diff --git a/authentication.php b/authentication.php index 246b7fe..82d2be9 100644 --- a/authentication.php +++ b/authentication.php @@ -52,9 +52,13 @@ class authentication /** The application Name displayed on authentication page */ public $appName = null; + /** The class and method to use to log the errors */ + public $loggingFunc; + public function __construct ($route) { $this->route = $route; + $this->loggingFunc = array ($this, "logging"); } /* public function email () @@ -66,10 +70,12 @@ class authentication public function logout () { if ($this->debug) echo "
LOGOUT\n";
-    $authsession = new authsession ();
+    $authsession = new \authsession ();
     $param = $authsession->getdetails ();
     if ($this->debug) echo "Logout for '".$param["email"]."'\n";
-    trigger_error ("Logout for '".$param["email"]."'", E_USER_NOTICE);
+    call_user_func ($this->loggingFunc,
+                    LOG_NOTICE,
+                    "Logout for '".$param["email"]."'");
     $authsession->logout ();
     unset ($_SESSION["domframework"]["authentication"]);
     $_SESSION["domframework"]["authentication"]["message"] =
@@ -83,8 +89,8 @@ class authentication
   public function pageHTML ($url = "")
   {
     // If the user is already connected, redirect to the main page of the site
-    $auth = new auth ();
-    $pre = new authparams (array ("session"));
+    $auth = new \auth ();
+    $pre = new \authparams (array ("session"));
     if (isset ($_SESSION["domframework"]["authentication"]["message"]))
       $message = $_SESSION["domframework"]["authentication"]["message"];
     else
@@ -103,7 +109,7 @@ class authentication
   public function verifAuthLoginPage ($url = "")
   {
     // rate-limit the connections
-    $ratelimiter = new ratelimitfile ();
+    $ratelimiter = new \ratelimitfile ();
     // 3 connections by minutes
     $ratelimiter->maxEntries = $this->ratelimitAuth;
     $ratelimiter->storageDir = $this->ratelimitDir;
@@ -113,7 +119,9 @@ class authentication
       $ipClient = $_SERVER["REMOTE_ADDR"];
     if ($ratelimiter->set ("loggin-$ipClient") === false)
     {
-      trigger_error ("Ratelimiting for $ipClient", E_USER_WARNING);
+      call_user_func ($this->loggingFunc,
+                      LOG_WARNING,
+                      "Ratelimiting for $ipClient");
       $_SESSION["domframework"]["authentication"]["message"] =
         dgettext("domframework", "Too much connections");
       if ($url === "")
@@ -125,15 +133,16 @@ class authentication
         $this->route->redirect ("/authentication/$url", "");
       }
     }
-    $authparams = new authparams (array ("post"));
+    $authparams = new \authparams (array ("post"));
     $res = $this->verifAuth ($authparams->email, $authparams->password);
     if (! is_array ($res))
     {
       // Authentication error
       // Redirect to login page after logout
-      trigger_error ("Logging error for '$authparams->email' (HTML) : $res",
-                     E_USER_WARNING);
-      $authsession = new authsession ();
+      call_user_func ($this->loggingFunc,
+                      LOG_WARNING,
+                      "Logging error for '$authparams->email' (HTML) : $res");
+      $authsession = new \authsession ();
       $authsession->logout ();
       $baseURL = $this->route->baseURL ();
       $_SESSION["domframework"]["authentication"]["message"] = $res;
@@ -148,8 +157,10 @@ class authentication
       }
     }
     // Login OK : save in SESSION and go to main page
-    trigger_error ("Logging in for '$authparams->email'", E_USER_NOTICE);
-    $session = new authsession ();
+    call_user_func ($this->loggingFunc,
+                    LOG_NOTICE,
+                    "Logging in for '$authparams->email'");
+    $session = new \authsession ();
     $session-> savedata ($authparams->email, $authparams->password,
                           $res["lastname"], $res["firstname"]);
     if ($url === "")
@@ -161,7 +172,7 @@ class authentication
   /** Check all the REST API */
   public function verifAuthREST ()
   {
-    $authparams = new authparams ($this->restMethods);
+    $authparams = new \authparams ($this->restMethods);
     $res = array ("email"=>"anonymous", "password"=>"anonymous");
     if ($authparams->email !== "anonymous" &&
         $authparams->password !== "anonymous")
@@ -172,11 +183,11 @@ class authentication
     }
     if (! is_array ($res))
     {
-      trigger_error ("Logging error for '$authparams->email' (REST) : $res",
-                     E_USER_WARNING);
+      call_user_func ($this->loggingFunc,
+                      LOG_WARNING,
+                      "Logging error for '$authparams->email' (REST) : $res");
       // Authentication error
-      // TODO : header 401 ? Block previously in the framework auth process
-      exit;
+      throw new \Exception (_("Authentication error"), 403);
     }
     return $res;
   }
@@ -185,7 +196,7 @@ class authentication
   public function verifAuthHTML ()
   {
     if ($this->debug) echo "verifAuthHTML() : ";
-    $authparams = new authparams ($this->htmlMethods);
+    $authparams = new \authparams ($this->htmlMethods);
     // Don't ask to the provider if anonymous is known
     if ($authparams->email === "anonymous" || $authparams->email === null)
     {
@@ -202,8 +213,9 @@ class authentication
       if ($this->debug) echo "Previous session not found";
       $msg = dgettext("domframework", "Previous session not found");
       $_SESSION["domframework"]["authentication"]["message"] = $msg;
-      trigger_error ("Previous session not found for '$authparams->email'",
-                     E_USER_WARNING);
+      call_user_func ($this->loggingFunc,
+                      LOG_WARNING,
+                      "Previous session not found for '$authparams->email'");
       $url = $this->route->requestURL();
       $this->route->redirect ("/authentication/$url");
     }
@@ -218,7 +230,7 @@ class authentication
   private function verifAuth ($email, $password)
   {
     if (! is_array ($this->authMethods) || count ($this->authMethods) === 0)
-      throw new Exception ("No authentication method defined", 500);
+      throw new \Exception ("No authentication method defined", 500);
     if (isset ($_SESSION["domframework"]["authentication"]["lastcheck"]) &&
         $_SESSION["domframework"]["authentication"]["lastcheck"] + 180 <
           time ())
@@ -227,15 +239,15 @@ class authentication
       // return the previous values
       return $_SESSION["domframework"]["authentication"]["authcache"];
     }
-    
+
     foreach ($this->authMethods as $method)
     {
       if (! is_string ($method))
-        throw new Exception ("The authentication method is not a string", 500);
+        throw new \Exception ("The authentication method is not a string", 500);
       $classname = "auth$method";
       require_once ("domframework/$classname.php");
       if (! array_key_exists ($classname, $this->authServers))
-        throw new Exception ("No authentication server '$classname' enabled",
+        throw new \Exception ("No authentication server '$classname' enabled",
                              500);
       // If only one server is defined, the parameters can directely be pushed
       // to the classname
@@ -245,14 +257,14 @@ class authentication
       }
       if (! is_array ($this->authServers[$classname]) ||
           count ($this->authServers[$classname]) === 0)
-        throw new Exception ("No authentication server defined for method ".
+        throw new \Exception ("No authentication server defined for method ".
                              "'$method'", 500);
       foreach ($this->authServers[$classname] as $key=>$serversParam)
       {
         if ($this->debug)
           echo "Test auth server $method # $classname # $key\n";
         if (! is_array ($serversParam))
-          throw new Exception ("Auth Server $key configuration error : ".
+          throw new \Exception ("Auth Server $key configuration error : ".
                                "not an array", 500);
         $authmethod = new $classname ();
         foreach ($serversParam as $param=>$value)
@@ -268,18 +280,21 @@ class authentication
           $_SESSION["domframework"]["authentication"]["lastcheck"] = time ();
           return $authmethod->getdetails ();
         }
-        catch (Exception $e)
+        catch (\Exception $e)
         {
-          trigger_error ("Authentication error for '$email' : ".
-                        "$classname : ".$e->getMessage(), E_USER_WARNING);
+          call_user_func ($this->loggingFunc,
+                          LOG_DEBUG,
+                          "Authentication error for '$email' : ".
+                          "$classname : ".$e->getMessage());
         }
       }
     }
-    trigger_error ("Bad login/password for '$email'", E_USER_WARNING);
     return dgettext("domframework", "Bad login/password");
   }
 
-  /** Add the authentication routes to the routing model */
+  /** Add the authentication routes to the routing model for HTML
+    * authentication. Not needed if using shibboleth, HTTP auth...
+    */
   public function routes ()
   {
     $authObj = $this;
@@ -288,24 +303,27 @@ class authentication
       $authObj->logout ();
     });
 
-    $this->route->get ("authentication/{url}", function ($url) use ($authObj)
+    $this->route->get ("authentication({url})?", function ($url) use ($authObj)
     {
       $authObj->pageHTML ($url);
+      exit;
     });
 
-    $this->route->post ("authentication/{url}", function ($url) use ($authObj)
+    $this->route->post ("authentication({url})?", function ($url) use ($authObj)
     {
       $authObj->verifAuthLoginPage ($url);
+      exit;
     });
+    $this->route->authenticationURL = "/authentication";
+  }
 
-    $this->route->get ("authentication", function () use ($authObj)
-    {
-      $authObj->pageHTML ();
-    });
-
-    $this->route->post ("authentication", function () use ($authObj)
-    {
-      $authObj->verifAuthLoginPage ();
-    });
+  /** The default method to display the error messages.
+    * Do not display the debug messages, and write the errors on screen
+    */
+  private function logging ($priority, $message)
+  {
+    if ($priority > 4)
+      return;
+    echo "$priority : $message\n";
   }
 }