move authentication modules to plugins/
This commit is contained in:
parent
61261e45b9
commit
0f28f81f89
|
@ -0,0 +1,5 @@
|
||||||
|
<?php
|
||||||
|
interface IAuthModule {
|
||||||
|
function authenticate($login, $password);
|
||||||
|
}
|
||||||
|
?>
|
|
@ -13,6 +13,7 @@ class PluginHost {
|
||||||
const HOOK_PREFS_TABS = 5;
|
const HOOK_PREFS_TABS = 5;
|
||||||
const HOOK_FEED_PARSED = 6;
|
const HOOK_FEED_PARSED = 6;
|
||||||
const HOOK_UPDATE_TASK = 7;
|
const HOOK_UPDATE_TASK = 7;
|
||||||
|
const HOOK_AUTH_USER = 8;
|
||||||
|
|
||||||
const KIND_ALL = 1;
|
const KIND_ALL = 1;
|
||||||
const KIND_SYSTEM = 2;
|
const KIND_SYSTEM = 2;
|
||||||
|
|
|
@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
global $pluginhost;
|
||||||
$authenticator = new $module_class($this->link);
|
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||||
|
|
||||||
if (method_exists($authenticator, "change_password")) {
|
if (method_exists($authenticator, "change_password")) {
|
||||||
print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
|
print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
|
||||||
|
@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
|
|
||||||
print "</form>";
|
print "</form>";
|
||||||
|
|
||||||
if ($_SESSION["auth_module"]) {
|
if ($_SESSION["auth_module"]) {
|
||||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
global $pluginhost;
|
||||||
$authenticator = new $module_class($this->link);
|
|
||||||
|
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$authenticator = false;
|
$authenticator = false;
|
||||||
}
|
}
|
||||||
|
@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
|
|
||||||
print "</form>";
|
print "</form>";
|
||||||
|
|
||||||
if ($_SESSION["auth_module"] == "internal") {
|
if ($_SESSION["auth_module"] == "auth_internal") {
|
||||||
|
|
||||||
print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
|
print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
|
||||||
|
|
||||||
|
@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
|
|
||||||
function otpenable() {
|
function otpenable() {
|
||||||
$password = db_escape_string($_REQUEST["password"]);
|
$password = db_escape_string($_REQUEST["password"]);
|
||||||
|
|
||||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
|
||||||
$authenticator = new $module_class($this->link);
|
|
||||||
$enable_otp = $_REQUEST["enable_otp"] == "on";
|
$enable_otp = $_REQUEST["enable_otp"] == "on";
|
||||||
|
|
||||||
|
global $pluginhost;
|
||||||
|
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||||
|
|
||||||
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
||||||
|
|
||||||
if ($enable_otp) {
|
if ($enable_otp) {
|
||||||
|
@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected {
|
||||||
function otpdisable() {
|
function otpdisable() {
|
||||||
$password = db_escape_string($_REQUEST["password"]);
|
$password = db_escape_string($_REQUEST["password"]);
|
||||||
|
|
||||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
global $pluginhost;
|
||||||
$authenticator = new $module_class($this->link);
|
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||||
|
|
||||||
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
||||||
|
|
||||||
|
|
|
@ -52,15 +52,7 @@
|
||||||
// *** Authentication ***
|
// *** Authentication ***
|
||||||
// **********************
|
// **********************
|
||||||
|
|
||||||
define('AUTH_MODULES', 'internal');
|
// Please see PLUGINS below to configure various authentication modules.
|
||||||
// Comma-separated list of authentication modules to use.
|
|
||||||
// Available modules are:
|
|
||||||
// internal - tt-rss internal user DB
|
|
||||||
// remote - use server REMOTE_USER variable or client SSL certificate if enabled
|
|
||||||
// imap - authenticates using an IMAP server (check classes/auth/imap.php for some
|
|
||||||
// stuff you need to put into config.php)
|
|
||||||
// in preferences
|
|
||||||
//
|
|
||||||
|
|
||||||
define('AUTH_AUTO_CREATE', true);
|
define('AUTH_AUTO_CREATE', true);
|
||||||
// Allow authentication modules to auto-create users in tt-rss internal
|
// Allow authentication modules to auto-create users in tt-rss internal
|
||||||
|
@ -173,9 +165,10 @@
|
||||||
// if you experience weird errors and tt-rss failing to start, blank pages
|
// if you experience weird errors and tt-rss failing to start, blank pages
|
||||||
// after login, or content encoding errors, disable it.
|
// after login, or content encoding errors, disable it.
|
||||||
|
|
||||||
define('PLUGINS', 'note');
|
define('PLUGINS', 'auth_remote, auth_internal, note');
|
||||||
// Comma-separated list of plugins to load automatically for all users.
|
// Comma-separated list of plugins to load automatically for all users.
|
||||||
// System plugins have to be specified here.
|
// System plugins have to be specified here. Please enable at least one
|
||||||
|
// authentication plugin here (auth_*).
|
||||||
// Users may enable other user plugins from Preferences/Plugins but may not
|
// Users may enable other user plugins from Preferences/Plugins but may not
|
||||||
// disable plugins specified in this list.
|
// disable plugins specified in this list.
|
||||||
|
|
||||||
|
|
|
@ -547,7 +547,7 @@
|
||||||
if (!SINGLE_USER_MODE) {
|
if (!SINGLE_USER_MODE) {
|
||||||
|
|
||||||
$user_id = false;
|
$user_id = false;
|
||||||
$modules = explode(",", AUTH_MODULES);
|
/* $modules = explode(",", AUTH_MODULES);
|
||||||
|
|
||||||
foreach ($modules as $module) {
|
foreach ($modules as $module) {
|
||||||
$module_class = "auth_$module";
|
$module_class = "auth_$module";
|
||||||
|
@ -565,6 +565,17 @@
|
||||||
print T_sprintf("Fatal: authentication module %s not found.", $module);
|
print T_sprintf("Fatal: authentication module %s not found.", $module);
|
||||||
die;
|
die;
|
||||||
}
|
}
|
||||||
|
} */
|
||||||
|
|
||||||
|
global $pluginhost;
|
||||||
|
foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) {
|
||||||
|
|
||||||
|
$user_id = (int) $plugin->authenticate($login, $password);
|
||||||
|
|
||||||
|
if ($user_id) {
|
||||||
|
$_SESSION["auth_module"] = strtolower(get_class($plugin));
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user_id && !$check_only) {
|
if ($user_id && !$check_only) {
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
<?php # This file has been generated at: Mon Dec 24 13:27:42 MSK 2012
|
<?php # This file has been generated at: Thu Dec 27 15:13:04 MSK 2012
|
||||||
define('GENERATED_CONFIG_CHECK', 26);
|
define('GENERATED_CONFIG_CHECK', 26);
|
||||||
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_MODULES', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
|
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
|
||||||
|
|
|
@ -6,9 +6,27 @@
|
||||||
define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
|
define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
|
||||||
// More about options: http://php.net/manual/ru/function.imap-open.php
|
// More about options: http://php.net/manual/ru/function.imap-open.php
|
||||||
|
|
||||||
*/
|
*/
|
||||||
|
class Auth_Imap extends Plugin implements IAuthModule {
|
||||||
|
|
||||||
class Auth_Imap extends Auth_Base {
|
private $link;
|
||||||
|
private $host;
|
||||||
|
private $base;
|
||||||
|
|
||||||
|
function about() {
|
||||||
|
return array(1.0,
|
||||||
|
"Authenticates against an IMAP server (configured in config.php)",
|
||||||
|
"fox",
|
||||||
|
true);
|
||||||
|
}
|
||||||
|
|
||||||
|
function init($host) {
|
||||||
|
$this->link = $host->get_link();
|
||||||
|
$this->host = $host;
|
||||||
|
$this->base = new Auth_Base($this->link);
|
||||||
|
|
||||||
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||||
|
}
|
||||||
|
|
||||||
function authenticate($login, $password) {
|
function authenticate($login, $password) {
|
||||||
|
|
||||||
|
@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base {
|
||||||
if ($imap) {
|
if ($imap) {
|
||||||
imap_close($imap);
|
imap_close($imap);
|
||||||
|
|
||||||
return $this->auto_create_user($login);
|
return $this->base->auto_create_user($login);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
|
@ -1,5 +1,22 @@
|
||||||
<?php
|
<?php
|
||||||
class Auth_Internal extends Auth_Base {
|
class Auth_Internal extends Plugin implements IAuthModule {
|
||||||
|
|
||||||
|
private $link;
|
||||||
|
private $host;
|
||||||
|
|
||||||
|
function about() {
|
||||||
|
return array(1.0,
|
||||||
|
"Authenticates against internal tt-rss database",
|
||||||
|
"fox",
|
||||||
|
true);
|
||||||
|
}
|
||||||
|
|
||||||
|
function init($host) {
|
||||||
|
$this->link = $host->get_link();
|
||||||
|
$this->host = $host;
|
||||||
|
|
||||||
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||||
|
}
|
||||||
|
|
||||||
function authenticate($login, $password) {
|
function authenticate($login, $password) {
|
||||||
|
|
|
@ -1,5 +1,25 @@
|
||||||
<?php
|
<?php
|
||||||
class Auth_Remote extends Auth_Base {
|
class Auth_Remote extends Plugin implements IAuthModule {
|
||||||
|
|
||||||
|
private $link;
|
||||||
|
private $host;
|
||||||
|
private $base;
|
||||||
|
|
||||||
|
function about() {
|
||||||
|
return array(1.0,
|
||||||
|
"Authenticates against remote password (e.g. supplied by Apache)",
|
||||||
|
"fox",
|
||||||
|
true);
|
||||||
|
}
|
||||||
|
|
||||||
|
function init($host) {
|
||||||
|
$this->link = $host->get_link();
|
||||||
|
$this->host = $host;
|
||||||
|
$this->base = new Auth_Base($this->link);
|
||||||
|
|
||||||
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||||
|
}
|
||||||
|
|
||||||
function get_login_by_ssl_certificate() {
|
function get_login_by_ssl_certificate() {
|
||||||
$cert_serial = db_escape_string(get_ssl_certificate_id());
|
$cert_serial = db_escape_string(get_ssl_certificate_id());
|
||||||
|
|
||||||
|
@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base {
|
||||||
# if (!$try_login) $try_login = "test_qqq";
|
# if (!$try_login) $try_login = "test_qqq";
|
||||||
|
|
||||||
if ($try_login) {
|
if ($try_login) {
|
||||||
$user_id = $this->auto_create_user($try_login);
|
$user_id = $this->base->auto_create_user($try_login);
|
||||||
|
|
||||||
if ($user_id) {
|
if ($user_id) {
|
||||||
$_SESSION["fake_login"] = $try_login;
|
$_SESSION["fake_login"] = $try_login;
|
Loading…
Reference in New Issue