fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
This commit is contained in:
parent
fc2e0bf67b
commit
51d2deeea9
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
class Auth_Base {
|
abstract class Auth_Base extends Plugin implements IAuthModule {
|
||||||
private $pdo;
|
protected $pdo;
|
||||||
|
|
||||||
const AUTH_SERVICE_API = '_api';
|
const AUTH_SERVICE_API = '_api';
|
||||||
|
|
||||||
|
@ -8,18 +8,9 @@ class Auth_Base {
|
||||||
$this->pdo = Db::pdo();
|
$this->pdo = Db::pdo();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
// compatibility wrapper, because of how pluginhost works (hook name == method name)
|
||||||
* @SuppressWarnings(unused)
|
function hook_auth_user(...$args) {
|
||||||
*/
|
return $this->authenticate(...$args);
|
||||||
function check_password($owner_uid, $password, $service = '') {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @SuppressWarnings(unused)
|
|
||||||
*/
|
|
||||||
function authenticate($login, $password, $service = '') {
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Auto-creates specified user if allowed by system configuration
|
// Auto-creates specified user if allowed by system configuration
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
interface IAuthModule {
|
interface IAuthModule {
|
||||||
function authenticate($login, $password); // + optional third parameter: $service
|
function authenticate($login, $password); // + optional third parameter: $service
|
||||||
|
function hook_auth_user(...$args); // compatibility wrapper due to how hooks work
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,15 +7,15 @@ class UserHelper {
|
||||||
$user_id = false;
|
$user_id = false;
|
||||||
$auth_module = false;
|
$auth_module = false;
|
||||||
|
|
||||||
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) {
|
PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_AUTH_USER,
|
||||||
|
function ($result, $plugin) use (&$user_id, &$auth_module) {
|
||||||
$user_id = (int) $plugin->authenticate($login, $password, $service);
|
if ($result) {
|
||||||
|
$user_id = (int)$result;
|
||||||
if ($user_id) {
|
|
||||||
$auth_module = strtolower(get_class($plugin));
|
$auth_module = strtolower(get_class($plugin));
|
||||||
break;
|
return true;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
$login, $password, $service);
|
||||||
|
|
||||||
if ($user_id && !$check_only) {
|
if ($user_id && !$check_only) {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
class Auth_Internal extends Plugin implements IAuthModule {
|
class Auth_Internal extends Auth_Base {
|
||||||
|
|
||||||
private $host;
|
private $host;
|
||||||
|
|
||||||
|
@ -13,7 +13,6 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
||||||
/* @var PluginHost $host */
|
/* @var PluginHost $host */
|
||||||
function init($host) {
|
function init($host) {
|
||||||
$this->host = $host;
|
$this->host = $host;
|
||||||
$this->pdo = Db::pdo();
|
|
||||||
|
|
||||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||||
}
|
}
|
||||||
|
@ -178,7 +177,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_password($owner_uid, $password) {
|
function check_password($owner_uid, $password, $service = '') {
|
||||||
|
|
||||||
$sth = $this->pdo->prepare("SELECT salt,login,otp_enabled FROM ttrss_users WHERE
|
$sth = $this->pdo->prepare("SELECT salt,login,otp_enabled FROM ttrss_users WHERE
|
||||||
id = ?");
|
id = ?");
|
||||||
|
@ -189,6 +188,11 @@ class Auth_Internal extends Plugin implements IAuthModule {
|
||||||
$salt = $row['salt'];
|
$salt = $row['salt'];
|
||||||
$login = $row['login'];
|
$login = $row['login'];
|
||||||
|
|
||||||
|
// check app password only if service is specified
|
||||||
|
if ($service && get_schema_version() > 138) {
|
||||||
|
return $this->check_app_password($login, $password, $service);
|
||||||
|
}
|
||||||
|
|
||||||
if (!$salt) {
|
if (!$salt) {
|
||||||
$password_hash1 = encrypt_password($password);
|
$password_hash1 = encrypt_password($password);
|
||||||
$password_hash2 = encrypt_password($password, $login);
|
$password_hash2 = encrypt_password($password, $login);
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
class Auth_Remote extends Plugin implements IAuthModule {
|
class Auth_Remote extends Auth_Base {
|
||||||
|
|
||||||
private $host;
|
private $host;
|
||||||
/* @var Auth_Base $base */
|
|
||||||
private $base;
|
|
||||||
|
|
||||||
function about() {
|
function about() {
|
||||||
return array(1.0,
|
return array(1.0,
|
||||||
|
@ -15,7 +13,6 @@ class Auth_Remote extends Plugin implements IAuthModule {
|
||||||
/* @var PluginHost $host */
|
/* @var PluginHost $host */
|
||||||
function init($host) {
|
function init($host) {
|
||||||
$this->host = $host;
|
$this->host = $host;
|
||||||
$this->base = new Auth_Base();
|
|
||||||
|
|
||||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||||
}
|
}
|
||||||
|
@ -53,7 +50,7 @@ class Auth_Remote extends Plugin implements IAuthModule {
|
||||||
if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
|
if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
|
||||||
|
|
||||||
if ($try_login) {
|
if ($try_login) {
|
||||||
$user_id = $this->base->auto_create_user($try_login, $password);
|
$user_id = $this->auto_create_user($try_login, $password);
|
||||||
|
|
||||||
if ($user_id) {
|
if ($user_id) {
|
||||||
$_SESSION["fake_login"] = $try_login;
|
$_SESSION["fake_login"] = $try_login;
|
||||||
|
|
Loading…
Reference in New Issue