diff options
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r-- | application/security/LoginManager.php | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index d6784d6d..bdfaca7b 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -32,6 +32,9 @@ class LoginManager | |||
32 | /** @var string User sign-in token depending on remote IP and credentials */ | 32 | /** @var string User sign-in token depending on remote IP and credentials */ |
33 | protected $staySignedInToken = ''; | 33 | protected $staySignedInToken = ''; |
34 | 34 | ||
35 | protected $lastErrorReason = ''; | ||
36 | protected $lastErrorIsBanishable = false; | ||
37 | |||
35 | /** | 38 | /** |
36 | * Constructor | 39 | * Constructor |
37 | * | 40 | * |
@@ -83,7 +86,7 @@ class LoginManager | |||
83 | */ | 86 | */ |
84 | public function checkLoginState($cookie, $clientIpId) | 87 | public function checkLoginState($cookie, $clientIpId) |
85 | { | 88 | { |
86 | if (! $this->configManager->exists('credentials.login')) { | 89 | if (! $this->configManager->exists('credentials.login') || (isset($_SESSION['username']) && $_SESSION['username'] && $this->configManager->get('credentials.login') !== $_SESSION['username'])) { |
87 | // Shaarli is not configured yet | 90 | // Shaarli is not configured yet |
88 | $this->isLoggedIn = false; | 91 | $this->isLoggedIn = false; |
89 | return; | 92 | return; |
@@ -133,20 +136,40 @@ class LoginManager | |||
133 | */ | 136 | */ |
134 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) | 137 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) |
135 | { | 138 | { |
136 | $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); | 139 | $this->lastErrorIsBanishable = false; |
140 | |||
141 | if ($this->configManager->getUserSpace() !== null && $this->configManager->getUserSpace() !== $login) { | ||
142 | logm($this->configManager->get('resource.log'), | ||
143 | $remoteIp, | ||
144 | 'Trying to login to wrong user space'); | ||
145 | $this->lastErrorReason = 'You’re trying to access the wrong account.'; | ||
146 | return false; | ||
147 | } | ||
137 | 148 | ||
138 | if ($login != $this->configManager->get('credentials.login') | 149 | logm($this->configManager->get('resource.log'), |
139 | || $hash != $this->configManager->get('credentials.hash') | 150 | $remoteIp, |
140 | ) { | 151 | 'Trying LDAP connection'); |
152 | $result = $this->configManager->findLDAPUser($login, $password); | ||
153 | if ($result === false) { | ||
141 | logm( | 154 | logm( |
142 | $this->configManager->get('resource.log'), | 155 | $this->configManager->get('resource.log'), |
143 | $remoteIp, | 156 | $remoteIp, |
144 | 'Login failed for user ' . $login | 157 | 'Impossible to connect to LDAP' |
145 | ); | 158 | ); |
159 | $this->lastErrorReason = 'Server error.'; | ||
160 | return false; | ||
161 | } else if (is_null($result)) { | ||
162 | logm( | ||
163 | $this->configManager->get('resource.log'), | ||
164 | $remoteIp, | ||
165 | 'Login failed for user ' . $login | ||
166 | ); | ||
167 | $this->lastErrorIsBanishable = true; | ||
168 | $this->lastErrorReason = 'Wrong login/password.'; | ||
146 | return false; | 169 | return false; |
147 | } | 170 | } |
148 | 171 | ||
149 | $this->sessionManager->storeLoginInfo($clientIpId); | 172 | $this->sessionManager->storeLoginInfo($clientIpId, $login); |
150 | logm( | 173 | logm( |
151 | $this->configManager->get('resource.log'), | 174 | $this->configManager->get('resource.log'), |
152 | $remoteIp, | 175 | $remoteIp, |
@@ -187,6 +210,10 @@ class LoginManager | |||
187 | */ | 210 | */ |
188 | public function handleFailedLogin($server) | 211 | public function handleFailedLogin($server) |
189 | { | 212 | { |
213 | if (!$this->lastErrorIsBanishable) { | ||
214 | return $this->lastErrorReason ?: 'Error during login.'; | ||
215 | }; | ||
216 | |||
190 | $ip = $server['REMOTE_ADDR']; | 217 | $ip = $server['REMOTE_ADDR']; |
191 | $trusted = $this->configManager->get('security.trusted_proxies', []); | 218 | $trusted = $this->configManager->get('security.trusted_proxies', []); |
192 | 219 | ||
@@ -215,6 +242,7 @@ class LoginManager | |||
215 | ); | 242 | ); |
216 | } | 243 | } |
217 | $this->writeBanFile(); | 244 | $this->writeBanFile(); |
245 | return $this->lastErrorReason ?: 'Error during login.'; | ||
218 | } | 246 | } |
219 | 247 | ||
220 | /** | 248 | /** |