AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rewrite of the authentication and authorization system

Browse Source
This commit is contained in:
Frederic Guillot
2015-12-05 20:31:27 -05:00
parent 346b8312e5
commit e9fedf3e5c
255 changed files with 14114 additions and 9820 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
app/ServiceProvider/AuthenticationProvider.php Normal file
View File

@@ -0,0 +1,149 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Core\Security\AuthenticationManager;
use Kanboard\Core\Security\AccessMap;
use Kanboard\Core\Security\Authorization;
use Kanboard\Core\Security\Role;
use Kanboard\Auth\RememberMeAuth;
use Kanboard\Auth\DatabaseAuth;
use Kanboard\Auth\LdapAuth;
use Kanboard\Auth\GitlabAuth;
use Kanboard\Auth\GithubAuth;
use Kanboard\Auth\GoogleAuth;
use Kanboard\Auth\TotpAuth;
use Kanboard\Auth\ReverseProxyAuth;
/**
* Authentication Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class AuthenticationProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['authenticationManager'] = new AuthenticationManager($container);
$container['authenticationManager']->register(new TotpAuth($container));
$container['authenticationManager']->register(new RememberMeAuth($container));
$container['authenticationManager']->register(new DatabaseAuth($container));
if (REVERSE_PROXY_AUTH) {
$container['authenticationManager']->register(new ReverseProxyAuth($container));
}
if (LDAP_AUTH) {
$container['authenticationManager']->register(new LdapAuth($container));
}
if (GITLAB_AUTH) {
$container['authenticationManager']->register(new GitlabAuth($container));
}
if (GITHUB_AUTH) {
$container['authenticationManager']->register(new GithubAuth($container));
}
if (GOOGLE_AUTH) {
$container['authenticationManager']->register(new GoogleAuth($container));
}
$container['projectAccessMap'] = $this->getProjectAccessMap();
$container['applicationAccessMap'] = $this->getApplicationAccessMap();
$container['projectAuthorization'] = new Authorization($container['projectAccessMap']);
$container['applicationAuthorization'] = new Authorization($container['applicationAccessMap']);
return $container;
}
/**
* Get ACL for projects
*
* @access public
* @return AccessMap
*/
public function getProjectAccessMap()
{
$acl = new AccessMap;
$acl->setDefaultRole(Role::PROJECT_VIEWER);
$acl->setRoleHierarchy(Role::PROJECT_MANAGER, array(Role::PROJECT_MEMBER, Role::PROJECT_VIEWER));
$acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER));
$acl->add('Action', '*', Role::PROJECT_MANAGER);
$acl->add('Analytic', '*', Role::PROJECT_MANAGER);
$acl->add('Board', 'save', Role::PROJECT_MEMBER);
$acl->add('BoardPopover', '*', Role::PROJECT_MEMBER);
$acl->add('Calendar', 'save', Role::PROJECT_MEMBER);
$acl->add('Category', '*', Role::PROJECT_MANAGER);
$acl->add('Column', '*', Role::PROJECT_MANAGER);
$acl->add('Comment', '*', Role::PROJECT_MEMBER);
$acl->add('Customfilter', '*', Role::PROJECT_MEMBER);
$acl->add('Export', '*', Role::PROJECT_MANAGER);
$acl->add('File', array('screenshot', 'create', 'save', 'remove', 'confirm'), Role::PROJECT_MEMBER);
$acl->add('Gantt', '*', Role::PROJECT_MANAGER);
$acl->add('Project', array('share', 'integrations', 'notifications', 'edit', 'update', 'duplicate', 'disable', 'enable', 'remove'), Role::PROJECT_MANAGER);
$acl->add('ProjectPermission', '*', Role::PROJECT_MANAGER);
$acl->add('Projectuser', '*', Role::PROJECT_MANAGER);
$acl->add('Subtask', '*', Role::PROJECT_MEMBER);
$acl->add('Swimlane', '*', Role::PROJECT_MANAGER);
$acl->add('Task', 'remove', Role::PROJECT_MEMBER);
$acl->add('Taskcreation', '*', Role::PROJECT_MEMBER);
$acl->add('Taskduplication', '*', Role::PROJECT_MEMBER);
$acl->add('TaskImport', '*', Role::PROJECT_MANAGER);
$acl->add('Tasklink', '*', Role::PROJECT_MEMBER);
$acl->add('Taskmodification', '*', Role::PROJECT_MEMBER);
$acl->add('Taskstatus', '*', Role::PROJECT_MEMBER);
$acl->add('Timer', '*', Role::PROJECT_MEMBER);
return $acl;
}
/**
* Get ACL for the application
*
* @access public
* @return AccessMap
*/
public function getApplicationAccessMap()
{
$acl = new AccessMap;
$acl->setDefaultRole(Role::APP_USER);
$acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
$acl->add('Oauth', array('google', 'github', 'gitlab'), Role::APP_PUBLIC);
$acl->add('Auth', array('login', 'check', 'captcha'), Role::APP_PUBLIC);
$acl->add('Webhook', '*', Role::APP_PUBLIC);
$acl->add('Task', 'readonly', Role::APP_PUBLIC);
$acl->add('Board', 'readonly', Role::APP_PUBLIC);
$acl->add('Ical', '*', Role::APP_PUBLIC);
$acl->add('Feed', '*', Role::APP_PUBLIC);
$acl->add('Config', '*', Role::APP_ADMIN);
$acl->add('Currency', '*', Role::APP_ADMIN);
$acl->add('Gantt', '*', Role::APP_MANAGER);
$acl->add('Group', '*', Role::APP_ADMIN);
$acl->add('Link', '*', Role::APP_ADMIN);
$acl->add('Project', array('users', 'allowEverybody', 'allow', 'role', 'revoke', 'create'), Role::APP_MANAGER);
$acl->add('ProjectPermission', '*', Role::APP_MANAGER);
$acl->add('Projectuser', '*', Role::APP_MANAGER);
$acl->add('Twofactor', 'disable', Role::APP_ADMIN);
$acl->add('UserImport', '*', Role::APP_ADMIN);
$acl->add('User', array('index', 'create', 'save', 'authentication', 'remove'), Role::APP_ADMIN);
return $acl;
}
}

40
app/ServiceProvider/ClassProvider.php
View File

@@ -5,23 +5,17 @@ namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use League\HTMLToMarkdown\HtmlConverter;
use Kanboard\Core\Plugin\Loader;
use Kanboard\Core\Mail\Client as EmailClient;
use Kanboard\Core\ObjectStorage\FileStorage;
use Kanboard\Core\Paginator;
use Kanboard\Core\OAuth2;
use Kanboard\Core\Http\OAuth2;
use Kanboard\Core\Tool;
use Kanboard\Core\Http\Client as HttpClient;
use Kanboard\Model\UserNotificationType;
use Kanboard\Model\ProjectNotificationType;
use Kanboard\Notification\Mail as MailNotification;
use Kanboard\Notification\Web as WebNotification;
class ClassProvider implements ServiceProviderInterface
{
private $classes = array(
'Model' => array(
'Acl',
'Action',
'Authentication',
'Board',
@@ -47,6 +41,9 @@ class ClassProvider implements ServiceProviderInterface
'ProjectPermission',
'ProjectNotification',
'ProjectMetadata',
'ProjectGroupRole',
'ProjectUserRole',
'RememberMeSession',
'Subtask',
'SubtaskExport',
'SubtaskTimeTracking',
@@ -69,7 +66,7 @@ class ClassProvider implements ServiceProviderInterface
'Transition',
'User',
'UserImport',
'UserSession',
'UserLocking',
'UserNotification',
'UserNotificationType',
'UserNotificationFilter',
@@ -82,6 +79,8 @@ class ClassProvider implements ServiceProviderInterface
'TaskFilterCalendarFormatter',
'TaskFilterICalendarFormatter',
'ProjectGanttFormatter',
'UserFilterAutoCompleteFormatter',
'GroupAutoCompleteFormatter',
),
'Core' => array(
'DateParser',
@@ -92,7 +91,7 @@ class ClassProvider implements ServiceProviderInterface
'Core\Http' => array(
'Request',
'Response',
'Router',
'RememberMeCookie',
),
'Core\Cache' => array(
'MemoryCache',
@@ -102,6 +101,13 @@ class ClassProvider implements ServiceProviderInterface
),
'Core\Security' => array(
'Token',
'Role',
),
'Core\User' => array(
'GroupSync',
'UserSync',
'UserSession',
'UserProfile',
),
'Integration' => array(
'BitbucketWebhook',
@@ -142,22 +148,6 @@ class ClassProvider implements ServiceProviderInterface
return $mailer;
};
$container['userNotificationType'] = function ($container) {
$type = new UserNotificationType($container);
$type->setType(MailNotification::TYPE, t('Email'), '\Kanboard\Notification\Mail');
$type->setType(WebNotification::TYPE, t('Web'), '\Kanboard\Notification\Web');
return $type;
};
$container['projectNotificationType'] = function ($container) {
$type = new ProjectNotificationType($container);
$type->setType('webhook', 'Webhook', '\Kanboard\Notification\Webhook', true);
$type->setType('activity_stream', 'ActivityStream', '\Kanboard\Notification\ActivityStream', true);
return $type;
};
$container['pluginLoader'] = new Loader($container);
$container['cspRules'] = array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:');
return $container;

37
app/ServiceProvider/GroupProvider.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Core\Group\GroupManager;
use Kanboard\Group\DatabaseBackendGroupProvider;
use Kanboard\Group\LdapBackendGroupProvider;
/**
* Group Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class GroupProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['groupManager'] = new GroupManager;
$container['groupManager']->register(new DatabaseBackendGroupProvider($container));
if (LDAP_AUTH && LDAP_GROUP_PROVIDER) {
$container['groupManager']->register(new LdapBackendGroupProvider($container));
}
return $container;
}
}

45
app/ServiceProvider/NotificationProvider.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Model\UserNotificationType;
use Kanboard\Model\ProjectNotificationType;
use Kanboard\Notification\Mail as MailNotification;
use Kanboard\Notification\Web as WebNotification;
/**
* Notification Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class NotificationProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['userNotificationType'] = function ($container) {
$type = new UserNotificationType($container);
$type->setType(MailNotification::TYPE, t('Email'), '\Kanboard\Notification\Mail');
$type->setType(WebNotification::TYPE, t('Web'), '\Kanboard\Notification\Web');
return $type;
};
$container['projectNotificationType'] = function ($container) {
$type = new ProjectNotificationType($container);
$type->setType('webhook', 'Webhook', '\Kanboard\Notification\Webhook', true);
$type->setType('activity_stream', 'ActivityStream', '\Kanboard\Notification\ActivityStream', true);
return $type;
};
return $container;
}
}

31
app/ServiceProvider/PluginProvider.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Core\Plugin\Loader;
/**
* Plugin Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class PluginProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['pluginLoader'] = new Loader($container);
$container['pluginLoader']->scan();
return $container;
}
}

151
app/ServiceProvider/RouteProvider.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
namespace Kanboard\ServiceProvider;
use Pimple\Container;
use Pimple\ServiceProviderInterface;
use Kanboard\Core\Http\Router;
/**
* Route Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class RouteProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['router'] = new Router($container);
if (ENABLE_URL_REWRITE) {
// Dashboard
$container['router']->addRoute('dashboard', 'app', 'index');
$container['router']->addRoute('dashboard/:user_id', 'app', 'index', array('user_id'));
$container['router']->addRoute('dashboard/:user_id/projects', 'app', 'projects', array('user_id'));
$container['router']->addRoute('dashboard/:user_id/tasks', 'app', 'tasks', array('user_id'));
$container['router']->addRoute('dashboard/:user_id/subtasks', 'app', 'subtasks', array('user_id'));
$container['router']->addRoute('dashboard/:user_id/calendar', 'app', 'calendar', array('user_id'));
$container['router']->addRoute('dashboard/:user_id/activity', 'app', 'activity', array('user_id'));
// Search routes
$container['router']->addRoute('search', 'search', 'index');
$container['router']->addRoute('search/:search', 'search', 'index', array('search'));
// Project routes
$container['router']->addRoute('projects', 'project', 'index');
$container['router']->addRoute('project/create', 'project', 'create');
$container['router']->addRoute('project/create/:private', 'project', 'create', array('private'));
$container['router']->addRoute('project/:project_id', 'project', 'show', array('project_id'));
$container['router']->addRoute('p/:project_id', 'project', 'show', array('project_id'));
$container['router']->addRoute('project/:project_id/customer-filter', 'customfilter', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/share', 'project', 'share', array('project_id'));
$container['router']->addRoute('project/:project_id/notifications', 'project', 'notifications', array('project_id'));
$container['router']->addRoute('project/:project_id/edit', 'project', 'edit', array('project_id'));
$container['router']->addRoute('project/:project_id/integrations', 'project', 'integrations', array('project_id'));
$container['router']->addRoute('project/:project_id/duplicate', 'project', 'duplicate', array('project_id'));
$container['router']->addRoute('project/:project_id/remove', 'project', 'remove', array('project_id'));
$container['router']->addRoute('project/:project_id/disable', 'project', 'disable', array('project_id'));
$container['router']->addRoute('project/:project_id/enable', 'project', 'enable', array('project_id'));
$container['router']->addRoute('project/:project_id/permissions', 'ProjectPermission', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/import', 'taskImport', 'step1', array('project_id'));
// Action routes
$container['router']->addRoute('project/:project_id/actions', 'action', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/action/:action_id/confirm', 'action', 'confirm', array('project_id', 'action_id'));
// Column routes
$container['router']->addRoute('project/:project_id/columns', 'column', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/column/:column_id/edit', 'column', 'edit', array('project_id', 'column_id'));
$container['router']->addRoute('project/:project_id/column/:column_id/confirm', 'column', 'confirm', array('project_id', 'column_id'));
$container['router']->addRoute('project/:project_id/column/:column_id/move/:direction', 'column', 'move', array('project_id', 'column_id', 'direction'));
// Swimlane routes
$container['router']->addRoute('project/:project_id/swimlanes', 'swimlane', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/edit', 'swimlane', 'edit', array('project_id', 'swimlane_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/confirm', 'swimlane', 'confirm', array('project_id', 'swimlane_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/disable', 'swimlane', 'disable', array('project_id', 'swimlane_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/enable', 'swimlane', 'enable', array('project_id', 'swimlane_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/up', 'swimlane', 'moveup', array('project_id', 'swimlane_id'));
$container['router']->addRoute('project/:project_id/swimlane/:swimlane_id/down', 'swimlane', 'movedown', array('project_id', 'swimlane_id'));
// Category routes
$container['router']->addRoute('project/:project_id/categories', 'category', 'index', array('project_id'));
$container['router']->addRoute('project/:project_id/category/:category_id/edit', 'category', 'edit', array('project_id', 'category_id'));
$container['router']->addRoute('project/:project_id/category/:category_id/confirm', 'category', 'confirm', array('project_id', 'category_id'));
// Task routes
$container['router']->addRoute('project/:project_id/task/:task_id', 'task', 'show', array('project_id', 'task_id'));
$container['router']->addRoute('t/:task_id', 'task', 'show', array('task_id'));
$container['router']->addRoute('public/task/:task_id/:token', 'task', 'readonly', array('task_id', 'token'));
$container['router']->addRoute('project/:project_id/task/:task_id/activity', 'activity', 'task', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/screenshot', 'file', 'screenshot', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/upload', 'file', 'create', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/comment', 'comment', 'create', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/link', 'tasklink', 'create', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/transitions', 'task', 'transitions', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/analytics', 'task', 'analytics', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/remove', 'task', 'remove', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/edit', 'taskmodification', 'edit', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/description', 'taskmodification', 'description', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/recurrence', 'taskmodification', 'recurrence', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/close', 'taskstatus', 'close', array('task_id', 'project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/open', 'taskstatus', 'open', array('task_id', 'project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/duplicate', 'taskduplication', 'duplicate', array('task_id', 'project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/copy', 'taskduplication', 'copy', array('task_id', 'project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/copy/:dst_project_id', 'taskduplication', 'copy', array('task_id', 'project_id', 'dst_project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/move', 'taskduplication', 'move', array('task_id', 'project_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/move/:dst_project_id', 'taskduplication', 'move', array('task_id', 'project_id', 'dst_project_id'));
// Board routes
$container['router']->addRoute('board/:project_id', 'board', 'show', array('project_id'));
$container['router']->addRoute('b/:project_id', 'board', 'show', array('project_id'));
$container['router']->addRoute('public/board/:token', 'board', 'readonly', array('token'));
// Calendar routes
$container['router']->addRoute('calendar/:project_id', 'calendar', 'show', array('project_id'));
$container['router']->addRoute('c/:project_id', 'calendar', 'show', array('project_id'));
// Listing routes
$container['router']->addRoute('list/:project_id', 'listing', 'show', array('project_id'));
$container['router']->addRoute('l/:project_id', 'listing', 'show', array('project_id'));
// Gantt routes
$container['router']->addRoute('gantt/:project_id', 'gantt', 'project', array('project_id'));
$container['router']->addRoute('gantt/:project_id/sort/:sorting', 'gantt', 'project', array('project_id', 'sorting'));
// Subtask routes
$container['router']->addRoute('project/:project_id/task/:task_id/subtask/create', 'subtask', 'create', array('project_id', 'task_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/subtask/:subtask_id/remove', 'subtask', 'confirm', array('project_id', 'task_id', 'subtask_id'));
$container['router']->addRoute('project/:project_id/task/:task_id/subtask/:subtask_id/edit', 'subtask', 'edit', array('project_id', 'task_id', 'subtask_id'));
// Feed routes
$container['router']->addRoute('feed/project/:token', 'feed', 'project', array('token'));
$container['router']->addRoute('feed/user/:token', 'feed', 'user', array('token'));
// Ical routes
$container['router']->addRoute('ical/project/:token', 'ical', 'project', array('token'));
$container['router']->addRoute('ical/user/:token', 'ical', 'user', array('token'));
// Auth routes
$container['router']->addRoute('oauth/google', 'oauth', 'google');
$container['router']->addRoute('oauth/github', 'oauth', 'github');
$container['router']->addRoute('oauth/gitlab', 'oauth', 'gitlab');
$container['router']->addRoute('login', 'auth', 'login');
$container['router']->addRoute('logout', 'auth', 'logout');
}
return $container;
}
}

13
app/ServiceProvider/SessionProvider.php
View File

@@ -8,8 +8,21 @@ use Kanboard\Core\Session\SessionManager;
use Kanboard\Core\Session\SessionStorage;
use Kanboard\Core\Session\FlashMessage;
/**
* Session Provider
*
* @package serviceProvider
* @author Frederic Guillot
*/
class SessionProvider implements ServiceProviderInterface
{
/**
* Register providers
*
* @access public
* @param \Pimple\Container $container
* @return \Pimple\Container
*/
public function register(Container $container)
{
$container['sessionStorage'] = function() {