From 944a8d92c631e842078f358eda8360bcd36c608a Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 26 Feb 2007 02:47:45 +0000
Subject: [PATCH] r1419: Beginning to implement the authentication API:

- Adding authid to the users table
- Creating the abstract authentication class
---
 docs/schema_changes.sql |   4 +-
 includes/api_user.php   |   3 +-
 includes/auth/auth.php  | 251 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 256 insertions(+), 2 deletions(-)
 create mode 100644 includes/auth/auth.php

diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql
index a4e1ae1..59dc1fb 100644
--- a/docs/schema_changes.sql
+++ b/docs/schema_changes.sql
@@ -36,4 +36,6 @@ CREATE TABLE template
 	template TEXT NOT NULL,
 	timestamp INT(10) UNSIGNED NOT NULL,
 	PRIMARY KEY  (filename)
-);
\ No newline at end of file
+);
+
+ALTER TABLE user ADD authid VARCHAR(255) NULL;
\ No newline at end of file
diff --git a/includes/api_user.php b/includes/api_user.php
index 6663cb4..cbf2c5b 100644
--- a/includes/api_user.php
+++ b/includes/api_user.php
@@ -56,7 +56,8 @@ class UserAPI extends API
 		'hidestatuses'		=> array(TYPE_STR,	REQ_NO,		':self'),
 		'defaultsortkey'	=> array(TYPE_STR,	REQ_NO,		':self'),
 		'defaultsortas'		=> array(TYPE_STR,	REQ_NO,		':self'),
-		'columnoptions'		=> array(TYPE_STR,	REQ_NO,		':self')
+		'columnoptions'		=> array(TYPE_STR,	REQ_NO,		':self'),
+		'authid'			=> array(TYPE_STR,	REQ_NO)
 	);
 	
 	/**
diff --git a/includes/auth/auth.php b/includes/auth/auth.php
new file mode 100644
index 0000000..42691a6
--- /dev/null
+++ b/includes/auth/auth.php
@@ -0,0 +1,251 @@
+<?php
+/*=====================================================================*\
+|| ###################################################################
+|| # Bugdar [#]version[#]
+|| # Copyright ©2002-[#]year[#] Blue Static
+|| #
+|| # This program is free software; you can redistribute it and/or modify
+|| # it under the terms of the GNU General Public License as published by
+|| # the Free Software Foundation; version [#]gpl[#] of the License.
+|| #
+|| # This program is distributed in the hope that it will be useful, but
+|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+|| # more details.
+|| #
+|| # You should have received a copy of the GNU General Public License along
+|| # with this program; if not, write to the Free Software Foundation, Inc.,
+|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+|| ###################################################################
+\*=====================================================================*/
+
+require_once('./includes/api_user.php');
+
+/**
+* Abstract Authentication
+*
+* This is an abstract class that is used to provide authentication for
+* Bugdar.
+*
+* @author		Blue Static
+* @copyright	Copyright (c)2002 - [#]year[#], Blue Static
+* @version		$Revision$
+* @package		Bugdar
+*
+*/
+class Authentication
+{
+	/**
+	* The database connection to AUTHENTICATE against; can be to a separate database
+	* @var object
+	*/
+	var $authDb;
+	
+	/**
+	* The database connection to the BUGDAR database
+	* @var object
+	*/
+	var $db;
+	
+	/**
+	* The Bugdar registry
+	* @var object
+	*/
+	var $registry;
+	
+	/**
+	* Array of user data from the AUTHENTICATION database
+	* @var array
+	*/
+	var $authUser;
+	
+	/**
+	* Array of user data from the BUGDAR database
+	* @var array
+	*/
+	var $bugdarUser;
+	
+	// ###################################################################
+	/**
+	* Constructor
+	*/
+	function __construct()
+	{
+		global $bugsys;
+		
+		$this->registry =& $bugsys;
+		$this->db =& $bugsys->db;
+		
+		$this->_setupDatabase();
+	}
+	
+	// ###################################################################
+	/**
+	* Sets up the database to authenticate against. You can create a new
+	* database object here. Whatever you choose, you need to reference
+	* Authentication->authDb to the object
+	*/
+	function _setupDatabase() {}
+	
+	// ###################################################################
+	/**
+	* Returns the sanitized value of the user ID or unique identifier
+	* found in the cookie of an already-authenticated user.
+	*/
+	function _fetchCookieUniqueId() {}
+	
+	// ###################################################################
+	/**
+	* Returns the sanitized value of the authentication key or cookie-safe
+	* password found in the cookies of an already-authenticated user.
+	*/
+	function _fetchCookiePassword() {}
+	
+	// ###################################################################
+	/**
+	* Returns an array of user data fetched using the user information
+	* values found in cookies. It should NOT be responsible for verifying
+	* the authentication information, but only fetching it.
+	*/
+	function _fetchUserUsingCookies() {}
+	
+	// ###################################################################
+	/**
+	* Returns TRUE if the cookie data values are valid in the data array
+	* returned from _fetchUserUsingCookies(), and FALSE if they are not.
+	*/
+	function _verifyCookieData() {}
+	
+	// ###################################################################
+	/**
+	* Authenticates the user using cookie data. You shouldn't need to
+	* customize this method if you implement all the helpers correctly.
+	* Returns TRUE if the cookies are valid and the user is logged in.
+	*/
+	function authenticateCookies()
+	{
+		if (!$this->_fetchCookieUniqueId() OR !$this->_fetchCookiePassword())
+		{
+			$this->_clearCookies();
+			return false;
+		}
+		
+		$this->authUser = $this->_fetchUserUsingCookies();
+		
+		if (!$this->authUser)
+		{
+			$this->authUser = null;
+			$this->_clearCookies();
+			return false;
+		}
+		
+		if ($this->_verifyCookieData())
+		{
+			$this->_setCookies();
+			$this->bugdarUser = $this->_fetchBugdarUserFromAuthUser();
+			return true;
+		}
+		else
+		{
+			$this->authUser = null;
+			$this->_clearCookies();
+			return false;
+		}
+	}
+	
+	// ###################################################################
+	/**
+	* Returns an array with the authentication user information, found
+	* by the unique login identifier passed to the function.
+	*/
+	function _fetchUserWithIdentifier($string) {}
+	
+	// ###################################################################
+	/**
+	* Verifies that the authUser's password matches the plain-text password
+	* passed to this function. This is basically the transformation of
+	* the plaintext to the hashed password and the result of the comparison.
+	*/
+	function _verifyLoginUser($password) {}
+	
+	// ###################################################################
+	/**
+	* Authenticates a user at login from two keys: an identifier and
+	* a password. In Bugdar, the identifier is an email, but it can be
+	* any unique string found in the authentication database. Returns
+	* TRUE if the authentication is successful, and FALSE if not.
+	*/
+	function authenticateLogin($string, $password)
+	{
+		$this->authUser = $this->_fetchUserWithIdentifier($string);
+		
+		if (!$this->authUser)
+		{
+			$this->authUser = null;
+			return false;
+		}
+		
+		if ($this->_verifyLoginUser())
+		{
+			$this->_setCookies();
+			$this->bugdarUser = $this->_fetchBugdarUserFromAuthUser();
+			return true;
+		}
+		else
+		{
+			$this->authUser = null
+			return false;
+		}
+	}
+	
+	// ###################################################################
+	/**
+	* Returns the BUGDAR user array from the data in the AUTHENTICATION user
+	* array. If the Bugdar user does not exist, call _createBugdarUser()
+	* to add the user into the Bugdar database. This is necessary so Bugdar options
+	* can be saved in the Bugdar database (and not in the auth one), however
+	* authentication details will NOT be stored in the Bugdar database.
+	*/
+	function _fetchBugdarUserFromAuthUser() {}
+	
+	// ###################################################################
+	/**
+	* Creates a Bugdar user with the authentication details specified in
+	* the auth array and returns it. You need to call this in
+	* _fetchBugdarUserFromAuthUser() and use the UserAPI to create the user.
+	* Example for this function is this (all of these fields are required):
+	*
+	* $user = new UserAPI($this->registry); // do not change this
+	* $user->set('email', $this->authUser['email']);
+	* $user->set('displayname', $this->authUser['name']);
+	* $user->set('password', $this->authUser['password']); // some random value that won't be used for authentication
+	* $user->set('usergroupid', 2); // default "Registered Users" group
+	* $user->set('authid', $this->authUser['userid']); // This must be a COMPLETELY STATIC key that is found in the auth db that will permanently link Bugdar to the auth user
+	* $user->insert(); // saves the user
+	*
+	* return $user->values; // returns the newly created user array
+	*/
+	function _createBugdarUser() {}
+		
+	// ###################################################################
+	/**
+	* Responsible for unsetting all authentication cookies because they
+	* are invalid
+	*/
+	function _clearCookies() {}
+	
+	// ###################################################################
+	/**
+	* Sets the authentication cookies; this is done both at login and
+	* for renewing the cookies upon successful cookie validation
+	*/
+	function _setCookies() {}
+}
+
+/*=====================================================================*\
+|| ###################################################################
+|| # $HeadURL$
+|| # $Id$
+|| ###################################################################
+\*=====================================================================*/
+?>
\ No newline at end of file
-- 
2.22.5