From 75eb931d2434b584b7ec8e85d80088c8856db3c1 Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Fri, 6 Nov 2015 22:58:44 +0100
Subject: [PATCH 1/6] Adds IP based authentication

---
 auth-ip/authenticate.php | 50 ++++++++++++++++++++++++++++++++++++++++
 auth-ip/config.php       | 45 ++++++++++++++++++++++++++++++++++++
 auth-ip/plugin.php       | 13 +++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 auth-ip/authenticate.php
 create mode 100644 auth-ip/config.php
 create mode 100644 auth-ip/plugin.php

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
new file mode 100644
index 0000000..a3224e3
--- /dev/null
+++ b/auth-ip/authenticate.php
@@ -0,0 +1,50 @@
+<?php
+
+require_once(INCLUDE_DIR.'class.auth.php');
+
+class UserIpAuthentication extends UserAuthenticationBackend {
+    static $name = "IP Authentication";
+    static $id = "ip.client";
+
+    function supportsInteractiveAuthentication() {
+        return false;
+    }
+
+    function signOn() {
+        if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
+        
+            $username = $_SERVER['REMOTE_ADDR'];
+        
+            if ($acct = ClientAccount::lookupByUsername($username)) {
+                if (($client = new ClientSession(new EndUser($acct->getUser())))
+                        && $client->getId())
+                    return $client;
+            }
+            else {
+                // No such account. Attempt a lookup on the username
+                $users = parent::searchUsers($username);
+                if (!is_array($users))
+                    return;
+
+                foreach ($users as $u) {
+                    if (0 === strcasecmp($u['username'], $username)
+                            || 0 === strcasecmp($u['email'], $username))
+                        // User information matches IP address
+                        return new ClientCreateRequest($this, $username, $u);
+                }
+            }
+        }
+    }
+}
+
+require_once(INCLUDE_DIR.'class.plugin.php');
+require_once('config.php');
+class IpAuthPlugin extends Plugin {
+    var $config_class = 'IpAuthConfig';
+
+    function bootstrap() {
+        $config = $this->getConfig();
+        if ($config->get('auth-client'))
+            UserAuthenticationBackend::register('UserIpAuthentication');
+    }
+}
diff --git a/auth-ip/config.php b/auth-ip/config.php
new file mode 100644
index 0000000..bfe56cc
--- /dev/null
+++ b/auth-ip/config.php
@@ -0,0 +1,45 @@
+<?php
+require_once(INCLUDE_DIR.'/class.forms.php');
+
+class IpAuthConfig extends PluginConfig {
+
+    // Provide compatibility function for versions of osTicket prior to
+    // translation support (v1.9.4)
+    function translate() {
+        if (!method_exists('Plugin', 'translate')) {
+            return array(
+                function($x) { return $x; },
+                function($x, $y, $n) { return $n != 1 ? $y : $x; },
+            );
+        }
+        return Plugin::translate('auth-ip');
+    }
+
+    function getOptions() {
+        list($__, $_N) = self::translate();
+        return array(
+            'auth' => new SectionBreakField(array(
+                'label' => $__('Authentication Modes'),
+                'hint' => $__('Authentication mode for clients. Clients
+                    can be identifie via their IP Address.'),
+            )),
+            'auth-client' => new BooleanField(array(
+                'label' => $__('Client Authentication'),
+                'default' => false,
+                'configuration' => array(
+                    'desc' => $__('Enable IP authentication of clients')
+                )
+            )),
+        );
+    }
+
+    function pre_save(&$config, &$errors) {
+        global $msg;
+
+        list($__, $_N) = self::translate();
+        if (!$errors)
+            $msg = $__('Configuration updated successfully');
+
+        return true;
+    }
+}
diff --git a/auth-ip/plugin.php b/auth-ip/plugin.php
new file mode 100644
index 0000000..0e10505
--- /dev/null
+++ b/auth-ip/plugin.php
@@ -0,0 +1,13 @@
+<?php
+
+return array(
+    'id' =>             'auth:ip', # notrans
+    'version' =>        '0.1',
+    'name' =>           /* trans */ 'IP Authentication',
+    'author' =>         'Maximilian Weber',
+    'description' =>    /* trans */ 'Allows user authentication based on request IP addresses. osTicket will match the request IP address to the username.',
+    'url' =>            'http://www.osticket.com/plugins/auth/ip',
+    'plugin' =>         'authenticate.php:IpAuthPlugin'
+);
+
+?>

From 442314f4a097ffa1131e75d994d9e1cdeb97f6ec Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Fri, 6 Nov 2015 23:47:45 +0100
Subject: [PATCH 2/6] Fixes typos and code formatting

---
 auth-ip/authenticate.php | 2 +-
 auth-ip/config.php       | 2 +-
 auth-ip/plugin.php       | 4 +---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
index a3224e3..ec76050 100644
--- a/auth-ip/authenticate.php
+++ b/auth-ip/authenticate.php
@@ -12,7 +12,7 @@ function supportsInteractiveAuthentication() {
 
     function signOn() {
         if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
-        
+
             $username = $_SERVER['REMOTE_ADDR'];
         
             if ($acct = ClientAccount::lookupByUsername($username)) {
diff --git a/auth-ip/config.php b/auth-ip/config.php
index bfe56cc..fc8c4a6 100644
--- a/auth-ip/config.php
+++ b/auth-ip/config.php
@@ -21,7 +21,7 @@ function getOptions() {
             'auth' => new SectionBreakField(array(
                 'label' => $__('Authentication Modes'),
                 'hint' => $__('Authentication mode for clients. Clients
-                    can be identifie via their IP Address.'),
+                    can be identified via their IP address.'),
             )),
             'auth-client' => new BooleanField(array(
                 'label' => $__('Client Authentication'),
diff --git a/auth-ip/plugin.php b/auth-ip/plugin.php
index 0e10505..67e3473 100644
--- a/auth-ip/plugin.php
+++ b/auth-ip/plugin.php
@@ -5,9 +5,7 @@
     'version' =>        '0.1',
     'name' =>           /* trans */ 'IP Authentication',
     'author' =>         'Maximilian Weber',
-    'description' =>    /* trans */ 'Allows user authentication based on request IP addresses. osTicket will match the request IP address to the username.',
+    'description' =>    /* trans */ 'Allows user authentication based on IP addresses. osTicket will match the request IP address to usernames.',
     'url' =>            'http://www.osticket.com/plugins/auth/ip',
     'plugin' =>         'authenticate.php:IpAuthPlugin'
 );
-
-?>

From 45ef2f1e185338ed5257ed20e05151ba871dc5e6 Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Wed, 25 Nov 2015 17:45:03 +0100
Subject: [PATCH 3/6] Adds ddns parameter to enable host name based
 authentication, too

---
 auth-ip/authenticate.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
index ec76050..69d4673 100644
--- a/auth-ip/authenticate.php
+++ b/auth-ip/authenticate.php
@@ -12,9 +12,11 @@ function supportsInteractiveAuthentication() {
 
     function signOn() {
         if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
-
-            $username = $_SERVER['REMOTE_ADDR'];
-        
+            if (isset($_GET['ddns']) && !empty($_GET['ddns']) && $_SERVER['REMOTE_ADDR'] === gethostbyname($_GET['ddns'])) {
+                $username = $_GET['ddns'];
+            } else {
+                $username = $_SERVER['REMOTE_ADDR'];
+            }
             if ($acct = ClientAccount::lookupByUsername($username)) {
                 if (($client = new ClientSession(new EndUser($acct->getUser())))
                         && $client->getId())
@@ -29,7 +31,7 @@ function signOn() {
                 foreach ($users as $u) {
                     if (0 === strcasecmp($u['username'], $username)
                             || 0 === strcasecmp($u['email'], $username))
-                        // User information matches IP address
+                        // User information is valid
                         return new ClientCreateRequest($this, $username, $u);
                 }
             }
@@ -48,3 +50,4 @@ function bootstrap() {
             UserAuthenticationBackend::register('UserIpAuthentication');
     }
 }
+

From 9aa19f5c830b660cb55be314418e7ef4f5fffafb Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Fri, 4 Dec 2015 18:29:59 +0100
Subject: [PATCH 4/6] Adds token authentication

---
 auth-ip/authenticate.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
index 69d4673..dd4e0fc 100644
--- a/auth-ip/authenticate.php
+++ b/auth-ip/authenticate.php
@@ -10,9 +10,11 @@ function supportsInteractiveAuthentication() {
         return false;
     }
 
-    function signOn() {
+    function signOn() {
         if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
-            if (isset($_GET['ddns']) && !empty($_GET['ddns']) && $_SERVER['REMOTE_ADDR'] === gethostbyname($_GET['ddns'])) {
+            if (isset($_GET['token']) && !empty($_GET['token']) && iconv_strlen($_GET['token']) == 12) {
+                $username = $_GET['token'];
+            } else if (isset($_GET['ddns']) && !empty($_GET['ddns']) && $_SERVER['REMOTE_ADDR'] === gethostbyname($_GET['ddns'])) {
                 $username = $_GET['ddns'];
             } else {
                 $username = $_SERVER['REMOTE_ADDR'];
@@ -50,4 +52,3 @@ function bootstrap() {
             UserAuthenticationBackend::register('UserIpAuthentication');
     }
 }
-

From be2b5ede2c660df1d054cf79912b3f7feecd57e8 Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Sun, 6 Dec 2015 13:41:27 +0100
Subject: [PATCH 5/6] Adds possibility to add IP address as token

---
 auth-ip/authenticate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
index dd4e0fc..f7310b5 100644
--- a/auth-ip/authenticate.php
+++ b/auth-ip/authenticate.php
@@ -12,7 +12,7 @@ function supportsInteractiveAuthentication() {
 
     function signOn() {
         if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
-            if (isset($_GET['token']) && !empty($_GET['token']) && iconv_strlen($_GET['token']) == 12) {
+            if (isset($_GET['token']) && !empty($_GET['token']) && iconv_strlen($_GET['token']) >= 15) {
                 $username = $_GET['token'];
             } else if (isset($_GET['ddns']) && !empty($_GET['ddns']) && $_SERVER['REMOTE_ADDR'] === gethostbyname($_GET['ddns'])) {
                 $username = $_GET['ddns'];

From 8ade7e43b5f28ad45934636fbe043e54ee5e6989 Mon Sep 17 00:00:00 2001
From: Maximilian Weber <post@wbrmx.de>
Date: Sun, 6 Dec 2015 13:50:09 +0100
Subject: [PATCH 6/6] Fixes an issue where the length of ip addresses was
 calculated the wrong way

---
 auth-ip/authenticate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth-ip/authenticate.php b/auth-ip/authenticate.php
index f7310b5..79261d2 100644
--- a/auth-ip/authenticate.php
+++ b/auth-ip/authenticate.php
@@ -12,7 +12,7 @@ function supportsInteractiveAuthentication() {
 
     function signOn() {
         if (isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
-            if (isset($_GET['token']) && !empty($_GET['token']) && iconv_strlen($_GET['token']) >= 15) {
+            if (isset($_GET['token']) && !empty($_GET['token']) && iconv_strlen($_GET['token']) >= 7) {
                 $username = $_GET['token'];
             } else if (isset($_GET['ddns']) && !empty($_GET['ddns']) && $_SERVER['REMOTE_ADDR'] === gethostbyname($_GET['ddns'])) {
                 $username = $_GET['ddns'];