Docs For Class Horde_Auth

Horde_Auth_Base

Description

The Horde_Auth_Base:: class provides a common abstracted interface to creating various authentication backends.

See the enclosed file COPYING for license information (LGPL). If you did not receive this file, http://www.horde.org/licenses/lgpl21

author: Michael Slusarz <slusarz@horde.org>
author: Chuck Hagenbuch <chuck@horde.org>
abstract:
license: LGPL-2.1

Located in /Auth/Base.php (line 17)

Direct descendents

Class	Description
Horde_Auth_Http_Remote	The Horde_Auth_Http_Remote class authenticates users against a remote HTTP-Auth endpoint.
Horde_Auth_Shibboleth	The Horde_Auth_Shibboleth class only provides transparent authentication based on the headers set by a Shibboleth SP. Note that this class does not provide any actual SP functionality, it just takes the username from the HTTP headers that should be set by the Shibboleth SP.
Horde_Auth_Auto	The Horde_Auth_Auto class transparently logs users in to Horde using ONE username, either defined in the config or defaulting to 'horde_user'.
Horde_Auth_Composite	The Horde_Auth_Composite class provides a way to combine two separate drivers for admin vs. authentication purposes.
Horde_Auth_Ftp	The Horde_Auth_Ftp class provides an FTP implementation of the Horde authentication system.
Horde_Auth_Http	The Horde_Auth_Http class transparently logs users in to Horde using already present HTTP authentication headers.
Horde_Auth_Imap	The Horde_Auth_Imap:: class provides an IMAP implementation of the Horde authentication system.
Horde_Auth_Ipbasic	The Horde_Auth_Ipbasic class provides access control based on CIDR masks (client IP addresses). It is not meant for user-based systems, but for times when you want a block of IPs to be able to access a site, and that access is simply on/off - no preferences, etc.
Horde_Auth_Kolab	The Horde_Auth_Kolab implementation of the Horde authentication system.
Horde_Auth_Login	The Horde_Auth_login:: class provides a system login implementation of the Horde authentication system.
Horde_Auth_Pam	The Horde_Auth_Pam:: class provides a PAM-based implementation of the Horde authentication system.
Horde_Auth_Passwd	The Horde_Auth_Passwd:: class provides a passwd-file implementation of the Horde authentication system.
Horde_Auth_Peclsasl	The Horde_Auth_Peclsasl:: class provides a SASL-based implementation of the Horde authentication system.
Horde_Auth_Radius	The Horde_Auth_Radius class provides a RADIUS implementation of the Horde authentication system.
Horde_Auth_Smb	The Horde_Auth_Smb class provides a SMB implementation of the Horde authentication system.
Horde_Auth_Smbclient	The Horde_Auth_Smbclient class provides an smbclient implementation of the Horde authentication system.
Horde_Auth_Sql	The Horde_Auth_Sql class provides a SQL implementation of the Horde authentication system.
Horde_Auth_Ldap	The Horde_Auth_Ldap class provides an LDAP implementation of the Horde authentication system.

Variable Summary

array $_capabilities

array $_credentials

array $_error

Horde_History $_history_api

Horde_Lock $_lock_api

Horde_Log_Logger $_logger

array $_params

Method Summary

Horde_Auth_Base __construct ([ $params = array()])

void addUser (string $userId, array $credentials)

boolean authenticate (string $userId, array $credentials, [boolean $login = true])

boolean exists (string $userId)

mixed getCredential ([mixed $name = null])

mixed getError ([boolean $msg = false])

string getParam (string $param)

boolean hasCapability (string $capability)

boolean|array isLocked (string $userId, [boolean $show_details = false])

mixed listUsers ([ $sort = false])

void lockUser (string $userId, [integer $time = 0])

void removeUser (string $userId)

string resetPassword (string $userId)

void setCredential ( $type, mixed $value, string $name)

void setError (string $type, [string $msg = null])

boolean transparent ()

void unlockUser (string $userId, [boolean $resetBadLogins = false])

void updateUser (string $oldID, string $newID, array $credentials)

boolean validateAuth ()

void _authenticate ( $userId, array $credentials, string $userID)

void _badLogin (string $userId)

void _resetBadLogins (string $userId)

array _sort (array $users, boolean $sort)

Variables

array $_capabilities = array(
'add' => false,
'authenticate' => true,
'groups' => false,
'list' => false,
'resetpassword' => false,
'remove' => false,
'transparent' => false,
'update' => false,
'badlogincount' => false,
'lock' => false,
) (line 25)

An array of capabilities, so that the driver can report which operations it supports and which it doesn't.

access: protected

Redefined in descendants as:

Horde_Auth_Shibboleth::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Auto::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Http::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Ipbasic::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Kolab::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Passwd::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Sql::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Customsql::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Cyrsql::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
Horde_Auth_Ldap::$_capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.

array $_credentials = array(
'change' => false,
'credentials' => array(),'expire'=>null,'userId'=>'') (line 50)

The credentials currently being authenticated.

access: protected

array $_error (line 83)

Authentication error information.

access: protected

Horde_History $_history_api (line 69)

History object.

access: protected

Horde_Lock $_lock_api (line 76)

Lock object.

access: protected

Horde_Log_Logger $_logger (line 62)

Logger object.

access: protected

array $_params = array() (line 43)

Hash containing parameters needed for the drivers.

access: protected

Methods

Constructor __construct (line 98)

Constructor.

access: public

Horde_Auth_Base __construct ([ $params = array()])

array $params
: Optional parameters:
- default_user: (string) The default user.
- logger: (Horde_Log_Logger, optional) A logger object.
- lock_api: (Horde_Lock, optional) A locking object.
- history_api: (Horde_History, optional) A history object.
- login_block_count: (integer, optional) How many failed logins trigger autoblocking? 0 disables the feature.
- login_block_time: (integer, options) How many minutes should autoblocking last? 0 means no expiration.

Redefined in descendants as:

Horde_Auth_Http_Remote::__construct() : Constructor.
Horde_Auth_Shibboleth::__construct() : Constructor.
Horde_Auth_Auto::__construct() : Constructor.
Horde_Auth_Composite::__construct() : Constructor.
Horde_Auth_Ftp::__construct() : Constructor.
Horde_Auth_Http::__construct() : Constructor.
Horde_Auth_Imap::__construct() : Constructor.
Horde_Auth_Ipbasic::__construct() : Constructor.
Horde_Auth_Kolab::__construct() : Constructor.
Horde_Auth_Login::__construct() : Constructs a new Login authentication object.
Horde_Auth_Pam::__construct() : Constructor.
Horde_Auth_Passwd::__construct() : Constructor.
Horde_Auth_Peclsasl::__construct() : Constructor.
Horde_Auth_Radius::__construct() : Constructor.
Horde_Auth_Smb::__construct() : Constructor.
Horde_Auth_Smbclient::__construct() : Constructor.
Horde_Auth_Sql::__construct() : Constructor
Horde_Auth_Customsql::__construct() : Constructor.
Horde_Auth_Cyrsql::__construct() : Constructor.
Horde_Auth_Ldap::__construct() : Constructor.
Horde_Auth_Msad::__construct() : Constructor.

addUser (line 221)

Adds a set of authentication credentials.

throws: Horde_Auth_Exception
access: public

void addUser (string $userId, array $credentials)

string $userId: The userId to add.
array $credentials: The credentials to use.

Redefined in descendants as:

Horde_Auth_Composite::addUser() : Add a set of authentication credentials.
Horde_Auth_Imap::addUser() : Add a set of authentication credentials.
Horde_Auth_Passwd::addUser() : Add a set of authentication credentials.
Horde_Auth_Sql::addUser() : Add a set of authentication credentials.
Horde_Auth_Customsql::addUser() : Add a set of authentication credentials.
Horde_Auth_Cyrsql::addUser() : Add a set of authentication credentials.
Horde_Auth_Ldap::addUser() : Add a set of authentication credentials.
Horde_Auth_Msad::addUser() : Add a set of authentication credentials.

authenticate (line 136)

Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.

return: Whether or not the credentials are valid.
access: public

boolean authenticate (string $userId, array $credentials, [boolean $login = true])

string $userId: The userId to check.
array $credentials: The credentials to check.
boolean $login: Whether to log the user in. If false, we'll only test the credentials and won't modify the current session. Defaults to true.

exists (line 425)

Checks if $userId exists in the system.

return: Whether or not $userId already exists.
access: public

boolean exists (string $userId)

string $userId: User ID for which to check

Redefined in descendants as:

Horde_Auth_Composite::exists() : Checks if a userId exists in the system.
Horde_Auth_Sql::exists() : Checks if a userId exists in the system.
Horde_Auth_Customsql::exists() : Checks if a userId exists in the system.
Horde_Auth_Ldap::exists() : Checks if $userId exists in the LDAP backend system.

getCredential (line 509)

Retrieve internal credential value(s).

return: Return the credential information, or null if the credential doesn't exist.
access: public

mixed getCredential ([mixed $name = null])

mixed $name: The credential value to get. If null, will return the entire credential list. Valid names:

 'change' - (boolean) Do credentials need to be changed?
 'credentials' - (array) The credentials needed to authenticate.
 'expire' - (integer) UNIX timestamp of the credential expiration date.
 'userId' - (string) The user ID.

getError (line 571)

Returns the error type or message for an invalid authentication.

return: Error type, error message (if $msg is true) or false if entry doesn't exist.
access: public

mixed getError ([boolean $msg = false])

boolean $msg: If true, returns the message string (if set).

getParam (line 487)

Returns the named parameter for the current auth driver.

return: The parameter's value, or null if it doesn't exist.
access: public

string getParam (string $param)

string $param: The parameter to fetch.

hasCapability (line 475)

Queries the current driver to find out if it supports the given capability.

return: Whether or not the capability is supported.
access: public

boolean hasCapability (string $capability)

string $capability: The capability to test for.

Redefined in descendants as:

Horde_Auth_Composite::hasCapability() : Query the current Auth object to find out if it supports the given capability.
Horde_Auth_Passwd::hasCapability() : Queries the current Auth object to find out if it supports the given capability.

isLocked (line 305)

Returns whether a user is currently locked.

return: If $show_details is a true, an array with 'locked' and 'lock_timeout' values. Whether the user is locked, otherwise.
since: Horde_Auth 1.2.0
throws: Horde_Auth_Exception
access: public

boolean|array isLocked (string $userId, [boolean $show_details = false])

string $userId: The user to check.
boolean $show_details: Return timeout too?

listUsers (line 413)

Lists all users in the system.

return: The array of userIds.
throws: Horde_Auth_Exception
access: public

mixed listUsers ([ $sort = false])

$sort

Redefined in descendants as:

Horde_Auth_Composite::listUsers() : List all users in the system.
Horde_Auth_Http::listUsers() : List all users in the system.
Horde_Auth_Imap::listUsers() : List all users in the system.
Horde_Auth_Passwd::listUsers() : List all users in the system.
Horde_Auth_Sql::listUsers() : List all users in the system.
Horde_Auth_Customsql::listUsers() : List all users in the system.
Horde_Auth_Cyrsql::listUsers() : List all users in the system.
Horde_Auth_Ldap::listUsers() : List Users

lockUser (line 236)

Locks a user indefinitely or for a specified time.

since: Horde_Auth 1.2.0
throws: Horde_Auth_Exception
access: public

void lockUser (string $userId, [integer $time = 0])

string $userId: The user to lock.
integer $time: The duration in minutes, 0 = permanent.

removeUser (line 402)

Deletes a set of authentication credentials.

throws: Horde_Auth_Exception
access: public

void removeUser (string $userId)

string $userId: The userId to delete.

Redefined in descendants as:

Horde_Auth_Composite::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Imap::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Passwd::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Sql::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Customsql::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Cyrsql::removeUser() : Delete a set of authentication credentials.
Horde_Auth_Ldap::removeUser() : Remove a set of authentication credentials.
Horde_Auth_Msad::removeUser() : Remove a set of authentication credentials.

resetPassword (line 462)

Reset a user's password. Used for example when the user does not remember the existing password.

return: The new password on success.
throws: Horde_Auth_Exception
access: public

string resetPassword (string $userId)

string $userId: The user id for which to reset the password.

Redefined in descendants as:

Horde_Auth_Composite::resetPassword() : Reset a user's password. Used for example when the user does not remember the existing password.
Horde_Auth_Passwd::resetPassword() : Reset a user's password. Used for example when the user does not remember the existing password.
Horde_Auth_Sql::resetPassword() : Reset a user's password. Used for example when the user does not remember the existing password.
Horde_Auth_Customsql::resetPassword() : Resets a user's password. Used for example when the user does not remember the existing password.
Horde_Auth_Ldap::resetPassword() : Reset a user's password. Used for example when the user does not remember the existing password.
Horde_Auth_Msad::resetPassword() : Reset a user's password. Used for example when the user does not remember the existing password.

setCredential (line 527)

Set internal credential value.

access: public

void setCredential ( $type, mixed $value, string $name)

string $name: The credential name to set.
mixed $value: The credential value to set. See getCredential() for the list of valid credentials/types.
$type

setError (line 555)

Sets the error message for an invalid authentication.

access: public

void setError (string $type, [string $msg = null])

string $type: The type of error (Horde_Auth::REASON_* constant).
string $msg: The error message/reason for invalid authentication.

transparent (line 448)

Automatic authentication.

Transparent authentication should set 'userId', 'credentials', or 'params' in $this->_credentials as needed - these values will be used to set the credentials in the session.

Transparent authentication should normally never throw an error - false should be returned.

return: Whether transparent login is supported.
throws: Horde_Auth_Exception
access: public

boolean transparent ()

Redefined in descendants as:

Horde_Auth_Shibboleth::transparent() : Automatic authentication: check if the username is set in the configured header.
Horde_Auth_Auto::transparent() : Automatic authentication: Set the user allowed IP block.
Horde_Auth_Composite::transparent() : Automatic authentication: Find out if the client matches an allowed IP block.
Horde_Auth_Http::transparent() : Automatic authentication: Find out if the client has HTTP authentication info present.
Horde_Auth_Ipbasic::transparent() : Automatic authentication: Find out if the client matches an allowed IP block.

unlockUser (line 271)

Unlocks a user and optionally resets the bad login count.

since: Horde_Auth 1.2.0
throws: Horde_Auth_Exception
access: public

void unlockUser (string $userId, [boolean $resetBadLogins = false])

string $userId: The user to unlock.
boolean $resetBadLogins: Reset bad login counter?

updateUser (line 390)

Updates a set of authentication credentials.

throws: Horde_Auth_Exception
access: public

void updateUser (string $oldID, string $newID, array $credentials)

string $oldID: The old userId.
string $newID: The new userId.
array $credentials: The new credentials

Redefined in descendants as:

Horde_Auth_Composite::updateUser() : Update a set of authentication credentials.
Horde_Auth_Passwd::updateUser() : Update a set of authentication credentials.
Horde_Auth_Sql::updateUser() : Update a set of authentication credentials.
Horde_Auth_Customsql::updateUser() : Update a set of authentication credentials.
Horde_Auth_Cyrsql::updateUser() : Update a set of authentication credentials.
Horde_Auth_Ldap::updateUser() : Update a set of authentication credentials.
Horde_Auth_Msad::updateUser() : Update a set of authentication credentials.

validateAuth (line 208)

Checks for triggers that may invalidate the current auth.

These triggers are independent of the credentials.

return: True if the results of authenticate() are still valid.
access: public

boolean validateAuth ()

_authenticate (line 200)

Authentication stub.

On failure, Horde_Auth_Exception should pass a message string (if any) in the message field, and the Horde_Auth::REASON_* constant in the code field (defaults to Horde_Auth::REASON_MESSAGE).

abstract:
throws: Horde_Auth_Exception
access: protected

void _authenticate ( $userId, array $credentials, string $userID)

string $userID: The userID to check.
array $credentials: An array of login credentials.
$userId

Redefined in descendants as:

Horde_Auth_Http_Remote::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Shibboleth::_authenticate() : Authentication stub.
Horde_Auth_Auto::_authenticate() : Horde_Auth_Exception should pass a message string (if any) in the message field, and the REASON_* constant in the code field (defaults to REASON_MESSAGE).
Horde_Auth_Composite::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Ftp::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Http::_authenticate() : Find out if a set of login credentials are valid. Only supports htpasswd files with DES passwords right now.
Horde_Auth_Imap::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Ipbasic::_authenticate() : Authentication stub.
Horde_Auth_Kolab::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Login::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Pam::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Passwd::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Peclsasl::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Radius::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Smb::_authenticate() : Find out if the given set of login credentials are valid.
Horde_Auth_Smbclient::_authenticate() : Find out if the given set of login credentials are valid.
Horde_Auth_Sql::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Customsql::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Cyrsql::_authenticate() : Find out if a set of login credentials are valid.
Horde_Auth_Ldap::_authenticate() : Find out if the given set of login credentials are valid.

_badLogin (line 337)

Handles a bad login.

since: Horde_Auth 1.2.0
throws: Horde_Auth_Exception
access: protected

void _badLogin (string $userId)

string $userId: The user with a bad login.

_resetBadLogins (line 368)

Resets the bad login counter.

since: Horde_Auth 1.2.0
throws: Horde_Auth_Exception
access: protected

void _resetBadLogins (string $userId)

string $userId: The user to reset.

_sort (line 180)

Basic sort implementation.

If the backend has listUsers and doesn't have a native sorting option, fall back to this method.

return: the users, sorted or not
access: protected

array _sort (array $users, boolean $sort)

array $users: An array of usernames.
boolean $sort: Whether to sort or not.

Documentation generated on Sun, 13 May 2012 03:04:20 +0000 by phpDocumentor 1.4.3