From ed7fdf45e2adedae2383045f1b56748ffe37704a Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Mon, 9 Aug 2010 11:47:31 +0000
Subject: [PATCH] - New authentification module to support "external"
 authentication, i.e. when the authentication is done outside of iTop (for
 example by the web server itself using a .htaccess file)

SVN:trunk[667]
---
 .../en.dict.authent-external.php              | 65 +++++++++++++
 .../fr.dict.authent-external.php              | 63 ++++++++++++
 .../model.authent-external.php                | 95 +++++++++++++++++++
 .../module.authent-external.php               | 68 +++++++++++++
 4 files changed, 291 insertions(+)
 create mode 100644 modules/authent-external/en.dict.authent-external.php
 create mode 100644 modules/authent-external/fr.dict.authent-external.php
 create mode 100644 modules/authent-external/model.authent-external.php
 create mode 100644 modules/authent-external/module.authent-external.php

diff --git a/modules/authent-external/en.dict.authent-external.php b/modules/authent-external/en.dict.authent-external.php
new file mode 100644
index 000000000..8633c3b9a
--- /dev/null
+++ b/modules/authent-external/en.dict.authent-external.php
@@ -0,0 +1,65 @@
+<?php
+// Copyright (C) 2010 Combodo SARL
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation; version 3 of the License.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program; if not, write to the Free Software
+//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+/**
+ * Localized data
+ *
+ * @author      Erwan Taloc <erwan.taloc@combodo.com>
+ * @author      Romain Quetiez <romain.quetiez@combodo.com>
+ * @author      Denis Flaven <denis.flaven@combodo.com>
+ * @license     http://www.opensource.org/licenses/gpl-3.0.html LGPL
+ */
+
+// Dictionnay conventions
+// Class:<class_name>
+// Class:<class_name>+
+// Class:<class_name>/Attribute:<attribute_code>
+// Class:<class_name>/Attribute:<attribute_code>+
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
+// Class:<class_name>/Stimulus:<stimulus_code>
+// Class:<class_name>/Stimulus:<stimulus_code>+
+
+//
+// Class: UserExternal
+//
+
+Dict::Add('EN US', 'English', 'English', array(
+	'Class:UserExternal' => 'External user',
+	'Class:UserExternal+' => 'User authentified outside of iTop',
+	'Class:UserExternal/Attribute:contactid' => 'Contact (person)',
+	'Class:UserExternal/Attribute:contactid+' => 'Personal details from the business data',
+	'Class:UserExternal/Attribute:last_name' => 'Last name',
+	'Class:UserExternal/Attribute:last_name+' => 'Name of the corresponding contact',
+	'Class:UserExternal/Attribute:first_name' => 'First name',
+	'Class:UserExternal/Attribute:first_name+' => 'First name of the corresponding contact',
+	'Class:UserExternal/Attribute:email' => 'Email',
+	'Class:UserExternal/Attribute:email+' => 'Email of the corresponding contact',
+	'Class:UserExternal/Attribute:login' => 'Login',
+	'Class:UserExternal/Attribute:login+' => 'user identification string',
+	'Class:UserExternal/Attribute:language' => 'Language',
+	'Class:UserExternal/Attribute:language+' => 'user language',
+	'Class:UserExternal/Attribute:language/Value:EN US' => 'English',
+	'Class:UserExternal/Attribute:language/Value:EN US+' => 'English (U.S.)',
+	'Class:UserExternal/Attribute:language/Value:FR FR' => 'French',
+	'Class:UserExternal/Attribute:language/Value:FR FR+' => 'French (France)',
+	'Class:UserExternal/Attribute:profile_list' => 'Profiles',
+	'Class:UserExternal/Attribute:profile_list+' => 'Roles, granting rights for that person',
+));
+
+
+
+?>
diff --git a/modules/authent-external/fr.dict.authent-external.php b/modules/authent-external/fr.dict.authent-external.php
new file mode 100644
index 000000000..d7d87d41c
--- /dev/null
+++ b/modules/authent-external/fr.dict.authent-external.php
@@ -0,0 +1,63 @@
+<?php
+// Copyright (C) 2010 Combodo SARL
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation; version 3 of the License.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program; if not, write to the Free Software
+//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+/**
+ * Localized data
+ *
+ * @author      Erwan Taloc <erwan.taloc@combodo.com>
+ * @author      Romain Quetiez <romain.quetiez@combodo.com>
+ * @author      Denis Flaven <denis.flaven@combodo.com>
+ * @license     http://www.opensource.org/licenses/gpl-3.0.html LGPL
+ */
+
+// Dictionnay conventions
+// Class:<class_name>
+// Class:<class_name>+
+// Class:<class_name>/Attribute:<attribute_code>
+// Class:<class_name>/Attribute:<attribute_code>+
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
+// Class:<class_name>/Stimulus:<stimulus_code>
+// Class:<class_name>/Stimulus:<stimulus_code>+
+
+//
+// Class: UserExternal
+//
+
+Dict::Add('EN US', 'French', 'Français', array(
+	'Class:UserExternal' => 'Utilisateur externe à iTop',
+	'Class:UserExternal+' => 'Utilisateur authentifié à l\'extérieur d\'iTop',
+	'Class:UserExternal/Attribute:contactid' => 'Contact (personne)',
+	'Class:UserExternal/Attribute:contactid+' => '',
+	'Class:UserExternal/Attribute:last_name' => 'Nom',
+	'Class:UserExternal/Attribute:last_name+' => '',
+	'Class:UserExternal/Attribute:first_name' => 'Prénom',
+	'Class:UserExternal/Attribute:first_name+' => '',
+	'Class:UserExternal/Attribute:email' => 'Adresse email',
+	'Class:UserExternal/Attribute:email+' => '',
+	'Class:UserExternal/Attribute:login' => 'Login',
+	'Class:UserExternal/Attribute:login+' => '',
+	'Class:UserExternal/Attribute:language' => 'Langage',
+	'Class:UserExternal/Attribute:language+' => '',
+	'Class:UserExternal/Attribute:language/Value:EN US' => 'Anglais',
+	'Class:UserExternal/Attribute:language/Value:EN US+' => 'Anglais (Etats-unis)',
+	'Class:UserExternal/Attribute:language/Value:FR FR' => 'Français',
+	'Class:UserExternal/Attribute:language/Value:FR FR+' => 'Français (France)',
+	'Class:UserExternal/Attribute:profile_list' => 'Profils',
+	'Class:UserExternal/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
+));
+
+?>
diff --git a/modules/authent-external/model.authent-external.php b/modules/authent-external/model.authent-external.php
new file mode 100644
index 000000000..f42b2e65f
--- /dev/null
+++ b/modules/authent-external/model.authent-external.php
@@ -0,0 +1,95 @@
+<?php
+// Copyright (C) 2010 Combodo SARL
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation; version 3 of the License.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program; if not, write to the Free Software
+//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+/**
+ * Authent External
+ * User authentication Module, for authentication outside of the iTop application
+ * for example using a .htaccess file. The web server is in charge of authentifying the users
+ * and providing the name (= 'login') of the authentified user in the $_SERVER['REMOTE_USER']
+ * variable that is passed to PHP. iTop will not make any attempt to authentify such users.
+ * Similarly once inside iTop, there is no way for the users to change their password or
+ * log off from the iTop application, this has to be handled outside of iTop.
+ *
+ * @author      Erwan Taloc <erwan.taloc@combodo.com>
+ * @author      Romain Quetiez <romain.quetiez@combodo.com>
+ * @author      Denis Flaven <denis.flaven@combodo.com>
+ * @license     http://www.opensource.org/licenses/gpl-3.0.html LGPL
+ */
+
+
+class UserExternal extends User
+{
+	public static function Init()
+	{
+		$aParams = array
+		(
+			"category" => "addon/authentication",
+			"key_type" => "autoincrement",
+			"name_attcode" => "login",
+			"state_attcode" => "",
+			"reconc_keys" => array(),
+			"db_table" => "",
+			"db_key_field" => "id",
+			"db_finalclass_field" => "",
+			"display_template" => "",
+		);
+		MetaModel::Init_Params($aParams);
+		MetaModel::Init_InheritAttributes();
+
+		// Display lists
+		MetaModel::Init_SetZListItems('details', array('contactid', 'first_name', 'email', 'login', 'language', 'profile_list')); // Attributes to be displayed for the complete details
+		MetaModel::Init_SetZListItems('list', array('first_name', 'last_name', 'login')); // Attributes to be displayed for a list
+		// Search criteria
+		MetaModel::Init_SetZListItems('standard_search', array('login', 'contactid')); // Criteria of the std search form
+		MetaModel::Init_SetZListItems('advanced_search', array('login', 'contactid')); // Criteria of the advanced search form
+	}
+
+	/**
+	 * Check the user's password... always return true. Actually the password
+	 * is not even passed to this function, we trust the web server for authentifiying
+	 * the users
+	 */
+	public function CheckCredentials($sPassword)
+	{
+		// External authentication: for iTop it's always Ok
+		return true;
+	}
+
+	public function TrustWebServerContext()
+	{
+		return true;
+	}
+
+	public function CanChangePassword()
+	{
+		// External authentication: iTop has no way to change a user's password
+		return false;
+	}
+
+	public function CanLogOff()
+	{
+		// External authentication: iTop has no way to force a log off
+		return false;
+	}
+
+	public function ChangePassword($sOldPassword, $sNewPassword)
+	{
+		return false;
+	}
+}
+
+
+?>
diff --git a/modules/authent-external/module.authent-external.php b/modules/authent-external/module.authent-external.php
new file mode 100644
index 000000000..7a261be10
--- /dev/null
+++ b/modules/authent-external/module.authent-external.php
@@ -0,0 +1,68 @@
+<?php
+// Copyright (C) 2010 Combodo SARL
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License as published by
+//   the Free Software Foundation; version 3 of the License.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public License
+//   along with this program; if not, write to the Free Software
+//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+/**
+ * Authent External
+ * Module definition file for the "External Authentication" module
+ *
+ * @author      Erwan Taloc <erwan.taloc@combodo.com>
+ * @author      Romain Quetiez <romain.quetiez@combodo.com>
+ * @author      Denis Flaven <denis.flaven@combodo.com>
+ * @license     http://www.opensource.org/licenses/gpl-3.0.html LGPL
+ */
+
+SetupWebPage::AddModule(
+	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
+	'authent-external/1.0.0',
+	array(
+		// Identification
+		//
+		'label' => 'External user authentication',
+		'category' => 'authentication',
+
+		// Setup
+		//
+		'dependencies' => array(
+		),
+		'mandatory' => false,
+		'visible' => true,
+
+		// Components
+		//
+		'datamodel' => array(
+			'model.authent-external.php',
+		),
+		'dictionary' => array(
+			'en.dict.authent-external.php',
+		),
+		'data.struct' => array(
+			//'data.struct.authent-ldap.xml',
+		),
+		'data.sample' => array(
+			//'data.sample.authent-ldap.xml',
+		),
+		
+		// Documentation
+		//
+		'doc.manual_setup' => '',
+		'doc.more_information' => '',
+
+		// Default settings
+		//
+		'settings' => array(),
+	)
+);
+?>