Refactored project structure.

src/Security/Authentication/LoginPasswordProviderInterface.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace PHPCensor\Security\Authentication;
+
+use PHPCensor\Model\User;
+
+/**
+ * User provider which authenticiation using a password.
+ *
+ * @author Adirelle <adirelle@gmail.com>
+ */
+interface LoginPasswordProviderInterface extends UserProviderInterface
+{
+    /**
+     * Verify if the supplied password matches the user's one.
+     *
+     * @param User   $user
+     * @param string $password
+     *
+     * @return boolean
+     */
+    public function verifyPassword(User $user, $password);
+}

src/Security/Authentication/Service.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace PHPCensor\Security\Authentication;
+
+use PHPCensor\Config;
+
+/**
+ * Authentication facade.
+ *
+ * @author Adirelle <adirelle@gmail.com>
+ */
+class Service
+{
+    /**
+     * @var Service
+     */
+    static private $instance;
+
+    /**
+     * Return the service singleton.
+     *
+     * @return Service
+     */
+    public static function getInstance()
+    {
+        if (self::$instance === null) {
+            $config = Config::getInstance()->get(
+                'php-censor.security.auth_providers',
+                [
+                    'internal' => [
+                        'type' => 'internal'
+                    ]
+                ]
+            );
+
+            $providers = [];
+            foreach ($config as $key => $providerConfig) {
+                $providers[$key] = self::buildProvider($key, $providerConfig);
+            }
+            self::$instance = new self($providers);
+        }
+
+        return self::$instance;
+    }
+
+    /**
+     * Create a provider from a given configuration.
+     *
+     * @param string       $key
+     * @param string|array $config
+     *
+     * @return UserProviderInterface
+     */
+    public static function buildProvider($key, $config)
+    {
+        $class = ucfirst($config['type']);
+        if (class_exists('\\PHPCensor\\Security\\Authentication\\UserProvider\\' . $class)) {
+            $class = '\\PHPCensor\\Security\\Authentication\\UserProvider\\' . $class;
+        }
+
+        return new $class($key, $config);
+    }
+
+    /**
+     * The table of providers.
+     *
+     * @var array
+     */
+    private $providers;
+
+    /**
+     * Initialize the service.
+     *
+     * @param array $providers
+     */
+    public function __construct(array $providers)
+    {
+        $this->providers = $providers;
+    }
+
+    /**
+     * Return all providers.
+     *
+     * @return UserProviderInterface[]
+     */
+    public function getProviders()
+    {
+        return $this->providers;
+    }
+
+    /**
+     * Return the user providers that allows password authentication.
+     *
+     * @return LoginPasswordProviderInterface[]
+     */
+    public function getLoginPasswordProviders()
+    {
+        $providers = [];
+        foreach ($this->providers as $key => $provider) {
+            if ($provider instanceof LoginPasswordProviderInterface) {
+                $providers[$key] = $provider;
+            }
+        }
+        return $providers;
+    }
+}

src/Security/Authentication/UserProvider/AbstractProvider.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace PHPCensor\Security\Authentication\UserProvider;
+
+use PHPCensor\Security\Authentication\UserProviderInterface;
+
+/**
+ * Abstract user provider.
+ *
+ * @author Adirelle <adirelle@gmail.com>
+ */
+abstract class AbstractProvider implements UserProviderInterface
+{
+    /**
+     * @var string
+     */
+    protected $key;
+
+    /**
+     * @var array
+     */
+    protected $config;
+
+    /**
+     * AbstractProvider constructor
+     *
+     * @param string $key
+     * @param array  $config
+     */
+    public function __construct($key, array $config)
+    {
+        $this->key    = $key;
+        $this->config = $config;
+    }
+}

src/Security/Authentication/UserProvider/Internal.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace PHPCensor\Security\Authentication\UserProvider;
+
+use PHPCensor\Model\User;
+use PHPCensor\Security\Authentication\LoginPasswordProviderInterface;
+
+/**
+ * Internal user provider
+ * 
+ * @author Adirelle <adirelle@gmail.com>
+ */
+class Internal extends AbstractProvider implements LoginPasswordProviderInterface
+{
+    /**
+     * @param User   $user
+     * @param string $password
+     *
+     * @return boolean
+     */
+    public function verifyPassword(User $user, $password)
+    {
+        return password_verify($password, $user->getHash());
+    }
+
+    public function checkRequirements()
+    {
+        // Always fine
+    }
+
+    /**
+     * @param string $identifier
+     *
+     * @return null
+     */
+    public function provisionUser($identifier)
+    {
+        return null;
+    }
+}

src/Security/Authentication/UserProvider/Ldap.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace PHPCensor\Security\Authentication\UserProvider;
+
+use PHPCensor\Store\Factory;
+use PHPCensor\Model\User;
+use PHPCensor\Security\Authentication\LoginPasswordProviderInterface;
+use PHPCensor\Service\UserService;
+use PHPCensor\Store\UserStore;
+
+/**
+ * Ldap user provider.
+ *
+ * @author Dmitrii Zolotov (@itherz)
+ */
+class Ldap extends AbstractProvider implements LoginPasswordProviderInterface
+{
+    /**
+     * @param User   $user
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function verifyPassword(User $user, $password)
+    {
+        if (isset($this->config['data'])) {
+            $ldapData   = $this->config['data'];
+            $ldapPort   = !empty($ldapData['port']) ? $ldapData['port'] : null;
+            $ldapHost   = !empty($ldapData['host']) ? $ldapData['host'] : 'localhost';
+            $ldapBaseDn = !empty($ldapData['base_dn']) ? $ldapData['base_dn'] : 'dc=nodomain';
+            $ldapMail   = !empty($ldapData['mail_attribute']) ? $ldapData['mail_attribute'] : 'mail';
+
+            if ($ldapPort) {
+                $ldap = @ldap_connect($ldapHost, $ldapPort);
+            } else {
+                $ldap = @ldap_connect($ldapHost);
+            }
+
+            if (false === $ldap) {
+                return false;
+            }
+
+            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+            $ls = @ldap_search($ldap, $ldapBaseDn, $ldapMail . '=' . $user->getEmail());
+            if (false === $ls) {
+                return false;
+            }
+
+            $le = @ldap_get_entries($ldap, $ls);
+            if (!$le['count']) {
+                return false;
+            }
+
+            $dn = $le[0]['dn'];
+
+            return @ldap_bind($ldap, $dn, $password);
+        }
+
+        return false;
+    }
+
+    public function checkRequirements()
+    {
+        // Always fine
+    }
+
+    /**
+     * @param string $identifier
+     *
+     * @return User
+     */
+    public function provisionUser($identifier)
+    {
+        /** @var UserStore $user */
+        $user        = Factory::getStore('User');
+        $userService = new UserService($user);
+
+        $parts    = explode("@", $identifier);
+        $username = $parts[0];
+
+        return $userService->createUser($username, $identifier, $this->key, json_encode($this->config), '', false);
+    }
+}

src/Security/Authentication/UserProviderInterface.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace PHPCensor\Security\Authentication;
+
+use PHPCensor\Model\User;
+
+/**
+ * User provider interface.
+ *
+ * @author Adirelle <adirelle@gmail.com>
+ */
+interface UserProviderInterface
+{
+
+    /**
+     * Check if all software requirements are met (libraries, extensions, ...)
+     *
+     * @throws \Exception
+     */
+    public function checkRequirements();
+
+    /**
+     * Provision an new user for the given identifier.
+     *
+     * @param string $identifier The user identifier.
+     *
+     * @return User|null The new user or null if the provider does not know the user.
+     */
+    public function provisionUser($identifier);
+}