Fix handling authentication

- URL routes now defaulty required authentication if
  force_authentication special function is defined.
- handle_request() now trigger a fatal error if user try to access to
  a required route and if force_authentication function is not defined.
- logging() now retreive username from $auth_user['username'].
This commit is contained in:
Benjamin Renard 2022-04-25 18:42:18 +02:00
parent e533ec9148
commit 01759fb4c2
7 changed files with 82 additions and 52 deletions

View file

@ -60,7 +60,7 @@ function logging($level, $message) {
$_SERVER['REMOTE_ADDR'],
);
if (isset($auth_user))
$msg[] = ($auth_user?$auth_user:'anonymous');
$msg[] = ($auth_user['username']?$auth_user['username']:'anonymous');
$msg[] = $level;
$msg[] = $message;
$msg = implode(' - ', $msg)."\n";

View file

@ -29,14 +29,20 @@ $url_patterns =array();
* @param $pattern string The URL pattern (required)
* @param $handler callable The URL pattern handler (must be callable, required)
* @param $authenticated boolean Permit to define if this URL is accessible only for
* authenticated users (optional, default: true)
* authenticated users (optional, default: true if the special
* force_authentication function is defined, false otherwise)
* @param $override boolean Allow override if a command already exists with the
* same name (optional, default: false)
* @param $api_mode boolean Enable API mode (optional, default: false)
* @param $methods array|null HTTP method (optional, default: array('GET', 'POST'))
**/
function add_url_handler($pattern, $handler=null, $authenticated=false, $override=true,
function add_url_handler($pattern, $handler=null, $authenticated=null, $override=true,
$api_mode=false, $methods=null) {
$authenticated = (
is_null($authenticated)?
function_exists('force_authentication'):
(bool)$authenticated
);
if (is_null($methods))
$methods = array('GET', 'POST');
elseif (!is_array($methods))
@ -322,6 +328,10 @@ function redirect($go=false) {
/**
* Handle the current requested URL
*
* Note: if the route required that user is authenticated, this method will
* invoke the force_authentication() special function (or trigger a fatal error
* if it's not defined).
*
* @param $default_url string|null The default URL if current one does not
* match with any configured pattern.
*
@ -343,8 +353,11 @@ function handle_request($default_url=null) {
$smarty -> assign('request', $request);
// Check authentication (if need)
if($request -> authenticated && function_exists('force_authentication'))
if($request -> authenticated)
if (function_exists('force_authentication'))
force_authentication();
else
logging('FATAL', _("Authentication required but force_authentication function is not defined."));
try {
return call_user_func($request -> handler, $request);

View file

@ -1,7 +1,7 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2022-04-24 19:09+0200\n"
"POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: \n"
"Last-Translator: Benjamin Renard <brenard@easter-eggs.com>\n"
"Language-Team: \n"
@ -351,27 +351,27 @@ msgstr ""
"\n"
"Mail originalement destiné à %s."
#: /home/brenard/dev/eesyphp/includes/url.php:92
#: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request"
msgstr "Mauvaise requête"
#: /home/brenard/dev/eesyphp/includes/url.php:93
#: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request."
msgstr "Requête invalide."
#: /home/brenard/dev/eesyphp/includes/url.php:96
#: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required"
msgstr "Authentification requise"
#: /home/brenard/dev/eesyphp/includes/url.php:97
#: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page."
msgstr "Vous devez être authentifié pour accéder à cette page."
#: /home/brenard/dev/eesyphp/includes/url.php:100
#: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied"
msgstr "Accès interdit"
#: /home/brenard/dev/eesyphp/includes/url.php:101
#: /home/brenard/dev/eesyphp/includes/url.php:107
msgid ""
"You do not have access to this application. If you think this is an error, "
"please contact support."
@ -379,25 +379,25 @@ msgstr ""
"Vous n'avez pas accès à cette application. Si vous pensez qu'il s'agit d'une "
"erreur, merci de prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:104
#: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found"
msgstr "Oups ! Page introuvable"
#: /home/brenard/dev/eesyphp/includes/url.php:105
#: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found."
msgstr "La page demandée est introuvable."
#: /home/brenard/dev/eesyphp/includes/url.php:113
#: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error"
msgstr "Erreur"
#: /home/brenard/dev/eesyphp/includes/url.php:114
#: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support."
msgstr ""
"Une erreur inconnue est survenue. Si le problème persiste, merci de prendre "
"contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:159
#: /home/brenard/dev/eesyphp/includes/url.php:165
msgid ""
"Unable to determine the requested page. If the problem persists, please "
"contact support."
@ -405,7 +405,7 @@ msgstr ""
"Impossible de déterminer la page demandée. Si le problème persiste, merci de "
"prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:312
#: /home/brenard/dev/eesyphp/includes/url.php:318
msgid ""
"Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support."
@ -413,11 +413,18 @@ msgstr ""
"Impossible de déterminer la page demandée (boucle détectée). Si le problème "
"persiste, merci de prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:337
#: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed."
msgstr "Cette requête ne peut être traitée."
#: /home/brenard/dev/eesyphp/includes/url.php:355
#: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
"Authentification requise mais la fonction force_authentication n'est pas "
"définie."
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly."
msgstr "Cette requête n'a put être traitée correctement."

View file

@ -1,7 +1,7 @@
msgid ""
msgstr ""
"POT-Creation-Date: 2022-04-24 20:13+0200\n"
"PO-Revision-Date: 2022-04-24 20:13+0200\n"
"POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: 2022-04-25 18:40+0200\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

View file

@ -1,7 +1,7 @@
msgid ""
msgstr ""
"POT-Creation-Date: 2022-04-24 20:13+0200\n"
"PO-Revision-Date: 2022-04-24 20:13+0200\n"
"POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: 2022-04-25 18:40+0200\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@ -305,65 +305,70 @@ msgid ""
"Mail initialy intended for %s."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:92
#: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:93
#: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:96
#: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:97
#: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:100
#: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:101
#: /home/brenard/dev/eesyphp/includes/url.php:107
msgid ""
"You do not have access to this application. If you think this is an error, "
"please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:104
#: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:105
#: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:113
#: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:114
#: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:159
#: /home/brenard/dev/eesyphp/includes/url.php:165
msgid ""
"Unable to determine the requested page. If the problem persists, please "
"contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:312
#: /home/brenard/dev/eesyphp/includes/url.php:318
msgid ""
"Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:337
#: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:355
#: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly."
msgstr ""

View file

@ -297,65 +297,70 @@ msgid ""
"Mail initialy intended for %s."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:92
#: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:93
#: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:96
#: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:97
#: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:100
#: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:101
#: /home/brenard/dev/eesyphp/includes/url.php:107
msgid ""
"You do not have access to this application. If you think this is an error, "
"please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:104
#: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:105
#: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:113
#: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error"
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:114
#: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:159
#: /home/brenard/dev/eesyphp/includes/url.php:165
msgid ""
"Unable to determine the requested page. If the problem persists, please "
"contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:312
#: /home/brenard/dev/eesyphp/includes/url.php:318
msgid ""
"Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:337
#: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:355
#: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly."
msgstr ""