Rewrite of the authentication and authorization system

This commit is contained in:
Frederic Guillot
2015-12-05 20:31:27 -05:00
parent 346b8312e5
commit e9fedf3e5c
255 changed files with 14114 additions and 9820 deletions

View File

@@ -0,0 +1,144 @@
<?php
namespace Kanboard\User;
use Kanboard\Core\User\UserProviderInterface;
use Kanboard\Core\Security\Role;
/**
* Database User Provider
*
* @package user
* @author Frederic Guillot
*/
class DatabaseUserProvider implements UserProviderInterface
{
/**
* User properties
*
* @access private
* @var array
*/
private $user = array();
/**
* Constructor
*
* @access public
* @param array $user
*/
public function __construct(array $user)
{
$this->user = $user;
}
/**
* Return true to allow automatic user creation
*
* @access public
* @return boolean
*/
public function isUserCreationAllowed()
{
return false;
}
/**
* Get internal id
*
* @access public
* @return string
*/
public function getInternalId()
{
return $this->user['id'];
}
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return '';
}
/**
* Get external id
*
* @access public
* @return string
*/
public function getExternalId()
{
return '';
}
/**
* Get user role
*
* @access public
* @return string
*/
public function getRole()
{
return '';
}
/**
* Get username
*
* @access public
* @return string
*/
public function getUsername()
{
return '';
}
/**
* Get full name
*
* @access public
* @return string
*/
public function getName()
{
return '';
}
/**
* Get user email
*
* @access public
* @return string
*/
public function getEmail()
{
return '';
}
/**
* Get external group ids
*
* @access public
* @return array
*/
public function getExternalGroupIds()
{
return array();
}
/**
* Get extra user attributes
*
* @access public
* @return array
*/
public function getExtraAttributes()
{
return array();
}
}

View File

@@ -0,0 +1,23 @@
<?php
namespace Kanboard\User;
/**
* Github OAuth User Provider
*
* @package user
* @author Frederic Guillot
*/
class GithubUserProvider extends OAuthUserProvider
{
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'github_id';
}
}

View File

@@ -0,0 +1,23 @@
<?php
namespace Kanboard\User;
/**
* Gitlab OAuth User Provider
*
* @package user
* @author Frederic Guillot
*/
class GitlabUserProvider extends OAuthUserProvider
{
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'gitlab_id';
}
}

View File

@@ -0,0 +1,23 @@
<?php
namespace Kanboard\User;
/**
* Google OAuth User Provider
*
* @package user
* @author Frederic Guillot
*/
class GoogleUserProvider extends OAuthUserProvider
{
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'google_id';
}
}

View File

@@ -0,0 +1,206 @@
<?php
namespace Kanboard\User;
use Kanboard\Core\User\UserProviderInterface;
/**
* LDAP User Provider
*
* @package user
* @author Frederic Guillot
*/
class LdapUserProvider implements UserProviderInterface
{
/**
* LDAP DN
*
* @access private
* @var string
*/
private $dn;
/**
* LDAP username
*
* @access private
* @var string
*/
private $username;
/**
* User name
*
* @access private
* @var string
*/
private $name;
/**
* Email
*
* @access private
* @var string
*/
private $email;
/**
* User role
*
* @access private
* @var string
*/
private $role;
/**
* Group LDAP DNs
*
* @access private
* @var string[]
*/
private $groupIds;
/**
* Constructor
*
* @access public
* @param string $dn
* @param string $username
* @param string $name
* @param string $email
* @param string $role
* @param string[]
*/
public function __construct($dn, $username, $name, $email, $role, array $groupIds)
{
$this->dn = $dn;
$this->username = $username;
$this->name = $name;
$this->email = $email;
$this->role = $role;
$this->groupIds = $groupIds;
}
/**
* Return true to allow automatic user creation
*
* @access public
* @return boolean
*/
public function isUserCreationAllowed()
{
return LDAP_USER_CREATION;
}
/**
* Get internal id
*
* @access public
* @return string
*/
public function getInternalId()
{
return '';
}
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'username';
}
/**
* Get external id
*
* @access public
* @return string
*/
public function getExternalId()
{
return $this->getUsername();
}
/**
* Get user role
*
* @access public
* @return string
*/
public function getRole()
{
return $this->role;
}
/**
* Get username
*
* @access public
* @return string
*/
public function getUsername()
{
return LDAP_USERNAME_CASE_SENSITIVE ? $this->username : strtolower($this->username);
}
/**
* Get full name
*
* @access public
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* Get user email
*
* @access public
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Get groups
*
* @access public
* @return array
*/
public function getExternalGroupIds()
{
return $this->groupIds;
}
/**
* Get extra user attributes
*
* @access public
* @return array
*/
public function getExtraAttributes()
{
return array(
'is_ldap_user' => 1,
);
}
/**
* Get User DN
*
* @access public
* @return string
*/
public function getDn()
{
return $this->dn;
}
}

View File

@@ -0,0 +1,141 @@
<?php
namespace Kanboard\User;
use Kanboard\Core\User\UserProviderInterface;
use Kanboard\Core\Security\Role;
/**
* OAuth User Provider
*
* @package user
* @author Frederic Guillot
*/
abstract class OAuthUserProvider implements UserProviderInterface
{
/**
* Get external id column name
*
* @access public
* @return string
*/
abstract public function getExternalIdColumn();
/**
* User properties
*
* @access private
* @var array
*/
private $user = array();
/**
* Constructor
*
* @access public
* @param array $user
*/
public function __construct(array $user)
{
$this->user = $user;
}
/**
* Return true to allow automatic user creation
*
* @access public
* @return boolean
*/
public function isUserCreationAllowed()
{
return false;
}
/**
* Get internal id
*
* @access public
* @return string
*/
public function getInternalId()
{
return '';
}
/**
* Get external id
*
* @access public
* @return string
*/
public function getExternalId()
{
return $this->user['id'];
}
/**
* Get user role
*
* @access public
* @return string
*/
public function getRole()
{
return '';
}
/**
* Get username
*
* @access public
* @return string
*/
public function getUsername()
{
return '';
}
/**
* Get full name
*
* @access public
* @return string
*/
public function getName()
{
return $this->user['name'];
}
/**
* Get user email
*
* @access public
* @return string
*/
public function getEmail()
{
return $this->user['email'];
}
/**
* Get external group ids
*
* @access public
* @return array
*/
public function getExternalGroupIds()
{
return array();
}
/**
* Get extra user attributes
*
* @access public
* @return array
*/
public function getExtraAttributes()
{
return array();
}
}

View File

@@ -0,0 +1,147 @@
<?php
namespace Kanboard\User;
use Kanboard\Core\User\UserProviderInterface;
use Kanboard\Core\Security\Role;
/**
* Reverse Proxy User Provider
*
* @package user
* @author Frederic Guillot
*/
class ReverseProxyUserProvider implements UserProviderInterface
{
/**
* Username
*
* @access private
* @var string
*/
private $username = '';
/**
* Constructor
*
* @access public
* @param string $username
*/
public function __construct($username)
{
$this->username = $username;
}
/**
* Return true to allow automatic user creation
*
* @access public
* @return boolean
*/
public function isUserCreationAllowed()
{
return true;
}
/**
* Get internal id
*
* @access public
* @return string
*/
public function getInternalId()
{
return '';
}
/**
* Get external id column name
*
* @access public
* @return string
*/
public function getExternalIdColumn()
{
return 'username';
}
/**
* Get external id
*
* @access public
* @return string
*/
public function getExternalId()
{
return $this->username;
}
/**
* Get user role
*
* @access public
* @return string
*/
public function getRole()
{
return REVERSE_PROXY_DEFAULT_ADMIN === $this->username ? Role::APP_ADMIN : Role::APP_USER;
}
/**
* Get username
*
* @access public
* @return string
*/
public function getUsername()
{
return $this->username;
}
/**
* Get full name
*
* @access public
* @return string
*/
public function getName()
{
return '';
}
/**
* Get user email
*
* @access public
* @return string
*/
public function getEmail()
{
return REVERSE_PROXY_DEFAULT_DOMAIN !== '' ? $this->username.'@'.REVERSE_PROXY_DEFAULT_DOMAIN : '';
}
/**
* Get external group ids
*
* @access public
* @return array
*/
public function getExternalGroupIds()
{
return array();
}
/**
* Get extra user attributes
*
* @access public
* @return array
*/
public function getExtraAttributes()
{
return array(
'is_ldap_user' => 1,
'disable_login_form' => 1,
);
}
}