X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fsecurity%2FLoginManager.php;h=426e785e1a5431328d0818d49ec6d00d037eb0cd;hb=refs%2Fpull%2F1630%2Fhead;hp=39ec9b2e7fffa92688ab29dbc3e2a551a9b5967b;hpb=78c2f122e067f8bab62deb7ef758708721f4a9ba;p=github%2Fshaarli%2FShaarli.git diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 39ec9b2e..426e785e 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php @@ -2,6 +2,7 @@ namespace Shaarli\Security; use Exception; +use Psr\Log\LoggerInterface; use Shaarli\Config\ConfigManager; /** @@ -9,9 +10,6 @@ use Shaarli\Config\ConfigManager; */ class LoginManager { - /** @var string Name of the cookie set after logging in **/ - public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; - /** @var array A reference to the $_GLOBALS array */ protected $globals = []; @@ -32,24 +30,32 @@ class LoginManager /** @var string User sign-in token depending on remote IP and credentials */ protected $staySignedInToken = ''; + /** @var CookieManager */ + protected $cookieManager; + /** @var LoggerInterface */ + protected $logger; /** * Constructor * - * @param ConfigManager $configManager Configuration Manager instance + * @param ConfigManager $configManager Configuration Manager instance * @param SessionManager $sessionManager SessionManager instance + * @param CookieManager $cookieManager CookieManager instance + * @param BanManager $banManager + * @param LoggerInterface $logger Used to log login attempts */ - public function __construct($configManager, $sessionManager) - { + public function __construct( + ConfigManager $configManager, + SessionManager $sessionManager, + CookieManager $cookieManager, + BanManager $banManager, + LoggerInterface $logger + ) { $this->configManager = $configManager; $this->sessionManager = $sessionManager; - $this->banManager = new BanManager( - $this->configManager->get('security.trusted_proxies', []), - $this->configManager->get('security.ban_after'), - $this->configManager->get('security.ban_duration'), - $this->configManager->get('resource.ban_file', 'data/ipbans.php'), - $this->configManager->get('resource.log') - ); + $this->cookieManager = $cookieManager; + $this->banManager = $banManager; + $this->logger = $logger; if ($this->configManager->get('security.open_shaarli') === true) { $this->openShaarli = true; @@ -86,10 +92,9 @@ class LoginManager /** * Check user session state and validity (expiration) * - * @param array $cookie The $_COOKIE array * @param string $clientIpId Client IP address identifier */ - public function checkLoginState($cookie, $clientIpId) + public function checkLoginState($clientIpId) { if (! $this->configManager->exists('credentials.login')) { // Shaarli is not configured yet @@ -97,9 +102,7 @@ class LoginManager return; } - if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) - && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken - ) { + if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { // The user client has a valid stay-signed-in cookie // Session information is updated with the current client information $this->sessionManager->storeLoginInfo($clientIpId); @@ -120,7 +123,7 @@ class LoginManager * * @return true when the user is logged in, false otherwise */ - public function isLoggedIn() + public function isLoggedIn(): bool { if ($this->openShaarli) { return true; @@ -131,48 +134,34 @@ class LoginManager /** * Check user credentials are valid * - * @param string $remoteIp Remote client IP address * @param string $clientIpId Client IP address identifier * @param string $login Username * @param string $password Password * * @return bool true if the provided credentials are valid, false otherwise */ - public function checkCredentials($remoteIp, $clientIpId, $login, $password) + public function checkCredentials($clientIpId, $login, $password) { - // Check login matches config - if ($login !== $this->configManager->get('credentials.login')) { - return false; - } - // Check credentials try { $useLdapLogin = !empty($this->configManager->get('ldap.host')); - if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password)) - || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password)) + if ($login === $this->configManager->get('credentials.login') + && ( + (false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password)) + || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password)) + ) ) { - $this->sessionManager->storeLoginInfo($clientIpId); - logm( - $this->configManager->get('resource.log'), - $remoteIp, - 'Login successful' - ); - return true; + $this->sessionManager->storeLoginInfo($clientIpId); + $this->logger->info(format_log('Login successful', $clientIpId)); + + return true; } - } - catch(Exception $exception) { - logm( - $this->configManager->get('resource.log'), - $remoteIp, - 'Exception while checking credentials: ' . $exception - ); + } catch(Exception $exception) { + $this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId)); } - logm( - $this->configManager->get('resource.log'), - $remoteIp, - 'Login failed for user ' . $login - ); + $this->logger->info(format_log('Login failed for user ' . $login, $clientIpId)); + return false; }