Horde_Core_Auth_Application
extends Horde_Auth_Base
in package
The Horde_Core_Auth_Application class provides application-specific authentication built on top of the horde/Auth API.
Tags
Table of Contents
Constants
- REASON_BROWSER = 100
- Authentication failure reasons (additions to Horde_Auth:: reasons): - REASON_BROWSER: A browser change was detected - REASON_SESSIONIP: Logout due to change of IP address during session - REASON_SESSIONMAXTIME: Logout due to the session exceeding the maximum allowed length.
- REASON_SESSIONIP = 101
- REASON_SESSIONMAXTIME = 102
Properties
- $_app : string
- Application for authentication.
- $_appCapabilities : array<string|int, mixed>
- The list of application capabilities.
- $_base : Horde_Auth_Base
- The base auth driver, used for Horde authentication.
- $_capabilities : array<string|int, mixed>
- Available capabilities.
- $_view : string
- The view mode.
Methods
- __construct() : mixed
- Constructor.
- addUser() : mixed
- Add a set of authentication credentials.
- authenticate() : bool
- Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
- exists() : bool
- Checks if a user ID exists in the system.
- getCredential() : mixed
- Retrieve internal credential value(s).
- getError() : mixed
- Returns the error type or message for an invalid authentication.
- getLoginParams() : array<string|int, mixed>
- Returns information on what login parameters to display on the login screen.
- getParam() : string
- Returns the named parameter for the current auth driver.
- hasCapability() : bool
- Queries the current driver to find out if it supports the given capability.
- isLocked() : mixed
- Checks if $userId is currently locked.
- listNames() : array<string|int, mixed>
- List all users in the system with their real names.
- listUsers() : array<string|int, mixed>
- List all users in the system.
- lockUser() : mixed
- Locks a user indefinitely or for a specified time
- removeUser() : mixed
- Delete a set of authentication credentials.
- requireAuth() : bool
- Indicate whether the application requires authentication.
- resetPassword() : string
- Reset a user's password. Used for example when the user does not remember the existing password.
- runHook() : array<string|int, mixed>
- Runs the pre/post-authenticate hook and parses the result.
- setCredential() : mixed
- Set internal credential value.
- setError() : mixed
- Sets the error message for an invalid authentication.
- transparent() : bool
- Automatic authentication.
- unlockUser() : mixed
- Unlocks a user and optionally resets bad login count
- updateUser() : mixed
- Update a set of authentication credentials.
- validateAuth() : bool
- Checks for triggers that may invalidate the current auth.
- _authenticate() : mixed
- Find out if a set of login credentials are valid.
- _setAuth() : bool
- Set authentication credentials in the Horde session.
- _setView() : mixed
- Sets the default global view mode in the horde session. This can be checked by applications, and overridden if desired. Also sets a cookie to remember the last view selection if applicable.
Constants
REASON_BROWSER
Authentication failure reasons (additions to Horde_Auth:: reasons): - REASON_BROWSER: A browser change was detected - REASON_SESSIONIP: Logout due to change of IP address during session - REASON_SESSIONMAXTIME: Logout due to the session exceeding the maximum allowed length.
public
mixed
REASON_BROWSER
= 100
REASON_SESSIONIP
public
mixed
REASON_SESSIONIP
= 101
REASON_SESSIONMAXTIME
public
mixed
REASON_SESSIONMAXTIME
= 102
Properties
$_app
Application for authentication.
protected
string
$_app
= 'horde'
$_appCapabilities
The list of application capabilities.
protected
array<string|int, mixed>
$_appCapabilities
$_base
The base auth driver, used for Horde authentication.
protected
Horde_Auth_Base
$_base
$_capabilities
Available capabilities.
protected
array<string|int, mixed>
$_capabilities
= array('add' => \true, 'authenticate' => \true, 'exists' => \true, 'list' => \true, 'remove' => \true, 'resetpassword' => \true, 'transparent' => \true, 'update' => \true, 'validate' => \true)
$_view
The view mode.
protected
string
$_view
= 'auto'
Methods
__construct()
Constructor.
public
__construct([array<string|int, mixed> $params = array() ]) : mixed
Parameters
- $params : array<string|int, mixed> = array()
-
Required parameters:
- app: (string) The application which is providing authentication.
- base: (Horde_Auth_Base) The base Horde_Auth driver. Only needed if 'app' is 'horde'.
Tags
addUser()
Add a set of authentication credentials.
public
addUser(string $userId, array<string|int, mixed> $credentials) : mixed
Parameters
- $userId : string
-
The user ID to add.
- $credentials : array<string|int, mixed>
-
The credentials to use.
Tags
authenticate()
Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
public
authenticate(string $userId, array<string|int, mixed> $credentials[, bool $login = true ]) : bool
Parameters
- $userId : string
-
The user ID to check.
- $credentials : array<string|int, mixed>
-
The credentials to check.
- $login : bool = true
-
Whether to log the user in. If false, we'll only test the credentials and won't modify the current session. Defaults to true.
Return values
bool —Whether or not the credentials are valid.
exists()
Checks if a user ID exists in the system.
public
exists(string $userId) : bool
Parameters
- $userId : string
-
User ID to check.
Return values
bool —Whether or not the user ID already exists.
getCredential()
Retrieve internal credential value(s).
public
getCredential([mixed $name = null ]) : mixed
Parameters
- $name : mixed = null
-
The credential value to get. If null, will return the entire credential list. Valid names:
- change: (boolean) Do credentials need to be changed?
- credentials: (array) The credentials needed to authenticate.
- expire: (integer) UNIX timestamp of the credential expiration date.
- userId: (string) The user ID.
Return values
mixed —Return the credential information, or null if the credential doesn't exist.
getError()
Returns the error type or message for an invalid authentication.
public
getError([bool $msg = false ]) : mixed
Parameters
- $msg : bool = false
-
If true, returns the message string (if set).
Return values
mixed —Error type, error message (if $msg is true) or false if entry doesn't exist.
getLoginParams()
Returns information on what login parameters to display on the login screen.
public
getLoginParams() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —An array with the following keys:
'js_code' - (array) A list of javascript statements to be included.
'js_files' - (array) A list of javascript files to be included.
'params' - (array) A list of parameters to display on the login screen.
Each entry is an array with the following entries:
'label' - (string) The label of the entry.
'type' - (string) 'select', 'text', or 'password'.
'value' - (mixed) If type is 'text' or 'password', the
text to insert into the field by default. If type
is 'select', an array with they keys as the
option values and an array with the following keys:
'hidden' - (boolean) If true, the option will be
hidden.
'name' - (string) The option label.
'selected' - (boolean) If true, will be selected
by default.
getParam()
Returns the named parameter for the current auth driver.
public
getParam(string $param) : string
Parameters
- $param : string
-
The parameter to fetch.
Return values
string —The parameter's value, or null if it doesn't exist.
hasCapability()
Queries the current driver to find out if it supports the given capability.
public
hasCapability(string $capability) : bool
Parameters
- $capability : string
-
The capability to test for.
Return values
bool —Whether or not the capability is supported.
isLocked()
Checks if $userId is currently locked.
public
isLocked(string $userId[, bool $show_details = false ]) : mixed
Parameters
- $userId : string
-
The userId to check.
- $show_details : bool = false
-
Toggle array format with timeout.
Tags
listNames()
List all users in the system with their real names.
public
listNames() : array<string|int, mixed>
Tags
Return values
array<string|int, mixed> —The array of user IDs as keys and names as values.
listUsers()
List all users in the system.
public
listUsers([mixed $sort = false ]) : array<string|int, mixed>
Parameters
- $sort : mixed = false
Tags
Return values
array<string|int, mixed> —The array of user IDs.
lockUser()
Locks a user indefinitely or for a specified time
public
lockUser(string $userId[, int $time = 0 ]) : mixed
Parameters
- $userId : string
-
The userId to lock.
- $time : int = 0
-
The duration in seconds, 0 = permanent
Tags
removeUser()
Delete a set of authentication credentials.
public
removeUser(string $userId) : mixed
Parameters
- $userId : string
-
The user ID to delete.
Tags
requireAuth()
Indicate whether the application requires authentication.
public
requireAuth() : bool
Return values
bool —True if application requires authentication.
resetPassword()
Reset a user's password. Used for example when the user does not remember the existing password.
public
resetPassword(string $userId) : string
Parameters
- $userId : string
-
The user ID for which to reset the password.
Tags
Return values
string —The new password on success.
runHook()
Runs the pre/post-authenticate hook and parses the result.
public
runHook(string $userId, array<string|int, mixed> $credentials, string $type[, string $method = null ]) : array<string|int, mixed>
Parameters
- $userId : string
-
The userId who has been authorized.
- $credentials : array<string|int, mixed>
-
The credentials of the user.
- $type : string
-
Either 'preauthenticate' or 'postauthenticate'.
- $method : string = null
-
The triggering method (preauthenticate only). Either 'authenticate' or 'transparent'.
Tags
Return values
array<string|int, mixed> —Two element array, $userId and $credentials.
setCredential()
Set internal credential value.
public
setCredential(string $name, mixed $value) : mixed
Parameters
- $name : string
-
The credential name to set.
- $value : mixed
-
The credential value to set. See getCredential() for the list of valid credentials/types.
setError()
Sets the error message for an invalid authentication.
public
setError(string $type[, string $msg = null ]) : mixed
Parameters
- $type : string
-
The type of error (Horde_Auth::REASON_* constant).
- $msg : string = null
-
The error message/reason for invalid authentication.
transparent()
Automatic authentication.
public
transparent() : bool
Tags
Return values
bool —Whether or not the client is allowed.
unlockUser()
Unlocks a user and optionally resets bad login count
public
unlockUser(string $userId[, bool $resetBadLogins = false ]) : mixed
Parameters
- $userId : string
-
The userId to unlock.
- $resetBadLogins : bool = false
-
Reset bad login counter, default no.
Tags
updateUser()
Update a set of authentication credentials.
public
updateUser(string $oldID, string $newID, array<string|int, mixed> $credentials) : mixed
Parameters
- $oldID : string
-
The old user ID.
- $newID : string
-
The new user ID.
- $credentials : array<string|int, mixed>
-
The new credentials
Tags
validateAuth()
Checks for triggers that may invalidate the current auth.
public
validateAuth() : bool
These triggers are independent of the credentials.
Return values
bool —True if the results of authenticate() are still valid.
_authenticate()
Find out if a set of login credentials are valid.
protected
_authenticate(string $userId, array<string|int, mixed> $credentials) : mixed
Parameters
- $userId : string
-
The user ID to check.
- $credentials : array<string|int, mixed>
-
The credentials to use. This object will always be available in the 'auth_ob' key.
Tags
_setAuth()
Set authentication credentials in the Horde session.
protected
_setAuth() : bool
Return values
bool —True on success, false on failure.
_setView()
Sets the default global view mode in the horde session. This can be checked by applications, and overridden if desired. Also sets a cookie to remember the last view selection if applicable.
protected
_setView() : mixed