X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fsecurity%2FLoginManager.php;h=d74c3118c4eded1713a339ebc824d1978c83f93d;hb=ff2b5f5bd857ee7edf496cae2b4ab526b0703345;hp=16ef3878ca24c64d430a13dbbf136df82d251cf4;hpb=21e5df5ee8f302ab96d4ca46ac3070405dd9aafb;p=github%2Fshaarli%2FShaarli.git diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 16ef3878..d74c3118 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php @@ -9,9 +9,6 @@ use Shaarli\Config\ConfigManager; */ class LoginManager { - /** @var string Name of the cookie set after logging in **/ - public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn'; - /** @var array A reference to the $_GLOBALS array */ protected $globals = []; @@ -32,17 +29,21 @@ class LoginManager /** @var string User sign-in token depending on remote IP and credentials */ protected $staySignedInToken = ''; + /** @var CookieManager */ + protected $cookieManager; /** * Constructor * * @param ConfigManager $configManager Configuration Manager instance * @param SessionManager $sessionManager SessionManager instance + * @param CookieManager $cookieManager CookieManager instance */ - public function __construct($configManager, $sessionManager) + public function __construct($configManager, $sessionManager, $cookieManager) { $this->configManager = $configManager; $this->sessionManager = $sessionManager; + $this->cookieManager = $cookieManager; $this->banManager = new BanManager( $this->configManager->get('security.trusted_proxies', []), $this->configManager->get('security.ban_after'), @@ -86,10 +87,9 @@ class LoginManager /** * Check user session state and validity (expiration) * - * @param array $cookie The $_COOKIE array * @param string $clientIpId Client IP address identifier */ - public function checkLoginState($cookie, $clientIpId) + public function checkLoginState($clientIpId) { if (! $this->configManager->exists('credentials.login')) { // Shaarli is not configured yet @@ -97,9 +97,7 @@ class LoginManager return; } - if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE]) - && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken - ) { + if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) { // The user client has a valid stay-signed-in cookie // Session information is updated with the current client information $this->sessionManager->storeLoginInfo($clientIpId); @@ -141,7 +139,7 @@ class LoginManager public function checkCredentials($remoteIp, $clientIpId, $login, $password) { // Check login matches config - if ($login != $this->configManager->get('credentials.login')) { + if ($login !== $this->configManager->get('credentials.login')) { return false; } @@ -204,9 +202,22 @@ class LoginManager */ public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null) { - $connect = $connect ?? function($host) { return ldap_connect($host); }; - $bind = $bind ?? function($handle, $dn, $password) { return ldap_bind($handle, $dn, $password); }; - return $bind($connect($this->configManager->get('ldap.host')), sprintf($this->configManager->get('ldap.dn'), $login), $password); + $connect = $connect ?? function($host) { + $resource = ldap_connect($host); + + ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3); + + return $resource; + }; + $bind = $bind ?? function($handle, $dn, $password) { + return ldap_bind($handle, $dn, $password); + }; + + return $bind( + $connect($this->configManager->get('ldap.host')), + sprintf($this->configManager->get('ldap.dn'), $login), + $password + ); } /**