diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-02-17 01:46:27 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-05-29 22:53:54 +0200 |
commit | 63ea23c2a67d2a1cf6cda79fa2fe49a143571cde (patch) | |
tree | 984bc2b373f1a0d190df3f2bbda74b63b1c9b949 /application | |
parent | 49f183231662c642ca9df6ceabf43fe128a5ffc1 (diff) | |
download | Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.gz Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.zst Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.zip |
Refactor user credential validation at login time
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r-- | application/LoginManager.php | 109 |
1 files changed, 106 insertions, 3 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php index 397bc6e3..8f6bf0da 100644 --- a/application/LoginManager.php +++ b/application/LoginManager.php | |||
@@ -8,20 +8,123 @@ class LoginManager | |||
8 | { | 8 | { |
9 | protected $globals = []; | 9 | protected $globals = []; |
10 | protected $configManager = null; | 10 | protected $configManager = null; |
11 | protected $sessionManager = null; | ||
11 | protected $banFile = ''; | 12 | protected $banFile = ''; |
13 | protected $isLoggedIn = false; | ||
14 | protected $openShaarli = false; | ||
12 | 15 | ||
13 | /** | 16 | /** |
14 | * Constructor | 17 | * Constructor |
15 | * | 18 | * |
16 | * @param array $globals The $GLOBALS array (reference) | 19 | * @param array $globals The $GLOBALS array (reference) |
17 | * @param ConfigManager $configManager Configuration Manager instance. | 20 | * @param ConfigManager $configManager Configuration Manager instance |
21 | * @param SessionManager $sessionManager SessionManager instance | ||
18 | */ | 22 | */ |
19 | public function __construct(& $globals, $configManager) | 23 | public function __construct(& $globals, $configManager, $sessionManager) |
20 | { | 24 | { |
21 | $this->globals = &$globals; | 25 | $this->globals = &$globals; |
22 | $this->configManager = $configManager; | 26 | $this->configManager = $configManager; |
27 | $this->sessionManager = $sessionManager; | ||
23 | $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php'); | 28 | $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php'); |
24 | $this->readBanFile(); | 29 | $this->readBanFile(); |
30 | if ($this->configManager->get('security.open_shaarli')) { | ||
31 | $this->openShaarli = true; | ||
32 | } | ||
33 | } | ||
34 | |||
35 | /** | ||
36 | * Check user session state and validity (expiration) | ||
37 | * | ||
38 | * @param array $server The $_SERVER array | ||
39 | * @param array $session The $_SESSION array (reference) | ||
40 | * @param array $cookie The $_COOKIE array | ||
41 | * @param string $webPath Path on the server in which the cookie will be available on | ||
42 | * @param string $token Session token | ||
43 | * | ||
44 | * @return bool true if the user session is valid, false otherwise | ||
45 | */ | ||
46 | public function checkLoginState($server, & $session, $cookie, $webPath, $token) | ||
47 | { | ||
48 | if (! $this->configManager->exists('credentials.login')) { | ||
49 | // Shaarli is not configured yet | ||
50 | $this->isLoggedIn = false; | ||
51 | return; | ||
52 | } | ||
53 | |||
54 | if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) | ||
55 | && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token | ||
56 | ) { | ||
57 | $this->sessionManager->storeLoginInfo($server); | ||
58 | $this->isLoggedIn = true; | ||
59 | } | ||
60 | |||
61 | // Logout when: | ||
62 | // - the session does not exist on the server side | ||
63 | // - the session has expired | ||
64 | // - the client IP address has changed | ||
65 | if (empty($session['uid']) | ||
66 | || ($this->configManager->get('security.session_protection_disabled') === false | ||
67 | && $session['ip'] != client_ip_id($server)) | ||
68 | || time() >= $session['expires_on'] | ||
69 | ) { | ||
70 | $this->sessionManager->logout($webPath); | ||
71 | $this->isLoggedIn = false; | ||
72 | return; | ||
73 | } | ||
74 | |||
75 | // Extend session validity | ||
76 | if (! empty($session['longlastingsession'])) { | ||
77 | // "Stay signed in" is enabled | ||
78 | $session['expires_on'] = time() + $session['longlastingsession']; | ||
79 | } else { | ||
80 | $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT; | ||
81 | } | ||
82 | } | ||
83 | |||
84 | /** | ||
85 | * Return whether the user is currently logged in | ||
86 | * | ||
87 | * @return true when the user is logged in, false otherwise | ||
88 | */ | ||
89 | public function isLoggedIn() | ||
90 | { | ||
91 | if ($this->openShaarli) { | ||
92 | return true; | ||
93 | } | ||
94 | return $this->isLoggedIn; | ||
95 | } | ||
96 | |||
97 | /** | ||
98 | * Check user credentials are valid | ||
99 | * | ||
100 | * @param array $server The $_SERVER array | ||
101 | * @param string $login Username | ||
102 | * @param string $password Password | ||
103 | * | ||
104 | * @return bool true if the provided credentials are valid, false otherwise | ||
105 | */ | ||
106 | public function checkCredentials($server, $login, $password) | ||
107 | { | ||
108 | $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); | ||
109 | |||
110 | if ($login != $this->configManager->get('credentials.login') | ||
111 | || $hash != $this->configManager->get('credentials.hash') | ||
112 | ) { | ||
113 | logm( | ||
114 | $this->configManager->get('resource.log'), | ||
115 | $server['REMOTE_ADDR'], | ||
116 | 'Login failed for user ' . $login | ||
117 | ); | ||
118 | return false; | ||
119 | } | ||
120 | |||
121 | $this->sessionManager->storeLoginInfo($server); | ||
122 | logm( | ||
123 | $this->configManager->get('resource.log'), | ||
124 | $server['REMOTE_ADDR'], | ||
125 | 'Login successful' | ||
126 | ); | ||
127 | return true; | ||
25 | } | 128 | } |
26 | 129 | ||
27 | /** | 130 | /** |