[civicrm-core.git] / ext / authx / authx.php

<?php

require_once 'authx.civix.php';
// phpcs:disable
use CRM_Authx_ExtensionUtil as E;
// phpcs:enable

Civi::dispatcher()->addListener('civi.invoke.auth', function($e) {
  $params = ($_SERVER['REQUEST_METHOD'] === 'GET') ? $_GET : $_POST;
  $siteKey = $_SERVER['HTTP_X_CIVI_KEY'] ?? $params['_authxSiteKey'] ?? NULL;

  if (!empty($_SERVER['HTTP_X_CIVI_AUTH'])) {
    return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'xheader', 'cred' => $_SERVER['HTTP_X_CIVI_AUTH'], 'siteKey' => $siteKey]);
  }

  if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
    return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'header', 'cred' => $_SERVER['HTTP_AUTHORIZATION'], 'siteKey' => $siteKey]);
  }

  if (!empty($params['_authx'])) {
    if ((implode('/', $e->args) === 'civicrm/authx/login')) {
      (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'login', 'cred' => $params['_authx'], 'useSession' => TRUE, 'siteKey' => $siteKey]);
      _authx_redact(['_authx']);
    }
    elseif (!empty($params['_authxSes'])) {
      (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'auto', 'cred' => $params['_authx'], 'useSession' => TRUE, 'siteKey' => $siteKey]);
      if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        _authx_reload(implode('/', $e->args), $_SERVER['QUERY_STRING']);
      }
      else {
        _authx_redact(['_authx', '_authxSes']);
      }
    }
    else {
      (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'param', 'cred' => $params['_authx'], 'siteKey' => $siteKey]);
      _authx_redact(['_authx']);
    }
  }
});

/**
 * @return \Civi\Authx\AuthxInterface
 */
function _authx_uf() {
  $class = 'Civi\\Authx\\' . CIVICRM_UF;
  return class_exists($class) ? new $class() : new \Civi\Authx\None();
}

/**
 * For parameter-based authentication, this option will hide parameters.
 * This is mostly a precaution, hedging against the possibility that some routes
 * make broad use of $_GET or $_PARAMS.
 *
 * @param array $keys
 */
function _authx_redact(array $keys) {
  foreach ($keys as $key) {
    unset($_POST[$key], $_GET[$key], $_REQUEST[$key]);
  }
}

/**
 * Reload the current page-view.
 *
 * @param string $route
 * @param string $queryString
 */
function _authx_reload($route, $queryString) {
  parse_str($queryString, $query);
  foreach (array_keys($query) as $key) {
    if (CRM_Utils_String::startsWith($key, '_authx')) {
      unset($query[$key]);
    }
  }
  $url = CRM_Utils_System::url($route, $query, TRUE, NULL, FALSE, CRM_Core_Config::singleton()->userSystem->isFrontEndPage());
  CRM_Utils_System::redirect($url);
}

/**
 * Implements hook_civicrm_config().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/
 */
function authx_civicrm_config(&$config) {
  _authx_civix_civicrm_config($config);
}

/**
 * Implements hook_civicrm_xmlMenu().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_xmlMenu
 */
function authx_civicrm_xmlMenu(&$files) {
  _authx_civix_civicrm_xmlMenu($files);
}

/**
 * Implements hook_civicrm_install().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
 */
function authx_civicrm_install() {
  _authx_civix_civicrm_install();
}

/**
 * Implements hook_civicrm_postInstall().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_postInstall
 */
function authx_civicrm_postInstall() {
  _authx_civix_civicrm_postInstall();
}

/**
 * Implements hook_civicrm_uninstall().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_uninstall
 */
function authx_civicrm_uninstall() {
  _authx_civix_civicrm_uninstall();
}

/**
 * Implements hook_civicrm_enable().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
 */
function authx_civicrm_enable() {
  _authx_civix_civicrm_enable();
}

/**
 * Implements hook_civicrm_disable().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_disable
 */
function authx_civicrm_disable() {
  _authx_civix_civicrm_disable();
}

/**
 * Implements hook_civicrm_upgrade().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_upgrade
 */
function authx_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) {
  return _authx_civix_civicrm_upgrade($op, $queue);
}

/**
 * Implements hook_civicrm_managed().
 *
 * Generate a list of entities to create/deactivate/delete when this module
 * is installed, disabled, uninstalled.
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_managed
 */
function authx_civicrm_managed(&$entities) {
  _authx_civix_civicrm_managed($entities);
}

/**
 * Implements hook_civicrm_caseTypes().
 *
 * Generate a list of case-types.
 *
 * Note: This hook only runs in CiviCRM 4.4+.
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_caseTypes
 */
function authx_civicrm_caseTypes(&$caseTypes) {
  _authx_civix_civicrm_caseTypes($caseTypes);
}

/**
 * Implements hook_civicrm_angularModules().
 *
 * Generate a list of Angular modules.
 *
 * Note: This hook only runs in CiviCRM 4.5+. It may
 * use features only available in v4.6+.
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_angularModules
 */
function authx_civicrm_angularModules(&$angularModules) {
  _authx_civix_civicrm_angularModules($angularModules);
}

/**
 * Implements hook_civicrm_alterSettingsFolders().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_alterSettingsFolders
 */
function authx_civicrm_alterSettingsFolders(&$metaDataFolders = NULL) {
  _authx_civix_civicrm_alterSettingsFolders($metaDataFolders);
}

/**
 * Implements hook_civicrm_entityTypes().
 *
 * Declare entity types provided by this module.
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
 */
function authx_civicrm_entityTypes(&$entityTypes) {
  _authx_civix_civicrm_entityTypes($entityTypes);
}

/**
 * Implements hook_civicrm_thems().
 */
function authx_civicrm_themes(&$themes) {
  _authx_civix_civicrm_themes($themes);
}

/**
 * Implements hook_civicrm_permission().
 *
 * @see CRM_Utils_Hook::permission()
 */
function authx_civicrm_permission(&$permissions) {
  $permissions['authenticate with password'] = ts('AuthX: Authenticate to services with password');
  $permissions['authenticate with api key'] = ts('AuthX: Authenticate to services with API key');
}

// --- Functions below this ship commented out. Uncomment as required. ---

/**
 * Implements hook_civicrm_preProcess().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess
 */
//function authx_civicrm_preProcess($formName, &$form) {
//
//}

/**
 * Implements hook_civicrm_navigationMenu().
 *
 * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu
 */
//function authx_civicrm_navigationMenu(&$menu) {
//  _authx_civix_insert_navigation_menu($menu, 'Mailings', array(
//    'label' => E::ts('New subliminal message'),
//    'name' => 'mailing_subliminal_message',
//    'url' => 'civicrm/mailing/subliminal',
//    'permission' => 'access CiviMail',
//    'operator' => 'OR',
//    'separator' => 0,
//  ));
//  _authx_civix_navigationMenu($menu);
//}
Commit	Line	Data
7946d659 TO	1	<?php
	2
	3	require_once 'authx.civix.php';
	4	// phpcs:disable
	5	use CRM_Authx_ExtensionUtil as E;
	6	// phpcs:enable
	7
3a429e3f	8	Civi::dispatcher()->addListener('civi.invoke.auth', function($e) {
476ba2b9 TO	9	$params = ($_SERVER['REQUEST_METHOD'] === 'GET') ? $_GET : $_POST;
	10	$siteKey = $_SERVER['HTTP_X_CIVI_KEY'] ?? $params['_authxSiteKey'] ?? NULL;
	11
3a429e3f	12	if (!empty($_SERVER['HTTP_X_CIVI_AUTH'])) {
476ba2b9	13	return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'xheader', 'cred' => $_SERVER['HTTP_X_CIVI_AUTH'], 'siteKey' => $siteKey]);
3a429e3f TO	14	}
	15
	16	if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
476ba2b9	17	return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'header', 'cred' => $_SERVER['HTTP_AUTHORIZATION'], 'siteKey' => $siteKey]);
3a429e3f TO	18	}
3a429e3f TO	19
3a429e3f TO	20	if (!empty($params['_authx'])) {
3a429e3f TO	21	if ((implode('/', $e->args) === 'civicrm/authx/login')) {
476ba2b9	22	(new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'login', 'cred' => $params['_authx'], 'useSession' => TRUE, 'siteKey' => $siteKey]);
3a429e3f TO	23	_authx_redact(['_authx']);
	24	}
	25	elseif (!empty($params['_authxSes'])) {
476ba2b9	26	(new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'auto', 'cred' => $params['_authx'], 'useSession' => TRUE, 'siteKey' => $siteKey]);
a196e838 TO	27	if ($_SERVER['REQUEST_METHOD'] === 'GET') {
	28	_authx_reload(implode('/', $e->args), $_SERVER['QUERY_STRING']);
	29	}
	30	else {
	31	_authx_redact(['_authx', '_authxSes']);
	32	}
3a429e3f TO	33	}
3a429e3f TO	34	else {
476ba2b9	35	(new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'param', 'cred' => $params['_authx'], 'siteKey' => $siteKey]);
3a429e3f TO	36	_authx_redact(['_authx']);
	37	}
	38	}
	39	});
	40
	41	/**
	42	* @return \Civi\Authx\AuthxInterface
	43	*/
	44	function _authx_uf() {
	45	$class = 'Civi\\Authx\\' . CIVICRM_UF;
	46	return class_exists($class) ? new $class() : new \Civi\Authx\None();
	47	}
	48
	49	/**
	50	* For parameter-based authentication, this option will hide parameters.
	51	* This is mostly a precaution, hedging against the possibility that some routes
	52	* make broad use of $_GET or $_PARAMS.
	53	*
	54	* @param array $keys
	55	*/
	56	function _authx_redact(array $keys) {
	57	foreach ($keys as $key) {
	58	unset($_POST[$key], $_GET[$key], $_REQUEST[$key]);
	59	}
	60	}
	61
a196e838 TO	62	/**
	63	* Reload the current page-view.
	64	*
	65	* @param string $route
	66	* @param string $queryString
	67	*/
	68	function _authx_reload($route, $queryString) {
	69	parse_str($queryString, $query);
	70	foreach (array_keys($query) as $key) {
	71	if (CRM_Utils_String::startsWith($key, '_authx')) {
	72	unset($query[$key]);
	73	}
	74	}
	75	$url = CRM_Utils_System::url($route, $query, TRUE, NULL, FALSE, CRM_Core_Config::singleton()->userSystem->isFrontEndPage());
	76	CRM_Utils_System::redirect($url);
	77	}
	78
7946d659 TO	79	/**
	80	* Implements hook_civicrm_config().
	81	*
	82	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/
	83	*/
	84	function authx_civicrm_config(&$config) {
	85	_authx_civix_civicrm_config($config);
	86	}
	87
	88	/**
	89	* Implements hook_civicrm_xmlMenu().
	90	*
	91	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_xmlMenu
	92	*/
	93	function authx_civicrm_xmlMenu(&$files) {
	94	_authx_civix_civicrm_xmlMenu($files);
	95	}
	96
	97	/**
	98	* Implements hook_civicrm_install().
	99	*
	100	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
	101	*/
	102	function authx_civicrm_install() {
	103	_authx_civix_civicrm_install();
	104	}
	105
	106	/**
	107	* Implements hook_civicrm_postInstall().
	108	*
	109	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_postInstall
	110	*/
	111	function authx_civicrm_postInstall() {
	112	_authx_civix_civicrm_postInstall();
	113	}
	114
	115	/**
	116	* Implements hook_civicrm_uninstall().
	117	*
	118	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_uninstall
	119	*/
	120	function authx_civicrm_uninstall() {
	121	_authx_civix_civicrm_uninstall();
	122	}
	123
	124	/**
	125	* Implements hook_civicrm_enable().
	126	*
	127	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
	128	*/
	129	function authx_civicrm_enable() {
	130	_authx_civix_civicrm_enable();
	131	}
	132
	133	/**
	134	* Implements hook_civicrm_disable().
	135	*
	136	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_disable
	137	*/
	138	function authx_civicrm_disable() {
	139	_authx_civix_civicrm_disable();
	140	}
	141
	142	/**
143	* Implements hook_civicrm_upgrade().
144	*
145	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_upgrade
146	*/
147	function authx_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) {
148	return _authx_civix_civicrm_upgrade($op, $queue);
149	}
150
151	/**
152	* Implements hook_civicrm_managed().
153	*
154	* Generate a list of entities to create/deactivate/delete when this module
155	* is installed, disabled, uninstalled.
156	*
157	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_managed
158	*/
159	function authx_civicrm_managed(&$entities) {
160	_authx_civix_civicrm_managed($entities);
161	}
162
163	/**
164	* Implements hook_civicrm_caseTypes().
165	*
166	* Generate a list of case-types.
167	*
168	* Note: This hook only runs in CiviCRM 4.4+.
169	*
170	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_caseTypes
171	*/
172	function authx_civicrm_caseTypes(&$caseTypes) {
173	_authx_civix_civicrm_caseTypes($caseTypes);
174	}
175
176	/**
177	* Implements hook_civicrm_angularModules().
178	*
179	* Generate a list of Angular modules.
180	*
181	* Note: This hook only runs in CiviCRM 4.5+. It may
182	* use features only available in v4.6+.
183	*
184	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_angularModules
185	*/
186	function authx_civicrm_angularModules(&$angularModules) {
187	_authx_civix_civicrm_angularModules($angularModules);
188	}
189
190	/**
191	* Implements hook_civicrm_alterSettingsFolders().
192	*
193	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_alterSettingsFolders
194	*/
195	function authx_civicrm_alterSettingsFolders(&$metaDataFolders = NULL) {
196	_authx_civix_civicrm_alterSettingsFolders($metaDataFolders);
197	}
198
199	/**
200	* Implements hook_civicrm_entityTypes().
201	*
202	* Declare entity types provided by this module.
203	*
204	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
205	*/
206	function authx_civicrm_entityTypes(&$entityTypes) {
207	_authx_civix_civicrm_entityTypes($entityTypes);
208	}
209
210	/**
211	* Implements hook_civicrm_thems().
212	*/
213	function authx_civicrm_themes(&$themes) {
214	_authx_civix_civicrm_themes($themes);
215	}
216
476ba2b9 TO	217	/**
	218	* Implements hook_civicrm_permission().
	219	*
	220	* @see CRM_Utils_Hook::permission()
	221	*/
	222	function authx_civicrm_permission(&$permissions) {
	223	$permissions['authenticate with password'] = ts('AuthX: Authenticate to services with password');
	224	$permissions['authenticate with api key'] = ts('AuthX: Authenticate to services with API key');
	225	}
	226
7946d659 TO	227	// --- Functions below this ship commented out. Uncomment as required. ---
	228
	229	/**
	230	* Implements hook_civicrm_preProcess().
	231	*
	232	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess
	233	*/
	234	//function authx_civicrm_preProcess($formName, &$form) {
	235	//
	236	//}
	237
	238	/**
	239	* Implements hook_civicrm_navigationMenu().
	240	*
	241	* @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu
	242	*/
	243	//function authx_civicrm_navigationMenu(&$menu) {
	244	// _authx_civix_insert_navigation_menu($menu, 'Mailings', array(
	245	// 'label' => E::ts('New subliminal message'),
	246	// 'name' => 'mailing_subliminal_message',
	247	// 'url' => 'civicrm/mailing/subliminal',
	248	// 'permission' => 'access CiviMail',
	249	// 'operator' => 'OR',
	250	// 'separator' => 0,
	251	// ));
	252	// _authx_civix_navigationMenu($menu);
	253	//}