aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security/LoginManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/security/LoginManager.php')
-rw-r--r--application/security/LoginManager.php42
1 files changed, 35 insertions, 7 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index d6784d6d..bdfaca7b 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -32,6 +32,9 @@ class LoginManager
32 /** @var string User sign-in token depending on remote IP and credentials */ 32 /** @var string User sign-in token depending on remote IP and credentials */
33 protected $staySignedInToken = ''; 33 protected $staySignedInToken = '';
34 34
35 protected $lastErrorReason = '';
36 protected $lastErrorIsBanishable = false;
37
35 /** 38 /**
36 * Constructor 39 * Constructor
37 * 40 *
@@ -83,7 +86,7 @@ class LoginManager
83 */ 86 */
84 public function checkLoginState($cookie, $clientIpId) 87 public function checkLoginState($cookie, $clientIpId)
85 { 88 {
86 if (! $this->configManager->exists('credentials.login')) { 89 if (! $this->configManager->exists('credentials.login') || (isset($_SESSION['username']) && $_SESSION['username'] && $this->configManager->get('credentials.login') !== $_SESSION['username'])) {
87 // Shaarli is not configured yet 90 // Shaarli is not configured yet
88 $this->isLoggedIn = false; 91 $this->isLoggedIn = false;
89 return; 92 return;
@@ -133,20 +136,40 @@ class LoginManager
133 */ 136 */
134 public function checkCredentials($remoteIp, $clientIpId, $login, $password) 137 public function checkCredentials($remoteIp, $clientIpId, $login, $password)
135 { 138 {
136 $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); 139 $this->lastErrorIsBanishable = false;
140
141 if ($this->configManager->getUserSpace() !== null && $this->configManager->getUserSpace() !== $login) {
142 logm($this->configManager->get('resource.log'),
143 $remoteIp,
144 'Trying to login to wrong user space');
145 $this->lastErrorReason = 'You’re trying to access the wrong account.';
146 return false;
147 }
137 148
138 if ($login != $this->configManager->get('credentials.login') 149 logm($this->configManager->get('resource.log'),
139 || $hash != $this->configManager->get('credentials.hash') 150 $remoteIp,
140 ) { 151 'Trying LDAP connection');
152 $result = $this->configManager->findLDAPUser($login, $password);
153 if ($result === false) {
141 logm( 154 logm(
142 $this->configManager->get('resource.log'), 155 $this->configManager->get('resource.log'),
143 $remoteIp, 156 $remoteIp,
144 'Login failed for user ' . $login 157 'Impossible to connect to LDAP'
145 ); 158 );
159 $this->lastErrorReason = 'Server error.';
160 return false;
161 } else if (is_null($result)) {
162 logm(
163 $this->configManager->get('resource.log'),
164 $remoteIp,
165 'Login failed for user ' . $login
166 );
167 $this->lastErrorIsBanishable = true;
168 $this->lastErrorReason = 'Wrong login/password.';
146 return false; 169 return false;
147 } 170 }
148 171
149 $this->sessionManager->storeLoginInfo($clientIpId); 172 $this->sessionManager->storeLoginInfo($clientIpId, $login);
150 logm( 173 logm(
151 $this->configManager->get('resource.log'), 174 $this->configManager->get('resource.log'),
152 $remoteIp, 175 $remoteIp,
@@ -187,6 +210,10 @@ class LoginManager
187 */ 210 */
188 public function handleFailedLogin($server) 211 public function handleFailedLogin($server)
189 { 212 {
213 if (!$this->lastErrorIsBanishable) {
214 return $this->lastErrorReason ?: 'Error during login.';
215 };
216
190 $ip = $server['REMOTE_ADDR']; 217 $ip = $server['REMOTE_ADDR'];
191 $trusted = $this->configManager->get('security.trusted_proxies', []); 218 $trusted = $this->configManager->get('security.trusted_proxies', []);
192 219
@@ -215,6 +242,7 @@ class LoginManager
215 ); 242 );
216 } 243 }
217 $this->writeBanFile(); 244 $this->writeBanFile();
245 return $this->lastErrorReason ?: 'Error during login.';
218 } 246 }
219 247
220 /** 248 /**