Authentication backends refactoring
This commit is contained in:
Frédéric Guillot
@@ -15,20 +15,16 @@ use Model\LastLogin;
|
||||
* @author Frederic Guillot
|
||||
*
|
||||
* @property \Model\Acl $acl
|
||||
* @property \Model\Authentication $authentication
|
||||
* @property \Model\Action $action
|
||||
* @property \Model\Board $board
|
||||
* @property \Model\Category $category
|
||||
* @property \Model\Comment $comment
|
||||
* @property \Model\Config $config
|
||||
* @property \Model\File $file
|
||||
* @property \Model\Google $google
|
||||
* @property \Model\GitHub $gitHub
|
||||
* @property \Model\LastLogin $lastLogin
|
||||
* @property \Model\Ldap $ldap
|
||||
* @property \Model\Notification $notification
|
||||
* @property \Model\Project $project
|
||||
* @property \Model\RememberMe $rememberMe
|
||||
* @property \Model\ReverseProxyAuth $reverseProxyAuth
|
||||
* @property \Model\SubTask $subTask
|
||||
* @property \Model\Task $task
|
||||
* @property \Model\User $user
|
||||
@@ -123,29 +119,8 @@ abstract class Base
|
||||
date_default_timezone_set($this->config->get('timezone', 'UTC'));
|
||||
|
||||
// Authentication
|
||||
if (! $this->acl->isLogged() && ! $this->acl->isPublicAction($controller, $action)) {
|
||||
|
||||
// Try the "remember me" authentication first
|
||||
if (! $this->rememberMe->authenticate()) {
|
||||
|
||||
// Automatic reverse proxy header authentication
|
||||
if(! (REVERSE_PROXY_AUTH && $this->reverseProxyAuth->authenticate()) ) {
|
||||
// Redirect to the login form if not authenticated
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
$this->lastLogin->create(
|
||||
LastLogin::AUTH_REMEMBER_ME,
|
||||
$this->acl->getUserId(),
|
||||
$this->user->getIpAddress(),
|
||||
$this->user->getUserAgent()
|
||||
);
|
||||
}
|
||||
}
|
||||
else if ($this->rememberMe->hasCookie()) {
|
||||
$this->rememberMe->refresh();
|
||||
if (! $this->authentication->isAuthenticated($controller, $action)) {
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
}
|
||||
|
||||
// Check if the user is allowed to see this page
|
||||
|
||||
@@ -28,7 +28,7 @@ class Config extends Base
|
||||
'menu' => 'config',
|
||||
'title' => t('Settings'),
|
||||
'timezones' => $this->config->getTimezones(),
|
||||
'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
|
||||
'remember_me_sessions' => $this->authentication->backend('rememberMe')->getAll($this->acl->getUserId()),
|
||||
'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
|
||||
)));
|
||||
}
|
||||
@@ -73,7 +73,7 @@ class Config extends Base
|
||||
'menu' => 'config',
|
||||
'title' => t('Settings'),
|
||||
'timezones' => $this->config->getTimezones(),
|
||||
'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
|
||||
'remember_me_sessions' => $this->authentication->backend('rememberMe')->getAll($this->acl->getUserId()),
|
||||
'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
|
||||
)));
|
||||
}
|
||||
@@ -124,7 +124,7 @@ class Config extends Base
|
||||
public function removeRememberMeToken()
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
$this->rememberMe->remove($this->request->getIntegerParam('id'));
|
||||
$this->authentication->backend('rememberMe')->remove($this->request->getIntegerParam('id'));
|
||||
$this->response->redirect('?controller=config&action=index#remember-me');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ class User extends Base
|
||||
public function logout()
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
$this->rememberMe->destroy($this->acl->getUserId());
|
||||
$this->authentication->backend('rememberMe')->destroy($this->acl->getUserId());
|
||||
$this->session->close();
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
}
|
||||
@@ -30,7 +30,7 @@ class User extends Base
|
||||
*/
|
||||
public function login()
|
||||
{
|
||||
if (isset($_SESSION['user'])) {
|
||||
if ($this->acl->isLogged()) {
|
||||
$this->response->redirect('?controller=app');
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ class User extends Base
|
||||
public function check()
|
||||
{
|
||||
$values = $this->request->getValues();
|
||||
list($valid, $errors) = $this->user->validateLogin($values);
|
||||
list($valid, $errors) = $this->authentication->validateForm($values);
|
||||
|
||||
if ($valid) {
|
||||
$this->response->redirect('?controller=app');
|
||||
@@ -249,14 +249,14 @@ class User extends Base
|
||||
|
||||
if ($code) {
|
||||
|
||||
$profile = $this->google->getGoogleProfile($code);
|
||||
$profile = $this->authentication->backend('google')->getGoogleProfile($code);
|
||||
|
||||
if (is_array($profile)) {
|
||||
|
||||
// If the user is already logged, link the account otherwise authenticate
|
||||
if ($this->acl->isLogged()) {
|
||||
|
||||
if ($this->google->updateUser($this->acl->getUserId(), $profile)) {
|
||||
if ($this->authentication->backend('google')->updateUser($this->acl->getUserId(), $profile)) {
|
||||
$this->session->flash(t('Your Google Account is linked to your profile successfully.'));
|
||||
}
|
||||
else {
|
||||
@@ -265,7 +265,7 @@ class User extends Base
|
||||
|
||||
$this->response->redirect('?controller=user');
|
||||
}
|
||||
else if ($this->google->authenticate($profile['id'])) {
|
||||
else if ($this->authentication->backend('google')->authenticate($profile['id'])) {
|
||||
$this->response->redirect('?controller=app');
|
||||
}
|
||||
else {
|
||||
@@ -279,7 +279,7 @@ class User extends Base
|
||||
}
|
||||
}
|
||||
|
||||
$this->response->redirect($this->google->getAuthorizationUrl());
|
||||
$this->response->redirect($this->authentication->backend('google')->getAuthorizationUrl());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -290,7 +290,7 @@ class User extends Base
|
||||
public function unlinkGoogle()
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
if ($this->google->unlink($this->acl->getUserId())) {
|
||||
if ($this->authentication->backend('google')->unlink($this->acl->getUserId())) {
|
||||
$this->session->flash(t('Your Google Account is not linked anymore to your profile.'));
|
||||
}
|
||||
else {
|
||||
@@ -310,14 +310,14 @@ class User extends Base
|
||||
$code = $this->request->getStringParam('code');
|
||||
|
||||
if ($code) {
|
||||
$profile = $this->gitHub->getGitHubProfile($code);
|
||||
$profile = $this->authentication->backend('gitHub')->getGitHubProfile($code);
|
||||
|
||||
if (is_array($profile)) {
|
||||
|
||||
// If the user is already logged, link the account otherwise authenticate
|
||||
if ($this->acl->isLogged()) {
|
||||
|
||||
if ($this->gitHub->updateUser($this->acl->getUserId(), $profile)) {
|
||||
if ($this->authentication->backend('gitHub')->updateUser($this->acl->getUserId(), $profile)) {
|
||||
$this->session->flash(t('Your GitHub account was successfully linked to your profile.'));
|
||||
}
|
||||
else {
|
||||
@@ -326,7 +326,7 @@ class User extends Base
|
||||
|
||||
$this->response->redirect('?controller=user');
|
||||
}
|
||||
else if ($this->gitHub->authenticate($profile['id'])) {
|
||||
else if ($this->authentication->backend('gitHub')->authenticate($profile['id'])) {
|
||||
$this->response->redirect('?controller=app');
|
||||
}
|
||||
else {
|
||||
@@ -340,7 +340,7 @@ class User extends Base
|
||||
}
|
||||
}
|
||||
|
||||
$this->response->redirect($this->gitHub->getAuthorizationUrl());
|
||||
$this->response->redirect($this->authentication->backend('gitHub')->getAuthorizationUrl());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -352,9 +352,9 @@ class User extends Base
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
|
||||
$this->gitHub->revokeGitHubAccess();
|
||||
$this->authentication->backend('gitHub')->revokeGitHubAccess();
|
||||
|
||||
if ($this->gitHub->unlink($this->acl->getUserId())) {
|
||||
if ($this->authentication->backend('gitHub')->unlink($this->acl->getUserId())) {
|
||||
$this->session->flash(t('Your GitHub account is no longer linked to your profile.'));
|
||||
}
|
||||
else {
|
||||
|
||||
Reference in New Issue
Block a user