|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace CWP\Core\Control; |
|
4
|
|
|
|
|
5
|
|
|
use SilverStripe\Control\HTTPRequest; |
|
6
|
|
|
use SilverStripe\Security\BasicAuthMiddleware; |
|
7
|
|
|
use SilverStripe\Security\PermissionProvider; |
|
8
|
|
|
|
|
9
|
|
|
class CwpBasicAuthMiddleware extends BasicAuthMiddleware implements PermissionProvider |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* Whitelisted IP addresses will not be given a basic authentication prompt when other basic authentication |
|
13
|
|
|
* rules via {@link BasicAuthMiddleware} are enabled. |
|
14
|
|
|
* |
|
15
|
|
|
* Please note that this will not have any effect if using BasicAuth.entire_site_protected, which will |
|
16
|
|
|
* always enabled basic authentication for the entire site. |
|
17
|
|
|
* |
|
18
|
|
|
* @var array |
|
19
|
|
|
*/ |
|
20
|
|
|
protected $whitelistedIps = []; |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* @return array |
|
24
|
|
|
*/ |
|
25
|
|
|
public function getWhitelistedIps() |
|
26
|
|
|
{ |
|
27
|
|
|
return $this->whitelistedIps; |
|
28
|
|
|
} |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* @param string|string[] $whitelistedIps An array of IP addresses, a comma delimited string, or an array of IPs |
|
32
|
|
|
* or comma delimited IP list strings |
|
33
|
|
|
* @return $this |
|
34
|
|
|
*/ |
|
35
|
|
|
public function setWhitelistedIps($whitelistedIps) |
|
36
|
|
|
{ |
|
37
|
|
|
// Allow string or array input |
|
38
|
|
|
$ipLists = is_array($whitelistedIps) ? $whitelistedIps : [$whitelistedIps]; |
|
39
|
|
|
|
|
40
|
|
|
$whitelistedIps = []; |
|
41
|
|
|
// Break each string in the array by commas to support nested IP lists |
|
42
|
|
|
foreach ($ipLists as $ipList) { |
|
43
|
|
|
if (!$ipList) { |
|
44
|
|
|
continue; |
|
45
|
|
|
} |
|
46
|
|
|
$ips = array_map('trim', explode(',', $ipList)); |
|
47
|
|
|
$whitelistedIps = array_merge($whitelistedIps, $ips); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
// Return unique values with keys reset |
|
51
|
|
|
$this->whitelistedIps = array_values(array_unique($whitelistedIps)); |
|
52
|
|
|
return $this; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* Check for any whitelisted IP addresses. If one matches the current user's IP then return false early, |
|
57
|
|
|
* otherwise allow the default {@link BasicAuthMiddleware} to continue its logic. |
|
58
|
|
|
* |
|
59
|
|
|
* {@inheritDoc} |
|
60
|
|
|
*/ |
|
61
|
|
|
protected function checkMatchingURL(HTTPRequest $request) |
|
62
|
|
|
{ |
|
63
|
|
|
if ($this->ipMatchesWhitelist()) { |
|
64
|
|
|
return false; |
|
65
|
|
|
} |
|
66
|
|
|
return parent::checkMatchingURL($request); |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
/** |
|
70
|
|
|
* Check whether the current user's IP address is in the IP whitelist |
|
71
|
|
|
* |
|
72
|
|
|
* @return bool |
|
73
|
|
|
*/ |
|
74
|
|
|
protected function ipMatchesWhitelist() |
|
75
|
|
|
{ |
|
76
|
|
|
$whitelist = $this->getWhitelistedIps(); |
|
77
|
|
|
// Continue if no whitelist is defined |
|
78
|
|
|
if (empty($whitelist)) { |
|
79
|
|
|
return false; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
$userIp = $_SERVER['REMOTE_ADDR']; |
|
83
|
|
|
if (in_array($userIp, $whitelist)) { |
|
84
|
|
|
return true; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
return false; |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Provide a permission code for users to be able to access the site in test mode (UAT sites). This will |
|
92
|
|
|
* apply to any route other than those required to change your password. |
|
93
|
|
|
* |
|
94
|
|
|
* @return array |
|
95
|
|
|
*/ |
|
96
|
|
|
public function providePermissions() |
|
97
|
|
|
{ |
|
98
|
|
|
return [ |
|
99
|
|
|
'ACCESS_UAT_SERVER' => _t( |
|
100
|
|
|
__CLASS__ . '.UatServerPermission', |
|
101
|
|
|
'Allow users to use their accounts to access the UAT server' |
|
102
|
|
|
) |
|
103
|
|
|
]; |
|
104
|
|
|
} |
|
105
|
|
|
} |
|
106
|
|
|
|
silverstripe /
cwp-core
