app/Core/Security/AuthenticationManager.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

<?php

namespace Kanboard\Core\Security;

use LogicException;
use Kanboard\Core\Base;
use Kanboard\Event\AuthFailureEvent;
use Kanboard\Event\AuthSuccessEvent;

/**
 * Authentication Manager
 *
 * @package  security
 * @author   Frederic Guillot
 */
class AuthenticationManager extends Base
{
    /**
     * Event names
     *
     * @var string
     */
    const EVENT_SUCCESS = 'auth.success';
    const EVENT_FAILURE = 'auth.failure';

    /**
     * List of authentication providers
     *
     * @access private
     * @var array
     */
    private $providers = array();

    /**
     * Register a new authentication provider
     *
     * @access public
     * @param  AuthenticationProviderInterface $provider
     * @return AuthenticationManager
     */
    public function register(AuthenticationProviderInterface $provider)
    {
        $this->providers[$provider->getName()] = $provider;
        return $this;
    }

    /**
     * Register a new authentication provider
     *
     * @access public
     * @param  string $name
     * @return AuthenticationProviderInterface|OAuthAuthenticationProviderInterface|PasswordAuthenticationProviderInterface|PreAuthenticationProviderInterface|OAuthAuthenticationProviderInterface
     */
    public function getProvider($name)
    {
        if (! isset($this->providers[$name])) {
            throw new LogicException('Authentication provider not found: '.$name);
        }

        return $this->providers[$name];
    }

    /**
     * Execute providers that are able to validate the current session
     *
     * @access public
     * @return boolean
     */
    public function checkCurrentSession()
    {
        if ($this->userSession->isLogged()) {
            foreach ($this->filterProviders('SessionCheckProviderInterface') as $provider) {
                if (! $provider->isValidSession()) {
                    $this->logger->debug('Invalidate session for '.$this->userSession->getUsername());
                    session_flush();
                    $this->preAuthentication();
                    return false;
                }
            }
        }

        return true;
    }

    /**
     * Execute pre-authentication providers
     *
     * @access public
     * @return boolean
     */
    public function preAuthentication()
    {
        foreach ($this->filterProviders('PreAuthenticationProviderInterface') as $provider) {
            if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) {
                $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName()));
                return true;
            }
        }

        return false;
    }

    /**
     * Execute username/password authentication providers
     *
     * @access public
     * @param  string  $username
     * @param  string  $password
     * @param  boolean $fireEvent
     * @return boolean
     */
    public function passwordAuthentication($username, $password, $fireEvent = true)
    {
        foreach ($this->filterProviders('PasswordAuthenticationProviderInterface') as $provider) {
            $provider->setUsername($username);
            $provider->setPassword($password);

            if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) {
                if ($fireEvent) {
                    $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName()));
                }

                return true;
            }
        }

        if ($fireEvent) {
            $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent($username));
        }

        return false;
    }

    /**
     * Perform OAuth2 authentication
     *
     * @access public
     * @param  string  $name
     * @return boolean
     */
    public function oauthAuthentication($name)
    {
        $provider = $this->getProvider($name);

        if ($provider->authenticate() && $this->userProfile->initialize($provider->getUser())) {
            $this->dispatcher->dispatch(self::EVENT_SUCCESS, new AuthSuccessEvent($provider->getName()));
            return true;
        }

        $this->dispatcher->dispatch(self::EVENT_FAILURE, new AuthFailureEvent);

        return false;
    }

    /**
     * Get the last Post-Authentication provider
     *
     * @access public
     * @return PostAuthenticationProviderInterface
     */
    public function getPostAuthenticationProvider()
    {
        $providers = $this->filterProviders('PostAuthenticationProviderInterface');

        if (empty($providers)) {
            throw new LogicException('You must have at least one Post-Authentication Provider configured');
        }

        return array_pop($providers);
    }

    /**
     * Filter registered providers by interface type
     *
     * @access private
     * @param  string $interface
     * @return array
     */
    private function filterProviders($interface)
    {
        $interface = '\Kanboard\Core\Security\\'.$interface;

        return array_filter($this->providers, function(AuthenticationProviderInterface $provider) use ($interface) {
            return is_a($provider, $interface);
        });
    }
}