Smart.Framework Logo

final class \SmartModExtLib\AuthAdmins\SmartAuthAdminsHandler
extends \SmartModExtLib\AuthAdmins\AbstractAuthHandler
implements \SmartModExtLib\AuthAdmins\AuthHandlerInterface
{ } ::

Smart.Unicorn (Multi-Account) Auth Admins Handler
This class provide a complex authentication for admin area (admin.php|task.php) using multi-accounts system with SQLite DB
Supports: HTTP Basic Auth ; HTTP Bear Auth (SWT) *optional* ; built-in HTTP Basic Token Auth (STK) *optional*
Required (only init, after dissalowed) constants: APP_AUTH_ADMIN_INIT_IP_ADDRESS, APP_AUTH_ADMIN_USERNAME, APP_AUTH_ADMIN_PASSWORD (must be set in set in config-admin.php only for init, thereafter must be unset)
Required constants: APP_AUTH_PRIVILEGES (must be set in set in config-admin.php)
Required configuration: $configs['app-auth']['adm-namespaces'][ 'Admins Manager' => 'admin.php?page=auth-admins.manager.stml', ... ] (must be set in set in config-admin.php)


class Methods

public static function Authenticate ( bool $enforce_https = false ) {} :: VOID
reimplemented  over \SmartModExtLib\AuthAdmins\AuthHandlerInterface
Auth Handler Authenticate
THIS MUST BE EXTENDED TO HANDLE AN AUTHENTICATION METHOD
RETURN: VOID ; On FAILED Logins this method should STOP EXECUTION and provide the proper HTTP Status Message: ex: 401, 403, 429, ...
final protected static function getClassName ( ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
RETURN: STRING ; The current called class name that has been extended from this one, without namespace prefix
final protected static function preCheckForbiddenConditions ( ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Auth Pre-Check FORBIDDEN Conditions : Status 403
This method should not be called more than once !
IMPORTANT: All messages from this method may be display to public via HTTP Status Pages
DO NOT INCLUDE SENSITIVE INFORMATION IN THIS MESSAGES !
RETURN: STRING ; 'ERR-Message' or ''
final protected static function preCheckInternalErrorConditions ( bool $disable_tokens = false, bool $disable_2fa = false ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Auth Pre-Check INTERNAL ERROR Conditions : Status 500
This method should not be called more than once !
IMPORTANT: All messages from this method may be display to public via HTTP Status Pages
DO NOT INCLUDE SENSITIVE INFORMATION IN THIS MESSAGES !
RETURN: STRING ; 'ERR-Message' or ''
final protected static function preCheckBadGatewayConditions ( bool $enforce_https ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Auth Pre-Check BAD GATEWAY Conditions : Status 502
This method should not be called more than once !
IMPORTANT: All messages from this method may be display to public via HTTP Status Pages
DO NOT INCLUDE SENSITIVE INFORMATION IN THIS MESSAGES !
RETURN: STRING ; 'ERR-Message' or ''
final protected static function preCheckServiceUnavailableConditions ( ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Auth Pre-Check SERVICE UNAVAILABLE Conditions : Status 503
This method should not be called more than once !
IMPORTANT: All messages from this method may be display to public via HTTP Status Pages
DO NOT INCLUDE SENSITIVE INFORMATION IN THIS MESSAGES !
RETURN: STRING ; 'ERR-Message' or ''
final protected static function getAuthCredentials ( bool $enforce_https, bool $disable_tokens, bool $disable_2fa ) {} :: ARRAY
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Auth Get Credentials
It will retry the Auth Credentials from the HTTP Headers (Basic Auth or Bearer Auth)
This method should not be called more than once !
RETURN: ARRAY ; see the AUTH_CREDENTIALS array definition in this class ...
final protected static function tryAuthGuard ( ) {} :: BOOL
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Try Authentication Guard
This will detect the single following situation, that will skip Try Auth (this is the entry page):
- current script ends in `.php`
- current REQUEST_METHOD is GET or HEAD
- there are no input variables from REQUEST_URI, QUERY_STRING, PATH_INFO, REQUEST, GET, POST, FILES
For all the rest of situations will return TRUE (ask Try Auth)
There is no need to check for COOKIES, this is an HTTP Auth Handler, not managing Auth by Cookies ...
REQUEST_URI != SCRIPT_NAME (it means have query variables)
RETURN: BOOL ; if TRUE, Auth is required, otherwise if FALSE should not
final protected static function isAuthLogout ( ) {} :: BOOL
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Detect Logout Request
This will detect the single following situation, that will display the Logout page:
- current script ends in `.php`
- current REQUEST_METHOD is GET or HEAD
- the $_REQUEST['logout'] variable is set and not empty
RETURN: BOOL ; if TRUE, Auth will display the Logout Page
final protected static function renderAuthLogoutPage ( ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Render the Logout Page
RETURN: STRING ; HTML MAIN TPL
final protected static function renderAuthLoginPage ( bool $disable_2fa, string $auth_user_name, string $auth_mode, string $auth_desc_mode, string $html_inc_code_poweredby_area = "" ) {} :: STRING
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Render the Login Page
RETURN: STRING ; HTML MAIN TPL
final protected static function isAuthLoginValid ( string $auth_user_name, string $hash_of_pass, array $account_data ) {} :: BOOL
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Validate the Account Data against Auth UserName / PassHash ;
RETURN: BOOL ; if TRUE, the Login is SUCCESS ; Otherwise Login is FAIL
final protected static function isAuth2FAValid ( string $auth_user_name, bool $use_2fa, string $valid_2fa_pin_token = "" ) {} :: BOOL
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Validate the 2FA login Value from Cookies compared with 2FA Token Pin or Visitor UUID Hash
IMPORTANT: the value of cookie will be compared with the provided $valid_2fa_pin_token which have to be a valid TOTP Pin Token
RETURN: BOOL ; if TRUE, the 2FA is VALID ; otherwise is INVALID
final protected static function isAuthIPAddressValid ( string $restricted_ip_list ) {} :: BOOL
inherited from \SmartModExtLib\AuthAdmins\AbstractAuthHandler
Validate the IP Restrictions login Value using the User IPAddress List Restrictions ; ex: <ip1>,<ip2>,...
RETURN: BOOL ; if TRUE, the Current Visitor IP is VALID ; otherwise is INVALID

class Properties


class Constants

protected const AUTH_2FA_COOKIE_NAME = "Sf_2FA" ;  ::
protected const AUTH_2FA_REGEX_TOKEN = "/^[0-9]{8}$/" ;  ::
protected const TPL_PATH = "modules/mod-auth-admins/templates/" ;  ::
protected const TPL_FILE = "template.htm" ;  ::
protected const TPL_INC_PATH = "modules/mod-auth-admins/libs/templates/auth-admins-handler/" ;  ::
protected const IMG_LOADER = "lib/framework/img/loading-spokes.svg" ;  ::
protected const IMG_UNICORN = "lib/framework/img/unicorn-auth-logo.svg" ;  ::
protected const TXT_UNICORN = "Smart.Unicorn Secure Authentication" ;  ::
protected const TPL_LOGIN = "login.htm" ;  ::
protected const TXT_LOGIN = "Sign-In Authenticated Area" ;  ::
protected const TPL_LOGOUT = "logout.htm" ;  ::
protected const TXT_LOGOUT = "Sign-Out Authenticated Area" ;  ::
protected const STK_TOKEN_AUTH_USERNAME_SUFFIX = "#token" ;  ::
protected const AUTH_VIA_TOKEN_ENFORCED_RESTRICTIONS_LIST = "<def-account>,<account>,<token>" ;  ::

documentation generated on: 2024-12-16 17:13:20 +0000


Smart.Framework © 2009-2024 unix-world.org