move authentication modules to plugins/

This commit is contained in:
Andrew Dolgov 2012-12-27 15:14:44 +04:00
parent 61261e45b9
commit 0f28f81f89
9 changed files with 101 additions and 33 deletions

5
classes/iauthmodule.php Normal file
View File

@ -0,0 +1,5 @@
<?php
interface IAuthModule {
function authenticate($login, $password);
}
?>

View File

@ -13,6 +13,7 @@ class PluginHost {
const HOOK_PREFS_TABS = 5;
const HOOK_FEED_PARSED = 6;
const HOOK_UPDATE_TASK = 7;
const HOOK_AUTH_USER = 8;
const KIND_ALL = 1;
const KIND_SYSTEM = 2;

View File

@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected {
return;
}
$module_class = "auth_" . $_SESSION["auth_module"];
$authenticator = new $module_class($this->link);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if (method_exists($authenticator, "change_password")) {
print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected {
print "</form>";
if ($_SESSION["auth_module"]) {
$module_class = "auth_" . $_SESSION["auth_module"];
$authenticator = new $module_class($this->link);
if ($_SESSION["auth_module"]) {
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
} else {
$authenticator = false;
}
@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected {
print "</form>";
if ($_SESSION["auth_module"] == "internal") {
if ($_SESSION["auth_module"] == "auth_internal") {
print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected {
function otpenable() {
$password = db_escape_string($_REQUEST["password"]);
$module_class = "auth_" . $_SESSION["auth_module"];
$authenticator = new $module_class($this->link);
$enable_otp = $_REQUEST["enable_otp"] == "on";
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
if ($enable_otp) {
@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected {
function otpdisable() {
$password = db_escape_string($_REQUEST["password"]);
$module_class = "auth_" . $_SESSION["auth_module"];
$authenticator = new $module_class($this->link);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {

View File

@ -52,15 +52,7 @@
// *** Authentication ***
// **********************
define('AUTH_MODULES', 'internal');
// Comma-separated list of authentication modules to use.
// Available modules are:
// internal - tt-rss internal user DB
// remote - use server REMOTE_USER variable or client SSL certificate if enabled
// imap - authenticates using an IMAP server (check classes/auth/imap.php for some
// stuff you need to put into config.php)
// in preferences
//
// Please see PLUGINS below to configure various authentication modules.
define('AUTH_AUTO_CREATE', true);
// Allow authentication modules to auto-create users in tt-rss internal
@ -173,9 +165,10 @@
// if you experience weird errors and tt-rss failing to start, blank pages
// after login, or content encoding errors, disable it.
define('PLUGINS', 'note');
define('PLUGINS', 'auth_remote, auth_internal, note');
// Comma-separated list of plugins to load automatically for all users.
// System plugins have to be specified here.
// System plugins have to be specified here. Please enable at least one
// authentication plugin here (auth_*).
// Users may enable other user plugins from Preferences/Plugins but may not
// disable plugins specified in this list.

View File

@ -547,7 +547,7 @@
if (!SINGLE_USER_MODE) {
$user_id = false;
$modules = explode(",", AUTH_MODULES);
/* $modules = explode(",", AUTH_MODULES);
foreach ($modules as $module) {
$module_class = "auth_$module";
@ -565,6 +565,17 @@
print T_sprintf("Fatal: authentication module %s not found.", $module);
die;
}
} */
global $pluginhost;
foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) {
$user_id = (int) $plugin->authenticate($login, $password);
if ($user_id) {
$_SESSION["auth_module"] = strtolower(get_class($plugin));
break;
}
}
if ($user_id && !$check_only) {

View File

@ -1,3 +1,3 @@
<?php # This file has been generated at: Mon Dec 24 13:27:42 MSK 2012
<?php # This file has been generated at: Thu Dec 27 15:13:04 MSK 2012
define('GENERATED_CONFIG_CHECK', 26);
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_MODULES', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>

View File

@ -6,9 +6,27 @@
define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
// More about options: http://php.net/manual/ru/function.imap-open.php
*/
*/
class Auth_Imap extends Plugin implements IAuthModule {
class Auth_Imap extends Auth_Base {
private $link;
private $host;
private $base;
function about() {
return array(1.0,
"Authenticates against an IMAP server (configured in config.php)",
"fox",
true);
}
function init($host) {
$this->link = $host->get_link();
$this->host = $host;
$this->base = new Auth_Base($this->link);
$host->add_hook($host::HOOK_AUTH_USER, $this);
}
function authenticate($login, $password) {
@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base {
if ($imap) {
imap_close($imap);
return $this->auto_create_user($login);
return $this->base->auto_create_user($login);
}
}
@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base {
}
}
?>

View File

@ -1,5 +1,22 @@
<?php
class Auth_Internal extends Auth_Base {
class Auth_Internal extends Plugin implements IAuthModule {
private $link;
private $host;
function about() {
return array(1.0,
"Authenticates against internal tt-rss database",
"fox",
true);
}
function init($host) {
$this->link = $host->get_link();
$this->host = $host;
$host->add_hook($host::HOOK_AUTH_USER, $this);
}
function authenticate($login, $password) {

View File

@ -1,5 +1,25 @@
<?php
class Auth_Remote extends Auth_Base {
class Auth_Remote extends Plugin implements IAuthModule {
private $link;
private $host;
private $base;
function about() {
return array(1.0,
"Authenticates against remote password (e.g. supplied by Apache)",
"fox",
true);
}
function init($host) {
$this->link = $host->get_link();
$this->host = $host;
$this->base = new Auth_Base($this->link);
$host->add_hook($host::HOOK_AUTH_USER, $this);
}
function get_login_by_ssl_certificate() {
$cert_serial = db_escape_string(get_ssl_certificate_id());
@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base {
# if (!$try_login) $try_login = "test_qqq";
if ($try_login) {
$user_id = $this->auto_create_user($try_login);
$user_id = $this->base->auto_create_user($try_login);
if ($user_id) {
$_SESSION["fake_login"] = $try_login;