aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security/LoginManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r--application/security/LoginManager.php69
1 files changed, 30 insertions, 39 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 65048f10..426e785e 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -2,6 +2,7 @@
2namespace Shaarli\Security; 2namespace Shaarli\Security;
3 3
4use Exception; 4use Exception;
5use Psr\Log\LoggerInterface;
5use Shaarli\Config\ConfigManager; 6use Shaarli\Config\ConfigManager;
6 7
7/** 8/**
@@ -31,26 +32,30 @@ class LoginManager
31 protected $staySignedInToken = ''; 32 protected $staySignedInToken = '';
32 /** @var CookieManager */ 33 /** @var CookieManager */
33 protected $cookieManager; 34 protected $cookieManager;
35 /** @var LoggerInterface */
36 protected $logger;
34 37
35 /** 38 /**
36 * Constructor 39 * Constructor
37 * 40 *
38 * @param ConfigManager $configManager Configuration Manager instance 41 * @param ConfigManager $configManager Configuration Manager instance
39 * @param SessionManager $sessionManager SessionManager instance 42 * @param SessionManager $sessionManager SessionManager instance
40 * @param CookieManager $cookieManager CookieManager instance 43 * @param CookieManager $cookieManager CookieManager instance
44 * @param BanManager $banManager
45 * @param LoggerInterface $logger Used to log login attempts
41 */ 46 */
42 public function __construct($configManager, $sessionManager, $cookieManager) 47 public function __construct(
43 { 48 ConfigManager $configManager,
49 SessionManager $sessionManager,
50 CookieManager $cookieManager,
51 BanManager $banManager,
52 LoggerInterface $logger
53 ) {
44 $this->configManager = $configManager; 54 $this->configManager = $configManager;
45 $this->sessionManager = $sessionManager; 55 $this->sessionManager = $sessionManager;
46 $this->cookieManager = $cookieManager; 56 $this->cookieManager = $cookieManager;
47 $this->banManager = new BanManager( 57 $this->banManager = $banManager;
48 $this->configManager->get('security.trusted_proxies', []), 58 $this->logger = $logger;
49 $this->configManager->get('security.ban_after'),
50 $this->configManager->get('security.ban_duration'),
51 $this->configManager->get('resource.ban_file', 'data/ipbans.php'),
52 $this->configManager->get('resource.log')
53 );
54 59
55 if ($this->configManager->get('security.open_shaarli') === true) { 60 if ($this->configManager->get('security.open_shaarli') === true) {
56 $this->openShaarli = true; 61 $this->openShaarli = true;
@@ -129,48 +134,34 @@ class LoginManager
129 /** 134 /**
130 * Check user credentials are valid 135 * Check user credentials are valid
131 * 136 *
132 * @param string $remoteIp Remote client IP address
133 * @param string $clientIpId Client IP address identifier 137 * @param string $clientIpId Client IP address identifier
134 * @param string $login Username 138 * @param string $login Username
135 * @param string $password Password 139 * @param string $password Password
136 * 140 *
137 * @return bool true if the provided credentials are valid, false otherwise 141 * @return bool true if the provided credentials are valid, false otherwise
138 */ 142 */
139 public function checkCredentials($remoteIp, $clientIpId, $login, $password) 143 public function checkCredentials($clientIpId, $login, $password)
140 { 144 {
141 // Check login matches config
142 if ($login !== $this->configManager->get('credentials.login')) {
143 return false;
144 }
145
146 // Check credentials 145 // Check credentials
147 try { 146 try {
148 $useLdapLogin = !empty($this->configManager->get('ldap.host')); 147 $useLdapLogin = !empty($this->configManager->get('ldap.host'));
149 if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password)) 148 if ($login === $this->configManager->get('credentials.login')
150 || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password)) 149 && (
150 (false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
151 || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
152 )
151 ) { 153 ) {
152 $this->sessionManager->storeLoginInfo($clientIpId); 154 $this->sessionManager->storeLoginInfo($clientIpId);
153 logm( 155 $this->logger->info(format_log('Login successful', $clientIpId));
154 $this->configManager->get('resource.log'), 156
155 $remoteIp, 157 return true;
156 'Login successful'
157 );
158 return true;
159 } 158 }
160 } 159 } catch(Exception $exception) {
161 catch(Exception $exception) { 160 $this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId));
162 logm(
163 $this->configManager->get('resource.log'),
164 $remoteIp,
165 'Exception while checking credentials: ' . $exception
166 );
167 } 161 }
168 162
169 logm( 163 $this->logger->info(format_log('Login failed for user ' . $login, $clientIpId));
170 $this->configManager->get('resource.log'), 164
171 $remoteIp,
172 'Login failed for user ' . $login
173 );
174 return false; 165 return false;
175 } 166 }
176 167