From 2ed2dcac9de8bd8bae31e244f320385db432bff1 Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Sat, 31 Oct 2009 01:33:01 +0000 Subject: [PATCH] - LSauth : Change to be extensible - LSauthHTTP : Add new class to manage HTTP authentification - LSsession : Update consequently to LSauth change --- trunk/conf/config.inc.php | 5 ++ trunk/includes/class/class.LSauth.php | 43 ++++++++- trunk/includes/class/class.LSauthHTTP.php | 93 ++++++++++++++++++++ trunk/includes/class/class.LSsession.php | 101 ++++++++++++++-------- trunk/templates/default/blank.tpl | 16 ++-- trunk/templates/default/top.tpl | 2 +- 6 files changed, 211 insertions(+), 49 deletions(-) create mode 100644 trunk/includes/class/class.LSauthHTTP.php diff --git a/trunk/conf/config.inc.php b/trunk/conf/config.inc.php index 215e13eb..c2c43616 100644 --- a/trunk/conf/config.inc.php +++ b/trunk/conf/config.inc.php @@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array( 'filter' => '(objectClass=*)', 'scope' => 'sub' ), +/* + 'LSauth' => array ( + 'method' => 'HTTP' + ), +*/ 'LSprofiles' => array ( 'admin' => array ( 'o=ls' => array ( diff --git a/trunk/includes/class/class.LSauth.php b/trunk/includes/class/class.LSauth.php index 38979a35..1b4a9e96 100644 --- a/trunk/includes/class/class.LSauth.php +++ b/trunk/includes/class/class.LSauth.php @@ -29,6 +29,31 @@ */ class LSauth { + static private $authData=NULL; + + var $params = array ( + 'displayLoginForm' => true, + 'displayLogoutBtn' => true + ); + + /** + * Check Post Data + * + * @retval boolean True if post data permit the authentification or False + **/ + public function getPostData() { + if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) { + $this -> authData = array( + 'username' => $_POST['LSsession_user'], + 'password' => $_POST['LSsession_pwd'], + 'ldapserver' => $_POST['LSsession_ldapserver'], + 'topDn' => $_POST['LSsession_topDn'] + ); + return true; + } + return; + } + /** * Check user login * @@ -37,11 +62,11 @@ class LSauth { * * @retval LSldapObject|false The LSldapObject of the user authificated or false */ - public static function authenticate($username,$password) { + public function authenticate() { if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) { $authobject = new LSsession :: $ldapServer['authObjectType'](); $result = $authobject -> searchObject( - $username, + $this -> authData['username'], LSsession :: getTopDn(), LSsession :: $ldapServer['authObjectFilter'] ); @@ -56,7 +81,7 @@ class LSauth { // duplication d'authentité LSerror :: addErrorCode('LSauth_02'); } - elseif ( self :: checkUserPwd($result[0],$password) ) { + elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) { // Authentication succeeded return $result[0]; } @@ -85,6 +110,18 @@ class LSauth { return LSldap :: checkBind($object -> getValue('dn'),$pwd); } + /** + * Define if login form can be displayed or not + * + * @retval boolean + **/ + public function __get($key) { + if ($key=='params') { + return $this -> params; + } + return; + } + } /* diff --git a/trunk/includes/class/class.LSauthHTTP.php b/trunk/includes/class/class.LSauthHTTP.php new file mode 100644 index 00000000..c5bc7317 --- /dev/null +++ b/trunk/includes/class/class.LSauthHTTP.php @@ -0,0 +1,93 @@ + + */ +class LSauthHTTP extends LSauth { + + var $params = array ( + 'displayLoginForm' => false, + 'displayLogoutBtn' => false + ); + + /** + * Check Post Data + * + * @retval array|False Array of post data if exist or False + **/ + public function getPostData() { + if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) { + $this -> authData = array( + 'username' => $_SERVER['PHP_AUTH_USER'], + 'password' => $_SERVER['PHP_AUTH_PW'], + 'ldapserver' => $_REQUEST['LSsession_ldapserver'], + 'topDn' => $_REQUEST['LSsession_topDn'] + ); + return true; + } + return; + } + + /** + * Check user login + * + * @param[in] $username The username + * @param[in] $password The password + * + * @retval LSldapObject|false The LSldapObject of the user authificated or false + */ + public function authenticate() { + if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) { + $authobject = new LSsession :: $ldapServer['authObjectType'](); + $result = $authobject -> searchObject( + $this -> authData['username'], + LSsession :: getTopDn(), + LSsession :: $ldapServer['authObjectFilter'] + ); + $nbresult=count($result); + + if ($nbresult==0) { + // identifiant incorrect + LSdebug('identifiant incorrect'); + LSerror :: addErrorCode('LSauth_01'); + } + else if ($nbresult>1) { + // duplication d'authentité + LSerror :: addErrorCode('LSauth_02'); + } + else { + // Authentication succeeded + return $result[0]; + } + } + else { + LSerror :: addErrorCode('LSauth_03'); + } + return; + } + +} +?> diff --git a/trunk/includes/class/class.LSsession.php b/trunk/includes/class/class.LSsession.php index 7cb6b473..bc527d34 100644 --- a/trunk/includes/class/class.LSsession.php +++ b/trunk/includes/class/class.LSsession.php @@ -20,7 +20,7 @@ ******************************************************************************/ -/** +/** * Gestion des sessions * * Cette classe gère les sessions d'utilisateurs. @@ -50,6 +50,9 @@ class LSsession { // Les droits d'accès de l'utilisateur private static $LSaccess = array(); + // Authentification parameters + private static $authParams = array(); + // Les fichiers temporaires private static $tmp_file = array(); @@ -466,6 +469,7 @@ class LSsession { self :: $rdn = $_SESSION['LSsession']['rdn']; self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId']; self :: $tmp_file = $_SESSION['LSsession']['tmp_file']; + self :: $authParams = $_SESSION['LSsession']['authParams']; if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) { self :: setLdapServer(self :: $ldapServerId); @@ -509,39 +513,48 @@ class LSsession { } else { // Session inexistante - if (isset($_POST['LSsession_user'])) { - if (isset($_POST['LSsession_ldapserver'])) { - self :: setLdapServer($_POST['LSsession_ldapserver']); + if (isset($_POST['LSsession_ldapserver'])) { + self :: setLdapServer($_POST['LSsession_ldapserver']); + } + else { + self :: setLdapServer(0); + } + + // Connexion au serveur LDAP + if (self :: LSldapConnect()) { + + // topDn + if ( $_POST['LSsession_topDn'] != '' ){ + self :: $topDn = $_POST['LSsession_topDn']; } else { - self :: setLdapServer(0); + self :: $topDn = self :: $ldapServer['ldap_config']['basedn']; } - - // Connexion au serveur LDAP - if (self :: LSldapConnect()) { + $_SESSION['LSsession_topDn']=self :: $topDn; - // topDn - if ( $_POST['LSsession_topDn'] != '' ){ - self :: $topDn = $_POST['LSsession_topDn']; - } - else { - self :: $topDn = self :: $ldapServer['ldap_config']['basedn']; - } - $_SESSION['LSsession_topDn']=self :: $topDn; - - - if (isset($_GET['LSsession_recoverPassword'])) { - $recoveryPasswordInfos = self :: recoverPasswd( - $_REQUEST['LSsession_user'], - $_GET['recoveryHash'] - ); - } - else { - if (self :: loadLSclass('LSauth')) { - $LSuserObject = LSauth :: authenticate( - $_REQUEST['LSsession_user'], - $_REQUEST['LSsession_pwd'] - ); + if (isset($_GET['LSsession_recoverPassword'])) { + $recoveryPasswordInfos = self :: recoverPasswd( + $_REQUEST['LSsession_user'], + $_GET['recoveryHash'] + ); + } + else { + if (self :: loadLSclass('LSauth')) { + if (isset(self :: $ldapServer['LSauth']['method'])) { + $LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method']; + if (!self :: loadLSclass($LSauthClass)) { + LSerror :: addErrorCode('LSsession_08',$LSauthClass); + $LSauthClass = 'LSauth'; + } + } + else { + $LSauthClass = 'LSauth'; + } + + $authObj = new $LSauthClass(); + self :: $authParams = $authObj->params; + if ($authObj -> getPostData()) { + $LSuserObject = $authObj -> authenticate(); if ($LSuserObject) { // Authentification réussi self :: $LSuserObject = $LSuserObject; @@ -555,10 +568,13 @@ class LSsession { } } } + else { + LSerror :: addErrorCode('LSsession_05','LSauth'); + } } - else { - LSerror :: addErrorCode('LSsession_09'); - } + } + else { + LSerror :: addErrorCode('LSsession_09'); } if (self :: $ldapServerId) { $GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId); @@ -567,9 +583,13 @@ class LSsession { if (isset($_GET['LSsession_recoverPassword'])) { self :: displayRecoverPasswordForm($recoveryPasswordInfos); } - else { + elseif(self :: $authParams['displayLoginForm']) { self :: displayLoginForm(); } + else { + self :: setTemplate('blank.tpl'); + LSerror :: addErrorCode('LSsession_10'); + } return; } } @@ -811,7 +831,8 @@ class LSsession { 'ldapServerId' => self :: $ldapServerId, 'ldapServer' => self :: $ldapServer, 'LSprofiles' => self :: $LSprofiles, - 'LSaccess' => self :: $LSaccess + 'LSaccess' => self :: $LSaccess, + 'authParams' => self :: $authParams ); } @@ -1317,6 +1338,8 @@ class LSsession { $GLOBALS['Smarty'] -> assign('LSlang',self :: $lang); $GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding); $GLOBALS['Smarty'] -> assign('lang_label',_('Language')); + + $GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']); // Infos if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) { @@ -2088,11 +2111,15 @@ class LSsession { LSerror :: defineError('LSsession_07', _("LSsession : Impossible to identify you : Duplication of identities.") ); - // 08 + LSerror :: defineError('LSsession_08', + _("LSsession : Can't load class of authentification (%{class}).") + ); LSerror :: defineError('LSsession_09', _("LSsession : Can't connect to LDAP server.") ); - // 10 + LSerror :: defineError('LSsession_10', + _("LSsession : Impossible to authenticate you.") + ); LSerror :: defineError('LSsession_11', _("LSsession : Your are not authorized to do this action.") ); diff --git a/trunk/templates/default/blank.tpl b/trunk/templates/default/blank.tpl index c0cb0b35..9721cbe8 100644 --- a/trunk/templates/default/blank.tpl +++ b/trunk/templates/default/blank.tpl @@ -1,20 +1,20 @@ + + LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if} + {$LSsession_css} - {$LSsession_js} -
-{$LSerrors} -
-
- X -
{if $LSdebug != ''}{$LSdebug}{/if}
-
+ +{include file='LSdefault.tpl'} + +{$LSsession_js} + diff --git a/trunk/templates/default/top.tpl b/trunk/templates/default/top.tpl index 872f6ca1..518340cf 100644 --- a/trunk/templates/default/top.tpl +++ b/trunk/templates/default/top.tpl @@ -45,7 +45,7 @@ - {$connected_as} {$LSsession_username} Logout + {$connected_as} {$LSsession_username}{if $displayLogoutBtn} Logout{/if}