Add Vdlp.BasicAuthentication

Author: nathan-van-der-werf

.gitignore

@@ -0,0 +1,2 @@
+composer.lock
+.idea/

Plugin.php

@@ -0,0 +1,156 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Vdlp\BasicAuthentication;
+
+use Backend\Helpers\Backend as BackendHelper;
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Contracts\Session\Session;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Illuminate\Http\Request;
+use October\Rain\Translation\Translator;
+use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
+use System\Classes\PluginBase;
+use Vdlp\BasicAuthentication\Classes\Helper\AuthorizationHelper;
+use Vdlp\BasicAuthentication\Models\Credential;
+use Vdlp\BasicAuthentication\ServiceProviders\BasicAuthenticationServiceProvider;
+
+/**
+ * Class Plugin
+ *
+ * @package Vdlp\BasicAuthentication
+ */
+class Plugin extends PluginBase
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function pluginDetails(): array
+    {
+        return [
+            'name' => 'vdlp.basicauthentication::lang.plugin.name',
+            'description' => 'vdlp.basicauthentication::lang.plugin.description',
+            'author' => 'Van der Let & Partners',
+            'icon' => 'icon-lock',
+        ];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function register(): void
+    {
+        $this->app->register(BasicAuthenticationServiceProvider::class);
+    }
+
+    /**
+     * {@inheritdoc}
+     * @throws SuspiciousOperationException
+     */
+    public function boot()
+    {
+        /** @var Repository $config */
+        $config = resolve(Repository::class);
+
+        if (!$config->get('basicauthentication.enabled')
+            || app()->runningInConsole()
+            || app()->runningUnitTests()
+            || app()->runningInBackend()
+        ) {
+            return;
+        }
+
+        /** @var Request $request */
+        $request = resolve(Request::class);
+
+        /** @var Session $session */
+        $session = resolve(Session::class);
+
+        /** @var Translator $translator */
+        $translator = resolve('translator');
+
+        /** @var AuthorizationHelper $authorizationHelper */
+        $authorizationHelper = resolve(AuthorizationHelper::class);
+        if ($authorizationHelper->isIpAddressWhitelisted($request->ip())) {
+            return;
+        }
+
+        try {
+            /** @var Credential $credential */
+            $credential = Credential::query()
+                ->where('hostname', '=', $request->getHost())
+                ->where('is_enabled', '=', true)
+                ->firstOrFail();
+        } catch (ModelNotFoundException $e) {
+            return;
+        }
+
+        if ($authorizationHelper->isUrlExcluded($request->getUri())) {
+            return;
+        }
+
+        $sessionKey = str_slug(str_replace('.', '_', $credential->getAttribute('hostname')) . '_basic_authentication');
+        if ($session->has($sessionKey)) {
+            return;
+        }
+
+        if ($request->getUser() === $credential->getAttribute('username')
+            && $request->getPassword() === $credential->getAttribute('password')
+        ) {
+            $session->put($sessionKey, $request->getUser());
+            return;
+        }
+
+        header('WWW-Authenticate: Basic realm="' . $credential->getAttribute('realm') . '"');
+        header('HTTP/1.0 401 Unauthorized');
+
+        echo $translator->get('vdlp.basicauthentication::lang.output.unauthorized');
+        exit;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function registerPermissions(): array
+    {
+        return [
+            'vdlp.basicauthentication.access_settings' => [
+                'label' => 'vdlp.basicauthentication::lang.permissions.access_settings.label',
+                'tab' => 'vdlp.basicauthentication::lang.permissions.access_settings.tab',
+            ],
+        ];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function registerSettings(): array
+    {
+        /** @var BackendHelper $backendHelper */
+        $backendHelper = resolve(BackendHelper::class);
+
+        return [
+            'credentials' => [
+                'label' => 'vdlp.basicauthentication::lang.settings.label',
+                'description' => 'vdlp.basicauthentication::lang.settings.description',
+                'url' => $backendHelper->url('vdlp/basicauthentication/credentials'),
+                'category' => 'Basic Authentication',
+                'icon' => 'icon-lock',
+                'permissions' => ['vdlp.basicauthentication.*'],
+                'keywords' => 'basic authentication security',
+                'order' => 500,
+            ],
+            'excludedurls' => [
+                'label' => 'vdlp.basicauthentication::lang.excludedurls.label',
+                'description' => 'vdlp.basicauthentication::lang.excludedurls.description',
+                'url' => $backendHelper->url('vdlp/basicauthentication/excludedurls'),
+                'category' => 'Basic Authentication',
+                'icon' => 'icon-link',
+                'permissions' => ['vdlp.basicauthentication.*'],
+                'keywords' => 'basic authentication security',
+                'order' => 501,
+            ],
+        ];
+    }
+}

README.md

@@ -0,0 +1,30 @@
+# VDLP Basic Authentication plugin
+
+Allows you to manage Basic Authentication credentials for multiple hostnames / environments.
+
+## Requirements
+
+* PHP 7.1 or higher
+
+## Installation
+
+*CLI:*
+
+`php artisan plugin:install Vdlp.BasicAuthentication`
+
+*October CMS:*
+
+Go to Settings > Updates & Plugins > Install plugins and search for 'BasicAuthentication'.
+
+## Configuration
+
+To configure this plugin execute the following command:
+
+`php artisan vendor:publish --provider="Vdlp\BasicAuthentication\ServiceProviders\BasicAuthenticationServiceProvider" --tag="config"`
+
+This will create a `config/basicauthentication.php` file in your app where you can modify the configuration if you don't
+want to use .env variables.
+
+## Questions? Need help?
+
+If you have any question about how to use this plugin, please don't hesitate to contact us at octobercms@vdlp.nl. We're happy to help you. You can also visit the support forum and drop your questions/issues there.

classes/helper/AuthorizationHelper.php

@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Vdlp\BasicAuthentication\Classes\Helper;
+
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
+use Vdlp\BasicAuthentication\Models\ExcludedUrl;
+
+/**
+ * Class AuthorizationHelper
+ *
+ * @package Vdlp\BasicAuthentication\Classes\Helper
+ */
+class AuthorizationHelper
+{
+    /**
+     * @var Repository
+     */
+    private $config;
+
+    /**
+     * @var Request
+     */
+    private $request;
+
+    /**
+     * @param Repository $config
+     * @param Request $request
+     */
+    public function __construct(Repository $config, Request $request)
+    {
+        $this->config = $config;
+        $this->request = $request;
+    }
+
+    /**
+     * @param string $currentUrl
+     * @return bool
+     * @throws SuspiciousOperationException
+     */
+    public function isUrlExcluded(string $currentUrl): bool
+    {
+        $currentUrl = parse_url($currentUrl);
+
+        $excludedUrls = ExcludedUrl::all();
+        foreach ($excludedUrls as $excludedUrl) {
+            $excludedUrl = parse_url($excludedUrl->getAttribute('url'));
+            if (array_key_exists('host', $excludedUrl) && $excludedUrl['host'] !== $this->request->getHost()) {
+                continue;
+            }
+
+            if (array_key_exists('path', $excludedUrl)
+                && array_key_exists('path', $currentUrl)
+                && $excludedUrl['path'] === $currentUrl['path']
+            ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @param string $ipAddress
+     * @return bool
+     */
+    public function isIpAddressWhitelisted(string $ipAddress): bool
+    {
+        return in_array($ipAddress, explode(',', $this->config->get('basicauthentication.whitelisted_ips')), true);
+    }
+}

composer.json

@@ -0,0 +1,15 @@
+{
+    "name": "vdlp/oc-basicauthentication-plugin",
+    "description": "Allows you to manage Basic Authentication credentials in October CMS powered websites.",
+    "type": "october-plugin",
+    "license": "GPL-2.0",
+    "authors": [
+        {
+            "name": "Van der Let & Partners",
+            "email": "octobercms@vdlp.nl"
+        }
+    ],
+    "require": {
+        "php": ">=7.1"
+    }
+}

config.php

@@ -0,0 +1,8 @@
+<?php
+
+declare(strict_types=1);
+
+return [
+    'enabled' => (bool) env('BASIC_AUTHENTICATION_ENABLED', false),
+    'whitelisted_ips' => env('BASIC_AUTHENTICATION_WHITELISTED_IPS', ''),
+];

controllers/Credentials.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Vdlp\BasicAuthentication\Controllers;
+
+use Backend\Behaviors\FormController;
+use Backend\Behaviors\ListController;
+use Backend\Classes\NavigationManager;
+use Backend\Classes\Controller;
+use System\Classes\SettingsManager;
+
+/**
+ * Class Credentials
+ *
+ * Credentials Back-end Controller.
+ *
+ * @package Vdlp\BasicAuthentication\Controllers
+ * @mixin ListController
+ * @mixin FormController
+ */
+class Credentials extends Controller
+{
+    /** {@inheritdoc} */
+    public $implement = [
+        FormController::class,
+        ListController::class,
+    ];
+
+    /** @var string */
+    public $formConfig = 'config_form.yaml';
+
+    /** @var string */
+    public $listConfig = 'config_list.yaml';
+
+    /** {@inheritdoc} */
+    public $requiredPermissions = ['vdlp.basicauthentication.access_settings'];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct();
+
+        NavigationManager::instance()->setContext('October.System', 'system', 'settings');
+        SettingsManager::setContext('Vdlp.BasicAuthentication', 'credentials');
+    }
+}

controllers/ExcludedUrls.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Vdlp\BasicAuthentication\Controllers;
+
+use Backend\Behaviors\FormController;
+use Backend\Behaviors\ListController;
+use Backend\Classes\NavigationManager;
+use Backend\Classes\Controller;
+use System\Classes\SettingsManager;
+
+/**
+ * Class excludedurls
+ *
+ * Excluded Urls Back-end Controller.
+ *
+ * @package Vdlp\BasicAuthentication\Controllers
+ * @mixin ListController
+ * @mixin FormController
+ */
+class ExcludedUrls extends Controller
+{
+    /** {@inheritdoc} */
+    public $implement = [
+        FormController::class,
+        ListController::class,
+    ];
+
+    /** @var string */
+    public $formConfig = 'config_form.yaml';
+
+    /** @var string */
+    public $listConfig = 'config_list.yaml';
+
+    /** {@inheritdoc} */
+    public $requiredPermissions = ['vdlp.basicauthentication.access_settings'];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct();
+
+        NavigationManager::instance()->setContext('October.System', 'system', 'settings');
+        SettingsManager::setContext('Vdlp.BasicAuthentication', 'excludedurls');
+    }
+}

controllers/credentials/_list_toolbar.htm

@@ -0,0 +1,7 @@
+<div data-control="toolbar">
+    <a
+        href="<?= $this->actionUrl('create') ?>"
+        class="btn btn-primary oc-icon-plus">
+        <?= e(trans('vdlp.basicauthentication::lang.credentials.list.create_button')); ?>
+    </a>
+</div>