Refactor user credential validation at login time

Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-02-17 01:46:27 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2018-05-29 22:53:54 +0200
commit: 63ea23c2a67d2a1cf6cda79fa2fe49a143571cde (patch)
tree: 984bc2b373f1a0d190df3f2bbda74b63b1c9b949 /application
parent: 49f183231662c642ca9df6ceabf43fe128a5ffc1 (diff)
download: Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.gz
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.zst
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.zip
1 files changed, 106 insertions, 3 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php
index 397bc6e3..8f6bf0da 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -8,20 +8,123 @@ class LoginManager
 {
    protected $globals = [];
    protected $configManager = null;
+    protected $sessionManager = null;
    protected $banFile = '';
+    protected $isLoggedIn = false;
+    protected $openShaarli = false;
    /**
     * Constructor
     *
-     * @param array         $globals       The $GLOBALS array (reference)
+     * @param array          $globals        The $GLOBALS array (reference)
-     * @param ConfigManager $configManager Configuration Manager instance.
+     * @param ConfigManager  $configManager  Configuration Manager instance
+     * @param SessionManager $sessionManager SessionManager instance
     */
-    public function __construct(& $globals, $configManager)
+    public function __construct(& $globals, $configManager, $sessionManager)
    {
        $this->globals = &$globals;
        $this->configManager = $configManager;
+        $this->sessionManager = $sessionManager;
        $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
        $this->readBanFile();
+        if ($this->configManager->get('security.open_shaarli')) {
+            $this->openShaarli = true;
+        }
+    }
+    /**
+     * Check user session state and validity (expiration)
+     *
+     * @param array  $server  The $_SERVER array
+     * @param array  $session The $_SESSION array (reference)
+     * @param array  $cookie  The $_COOKIE array
+     * @param string $webPath Path on the server in which the cookie will be available on
+     * @param string $token   Session token
+     *
+     * @return bool true if the user session is valid, false otherwise
+     */
+    public function checkLoginState($server, & $session, $cookie, $webPath, $token)
+    {
+        if (! $this->configManager->exists('credentials.login')) {
+            // Shaarli is not configured yet
+            $this->isLoggedIn = false;
+            return;
+        }
+        if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
+            && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
+        ) {
+            $this->sessionManager->storeLoginInfo($server);
+            $this->isLoggedIn = true;
+        }
+        // Logout when:
+        // - the session does not exist on the server side
+        // - the session has expired
+        // - the client IP address has changed
+        if (empty($session['uid'])
+            || ($this->configManager->get('security.session_protection_disabled') === false
+                && $session['ip'] != client_ip_id($server))
+            || time() >= $session['expires_on']
+        ) {
+            $this->sessionManager->logout($webPath);
+            $this->isLoggedIn = false;
+            return;
+        }
+        // Extend session validity
+        if (! empty($session['longlastingsession'])) {
+            // "Stay signed in" is enabled
+            $session['expires_on'] = time() + $session['longlastingsession'];
+        } else {
+            $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
+        }
+    }
+    /**
+     * Return whether the user is currently logged in
+     *
+     * @return true when the user is logged in, false otherwise
+     */
+    public function isLoggedIn()
+    {
+        if ($this->openShaarli) {
+            return true;
+        }
+        return $this->isLoggedIn;
+    }
+    /**
+     * Check user credentials are valid
+     *
+     * @param array  $server   The $_SERVER array
+     * @param string $login    Username
+     * @param string $password Password
+     *
+     * @return bool true if the provided credentials are valid, false otherwise
+     */
+    public function checkCredentials($server, $login, $password)
+    {
+        $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
+        if ($login != $this->configManager->get('credentials.login')
+            || $hash != $this->configManager->get('credentials.hash')
+        ) {
+            logm(
+                $this->configManager->get('resource.log'),
+                $server['REMOTE_ADDR'],
+                'Login failed for user ' . $login
+            );
+            return false;
+        }
+        $this->sessionManager->storeLoginInfo($server);
+        logm(
+            $this->configManager->get('resource.log'),
+            $server['REMOTE_ADDR'],
+            'Login successful'
+        );
+        return true;
    }
    /**
author	VirtualTam <virtualtam@flibidi.net>	2018-02-17 01:46:27 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2018-05-29 22:53:54 +0200
commit	63ea23c2a67d2a1cf6cda79fa2fe49a143571cde (patch)
tree	984bc2b373f1a0d190df3f2bbda74b63b1c9b949 /application
parent	49f183231662c642ca9df6ceabf43fe128a5ffc1 (diff)
download	Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.gz Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.zst Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.zip

diff --git a/application/LoginManager.php b/application/LoginManager.php index 397bc6e3..8f6bf0da 100644 --- a/application/LoginManager.php +++ b/application/LoginManager.php
@@ -8,20 +8,123 @@ class LoginManager
8	{	8	{
9	protected $globals = [];	9	protected $globals = [];
10	protected $configManager = null;	10	protected $configManager = null;
		11	protected $sessionManager = null;
11	protected $banFile = '';	12	protected $banFile = '';
		13	protected $isLoggedIn = false;
		14	protected $openShaarli = false;
12		15
13	/**	16	/**
14	* Constructor	17	* Constructor
15	*	18	*
16	* @param array $globals The $GLOBALS array (reference)	19	* @param array $globals The $GLOBALS array (reference)
17	* @param ConfigManager $configManager Configuration Manager instance.	20	* @param ConfigManager $configManager Configuration Manager instance
		21	* @param SessionManager $sessionManager SessionManager instance
18	*/	22	*/
19	public function __construct(& $globals, $configManager)	23	public function __construct(& $globals, $configManager, $sessionManager)
20	{	24	{
21	$this->globals = &$globals;	25	$this->globals = &$globals;
22	$this->configManager = $configManager;	26	$this->configManager = $configManager;
		27	$this->sessionManager = $sessionManager;
23	$this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');	28	$this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
24	$this->readBanFile();	29	$this->readBanFile();
		30	if ($this->configManager->get('security.open_shaarli')) {
		31	$this->openShaarli = true;
		32	}
		33	}
		34
		35	/**
		36	* Check user session state and validity (expiration)
		37	*
		38	* @param array $server The $_SERVER array
		39	* @param array $session The $_SESSION array (reference)
		40	* @param array $cookie The $_COOKIE array
		41	* @param string $webPath Path on the server in which the cookie will be available on
		42	* @param string $token Session token
		43	*
		44	* @return bool true if the user session is valid, false otherwise
		45	*/
		46	public function checkLoginState($server, & $session, $cookie, $webPath, $token)
		47	{
		48	if (! $this->configManager->exists('credentials.login')) {
		49	// Shaarli is not configured yet
		50	$this->isLoggedIn = false;
		51	return;
		52	}
		53
		54	if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
		55	&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
		56	) {
		57	$this->sessionManager->storeLoginInfo($server);
		58	$this->isLoggedIn = true;
		59	}
		60
		61	// Logout when:
		62	// - the session does not exist on the server side
		63	// - the session has expired
		64	// - the client IP address has changed
		65	if (empty($session['uid'])
		66	\|\| ($this->configManager->get('security.session_protection_disabled') === false
		67	&& $session['ip'] != client_ip_id($server))
		68	\|\| time() >= $session['expires_on']
		69	) {
		70	$this->sessionManager->logout($webPath);
		71	$this->isLoggedIn = false;
		72	return;
		73	}
		74
		75	// Extend session validity
		76	if (! empty($session['longlastingsession'])) {
		77	// "Stay signed in" is enabled
		78	$session['expires_on'] = time() + $session['longlastingsession'];
		79	} else {
		80	$session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
		81	}
		82	}
		83
		84	/**
		85	* Return whether the user is currently logged in
		86	*
		87	* @return true when the user is logged in, false otherwise
		88	*/
		89	public function isLoggedIn()
		90	{
		91	if ($this->openShaarli) {
		92	return true;
		93	}
		94	return $this->isLoggedIn;
		95	}
		96
		97	/**
		98	* Check user credentials are valid
		99	*
		100	* @param array $server The $_SERVER array
		101	* @param string $login Username
		102	* @param string $password Password
		103	*
		104	* @return bool true if the provided credentials are valid, false otherwise
		105	*/
		106	public function checkCredentials($server, $login, $password)
		107	{
		108	$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
		109
		110	if ($login != $this->configManager->get('credentials.login')
		111	\|\| $hash != $this->configManager->get('credentials.hash')
		112	) {
		113	logm(
		114	$this->configManager->get('resource.log'),
		115	$server['REMOTE_ADDR'],
		116	'Login failed for user ' . $login
		117	);
		118	return false;
		119	}
		120
		121	$this->sessionManager->storeLoginInfo($server);
		122	logm(
		123	$this->configManager->get('resource.log'),
		124	$server['REMOTE_ADDR'],
		125	'Login successful'
		126	);
		127	return true;
25	}	128	}
26		129
27	/**	130	/**