API
1 year ago
Access
1 year ago
Application
1 year ago
Archive
1 year ago
ArchiveProcessor
1 year ago
Archiver
2 years ago
AssetManager
1 year ago
Auth
1 year ago
Category
2 years ago
Changes
1 year ago
CliMulti
1 year ago
Columns
1 year ago
Concurrency
1 year ago
Config
1 year ago
Container
1 year ago
CronArchive
1 year ago
DataAccess
1 year ago
DataFiles
2 years ago
DataTable
1 year ago
Db
1 year ago
DeviceDetector
1 year ago
Email
2 years ago
Exception
1 year ago
Http
1 year ago
Intl
1 year ago
Log
2 years ago
Mail
1 year ago
Measurable
1 year ago
Menu
1 year ago
Metrics
1 year ago
Notification
1 year ago
Period
1 year ago
Plugin
1 year ago
ProfessionalServices
1 year ago
Report
1 year ago
ReportRenderer
1 year ago
Scheduler
1 year ago
Segment
1 year ago
Session
1 year ago
Settings
1 year ago
Tracker
1 year ago
Translation
1 year ago
Twig
1 year ago
UpdateCheck
1 year ago
Updater
1 year ago
Updates
1 year ago
Validators
1 year ago
View
1 year ago
ViewDataTable
1 year ago
Visualization
1 year ago
Widget
1 year ago
.htaccess
2 years ago
Access.php
1 year ago
Archive.php
1 year ago
ArchiveProcessor.php
1 year ago
AssetManager.php
1 year ago
Auth.php
2 years ago
AuthResult.php
2 years ago
BaseFactory.php
2 years ago
Cache.php
2 years ago
CacheId.php
1 year ago
CliMulti.php
1 year ago
Common.php
1 year ago
Config.php
1 year ago
Console.php
1 year ago
Context.php
2 years ago
Cookie.php
1 year ago
CronArchive.php
1 year ago
DI.php
1 year ago
DataArray.php
1 year ago
DataTable.php
1 year ago
Date.php
1 year ago
Db.php
1 year ago
DbHelper.php
1 year ago
Development.php
1 year ago
ErrorHandler.php
1 year ago
EventDispatcher.php
1 year ago
ExceptionHandler.php
1 year ago
FileIntegrity.php
1 year ago
Filechecks.php
1 year ago
Filesystem.php
1 year ago
FrontController.php
1 year ago
Http.php
1 year ago
IP.php
1 year ago
Log.php
2 years ago
LogDeleter.php
1 year ago
Mail.php
1 year ago
Metrics.php
1 year ago
NoAccessException.php
2 years ago
Nonce.php
1 year ago
Notification.php
1 year ago
NumberFormatter.php
1 year ago
Option.php
1 year ago
Period.php
1 year ago
Piwik.php
1 year ago
Plugin.php
1 year ago
Process.php
1 year ago
Profiler.php
1 year ago
ProxyHeaders.php
2 years ago
ProxyHttp.php
1 year ago
QuickForm2.php
1 year ago
RankingQuery.php
1 year ago
ReportRenderer.php
1 year ago
Request.php
1 year ago
Segment.php
1 year ago
Sequence.php
2 years ago
Session.php
1 year ago
SettingsPiwik.php
1 year ago
SettingsServer.php
1 year ago
Singleton.php
2 years ago
Site.php
1 year ago
SiteContentDetector.php
1 year ago
SupportedBrowser.php
2 years ago
TCPDF.php
1 year ago
Theme.php
1 year ago
Timer.php
2 years ago
Tracker.php
1 year ago
Twig.php
1 year ago
Unzip.php
1 year ago
UpdateCheck.php
1 year ago
Updater.php
1 year ago
UpdaterErrorException.php
2 years ago
Updates.php
1 year ago
Url.php
1 year ago
UrlHelper.php
1 year ago
Version.php
1 year ago
View.php
1 year ago
bootstrap.php
1 year ago
dispatch.php
2 years ago
testMinimumPhpVersion.php
2 years ago
Auth.php
114 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Matomo - free/libre analytics platform |
| 5 | * |
| 6 | * @link https://matomo.org |
| 7 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later |
| 8 | */ |
| 9 | namespace Piwik; |
| 10 | |
| 11 | use Exception; |
| 12 | /** |
| 13 | * Base interface for authentication implementations. |
| 14 | * |
| 15 | * Plugins that provide Auth implementations must provide a class that implements |
| 16 | * this interface. Additionally, an instance of that class must be set in the |
| 17 | * container with the 'Piwik\Auth' key during the |
| 18 | * [Request.initAuthenticationObject](https://developer.matomo.org/api-reference/events#requestinitauthenticationobject) |
| 19 | * event. |
| 20 | * |
| 21 | * Authentication implementations must support authentication via username and |
| 22 | * clear-text password and authentication via username and token auth. They can |
| 23 | * additionally support authentication via username and an MD5 hash of a password. If |
| 24 | * they don't support it, then [formless authentication](https://matomo.org/faq/how-to/faq_30/) will fail. |
| 25 | * |
| 26 | * Derived implementations should favor authenticating by password over authenticating |
| 27 | * by token auth. That is to say, if a token auth and a password are set, password |
| 28 | * authentication should be used. |
| 29 | * |
| 30 | * ### Examples |
| 31 | * |
| 32 | * **How an Auth implementation will be used** |
| 33 | * |
| 34 | * // authenticating by password |
| 35 | * $auth = StaticContainer::get('Piwik\Auth'); |
| 36 | * $auth->setLogin('user'); |
| 37 | * $auth->setPassword('password'); |
| 38 | * $result = $auth->authenticate(); |
| 39 | * |
| 40 | * // authenticating by token auth |
| 41 | * $auth = StaticContainer::get('Piwik\Auth'); |
| 42 | * $auth->setLogin('user'); |
| 43 | * $auth->setTokenAuth('...'); |
| 44 | * $result = $auth->authenticate(); |
| 45 | * |
| 46 | * @api |
| 47 | */ |
| 48 | interface Auth |
| 49 | { |
| 50 | /** |
| 51 | * Must return the Authentication module's name, e.g., `"Login"`. |
| 52 | * |
| 53 | * @return string |
| 54 | */ |
| 55 | public function getName(); |
| 56 | /** |
| 57 | * Sets the authentication token to authenticate with. |
| 58 | * |
| 59 | * @param string $token_auth authentication token |
| 60 | */ |
| 61 | public function setTokenAuth($token_auth); |
| 62 | /** |
| 63 | * Returns the login of the user being authenticated. |
| 64 | * |
| 65 | * @return string |
| 66 | */ |
| 67 | public function getLogin(); |
| 68 | /** |
| 69 | * Returns the secret used to calculate a user's token auth. |
| 70 | * |
| 71 | * A users token auth is generated using the user's login and this secret. The secret |
| 72 | * should be specific to the user and not easily guessed. Piwik's default Auth implementation |
| 73 | * uses an MD5 hash of a user's password. |
| 74 | * |
| 75 | * @return string |
| 76 | * @throws Exception if the token auth secret does not exist or cannot be obtained. |
| 77 | */ |
| 78 | public function getTokenAuthSecret(); |
| 79 | /** |
| 80 | * Sets the login name to authenticate with. |
| 81 | * |
| 82 | * @param string $login The username. |
| 83 | */ |
| 84 | public function setLogin($login); |
| 85 | /** |
| 86 | * Sets the password to authenticate with. |
| 87 | * |
| 88 | * @param string $password Password (not hashed). |
| 89 | */ |
| 90 | public function setPassword($password); |
| 91 | /** |
| 92 | * Sets the hash of the password to authenticate with. The hash will be an MD5 hash. |
| 93 | * |
| 94 | * @param string $passwordHash The hashed password. |
| 95 | * @throws Exception if authentication by hashed password is not supported. |
| 96 | */ |
| 97 | public function setPasswordHash($passwordHash); |
| 98 | /** |
| 99 | * Authenticates a user using the login and password set using the setters. Can also authenticate |
| 100 | * via token auth if one is set and no password is set. |
| 101 | * |
| 102 | * Note: this method must successfully authenticate if the token auth supplied is a special hash |
| 103 | * of the user's real token auth. This is because the SessionInitializer class stores a |
| 104 | * hash of the token auth in the session cookie. You can calculate the token auth hash using the |
| 105 | * {@link \Piwik\Plugins\Login\SessionInitializer::getHashTokenAuth()} method. |
| 106 | * |
| 107 | * @return AuthResult |
| 108 | * @throws Exception if the Auth implementation has an invalid state (ie, no login |
| 109 | * was specified). Note: implementations are not **required** to throw |
| 110 | * exceptions for invalid state, but they are allowed to. |
| 111 | */ |
| 112 | public function authenticate(); |
| 113 | } |
| 114 |