Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

authentication : allow to define a special logging function instead of using the trigger_error

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2986 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2016-08-03 09:48:25 +00:00
parent 901bc4ddc0
commit 0c3a2ebc7a
1 changed files with 60 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
authentication.php
View File

@@ -52,9 +52,13 @@ class authentication
/** The application Name displayed on authentication page */
public $appName = null;
/** The class and method to use to log the errors */
public $loggingFunc;
public function __construct ($route)
{
$this->route = $route;
$this->loggingFunc = array ($this, "logging");
}
/* public function email ()
@@ -66,10 +70,12 @@ class authentication
public function logout ()
{
if ($this->debug) echo "<pre>LOGOUT\n";
$authsession = new authsession ();
$authsession = new \authsession ();
$param = $authsession->getdetails ();
if ($this->debug) echo "Logout for '".$param["email"]."'\n";
trigger_error ("Logout for '".$param["email"]."'", E_USER_NOTICE);
call_user_func ($this->loggingFunc,
LOG_NOTICE,
"Logout for '".$param["email"]."'");
$authsession->logout ();
unset ($_SESSION["domframework"]["authentication"]);
$_SESSION["domframework"]["authentication"]["message"] =
@@ -83,8 +89,8 @@ class authentication
public function pageHTML ($url = "")
{
// If the user is already connected, redirect to the main page of the site
$auth = new auth ();
$pre = new authparams (array ("session"));
$auth = new \auth ();
$pre = new \authparams (array ("session"));
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
$message = $_SESSION["domframework"]["authentication"]["message"];
else
@@ -103,7 +109,7 @@ class authentication
public function verifAuthLoginPage ($url = "")
{
// rate-limit the connections
$ratelimiter = new ratelimitfile ();
$ratelimiter = new \ratelimitfile ();
// 3 connections by minutes
$ratelimiter->maxEntries = $this->ratelimitAuth;
$ratelimiter->storageDir = $this->ratelimitDir;
@@ -113,7 +119,9 @@ class authentication
$ipClient = $_SERVER["REMOTE_ADDR"];
if ($ratelimiter->set ("loggin-$ipClient") === false)
{
trigger_error ("Ratelimiting for $ipClient", E_USER_WARNING);
call_user_func ($this->loggingFunc,
LOG_WARNING,
"Ratelimiting for $ipClient");
$_SESSION["domframework"]["authentication"]["message"] =
dgettext("domframework", "Too much connections");
if ($url === "")
@@ -125,15 +133,16 @@ class authentication
$this->route->redirect ("/authentication/$url", "");
}
}
$authparams = new authparams (array ("post"));
$authparams = new \authparams (array ("post"));
$res = $this->verifAuth ($authparams->email, $authparams->password);
if (! is_array ($res))
{
// Authentication error
// Redirect to login page after logout
trigger_error ("Logging error for '$authparams->email' (HTML) : $res",
E_USER_WARNING);
$authsession = new authsession ();
call_user_func ($this->loggingFunc,
LOG_WARNING,
"Logging error for '$authparams->email' (HTML) : $res");
$authsession = new \authsession ();
$authsession->logout ();
$baseURL = $this->route->baseURL ();
$_SESSION["domframework"]["authentication"]["message"] = $res;
@@ -148,8 +157,10 @@ class authentication
}
}
// Login OK : save in SESSION and go to main page
trigger_error ("Logging in for '$authparams->email'", E_USER_NOTICE);
$session = new authsession ();
call_user_func ($this->loggingFunc,
LOG_NOTICE,
"Logging in for '$authparams->email'");
$session = new \authsession ();
$session-> savedata ($authparams->email, $authparams->password,
$res["lastname"], $res["firstname"]);
if ($url === "")
@@ -161,7 +172,7 @@ class authentication
/** Check all the REST API */
public function verifAuthREST ()
{
$authparams = new authparams ($this->restMethods);
$authparams = new \authparams ($this->restMethods);
$res = array ("email"=>"anonymous", "password"=>"anonymous");
if ($authparams->email !== "anonymous" &&
$authparams->password !== "anonymous")
@@ -172,11 +183,11 @@ class authentication
}
if (! is_array ($res))
{
trigger_error ("Logging error for '$authparams->email' (REST) : $res",
E_USER_WARNING);
call_user_func ($this->loggingFunc,
LOG_WARNING,
"Logging error for '$authparams->email' (REST) : $res");
// Authentication error
// TODO : header 401 ? Block previously in the framework auth process
exit;
throw new \Exception (_("Authentication error"), 403);
}
return $res;
}
@@ -185,7 +196,7 @@ class authentication
public function verifAuthHTML ()
{
if ($this->debug) echo "verifAuthHTML() : ";
$authparams = new authparams ($this->htmlMethods);
$authparams = new \authparams ($this->htmlMethods);
// Don't ask to the provider if anonymous is known
if ($authparams->email === "anonymous" || $authparams->email === null)
{
@@ -202,8 +213,9 @@ class authentication
if ($this->debug) echo "Previous session not found";
$msg = dgettext("domframework", "Previous session not found");
$_SESSION["domframework"]["authentication"]["message"] = $msg;
trigger_error ("Previous session not found for '$authparams->email'",
E_USER_WARNING);
call_user_func ($this->loggingFunc,
LOG_WARNING,
"Previous session not found for '$authparams->email'");
$url = $this->route->requestURL();
$this->route->redirect ("/authentication/$url");
}
@@ -218,7 +230,7 @@ class authentication
private function verifAuth ($email, $password)
{
if (! is_array ($this->authMethods) || count ($this->authMethods) === 0)
throw new Exception ("No authentication method defined", 500);
throw new \Exception ("No authentication method defined", 500);
if (isset ($_SESSION["domframework"]["authentication"]["lastcheck"]) &&
$_SESSION["domframework"]["authentication"]["lastcheck"] + 180 <
time ())
@@ -227,15 +239,15 @@ class authentication
// return the previous values
return $_SESSION["domframework"]["authentication"]["authcache"];
}
foreach ($this->authMethods as $method)
{
if (! is_string ($method))
throw new Exception ("The authentication method is not a string", 500);
throw new \Exception ("The authentication method is not a string", 500);
$classname = "auth$method";
require_once ("domframework/$classname.php");
if (! array_key_exists ($classname, $this->authServers))
throw new Exception ("No authentication server '$classname' enabled",
throw new \Exception ("No authentication server '$classname' enabled",
500);
// If only one server is defined, the parameters can directely be pushed
// to the classname
@@ -245,14 +257,14 @@ class authentication
}
if (! is_array ($this->authServers[$classname]) ||
count ($this->authServers[$classname]) === 0)
throw new Exception ("No authentication server defined for method ".
throw new \Exception ("No authentication server defined for method ".
"'$method'", 500);
foreach ($this->authServers[$classname] as $key=>$serversParam)
{
if ($this->debug)
echo "Test auth server $method # $classname # $key\n";
if (! is_array ($serversParam))
throw new Exception ("Auth Server $key configuration error : ".
throw new \Exception ("Auth Server $key configuration error : ".
"not an array", 500);
$authmethod = new $classname ();
foreach ($serversParam as $param=>$value)
@@ -268,18 +280,21 @@ class authentication
$_SESSION["domframework"]["authentication"]["lastcheck"] = time ();
return $authmethod->getdetails ();
}
catch (Exception $e)
catch (\Exception $e)
{
trigger_error ("Authentication error for '$email' : ".
"$classname : ".$e->getMessage(), E_USER_WARNING);
call_user_func ($this->loggingFunc,
LOG_DEBUG,
"Authentication error for '$email' : ".
"$classname : ".$e->getMessage());
}
}
}
trigger_error ("Bad login/password for '$email'", E_USER_WARNING);
return dgettext("domframework", "Bad login/password");
}
/** Add the authentication routes to the routing model */
/** Add the authentication routes to the routing model for HTML
* authentication. Not needed if using shibboleth, HTTP auth...
*/
public function routes ()
{
$authObj = $this;
@@ -288,24 +303,27 @@ class authentication
$authObj->logout ();
});
$this->route->get ("authentication/{url}", function ($url) use ($authObj)
$this->route->get ("authentication({url})?", function ($url) use ($authObj)
{
$authObj->pageHTML ($url);
exit;
});
$this->route->post ("authentication/{url}", function ($url) use ($authObj)
$this->route->post ("authentication({url})?", function ($url) use ($authObj)
{
$authObj->verifAuthLoginPage ($url);
exit;
});
$this->route->authenticationURL = "/authentication";
}
$this->route->get ("authentication", function () use ($authObj)
{
$authObj->pageHTML ();
});
$this->route->post ("authentication", function () use ($authObj)
{
$authObj->verifAuthLoginPage ();
});
/** The default method to display the error messages.
* Do not display the debug messages, and write the errors on screen
*/
private function logging ($priority, $message)
{
if ($priority > 4)
return;
echo "$priority : $message\n";
}
}