form auth method

auth root strategy

Module.php

@@ -97,6 +97,7 @@ public function getServiceConfig()
         return array(
             'aliases' => array(
                 'KapitchiIdentity\Mapper\Identity' => 'KapitchiIdentity\Mapper\IdentityDbAdapter',
+                'KapitchiIdentity\Mapper\AuthCredential' => 'KapitchiIdentity\Mapper\AuthCredentialDbAdapter',
                 'KapitchiIdentity\Service\AuthSessionProvider' => 'KapitchiIdentity\Service\AuthSessionProvider\Session',
             ),
             'invokables' => array(
@@ -181,7 +182,9 @@ public function getServiceConfig()
                     return $ins;
                 },
                 'KapitchiIdentity\Form\AuthCredentialRegistrationInputFilter' => function($sm) {
-                    $ins = new Form\AuthCredentialRegistrationInputFilter();
+                    $ins = new Form\AuthCredentialRegistrationInputFilter(
+                        new Validator\AuthCredentialUsernameExists($sm->get('KapitchiIdentity\Mapper\AuthCredential'))
+                    );
                     return $ins;
                 },
 
@@ -218,7 +221,7 @@ public function getServiceConfig()
                         $sm->get('KapitchiIdentity\Entity\Registration'),
                         $sm->get('KapitchiIdentity\Entity\RegistrationHydrator')
                     );
-                    $s->setIdentityMapper($sm->get('KapitchiIdentity\Mapper\Identity'));
+                    $s->setIdentityService($sm->get('KapitchiIdentity\Service\Identity'));
                     return $s;
                 },
                 'KapitchiIdentity\Mapper\RegistrationDbAdapter' => function ($sm) {

config/kapitchi-identity.global.php.dist

@@ -3,5 +3,12 @@
 return array(
     'kapitchi-identity' => array(
         'password-generator-salt' => 'this-should-be-at-least-16-char-long-salt'
-    )
+    ),
+    //KapitchiIdentity\Plugin\AuthRoot
+    'identity_auth_root' => array(
+        'adapter' => array(
+            'allowed_ips' => array('127.0.0.1'),
+            'password' => null
+        )
+    ),
 );

config/module.config.php

@@ -3,10 +3,18 @@
     'kapitchi-identity' => array(
         'password_generator_salt' => 'this-should-be-at-least-16-char-long-salt'
     ),
+    //KapitchiIdentity\Plugin\AuthRoot
+    'identity_auth_root' => array(
+        'adapter' => array(
+            'allowed_ips' => array('127.0.0.1'),
+            'password' => null,//this should be set in app config file
+        )
+    ),
     'plugin_manager' => array(
         'invokables' => array(
             'Identity/AuthAccessOnly' => 'KapitchiIdentity\Plugin\AuthAccessOnly',
             'Identity/KapitchiLog' => 'KapitchiIdentity\Plugin\KapitchiLog',
+            'Identity/AuthRoot' => 'KapitchiIdentity\Plugin\AuthRoot',
         ),
         'factories' => array(
             'Identity/AuthCredential' => function($sm) {

src/KapitchiIdentity/Authentication/Adapter/Root.php

@@ -0,0 +1,93 @@
+<?php
+/**
+ * Kapitchi Zend Framework 2 Modules (http://kapitchi.com/)
+ *
+ * @copyright Copyright (c) 2012-2013 Kapitchi Open Source Team (http://kapitchi.com/open-source-team)
+ * @license   http://opensource.org/licenses/LGPL-3.0 LGPL 3.0
+ */
+
+namespace KapitchiIdentity\Authentication\Adapter;
+
+use Zend\Authentication\Result;
+use Zend\Authentication\Adapter\AdapterInterface;
+use KapitchiIdentity\Authentication\IdentityResolverInterface;
+
+class Root implements AdapterInterface, IdentityResolverInterface
+{
+    protected $allowedIps = array();
+    protected $password;
+    protected $credential;
+
+    public function __construct(array $options)
+    {
+        if(empty($options['allowed_ips']) && !is_array($options['allowed_ips'])) {
+            throw new \RuntimeException('allowed_ips needs to be non empty array');
+        }
+        if(empty($options['password'])) {
+            throw new \RuntimeException('password needs to be non empty string');
+        }
+
+        $this->setAllowedIps($options['allowed_ips']);
+        $this->setPassword($options['password']);
+    }
+
+    public function authenticate()
+    {
+        $address = new \Zend\Http\PhpEnvironment\RemoteAddress();
+        $ip = $address->getIpAddress();
+        if(!in_array($ip, $this->getAllowedIps())) {
+            return new Result(Result::FAILURE, $this->getIdentity(), array(
+                'allowedIps' => 'Not allowed IP'
+            ));
+        }
+
+        if($this->getPassword() !== $this->getCredential()) {
+            return new Result(Result::FAILURE_CREDENTIAL_INVALID, $this->getIdentity(), array(
+                'password' => 'Password is invalid'
+            ));
+        }
+
+        return new Result(Result::SUCCESS, $this->getIdentity());
+    }
+
+    public function getIdentity() {
+        return 'root';
+    }
+
+    public function getCredential()
+    {
+        return $this->credential;
+    }
+
+    public function setCredential($credential)
+    {
+        $this->credential = $credential;
+    }
+
+    public function getAllowedIps()
+    {
+        return $this->allowedIps;
+    }
+
+    public function setAllowedIps(array $allowedIps)
+    {
+        $this->allowedIps = $allowedIps;
+    }
+
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    public function setPassword($password)
+    {
+        $this->password = $password;
+    }
+
+    public function resolveIdentityId($authId)
+    {
+        //identity #1 is hardcoded number for root user
+        return 1;
+    }
+
+}

src/KapitchiIdentity/Controller/AuthController.php

@@ -40,37 +40,39 @@ public function loginAction() {
 
         $this->getEventManager()->trigger('login.pre', $this, $params);
 
-        $data = $this->getRequest()->getPost()->toArray();
-        $form->setData($data);
-        $form->isValid();
-
-        $res = $this->getEventManager()->trigger('login.auth', $this, $params, function($ret) {
-            return ($ret instanceof AuthAdapter || $ret instanceof Response);
-        });
-        $adapter = $res->last();
-        if($adapter instanceof Response) {
-            return $adapter;
-        }
+        if($this->getRequest()->isPost()) {
+            $data = $this->getRequest()->getPost()->toArray();
+            $form->setData($data);
+            if($form->isValid()) {
+                $res = $this->getEventManager()->trigger('login.auth', $this, $params, function($ret) {
+                    return ($ret instanceof AuthAdapter || $ret instanceof Response);
+                });
+                $adapter = $res->last();
+                if($adapter instanceof Response) {
+                    return $adapter;
+                }
 
-        //auth event returns AuthAdapter -- we are ready to authenticate!
-        if($adapter instanceof AdapterInterface) {
-            $authService = $this->getAuthService();
+                //auth event returns AuthAdapter -- we are ready to authenticate!
+                if($adapter instanceof AdapterInterface) {
+                    $authService = $this->getAuthService();
 
-            $result = $authService->authenticate($adapter);
+                    $result = $authService->authenticate($adapter);
 
-            //do we need to redirect again? example: http auth!
-            if($result instanceof Response) {
-                return $result;
-            }
+                    //do we need to redirect again? example: http auth!
+                    if($result instanceof Response) {
+                        return $result;
+                    }
 
-            $params['adapter'] = $adapter;
-            $params['result'] = $result;
-            $res = $this->getEventManager()->trigger('login.auth.post', $this, $params, function($ret) {
-                return $ret instanceof Response;
-            });
-            $result = $res->last();
-            if($result instanceof Response) {
-                return $result;
+                    $params['adapter'] = $adapter;
+                    $params['result'] = $result;
+                    $res = $this->getEventManager()->trigger('login.auth.post', $this, $params, function($ret) {
+                        return $ret instanceof Response;
+                    });
+                    $result = $res->last();
+                    if($result instanceof Response) {
+                        return $result;
+                    }
+                }
             }
         }
 

src/KapitchiIdentity/Form/AuthCredential.php

@@ -22,8 +22,6 @@ public function __construct($name = null)
             'options' => array(
                 'label' => $this->translate('ID'),
             ),
-            'attributes' => array(
-            ),
         ));
 
         $this->add(array(
@@ -42,8 +40,6 @@ public function __construct($name = null)
             'options' => array(
                 'label' => $this->translate('Username'),
             ),
-            'attributes' => array(
-            ),
         ));
 
         $this->add(array(
@@ -52,8 +48,6 @@ public function __construct($name = null)
             'options' => array(
                 'label' => $this->translate('Password'),
             ),
-            'attributes' => array(
-            ),
         ));
 
         $this->add(array(
@@ -62,8 +56,6 @@ public function __construct($name = null)
             'options' => array(
                 'label' => $this->translate('Confirm password'),
             ),
-            'attributes' => array(
-            ),
         ));
     }
 

src/KapitchiIdentity/Form/AuthCredentialLogin.php

@@ -16,16 +16,12 @@ public function __construct($name = null)
     {
         parent::__construct($name);
 
-        $this->setLabel('Credential');
-
         $this->add(array(
             'name' => 'username',
             'type' => 'Zend\Form\Element\Text',
             'options' => array(
                 'label' => $this->translate('Username'),
             ),
-            'attributes' => array(
-            ),
         ));
 
         $this->add(array(
@@ -34,8 +30,6 @@ public function __construct($name = null)
             'options' => array(
                 'label' => $this->translate('Password'),
             ),
-            'attributes' => array(
-            ),
         ));
 
     }

src/KapitchiIdentity/Form/AuthCredentialLoginInputFilter.php

@@ -18,15 +18,15 @@ public function __construct()
     {
         $this->add(array(
             'name'       => 'username',
-            'required'   => false,
+            'required'   => true,
             'filters'   => array(
                 array('name' => 'StringTrim'),
             ),
         ));
 
         $this->add(array(
             'name'       => 'password',
-            'required'   => false,
+            'required'   => true,
         ));
     }
 }

src/KapitchiIdentity/Form/AuthCredentialRegistrationInputFilter.php

@@ -14,14 +14,17 @@
  */
 class AuthCredentialRegistrationInputFilter extends \Zend\InputFilter\InputFilter
 {
-    public function __construct()
+    public function __construct(\KapitchiIdentity\Validator\AuthCredentialUsernameExists $usernameExistsValidator)
     {
         $this->add(array(
             'name'       => 'username',
             'required'   => true,
             'filters'   => array(
                 array('name' => 'StringTrim'),
             ),
+            'validators' => array(
+                $usernameExistsValidator
+            )
         ));
 
         $this->add(array(

src/KapitchiIdentity/Form/Login.php

@@ -16,6 +16,26 @@ public function __construct($name = null)
     {
         parent::__construct($name);
 
-        $this->setValidationGroup(array());
+        $this->add(array(
+            'name' => 'method',
+            'type' => 'Zend\Form\Element\Radio',
+            'options' => array(
+                'value_options' => array(),
+                'label' => 'Authentication method',
+            ),
+        ));
+    }
+
+    /**
+     * @return bool
+     */
+    public function isValid()
+    {
+        $method = $this->data['method'];
+        if(!empty($method)) {
+            $this->setValidationGroup($method);
+        }
+
+        return parent::isValid();
     }
 }

src/KapitchiIdentity/Form/LoginInputFilter.php

@@ -14,6 +14,20 @@ class LoginInputFilter extends EventManagerAwareInputFilter
 {
     public function __construct()
     {
+        $this->add(array(
+            'name'       => 'method',
+            'required'   => true,
+        ));
         $this->setValidationGroup(array());
     }
+
+    public function isValid()
+    {
+        $method = $this->getValue('method');
+        if(!empty($method)) {
+            $this->setValidationGroup($method);
+        }
+
+        return parent::isValid();
+    }
 }

src/KapitchiIdentity/Form/Registration.php

@@ -26,14 +26,14 @@ public function __construct($name = null, $options = array())
             ),
         ));
 
-        $this->add(array(
-            'name' => 'displayName',
-            'type' => 'Zend\Form\Element\Text',
-            'options' => array(
-                'label' => $this->translate('Display name'),
-            ),
-            'attributes' => array(
-            ),
-        ));
+//        $this->add(array(
+//            'name' => 'displayName',
+//            'type' => 'Zend\Form\Element\Text',
+//            'options' => array(
+//                'label' => $this->translate('Display name'),
+//            ),
+//            'attributes' => array(
+//            ),
+//        ));
     }
 }