diff options
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r-- | application/security/LoginManager.php | 69 |
1 files changed, 30 insertions, 39 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 65048f10..426e785e 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -2,6 +2,7 @@ | |||
2 | namespace Shaarli\Security; | 2 | namespace Shaarli\Security; |
3 | 3 | ||
4 | use Exception; | 4 | use Exception; |
5 | use Psr\Log\LoggerInterface; | ||
5 | use Shaarli\Config\ConfigManager; | 6 | use Shaarli\Config\ConfigManager; |
6 | 7 | ||
7 | /** | 8 | /** |
@@ -31,26 +32,30 @@ class LoginManager | |||
31 | protected $staySignedInToken = ''; | 32 | protected $staySignedInToken = ''; |
32 | /** @var CookieManager */ | 33 | /** @var CookieManager */ |
33 | protected $cookieManager; | 34 | protected $cookieManager; |
35 | /** @var LoggerInterface */ | ||
36 | protected $logger; | ||
34 | 37 | ||
35 | /** | 38 | /** |
36 | * Constructor | 39 | * Constructor |
37 | * | 40 | * |
38 | * @param ConfigManager $configManager Configuration Manager instance | 41 | * @param ConfigManager $configManager Configuration Manager instance |
39 | * @param SessionManager $sessionManager SessionManager instance | 42 | * @param SessionManager $sessionManager SessionManager instance |
40 | * @param CookieManager $cookieManager CookieManager instance | 43 | * @param CookieManager $cookieManager CookieManager instance |
44 | * @param BanManager $banManager | ||
45 | * @param LoggerInterface $logger Used to log login attempts | ||
41 | */ | 46 | */ |
42 | public function __construct($configManager, $sessionManager, $cookieManager) | 47 | public function __construct( |
43 | { | 48 | ConfigManager $configManager, |
49 | SessionManager $sessionManager, | ||
50 | CookieManager $cookieManager, | ||
51 | BanManager $banManager, | ||
52 | LoggerInterface $logger | ||
53 | ) { | ||
44 | $this->configManager = $configManager; | 54 | $this->configManager = $configManager; |
45 | $this->sessionManager = $sessionManager; | 55 | $this->sessionManager = $sessionManager; |
46 | $this->cookieManager = $cookieManager; | 56 | $this->cookieManager = $cookieManager; |
47 | $this->banManager = new BanManager( | 57 | $this->banManager = $banManager; |
48 | $this->configManager->get('security.trusted_proxies', []), | 58 | $this->logger = $logger; |
49 | $this->configManager->get('security.ban_after'), | ||
50 | $this->configManager->get('security.ban_duration'), | ||
51 | $this->configManager->get('resource.ban_file', 'data/ipbans.php'), | ||
52 | $this->configManager->get('resource.log') | ||
53 | ); | ||
54 | 59 | ||
55 | if ($this->configManager->get('security.open_shaarli') === true) { | 60 | if ($this->configManager->get('security.open_shaarli') === true) { |
56 | $this->openShaarli = true; | 61 | $this->openShaarli = true; |
@@ -129,48 +134,34 @@ class LoginManager | |||
129 | /** | 134 | /** |
130 | * Check user credentials are valid | 135 | * Check user credentials are valid |
131 | * | 136 | * |
132 | * @param string $remoteIp Remote client IP address | ||
133 | * @param string $clientIpId Client IP address identifier | 137 | * @param string $clientIpId Client IP address identifier |
134 | * @param string $login Username | 138 | * @param string $login Username |
135 | * @param string $password Password | 139 | * @param string $password Password |
136 | * | 140 | * |
137 | * @return bool true if the provided credentials are valid, false otherwise | 141 | * @return bool true if the provided credentials are valid, false otherwise |
138 | */ | 142 | */ |
139 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) | 143 | public function checkCredentials($clientIpId, $login, $password) |
140 | { | 144 | { |
141 | // Check login matches config | ||
142 | if ($login !== $this->configManager->get('credentials.login')) { | ||
143 | return false; | ||
144 | } | ||
145 | |||
146 | // Check credentials | 145 | // Check credentials |
147 | try { | 146 | try { |
148 | $useLdapLogin = !empty($this->configManager->get('ldap.host')); | 147 | $useLdapLogin = !empty($this->configManager->get('ldap.host')); |
149 | if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password)) | 148 | if ($login === $this->configManager->get('credentials.login') |
150 | || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password)) | 149 | && ( |
150 | (false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password)) | ||
151 | || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password)) | ||
152 | ) | ||
151 | ) { | 153 | ) { |
152 | $this->sessionManager->storeLoginInfo($clientIpId); | 154 | $this->sessionManager->storeLoginInfo($clientIpId); |
153 | logm( | 155 | $this->logger->info(format_log('Login successful', $clientIpId)); |
154 | $this->configManager->get('resource.log'), | 156 | |
155 | $remoteIp, | 157 | return true; |
156 | 'Login successful' | ||
157 | ); | ||
158 | return true; | ||
159 | } | 158 | } |
160 | } | 159 | } catch(Exception $exception) { |
161 | catch(Exception $exception) { | 160 | $this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId)); |
162 | logm( | ||
163 | $this->configManager->get('resource.log'), | ||
164 | $remoteIp, | ||
165 | 'Exception while checking credentials: ' . $exception | ||
166 | ); | ||
167 | } | 161 | } |
168 | 162 | ||
169 | logm( | 163 | $this->logger->info(format_log('Login failed for user ' . $login, $clientIpId)); |
170 | $this->configManager->get('resource.log'), | 164 | |
171 | $remoteIp, | ||
172 | 'Login failed for user ' . $login | ||
173 | ); | ||
174 | return false; | 165 | return false; |
175 | } | 166 | } |
176 | 167 | ||