diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-02-03 20:58:18 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-02-08 01:23:56 +0100 |
| commit | a19c24edc1057bd411821f9e3e7d1d309d38b1bb (patch) | |
| tree | ee572568811b8ed56630156ab88b0a2278785e65 /application/security/LoginManager.php | |
| parent | 630ebca2b6359e942e5b6c057cca2b6069c1093a (diff) | |
| download | Shaarli-a19c24edc1057bd411821f9e3e7d1d309d38b1bb.tar.gz Shaarli-a19c24edc1057bd411821f9e3e7d1d309d38b1bb.tar.zst Shaarli-a19c24edc1057bd411821f9e3e7d1d309d38b1bb.zip | |
Add ldap connectiongitolite_local/ldap
Diffstat (limited to 'application/security/LoginManager.php')
| -rw-r--r-- | application/security/LoginManager.php | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index d6784d6d..bdfaca7b 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
| @@ -32,6 +32,9 @@ class LoginManager | |||
| 32 | /** @var string User sign-in token depending on remote IP and credentials */ | 32 | /** @var string User sign-in token depending on remote IP and credentials */ |
| 33 | protected $staySignedInToken = ''; | 33 | protected $staySignedInToken = ''; |
| 34 | 34 | ||
| 35 | protected $lastErrorReason = ''; | ||
| 36 | protected $lastErrorIsBanishable = false; | ||
| 37 | |||
| 35 | /** | 38 | /** |
| 36 | * Constructor | 39 | * Constructor |
| 37 | * | 40 | * |
| @@ -83,7 +86,7 @@ class LoginManager | |||
| 83 | */ | 86 | */ |
| 84 | public function checkLoginState($cookie, $clientIpId) | 87 | public function checkLoginState($cookie, $clientIpId) |
| 85 | { | 88 | { |
| 86 | if (! $this->configManager->exists('credentials.login')) { | 89 | if (! $this->configManager->exists('credentials.login') || (isset($_SESSION['username']) && $_SESSION['username'] && $this->configManager->get('credentials.login') !== $_SESSION['username'])) { |
| 87 | // Shaarli is not configured yet | 90 | // Shaarli is not configured yet |
| 88 | $this->isLoggedIn = false; | 91 | $this->isLoggedIn = false; |
| 89 | return; | 92 | return; |
| @@ -133,20 +136,40 @@ class LoginManager | |||
| 133 | */ | 136 | */ |
| 134 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) | 137 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) |
| 135 | { | 138 | { |
| 136 | $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); | 139 | $this->lastErrorIsBanishable = false; |
| 140 | |||
| 141 | if ($this->configManager->getUserSpace() !== null && $this->configManager->getUserSpace() !== $login) { | ||
| 142 | logm($this->configManager->get('resource.log'), | ||
| 143 | $remoteIp, | ||
| 144 | 'Trying to login to wrong user space'); | ||
| 145 | $this->lastErrorReason = 'You’re trying to access the wrong account.'; | ||
| 146 | return false; | ||
| 147 | } | ||
| 137 | 148 | ||
| 138 | if ($login != $this->configManager->get('credentials.login') | 149 | logm($this->configManager->get('resource.log'), |
| 139 | || $hash != $this->configManager->get('credentials.hash') | 150 | $remoteIp, |
| 140 | ) { | 151 | 'Trying LDAP connection'); |
| 152 | $result = $this->configManager->findLDAPUser($login, $password); | ||
| 153 | if ($result === false) { | ||
| 141 | logm( | 154 | logm( |
| 142 | $this->configManager->get('resource.log'), | 155 | $this->configManager->get('resource.log'), |
| 143 | $remoteIp, | 156 | $remoteIp, |
| 144 | 'Login failed for user ' . $login | 157 | 'Impossible to connect to LDAP' |
| 145 | ); | 158 | ); |
| 159 | $this->lastErrorReason = 'Server error.'; | ||
| 160 | return false; | ||
| 161 | } else if (is_null($result)) { | ||
| 162 | logm( | ||
| 163 | $this->configManager->get('resource.log'), | ||
| 164 | $remoteIp, | ||
| 165 | 'Login failed for user ' . $login | ||
| 166 | ); | ||
| 167 | $this->lastErrorIsBanishable = true; | ||
| 168 | $this->lastErrorReason = 'Wrong login/password.'; | ||
| 146 | return false; | 169 | return false; |
| 147 | } | 170 | } |
| 148 | 171 | ||
| 149 | $this->sessionManager->storeLoginInfo($clientIpId); | 172 | $this->sessionManager->storeLoginInfo($clientIpId, $login); |
| 150 | logm( | 173 | logm( |
| 151 | $this->configManager->get('resource.log'), | 174 | $this->configManager->get('resource.log'), |
| 152 | $remoteIp, | 175 | $remoteIp, |
| @@ -187,6 +210,10 @@ class LoginManager | |||
| 187 | */ | 210 | */ |
| 188 | public function handleFailedLogin($server) | 211 | public function handleFailedLogin($server) |
| 189 | { | 212 | { |
| 213 | if (!$this->lastErrorIsBanishable) { | ||
| 214 | return $this->lastErrorReason ?: 'Error during login.'; | ||
| 215 | }; | ||
| 216 | |||
| 190 | $ip = $server['REMOTE_ADDR']; | 217 | $ip = $server['REMOTE_ADDR']; |
| 191 | $trusted = $this->configManager->get('security.trusted_proxies', []); | 218 | $trusted = $this->configManager->get('security.trusted_proxies', []); |
| 192 | 219 | ||
| @@ -215,6 +242,7 @@ class LoginManager | |||
| 215 | ); | 242 | ); |
| 216 | } | 243 | } |
| 217 | $this->writeBanFile(); | 244 | $this->writeBanFile(); |
| 245 | return $this->lastErrorReason ?: 'Error during login.'; | ||
| 218 | } | 246 | } |
| 219 | 247 | ||
| 220 | /** | 248 | /** |