[mms] Add 'fallback' option for the Horde_Registry#appInit() 'authent…

…ication' parameter.
horde · Oct 29, 2013 · 0038663 · 0038663
1 parent 3a263b8
commit 0038663
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 11 deletions.
diff --git a/framework/Core/lib/Horde/Core/Ajax/Application.php b/framework/Core/lib/Horde/Core/Ajax/Application.php
@@ -72,7 +72,7 @@ abstract class Horde_Core_Ajax_Application
     public function __construct($app, Horde_Variables $vars, $action = null,
                                 $token = null)
     {
-        global $session;
+        global $registry, $session;
 
         $this->_app = $app;
         $this->_vars = $vars;
@@ -82,12 +82,15 @@ public function __construct($app, Horde_Variables $vars, $action = null,
 
         $ob = $this->_getHandler();
 
-        /* Check token. */
+        /* Check authentication/token. */
         if ($ob && !$ob->external($action)) {
+            if (!$registry->currentProcessAuth()) {
+                throw new Horde_Exception('Accessing AJAX action without being authenticated.');
+            }
             $session->checkToken($token);
         }
 
-        /* Check for session regnerateion request. */
+        /* Check for session regneration request. */
         if ($vars->regenerate_sid) {
             $session->regenerate();
             if (SID) {

diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php
@@ -143,6 +143,7 @@ class Horde_Registry implements Horde_Shutdown_Task
      * Page compression will be started (if configured).
      *
      * Global variables defined:
+     * <pre>
      *   - $browser: Horde_Browser object
      *   - $cli: Horde_Cli object (if 'cli' is true)
      *   - $conf: Configuration array
@@ -153,13 +154,17 @@ class Horde_Registry implements Horde_Shutdown_Task
      *   - $prefs: Horde_Prefs object
      *   - $registry: Horde_Registry object
      *   - $session: Horde_Session object
+     * </pre>
      *
      * @param string $app  The application to initialize.
      * @param array $args  Optional arguments:
+     * <pre>
      *   - admin: (boolean) Require authenticated user to be an admin?
      *            DEFAULT: false
      *   - authentication: (string) The type of authentication to use:
      *     - none: Do not authenticate
+     *     - fallback: Attempt to authenticate; if failure, then don't auth
+     *                 (@since 2.11.0).
      *     - [DEFAULT]: Authenticate; on no auth redirect to login screen
      *   - cli: (boolean) Initialize a CLI interface. Setting this to true
      *          implicits setting 'authentication' to 'none' and 'admin' and
@@ -189,6 +194,7 @@ class Horde_Registry implements Horde_Shutdown_Task
      *               DEFAULT: false
      *   - user_admin: (boolean) Set authentication to an admin user?
      *                 DEFAULT: false
+     * </pre>
      *
      * @return Horde_Registry_Application  The application object.
      * @throws Horde_Exception
@@ -227,6 +233,14 @@ static public function appInit($app, array $args = array())
             $args['authentication'] = 'none';
         }
 
+        // For 'fallback' authentication, try authentication first.
+        if ($args['authentication'] === 'fallback') {
+            $fallback_auth = true;
+            $args['authentication'] = '';
+        } else {
+            $fallback_auth = false;
+        }
+
         // Registry.
         $s_ctrl = 0;
         switch ($args['session_control']) {
@@ -267,6 +281,11 @@ static public function appInit($app, array $args = array())
                 throw new Horde_Exception(Horde_Core_Translation::t("Not an admin"));
             }
         } catch (Horde_Exception_PushApp $e) {
+            if ($fallback_auth) {
+                $args['authentication'] = 'none';
+                return self::appInit($app, $args);
+            }
+
             $appob->appInitFailure($e);
 
             switch ($e->getCode()) {
@@ -937,7 +956,7 @@ public function isInactive($app)
                 (($this->applications[$app]['status'] == 'admin') &&
                  !$this->isAdmin()) ||
                 (($this->applications[$app]['status'] == 'noadmin') &&
-                 $this->_args['authentication'] != 'none' &&
+                 $this->currentProcessAuth() &&
                  $this->isAdmin()));
     }
 
@@ -1109,7 +1128,7 @@ public function callByPackage($app, $call, array $args = array(),
          * including any files which might do it for us. Return an
          * error immediately if pushApp() fails. */
         $pushed = $this->pushApp($app, array(
-            'check_perms' => !in_array($call, $api_ob->noPerms()) && empty($options['noperms']) && $this->_args['authentication'] != 'none'
+            'check_perms' => !in_array($call, $api_ob->noPerms()) && empty($options['noperms']) && $this->currentProcessAuth()
         ));
 
         try {
@@ -1174,7 +1193,7 @@ public function callAppMethod($app, $call, array $options = array())
          * including any files which might do it for us. Return an
          * error immediately if pushApp() fails. */
         $pushed = $this->pushApp($app, array(
-            'check_perms' => empty($options['noperms']) && $this->_args['authentication'] != 'none'
+            'check_perms' => empty($options['noperms']) && $this->currentProcessAuth()
         ));
 
         try {
@@ -1502,7 +1521,7 @@ public function pushApp($app, array $options = array())
 
         $checkPerms = ((!isset($options['check_perms']) ||
                        !empty($options['check_perms'])) &&
-                       ($this->_args['authentication'] != 'none'));
+                       $this->currentProcessAuth());
 
         /* If permissions checking is requested, return an error if the
          * current user does not have read perms to the application being
@@ -2174,6 +2193,18 @@ public function isAuthenticated(array $options = array())
         }
     }
 
+    /**
+     * Checks whether this process required authentication.
+     *
+     * @since 2.11.0
+     *
+     * @return boolean  True if the current process required authentication.
+     */
+    public function currentProcessAuth()
+    {
+        return ($this->_args['authentication'] !== 'none');
+    }
+
     /**
      * Returns a URL to the login screen, adding the necessary logout
      * parameters.

diff --git a/framework/Core/package.xml b/framework/Core/package.xml
@@ -30,15 +30,16 @@
  </developer>
  <date>2013-10-28</date>
  <version>
-  <release>2.10.3</release>
-  <api>2.10.0</api>
+  <release>2.11.0</release>
+  <api>2.11.0</api>
  </version>
  <stability>
   <release>stable</release>
   <api>stable</api>
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
  <notes>
+* [mms] Add &apos;fallback&apos; option for the Horde_Registry#appInit() &apos;authentication&apos; parameter.
 * [mms] Fix deauthenticating when a system-level logout event occurs.
  </notes>
  <contents>
@@ -3214,14 +3215,15 @@
   </release>
   <release>
    <version>
-    <release>2.10.3</release>
-    <api>2.10.0</api></version>
+    <release>2.11.0</release>
+    <api>2.11.0</api></version>
    <stability>
     <release>stable</release>
     <api>stable</api></stability>
    <date>2013-10-28</date>
    <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
    <notes>
+* [mms] Add &apos;fallback&apos; option for the Horde_Registry#appInit() &apos;authentication&apos; parameter.
 * [mms] Fix deauthenticating when a system-level logout event occurs.
    </notes>
   </release>