key
setUserValueByField()
Set a value in a UserEntityObject using a field name.
protected
setUserValueByField(UserEntityInterface $user, string $field, mixed $value) : void
Parameters
- $user : UserEntityInterface
-
User to update
- $field : string
-
Field name being updated
- $value : mixed
-
New value to set
Tags
Return values
void —translateString()
Get translation for a string
protected
translateString(string $rawStr[, array<string|int, mixed> $tokens = [] ][, string $default = null ][, string $domain = 'default' ][, bool $useIcuFormatter = false ]) : string
Parameters
- $rawStr : string
-
String to translate
- $tokens : array<string|int, mixed> = []
-
Tokens to inject into the translated string
- $default : string = null
-
Default value to use if no translation is found (null for no default).
- $domain : string = 'default'
-
Text domain (omit for default)
- $useIcuFormatter : bool = false
-
Should we use an ICU message formatter instead of the default behavior?
Return values
string —validateConfig()
Validate configuration parameters. This is a support method for getConfig(), so the configuration MUST be accessed using $this->config; do not call $this->getConfig() from within this method!
protected
validateConfig() : void
Tags
Return values
void —validatePasswordAgainstPolicy()
Verify that a password fulfills the password policy. Throws exception if the password is invalid.
protected
validatePasswordAgainstPolicy(string $password) : void
Parameters
- $password : string
-
Password to verify
Tags
Return values
void —validateStringAgainstPolicy()
Verify that a username or password fulfills the given policy. Throws exception if the string is invalid.
protected
validateStringAgainstPolicy(string $type, array<string|int, mixed> $policy, string $string) : void
Parameters
- $type : string
-
Policy type (password or username)
- $policy : array<string|int, mixed>
-
Policy configuration
- $string : string
-
String to verify
Tags
Return values
void —validateUsernameAgainstPolicy()
Verify that a username fulfills the username policy. Throws exception if the username is invalid.
protected
validateUsernameAgainstPolicy(string $username) : void
Parameters
- $username : string
-
Password to verify