From 664979eb56c7adee225062af45f5623c73ab318e Mon Sep 17 00:00:00 2001
From: til-schneider <github@murfman.de>
Date: Wed, 23 Dec 2015 19:20:29 +0100
Subject: [PATCH] Added login via base authentication

---
 src/server/logic/EditorService.php | 25 +++++++++++++++++++++++++
 src/server/logic/Main.php          | 11 +++++++++++
 2 files changed, 36 insertions(+)

diff --git a/src/server/logic/EditorService.php b/src/server/logic/EditorService.php
index 574eb1b..a9b3fef 100644
--- a/src/server/logic/EditorService.php
+++ b/src/server/logic/EditorService.php
@@ -13,7 +13,32 @@ class EditorService {
         return ($methodName == 'saveArticle' || $methodName == 'createUserConfig');
     }
 
+    // Returns one of: 'logged-in', 'no-credentials', 'wrong-credentials'
+    public function getLoginState() {
+        if (!isset($_SERVER['PHP_AUTH_USER'])) {
+            return 'no-credentials';
+        } else {
+            $userInfo = $this->context->getConfig()['user.' . $_SERVER['PHP_AUTH_USER']];
+            if (isset($userInfo)) {
+                $loginHash = hash($userInfo['type'], $_SERVER['PHP_AUTH_PW'] . $userInfo['salt']);
+                if ($loginHash == $userInfo['hash']) {
+                    return 'logged-in';
+                }
+            }
+
+            return 'wrong-credentials';
+        }
+    }
+
+    public function assertLoggedIn() {
+        if ($this->getLoginState() != 'logged-in') {
+            throw new Exception('Not logged in');
+        }
+    }
+
     public function saveArticle($articleFilename, $markdownText) {
+        $this->assertLoggedIn();
+
         if (! $this->context->isValidArticleFilename($articleFilename)) {
             throw new Exception("Invalid article filename: '$articleFilename'");
         }
diff --git a/src/server/logic/Main.php b/src/server/logic/Main.php
index e2df456..b94b451 100644
--- a/src/server/logic/Main.php
+++ b/src/server/logic/Main.php
@@ -79,6 +79,17 @@ class Main {
             $mode = 'view';
         }
 
+        if ($mode == 'edit') {
+            $loginState = $this->context->getEditorService()->getLoginState();
+            if ($loginState != 'logged-in') {
+                $wikiName = $this->context->getConfig()['wikiName'];
+                header('WWW-Authenticate: Basic realm="'.$wikiName.'"');
+                header('HTTP/1.0 401 Unauthorized');
+
+                $mode = 'view';
+            }
+        }
+
         $articleFilename = $this->getArticleFilename($requestPathArray);
         if ($articleFilename == null) {
             header('HTTP/1.0 404 Not Found');