diff options
| author | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
|---|---|---|
| committer | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
| commit | 4459dd7917f4d1c34f40bb68f0e991e9c3d53e4c (patch) | |
| tree | 5c07151ae61276d334e88f6309c30d439a85c12e /lib/classes/JsonApi/Middlewares/Authentication.php | |
| parent | da0022e5c1abbf9825ae76debaabdff7e8623bb4 (diff) | |
| parent | 97a188592c679890a25c37ab78463add76a52ff7 (diff) | |
Merge branch 'main' into issue-3911issue-3911
Diffstat (limited to 'lib/classes/JsonApi/Middlewares/Authentication.php')
| -rw-r--r-- | lib/classes/JsonApi/Middlewares/Authentication.php | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/lib/classes/JsonApi/Middlewares/Authentication.php b/lib/classes/JsonApi/Middlewares/Authentication.php index de92e15..bbcfef1 100644 --- a/lib/classes/JsonApi/Middlewares/Authentication.php +++ b/lib/classes/JsonApi/Middlewares/Authentication.php @@ -15,22 +15,21 @@ class Authentication // $user = $request->getAttribute(Authentication::USER_KEY); const USER_KEY = 'studip-user'; - // a callable accepting two arguments username and password and - // returning either null or a Stud.IP user object - /** @var callable */ - private $authenticator; - /** * Der Konstruktor. * - * @param callable $authenticator ein Callable, das den Nutzernamen und + * @param \Closure $authenticator eine Closure, die den Nutzernamen und * das Passwort als Argumente erhält und * damit entweder einen Stud.IP-User-Objekt * oder null zurückgibt + * @param array $excluded_strategies */ - public function __construct($authenticator) - { - $this->authenticator = $authenticator; + public function __construct( + // a callable accepting two arguments username and password and + // returning either null or a Stud.IP user object + private readonly \Closure $authenticator, + private readonly array $excluded_strategies = [] + ) { } /** @@ -45,12 +44,7 @@ class Authentication */ public function __invoke(Request $request, RequestHandler $handler) { - $guards = [ - new Auth\SessionStrategy(), - new Auth\HttpBasicAuthStrategy($request, $this->authenticator), - new Auth\OAuth2Strategy($request, $this->authenticator), - new Auth\OAuth1Strategy($request, $this->authenticator), - ]; + $guards = $this->getGuards($request); foreach ($guards as $guard) { if ($guard->check()) { @@ -101,4 +95,24 @@ class Authentication return $request->withAttribute(self::USER_KEY, $user); } + + /** + * @param Request $request + * + * @return array + */ + protected function getGuards(Request $request): array + { + $guards = [ + 'session' => new Auth\SessionStrategy(), + 'basic' => new Auth\HttpBasicAuthStrategy($request, $this->authenticator), + 'oauth2' => new Auth\OAuth2Strategy($request, $this->authenticator), + ]; + + foreach ($this->excluded_strategies as $strategy) { + unset($guards[$strategy]); + } + + return $guards; + } } |