diff options
| author | Frédéric Guillot <fred@kanboard.net> | 2014-08-16 13:59:37 -0700 |
|---|---|---|
| committer | Frédéric Guillot <fred@kanboard.net> | 2014-08-16 13:59:37 -0700 |
| commit | 925b0ba2e56117e3bbe2947d7938ed35815efa1a (patch) | |
| tree | 7c6f47dcaffa9bb03cbd0c807849fcbb82be3e1c /app/Controller | |
| parent | 498408d5075cf0060e0f53e58261e6537e0f6080 (diff) | |
Authentication backends refactoring
Diffstat (limited to 'app/Controller')
| -rw-r--r-- | app/Controller/Base.php | 31 | ||||
| -rw-r--r-- | app/Controller/Config.php | 6 | ||||
| -rw-r--r-- | app/Controller/User.php | 28 |
3 files changed, 20 insertions, 45 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index 11841e09..ed8a6b3b 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -15,20 +15,16 @@ use Model\LastLogin; * @author Frederic Guillot * * @property \Model\Acl $acl + * @property \Model\Authentication $authentication * @property \Model\Action $action * @property \Model\Board $board * @property \Model\Category $category * @property \Model\Comment $comment * @property \Model\Config $config * @property \Model\File $file - * @property \Model\Google $google - * @property \Model\GitHub $gitHub * @property \Model\LastLogin $lastLogin - * @property \Model\Ldap $ldap * @property \Model\Notification $notification * @property \Model\Project $project - * @property \Model\RememberMe $rememberMe - * @property \Model\ReverseProxyAuth $reverseProxyAuth * @property \Model\SubTask $subTask * @property \Model\Task $task * @property \Model\User $user @@ -123,29 +119,8 @@ abstract class Base date_default_timezone_set($this->config->get('timezone', 'UTC')); // Authentication - if (! $this->acl->isLogged() && ! $this->acl->isPublicAction($controller, $action)) { - - // Try the "remember me" authentication first - if (! $this->rememberMe->authenticate()) { - - // Automatic reverse proxy header authentication - if(! (REVERSE_PROXY_AUTH && $this->reverseProxyAuth->authenticate()) ) { - // Redirect to the login form if not authenticated - $this->response->redirect('?controller=user&action=login'); - } - } - else { - - $this->lastLogin->create( - LastLogin::AUTH_REMEMBER_ME, - $this->acl->getUserId(), - $this->user->getIpAddress(), - $this->user->getUserAgent() - ); - } - } - else if ($this->rememberMe->hasCookie()) { - $this->rememberMe->refresh(); + if (! $this->authentication->isAuthenticated($controller, $action)) { + $this->response->redirect('?controller=user&action=login'); } // Check if the user is allowed to see this page diff --git a/app/Controller/Config.php b/app/Controller/Config.php index 498f3214..48bfb9cf 100644 --- a/app/Controller/Config.php +++ b/app/Controller/Config.php @@ -28,7 +28,7 @@ class Config extends Base 'menu' => 'config', 'title' => t('Settings'), 'timezones' => $this->config->getTimezones(), - 'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()), + 'remember_me_sessions' => $this->authentication->backend('rememberMe')->getAll($this->acl->getUserId()), 'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()), ))); } @@ -73,7 +73,7 @@ class Config extends Base 'menu' => 'config', 'title' => t('Settings'), 'timezones' => $this->config->getTimezones(), - 'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()), + 'remember_me_sessions' => $this->authentication->backend('rememberMe')->getAll($this->acl->getUserId()), 'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()), ))); } @@ -124,7 +124,7 @@ class Config extends Base public function removeRememberMeToken() { $this->checkCSRFParam(); - $this->rememberMe->remove($this->request->getIntegerParam('id')); + $this->authentication->backend('rememberMe')->remove($this->request->getIntegerParam('id')); $this->response->redirect('?controller=config&action=index#remember-me'); } } diff --git a/app/Controller/User.php b/app/Controller/User.php index d30c6fd2..0bb7aec1 100644 --- a/app/Controller/User.php +++ b/app/Controller/User.php @@ -18,7 +18,7 @@ class User extends Base public function logout() { $this->checkCSRFParam(); - $this->rememberMe->destroy($this->acl->getUserId()); + $this->authentication->backend('rememberMe')->destroy($this->acl->getUserId()); $this->session->close(); $this->response->redirect('?controller=user&action=login'); } @@ -30,7 +30,7 @@ class User extends Base */ public function login() { - if (isset($_SESSION['user'])) { + if ($this->acl->isLogged()) { $this->response->redirect('?controller=app'); } @@ -50,7 +50,7 @@ class User extends Base public function check() { $values = $this->request->getValues(); - list($valid, $errors) = $this->user->validateLogin($values); + list($valid, $errors) = $this->authentication->validateForm($values); if ($valid) { $this->response->redirect('?controller=app'); @@ -249,14 +249,14 @@ class User extends Base if ($code) { - $profile = $this->google->getGoogleProfile($code); + $profile = $this->authentication->backend('google')->getGoogleProfile($code); if (is_array($profile)) { // If the user is already logged, link the account otherwise authenticate if ($this->acl->isLogged()) { - if ($this->google->updateUser($this->acl->getUserId(), $profile)) { + if ($this->authentication->backend('google')->updateUser($this->acl->getUserId(), $profile)) { $this->session->flash(t('Your Google Account is linked to your profile successfully.')); } else { @@ -265,7 +265,7 @@ class User extends Base $this->response->redirect('?controller=user'); } - else if ($this->google->authenticate($profile['id'])) { + else if ($this->authentication->backend('google')->authenticate($profile['id'])) { $this->response->redirect('?controller=app'); } else { @@ -279,7 +279,7 @@ class User extends Base } } - $this->response->redirect($this->google->getAuthorizationUrl()); + $this->response->redirect($this->authentication->backend('google')->getAuthorizationUrl()); } /** @@ -290,7 +290,7 @@ class User extends Base public function unlinkGoogle() { $this->checkCSRFParam(); - if ($this->google->unlink($this->acl->getUserId())) { + if ($this->authentication->backend('google')->unlink($this->acl->getUserId())) { $this->session->flash(t('Your Google Account is not linked anymore to your profile.')); } else { @@ -310,14 +310,14 @@ class User extends Base $code = $this->request->getStringParam('code'); if ($code) { - $profile = $this->gitHub->getGitHubProfile($code); + $profile = $this->authentication->backend('gitHub')->getGitHubProfile($code); if (is_array($profile)) { // If the user is already logged, link the account otherwise authenticate if ($this->acl->isLogged()) { - if ($this->gitHub->updateUser($this->acl->getUserId(), $profile)) { + if ($this->authentication->backend('gitHub')->updateUser($this->acl->getUserId(), $profile)) { $this->session->flash(t('Your GitHub account was successfully linked to your profile.')); } else { @@ -326,7 +326,7 @@ class User extends Base $this->response->redirect('?controller=user'); } - else if ($this->gitHub->authenticate($profile['id'])) { + else if ($this->authentication->backend('gitHub')->authenticate($profile['id'])) { $this->response->redirect('?controller=app'); } else { @@ -340,7 +340,7 @@ class User extends Base } } - $this->response->redirect($this->gitHub->getAuthorizationUrl()); + $this->response->redirect($this->authentication->backend('gitHub')->getAuthorizationUrl()); } /** @@ -352,9 +352,9 @@ class User extends Base { $this->checkCSRFParam(); - $this->gitHub->revokeGitHubAccess(); + $this->authentication->backend('gitHub')->revokeGitHubAccess(); - if ($this->gitHub->unlink($this->acl->getUserId())) { + if ($this->authentication->backend('gitHub')->unlink($this->acl->getUserId())) { $this->session->flash(t('Your GitHub account is no longer linked to your profile.')); } else { |