- LSauth : Change to be extensible

- LSauthHTTP : Add new class to manage HTTP authentification
- LSsession : Update consequently to LSauth change
This commit is contained in:
Benjamin Renard 2009-10-31 01:33:01 +00:00
parent 3e823a2b22
commit 2ed2dcac9d
6 changed files with 211 additions and 49 deletions

View file

@ -45,6 +45,11 @@ $GLOBALS['LSconfig'] = array(
'filter' => '(objectClass=*)',
'scope' => 'sub'
),
/*
'LSauth' => array (
'method' => 'HTTP'
),
*/
'LSprofiles' => array (
'admin' => array (
'o=ls' => array (

View file

@ -29,6 +29,31 @@
*/
class LSauth {
static private $authData=NULL;
var $params = array (
'displayLoginForm' => true,
'displayLogoutBtn' => true
);
/**
* Check Post Data
*
* @retval boolean True if post data permit the authentification or False
**/
public function getPostData() {
if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
$this -> authData = array(
'username' => $_POST['LSsession_user'],
'password' => $_POST['LSsession_pwd'],
'ldapserver' => $_POST['LSsession_ldapserver'],
'topDn' => $_POST['LSsession_topDn']
);
return true;
}
return;
}
/**
* Check user login
*
@ -37,11 +62,11 @@ class LSauth {
*
* @retval LSldapObject|false The LSldapObject of the user authificated or false
*/
public static function authenticate($username,$password) {
public function authenticate() {
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
$authobject = new LSsession :: $ldapServer['authObjectType']();
$result = $authobject -> searchObject(
$username,
$this -> authData['username'],
LSsession :: getTopDn(),
LSsession :: $ldapServer['authObjectFilter']
);
@ -56,7 +81,7 @@ class LSauth {
// duplication d'authentité
LSerror :: addErrorCode('LSauth_02');
}
elseif ( self :: checkUserPwd($result[0],$password) ) {
elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
// Authentication succeeded
return $result[0];
}
@ -85,6 +110,18 @@ class LSauth {
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
}
/**
* Define if login form can be displayed or not
*
* @retval boolean
**/
public function __get($key) {
if ($key=='params') {
return $this -> params;
}
return;
}
}
/*

View file

@ -0,0 +1,93 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
/**
* Gestion de l'authentification d'un utilisateur suite à une authentification
* HTTP
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*/
class LSauthHTTP extends LSauth {
var $params = array (
'displayLoginForm' => false,
'displayLogoutBtn' => false
);
/**
* Check Post Data
*
* @retval array|False Array of post data if exist or False
**/
public function getPostData() {
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
$this -> authData = array(
'username' => $_SERVER['PHP_AUTH_USER'],
'password' => $_SERVER['PHP_AUTH_PW'],
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
'topDn' => $_REQUEST['LSsession_topDn']
);
return true;
}
return;
}
/**
* Check user login
*
* @param[in] $username The username
* @param[in] $password The password
*
* @retval LSldapObject|false The LSldapObject of the user authificated or false
*/
public function authenticate() {
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
$authobject = new LSsession :: $ldapServer['authObjectType']();
$result = $authobject -> searchObject(
$this -> authData['username'],
LSsession :: getTopDn(),
LSsession :: $ldapServer['authObjectFilter']
);
$nbresult=count($result);
if ($nbresult==0) {
// identifiant incorrect
LSdebug('identifiant incorrect');
LSerror :: addErrorCode('LSauth_01');
}
else if ($nbresult>1) {
// duplication d'authentité
LSerror :: addErrorCode('LSauth_02');
}
else {
// Authentication succeeded
return $result[0];
}
}
else {
LSerror :: addErrorCode('LSauth_03');
}
return;
}
}
?>

View file

@ -50,6 +50,9 @@ class LSsession {
// Les droits d'accès de l'utilisateur
private static $LSaccess = array();
// Authentification parameters
private static $authParams = array();
// Les fichiers temporaires
private static $tmp_file = array();
@ -466,6 +469,7 @@ class LSsession {
self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
self :: $authParams = $_SESSION['LSsession']['authParams'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
@ -509,7 +513,6 @@ class LSsession {
}
else {
// Session inexistante
if (isset($_POST['LSsession_user'])) {
if (isset($_POST['LSsession_ldapserver'])) {
self :: setLdapServer($_POST['LSsession_ldapserver']);
}
@ -529,7 +532,6 @@ class LSsession {
}
$_SESSION['LSsession_topDn']=self :: $topDn;
if (isset($_GET['LSsession_recoverPassword'])) {
$recoveryPasswordInfos = self :: recoverPasswd(
$_REQUEST['LSsession_user'],
@ -538,10 +540,21 @@ class LSsession {
}
else {
if (self :: loadLSclass('LSauth')) {
$LSuserObject = LSauth :: authenticate(
$_REQUEST['LSsession_user'],
$_REQUEST['LSsession_pwd']
);
if (isset(self :: $ldapServer['LSauth']['method'])) {
$LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
if (!self :: loadLSclass($LSauthClass)) {
LSerror :: addErrorCode('LSsession_08',$LSauthClass);
$LSauthClass = 'LSauth';
}
}
else {
$LSauthClass = 'LSauth';
}
$authObj = new $LSauthClass();
self :: $authParams = $authObj->params;
if ($authObj -> getPostData()) {
$LSuserObject = $authObj -> authenticate();
if ($LSuserObject) {
// Authentification réussi
self :: $LSuserObject = $LSuserObject;
@ -555,11 +568,14 @@ class LSsession {
}
}
}
else {
LSerror :: addErrorCode('LSsession_05','LSauth');
}
}
}
else {
LSerror :: addErrorCode('LSsession_09');
}
}
if (self :: $ldapServerId) {
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
}
@ -567,9 +583,13 @@ class LSsession {
if (isset($_GET['LSsession_recoverPassword'])) {
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
}
else {
elseif(self :: $authParams['displayLoginForm']) {
self :: displayLoginForm();
}
else {
self :: setTemplate('blank.tpl');
LSerror :: addErrorCode('LSsession_10');
}
return;
}
}
@ -811,7 +831,8 @@ class LSsession {
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
'LSaccess' => self :: $LSaccess
'LSaccess' => self :: $LSaccess,
'authParams' => self :: $authParams
);
}
@ -1318,6 +1339,8 @@ class LSsession {
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
// Infos
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
$txt_infos="<ul>\n";
@ -2088,11 +2111,15 @@ class LSsession {
LSerror :: defineError('LSsession_07',
_("LSsession : Impossible to identify you : Duplication of identities.")
);
// 08
LSerror :: defineError('LSsession_08',
_("LSsession : Can't load class of authentification (%{class}).")
);
LSerror :: defineError('LSsession_09',
_("LSsession : Can't connect to LDAP server.")
);
// 10
LSerror :: defineError('LSsession_10',
_("LSsession : Impossible to authenticate you.")
);
LSerror :: defineError('LSsession_11',
_("LSsession : Your are not authorized to do this action.")
);

View file

@ -1,20 +1,20 @@
<?xml version="1.0"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="icon" type="image/png" href="images/default/favicon.png" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
{$LSsession_css}
{$LSsession_js}
</head>
<body>
<div id='LSerror'>
{$LSerrors}
</div>
<div id='LSdebug'>
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
{include file='LSdefault.tpl'}
{$LSsession_js}
</body>
</html>

View file

@ -45,7 +45,7 @@
</select>
<input type='submit' value='->'/>
</form>
{$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>
{$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
</td>
</tr>
<tr>