Rewrite of the authentication and authorization system

author: Frederic Guillot <fred@kanboard.net> 2015-12-05 20:31:27 -0500
committer: Frederic Guillot <fred@kanboard.net> 2015-12-05 20:31:27 -0500
commit: e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 (patch)
tree: abc2de5aebace4a2d7c94805552264dab6b10bc7 /app/Subscriber
parent: 346b8312e5ac877ce3192c2db3a26b500018bbb5 (diff)
2 files changed, 97 insertions, 11 deletions
diff --git a/app/Subscriber/AuthSubscriber.php b/app/Subscriber/AuthSubscriber.php
index 77a39942..a0e0be63 100644
--- a/app/Subscriber/AuthSubscriber.php
+++ b/app/Subscriber/AuthSubscriber.php
@@ -2,26 +2,100 @@
 
 namespace Kanboard\Subscriber;
 
-use Kanboard\Core\Http\Request;
-use Kanboard\Event\AuthEvent;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Kanboard\Core\Base;
+use Kanboard\Core\Security\AuthenticationManager;
+use Kanboard\Core\Session\SessionManager;
+use Kanboard\Event\AuthSuccessEvent;
+use Kanboard\Event\AuthFailureEvent;
 
-class AuthSubscriber extends \Kanboard\Core\Base implements EventSubscriberInterface
+/**
+ * Authentication Subscriber
+ *
+ * @package subscriber
+ * @author  Frederic Guillot
+ */
+class AuthSubscriber extends Base implements EventSubscriberInterface
 {
+    /**
+     * Get event listeners
+     *
+     * @static
+     * @access public
+     * @return array
+     */
     public static function getSubscribedEvents()
     {
         return array(
-            'auth.success' => array('onSuccess', 0),
+            AuthenticationManager::EVENT_SUCCESS => 'afterLogin',
+            AuthenticationManager::EVENT_FAILURE => 'onLoginFailure',
+            SessionManager::EVENT_DESTROY => 'afterLogout',
         );
     }
 
-    public function onSuccess(AuthEvent $event)
+    /**
+     * After Login callback
+     *
+     * @access public
+     * @param  AuthSuccessEvent $event
+     */
+    public function afterLogin(AuthSuccessEvent $event)
     {
+        $userAgent = $this->request->getUserAgent();
+        $ipAddress = $this->request->getIpAddress();
+
+        $this->userLocking->resetFailedLogin($this->userSession->getUsername());
+
         $this->lastLogin->create(
             $event->getAuthType(),
-            $event->getUserId(),
-            Request::getIpAddress(),
-            Request::getUserAgent()
+            $this->userSession->getId(),
+            $ipAddress,
+            $userAgent
         );
+
+        $this->sessionStorage->hasSubtaskInProgress = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
+
+        if (isset($this->sessionStorage->hasRememberMe) && $this->sessionStorage->hasRememberMe) {
+            $session = $this->rememberMeSession->create($this->userSession->getId(), $ipAddress, $userAgent);
+            $this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']);
+        }
+    }
+
+    /**
+     * Destroy RememberMe session on logout
+     *
+     * @access public
+     */
+    public function afterLogout()
+    {
+        $credentials = $this->rememberMeCookie->read();
+
+        if ($credentials !== false) {
+            $session = $this->rememberMeSession->find($credentials['token'], $credentials['sequence']);
+
+            if (! empty($session)) {
+                $this->rememberMeSession->remove($session['id']);
+            }
+
+            $this->rememberMeCookie->remove();
+        }
+    }
+
+    /**
+     * Increment failed login counter
+     *
+     * @access public
+     */
+    public function onLoginFailure(AuthFailureEvent $event)
+    {
+        $username = $event->getUsername();
+
+        if (! empty($username)) {
+            $this->userLocking->incrementFailedLogin($username);
+
+            if ($this->userLocking->getFailedLogin($username) > BRUTEFORCE_LOCKDOWN) {
+                $this->userLocking->lock($username, BRUTEFORCE_LOCKDOWN_DURATION);
+            }
+        }
     }
 }
diff --git a/app/Subscriber/BootstrapSubscriber.php b/app/Subscriber/BootstrapSubscriber.php
index 25b919f7..cc0bc06d 100644
--- a/app/Subscriber/BootstrapSubscriber.php
+++ b/app/Subscriber/BootstrapSubscriber.php
@@ -9,9 +9,7 @@ class BootstrapSubscriber extends \Kanboard\Core\Base implements EventSubscriber
     public static function getSubscribedEvents()
     {
         return array(
-            'session.bootstrap' => array('setup', 0),
-            'api.bootstrap' => array('setup', 0),
-            'console.bootstrap' => array('setup', 0),
+            'app.bootstrap' => array('setup', 0),
         );
     }
 
@@ -20,4 +18,18 @@ class BootstrapSubscriber extends \Kanboard\Core\Base implements EventSubscriber
         $this->config->setupTranslations();
         $this->config->setupTimezone();
     }
+
+    public function __destruct()
+    {
+        if (DEBUG) {
+            foreach ($this->db->getLogMessages() as $message) {
+                $this->logger->debug($message);
+            }
+
+            $this->logger->debug('SQL_QUERIES={nb}', array('nb' => $this->container['db']->nbQueries));
+            $this->logger->debug('RENDERING={time}', array('time' => microtime(true) - $this->request->getStartTime()));
+            $this->logger->debug('MEMORY='.$this->helper->text->bytes(memory_get_usage()));
+            $this->logger->debug('URI='.$this->request->getUri());
+        }
+    }
 }
author	Frederic Guillot <fred@kanboard.net>	2015-12-05 20:31:27 -0500
committer	Frederic Guillot <fred@kanboard.net>	2015-12-05 20:31:27 -0500
commit	e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 (patch)
tree	abc2de5aebace4a2d7c94805552264dab6b10bc7 /app/Subscriber
parent	346b8312e5ac877ce3192c2db3a26b500018bbb5 (diff)