Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement : External Authorization #205

Closed
IvandaNothabeer opened this issue Jun 22, 2016 · 1 comment
Closed

Enhancement : External Authorization #205

IvandaNothabeer opened this issue Jun 22, 2016 · 1 comment

Comments

@IvandaNothabeer
Copy link

The following modification can be used to enable user access verification against an external database. Useful if you are running a private installation of pathfinder and want to enable access to a group that cannot be defined simply as "alliance" or "corp"

## 3rd Party external authorization website
Your external authorization site should implement a JSON API that takes a URL in the form ....

https://<your-site>/<path-to-api>/<character ID to verify>
A username and password are sent in the header

The API should return a JSON string of "OK" if the user is allowed to access pathfinder. Any other response is ignored and the user cannot log on to pathfinder.

## environment.ini
Add the following lines to both your [ENVIRONMENT.DEVELOP] and [ENVIRONMENT.PRODUCTION] sections ...

; External Authorization Settings
EXT_AUTH_ENABLE             =   true
EXT_AUTH_URL                =   http://localhost/portal/api/authorize/  ; change to your site
EXT_AUTH_USER               =   admin      ; change as required, sent in header
EXT_AUTH_PASS               =   admin       ; change as required, sent in header

##charactermodel.php
Add the following code to function isAuthorized ...

    public function isAuthorized(){
        $isAuthorized = false;
        $f3 = self::getF3();

        if ($f3->get('ENVIRONMENT.EXT_AUTH_ENABLE'))
            return $this->externalAuth();

        $whitelistCorporations = $whitelistAlliance = [];

Add the following new function ...

    public function externalAuth(){

        $f3     =   self::getF3();
        $url    =   $f3->get('ENVIRONMENT.EXT_AUTH_URL');
        $user   =   $f3->get('ENVIRONMENT.EXT_AUTH_USER');
        $pass   =   $f3->get('ENVIRONMENT.EXT_AUTH_PASS');

        $options    = array('method'=>'GET', 'header'=>array('username: '.$user,'password: '.$pass));

        $result     = \Web::instance()->request($url.$this->id, $options );

        return (@$result['body']=='"OK"');

    }

The Web request options can be customised as required for different authorization or security schemes. See the F3 documentation for details on how to use \Web::instance

http://fatfreeframework.com/web#Instantiation

@exodus4d
Copy link
Owner

Awesome! I added this to the wiki - help page.
I close this one just to keep the issue list clean ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants