aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorSébastien NOBILI <code@pipoprods.org>2020-03-02 17:08:19 +0100
committerSébastien NOBILI <code@pipoprods.org>2020-03-02 17:13:18 +0100
commitcc2ded54e12e3f3140b895067af086cd71cc5dc6 (patch)
tree5e95c4b5b6d7eadef25cbb503167e8f89608162d /application
parent810f0f6c96b6d26e22164027185c5996b425816c (diff)
downloadShaarli-cc2ded54e12e3f3140b895067af086cd71cc5dc6.tar.gz
Shaarli-cc2ded54e12e3f3140b895067af086cd71cc5dc6.tar.zst
Shaarli-cc2ded54e12e3f3140b895067af086cd71cc5dc6.zip
ldap authentication, fixes shaarli/Shaarli#1343
Diffstat (limited to 'application')
-rw-r--r--application/security/LoginManager.php64
1 files changed, 55 insertions, 9 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 0b0ce0b1..2cea3f10 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -1,6 +1,7 @@
1<?php 1<?php
2namespace Shaarli\Security; 2namespace Shaarli\Security;
3 3
4use Exception;
4use Shaarli\Config\ConfigManager; 5use Shaarli\Config\ConfigManager;
5 6
6/** 7/**
@@ -139,26 +140,71 @@ class LoginManager
139 */ 140 */
140 public function checkCredentials($remoteIp, $clientIpId, $login, $password) 141 public function checkCredentials($remoteIp, $clientIpId, $login, $password)
141 { 142 {
142 $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); 143 // Check login matches config
144 if ($login != $this->configManager->get('credentials.login')) {
145 return false;
146 }
143 147
144 if ($login != $this->configManager->get('credentials.login') 148 // Check credentials
145 || $hash != $this->configManager->get('credentials.hash') 149 try {
146 ) { 150 if (($this->configManager->get('ldap.host') != "" && $this->checkCredentialsFromLdap($login, $password))
151 || ($this->configManager->get('ldap.host') == "" && $this->checkCredentialsFromLocalConfig($login, $password))) {
152 $this->sessionManager->storeLoginInfo($clientIpId);
153 logm(
154 $this->configManager->get('resource.log'),
155 $remoteIp,
156 'Login successful'
157 );
158 return true;
159 }
160 }
161 catch(Exception $exception) {
147 logm( 162 logm(
148 $this->configManager->get('resource.log'), 163 $this->configManager->get('resource.log'),
149 $remoteIp, 164 $remoteIp,
150 'Login failed for user ' . $login 165 'Exception while checking credentials: ' . $exception
151 ); 166 );
152 return false;
153 } 167 }
154 168
155 $this->sessionManager->storeLoginInfo($clientIpId);
156 logm( 169 logm(
157 $this->configManager->get('resource.log'), 170 $this->configManager->get('resource.log'),
158 $remoteIp, 171 $remoteIp,
159 'Login successful' 172 'Login failed for user ' . $login
160 ); 173 );
161 return true; 174 return false;
175 }
176
177
178 /**
179 * Check user credentials from local config
180 *
181 * @param string $login Username
182 * @param string $password Password
183 *
184 * @return bool true if the provided credentials are valid, false otherwise
185 */
186 public function checkCredentialsFromLocalConfig($login, $password) {
187 $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
188
189 return $login == $this->configManager->get('credentials.login')
190 && $hash == $this->configManager->get('credentials.hash');
191 }
192
193 /**
194 * Check user credentials are valid through LDAP bind
195 *
196 * @param string $remoteIp Remote client IP address
197 * @param string $clientIpId Client IP address identifier
198 * @param string $login Username
199 * @param string $password Password
200 *
201 * @return bool true if the provided credentials are valid, false otherwise
202 */
203 public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null)
204 {
205 $connect = $connect ?? function($host) { return ldap_connect($host); };
206 $bind = $bind ?? function($handle, $dn, $password) { return ldap_bind($handle, $dn, $password); };
207 return $bind($connect($this->configManager->get('ldap.host')), sprintf($this->configManager->get('ldap.dn'), $login), $password);
162 } 208 }
163 209
164 /** 210 /**