authentication : allow to define a special logging function instead of using the trigger_error
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2986 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
@@ -52,9 +52,13 @@ class authentication
|
|||||||
/** The application Name displayed on authentication page */
|
/** The application Name displayed on authentication page */
|
||||||
public $appName = null;
|
public $appName = null;
|
||||||
|
|
||||||
|
/** The class and method to use to log the errors */
|
||||||
|
public $loggingFunc;
|
||||||
|
|
||||||
public function __construct ($route)
|
public function __construct ($route)
|
||||||
{
|
{
|
||||||
$this->route = $route;
|
$this->route = $route;
|
||||||
|
$this->loggingFunc = array ($this, "logging");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* public function email ()
|
/* public function email ()
|
||||||
@@ -66,10 +70,12 @@ class authentication
|
|||||||
public function logout ()
|
public function logout ()
|
||||||
{
|
{
|
||||||
if ($this->debug) echo "<pre>LOGOUT\n";
|
if ($this->debug) echo "<pre>LOGOUT\n";
|
||||||
$authsession = new authsession ();
|
$authsession = new \authsession ();
|
||||||
$param = $authsession->getdetails ();
|
$param = $authsession->getdetails ();
|
||||||
if ($this->debug) echo "Logout for '".$param["email"]."'\n";
|
if ($this->debug) echo "Logout for '".$param["email"]."'\n";
|
||||||
trigger_error ("Logout for '".$param["email"]."'", E_USER_NOTICE);
|
call_user_func ($this->loggingFunc,
|
||||||
|
LOG_NOTICE,
|
||||||
|
"Logout for '".$param["email"]."'");
|
||||||
$authsession->logout ();
|
$authsession->logout ();
|
||||||
unset ($_SESSION["domframework"]["authentication"]);
|
unset ($_SESSION["domframework"]["authentication"]);
|
||||||
$_SESSION["domframework"]["authentication"]["message"] =
|
$_SESSION["domframework"]["authentication"]["message"] =
|
||||||
@@ -83,8 +89,8 @@ class authentication
|
|||||||
public function pageHTML ($url = "")
|
public function pageHTML ($url = "")
|
||||||
{
|
{
|
||||||
// If the user is already connected, redirect to the main page of the site
|
// If the user is already connected, redirect to the main page of the site
|
||||||
$auth = new auth ();
|
$auth = new \auth ();
|
||||||
$pre = new authparams (array ("session"));
|
$pre = new \authparams (array ("session"));
|
||||||
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
|
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
|
||||||
$message = $_SESSION["domframework"]["authentication"]["message"];
|
$message = $_SESSION["domframework"]["authentication"]["message"];
|
||||||
else
|
else
|
||||||
@@ -103,7 +109,7 @@ class authentication
|
|||||||
public function verifAuthLoginPage ($url = "")
|
public function verifAuthLoginPage ($url = "")
|
||||||
{
|
{
|
||||||
// rate-limit the connections
|
// rate-limit the connections
|
||||||
$ratelimiter = new ratelimitfile ();
|
$ratelimiter = new \ratelimitfile ();
|
||||||
// 3 connections by minutes
|
// 3 connections by minutes
|
||||||
$ratelimiter->maxEntries = $this->ratelimitAuth;
|
$ratelimiter->maxEntries = $this->ratelimitAuth;
|
||||||
$ratelimiter->storageDir = $this->ratelimitDir;
|
$ratelimiter->storageDir = $this->ratelimitDir;
|
||||||
@@ -113,7 +119,9 @@ class authentication
|
|||||||
$ipClient = $_SERVER["REMOTE_ADDR"];
|
$ipClient = $_SERVER["REMOTE_ADDR"];
|
||||||
if ($ratelimiter->set ("loggin-$ipClient") === false)
|
if ($ratelimiter->set ("loggin-$ipClient") === false)
|
||||||
{
|
{
|
||||||
trigger_error ("Ratelimiting for $ipClient", E_USER_WARNING);
|
call_user_func ($this->loggingFunc,
|
||||||
|
LOG_WARNING,
|
||||||
|
"Ratelimiting for $ipClient");
|
||||||
$_SESSION["domframework"]["authentication"]["message"] =
|
$_SESSION["domframework"]["authentication"]["message"] =
|
||||||
dgettext("domframework", "Too much connections");
|
dgettext("domframework", "Too much connections");
|
||||||
if ($url === "")
|
if ($url === "")
|
||||||
@@ -125,15 +133,16 @@ class authentication
|
|||||||
$this->route->redirect ("/authentication/$url", "");
|
$this->route->redirect ("/authentication/$url", "");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$authparams = new authparams (array ("post"));
|
$authparams = new \authparams (array ("post"));
|
||||||
$res = $this->verifAuth ($authparams->email, $authparams->password);
|
$res = $this->verifAuth ($authparams->email, $authparams->password);
|
||||||
if (! is_array ($res))
|
if (! is_array ($res))
|
||||||
{
|
{
|
||||||
// Authentication error
|
// Authentication error
|
||||||
// Redirect to login page after logout
|
// Redirect to login page after logout
|
||||||
trigger_error ("Logging error for '$authparams->email' (HTML) : $res",
|
call_user_func ($this->loggingFunc,
|
||||||
E_USER_WARNING);
|
LOG_WARNING,
|
||||||
$authsession = new authsession ();
|
"Logging error for '$authparams->email' (HTML) : $res");
|
||||||
|
$authsession = new \authsession ();
|
||||||
$authsession->logout ();
|
$authsession->logout ();
|
||||||
$baseURL = $this->route->baseURL ();
|
$baseURL = $this->route->baseURL ();
|
||||||
$_SESSION["domframework"]["authentication"]["message"] = $res;
|
$_SESSION["domframework"]["authentication"]["message"] = $res;
|
||||||
@@ -148,8 +157,10 @@ class authentication
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Login OK : save in SESSION and go to main page
|
// Login OK : save in SESSION and go to main page
|
||||||
trigger_error ("Logging in for '$authparams->email'", E_USER_NOTICE);
|
call_user_func ($this->loggingFunc,
|
||||||
$session = new authsession ();
|
LOG_NOTICE,
|
||||||
|
"Logging in for '$authparams->email'");
|
||||||
|
$session = new \authsession ();
|
||||||
$session-> savedata ($authparams->email, $authparams->password,
|
$session-> savedata ($authparams->email, $authparams->password,
|
||||||
$res["lastname"], $res["firstname"]);
|
$res["lastname"], $res["firstname"]);
|
||||||
if ($url === "")
|
if ($url === "")
|
||||||
@@ -161,7 +172,7 @@ class authentication
|
|||||||
/** Check all the REST API */
|
/** Check all the REST API */
|
||||||
public function verifAuthREST ()
|
public function verifAuthREST ()
|
||||||
{
|
{
|
||||||
$authparams = new authparams ($this->restMethods);
|
$authparams = new \authparams ($this->restMethods);
|
||||||
$res = array ("email"=>"anonymous", "password"=>"anonymous");
|
$res = array ("email"=>"anonymous", "password"=>"anonymous");
|
||||||
if ($authparams->email !== "anonymous" &&
|
if ($authparams->email !== "anonymous" &&
|
||||||
$authparams->password !== "anonymous")
|
$authparams->password !== "anonymous")
|
||||||
@@ -172,11 +183,11 @@ class authentication
|
|||||||
}
|
}
|
||||||
if (! is_array ($res))
|
if (! is_array ($res))
|
||||||
{
|
{
|
||||||
trigger_error ("Logging error for '$authparams->email' (REST) : $res",
|
call_user_func ($this->loggingFunc,
|
||||||
E_USER_WARNING);
|
LOG_WARNING,
|
||||||
|
"Logging error for '$authparams->email' (REST) : $res");
|
||||||
// Authentication error
|
// Authentication error
|
||||||
// TODO : header 401 ? Block previously in the framework auth process
|
throw new \Exception (_("Authentication error"), 403);
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
@@ -185,7 +196,7 @@ class authentication
|
|||||||
public function verifAuthHTML ()
|
public function verifAuthHTML ()
|
||||||
{
|
{
|
||||||
if ($this->debug) echo "verifAuthHTML() : ";
|
if ($this->debug) echo "verifAuthHTML() : ";
|
||||||
$authparams = new authparams ($this->htmlMethods);
|
$authparams = new \authparams ($this->htmlMethods);
|
||||||
// Don't ask to the provider if anonymous is known
|
// Don't ask to the provider if anonymous is known
|
||||||
if ($authparams->email === "anonymous" || $authparams->email === null)
|
if ($authparams->email === "anonymous" || $authparams->email === null)
|
||||||
{
|
{
|
||||||
@@ -202,8 +213,9 @@ class authentication
|
|||||||
if ($this->debug) echo "Previous session not found";
|
if ($this->debug) echo "Previous session not found";
|
||||||
$msg = dgettext("domframework", "Previous session not found");
|
$msg = dgettext("domframework", "Previous session not found");
|
||||||
$_SESSION["domframework"]["authentication"]["message"] = $msg;
|
$_SESSION["domframework"]["authentication"]["message"] = $msg;
|
||||||
trigger_error ("Previous session not found for '$authparams->email'",
|
call_user_func ($this->loggingFunc,
|
||||||
E_USER_WARNING);
|
LOG_WARNING,
|
||||||
|
"Previous session not found for '$authparams->email'");
|
||||||
$url = $this->route->requestURL();
|
$url = $this->route->requestURL();
|
||||||
$this->route->redirect ("/authentication/$url");
|
$this->route->redirect ("/authentication/$url");
|
||||||
}
|
}
|
||||||
@@ -218,7 +230,7 @@ class authentication
|
|||||||
private function verifAuth ($email, $password)
|
private function verifAuth ($email, $password)
|
||||||
{
|
{
|
||||||
if (! is_array ($this->authMethods) || count ($this->authMethods) === 0)
|
if (! is_array ($this->authMethods) || count ($this->authMethods) === 0)
|
||||||
throw new Exception ("No authentication method defined", 500);
|
throw new \Exception ("No authentication method defined", 500);
|
||||||
if (isset ($_SESSION["domframework"]["authentication"]["lastcheck"]) &&
|
if (isset ($_SESSION["domframework"]["authentication"]["lastcheck"]) &&
|
||||||
$_SESSION["domframework"]["authentication"]["lastcheck"] + 180 <
|
$_SESSION["domframework"]["authentication"]["lastcheck"] + 180 <
|
||||||
time ())
|
time ())
|
||||||
@@ -227,15 +239,15 @@ class authentication
|
|||||||
// return the previous values
|
// return the previous values
|
||||||
return $_SESSION["domframework"]["authentication"]["authcache"];
|
return $_SESSION["domframework"]["authentication"]["authcache"];
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($this->authMethods as $method)
|
foreach ($this->authMethods as $method)
|
||||||
{
|
{
|
||||||
if (! is_string ($method))
|
if (! is_string ($method))
|
||||||
throw new Exception ("The authentication method is not a string", 500);
|
throw new \Exception ("The authentication method is not a string", 500);
|
||||||
$classname = "auth$method";
|
$classname = "auth$method";
|
||||||
require_once ("domframework/$classname.php");
|
require_once ("domframework/$classname.php");
|
||||||
if (! array_key_exists ($classname, $this->authServers))
|
if (! array_key_exists ($classname, $this->authServers))
|
||||||
throw new Exception ("No authentication server '$classname' enabled",
|
throw new \Exception ("No authentication server '$classname' enabled",
|
||||||
500);
|
500);
|
||||||
// If only one server is defined, the parameters can directely be pushed
|
// If only one server is defined, the parameters can directely be pushed
|
||||||
// to the classname
|
// to the classname
|
||||||
@@ -245,14 +257,14 @@ class authentication
|
|||||||
}
|
}
|
||||||
if (! is_array ($this->authServers[$classname]) ||
|
if (! is_array ($this->authServers[$classname]) ||
|
||||||
count ($this->authServers[$classname]) === 0)
|
count ($this->authServers[$classname]) === 0)
|
||||||
throw new Exception ("No authentication server defined for method ".
|
throw new \Exception ("No authentication server defined for method ".
|
||||||
"'$method'", 500);
|
"'$method'", 500);
|
||||||
foreach ($this->authServers[$classname] as $key=>$serversParam)
|
foreach ($this->authServers[$classname] as $key=>$serversParam)
|
||||||
{
|
{
|
||||||
if ($this->debug)
|
if ($this->debug)
|
||||||
echo "Test auth server $method # $classname # $key\n";
|
echo "Test auth server $method # $classname # $key\n";
|
||||||
if (! is_array ($serversParam))
|
if (! is_array ($serversParam))
|
||||||
throw new Exception ("Auth Server $key configuration error : ".
|
throw new \Exception ("Auth Server $key configuration error : ".
|
||||||
"not an array", 500);
|
"not an array", 500);
|
||||||
$authmethod = new $classname ();
|
$authmethod = new $classname ();
|
||||||
foreach ($serversParam as $param=>$value)
|
foreach ($serversParam as $param=>$value)
|
||||||
@@ -268,18 +280,21 @@ class authentication
|
|||||||
$_SESSION["domframework"]["authentication"]["lastcheck"] = time ();
|
$_SESSION["domframework"]["authentication"]["lastcheck"] = time ();
|
||||||
return $authmethod->getdetails ();
|
return $authmethod->getdetails ();
|
||||||
}
|
}
|
||||||
catch (Exception $e)
|
catch (\Exception $e)
|
||||||
{
|
{
|
||||||
trigger_error ("Authentication error for '$email' : ".
|
call_user_func ($this->loggingFunc,
|
||||||
"$classname : ".$e->getMessage(), E_USER_WARNING);
|
LOG_DEBUG,
|
||||||
|
"Authentication error for '$email' : ".
|
||||||
|
"$classname : ".$e->getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
trigger_error ("Bad login/password for '$email'", E_USER_WARNING);
|
|
||||||
return dgettext("domframework", "Bad login/password");
|
return dgettext("domframework", "Bad login/password");
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Add the authentication routes to the routing model */
|
/** Add the authentication routes to the routing model for HTML
|
||||||
|
* authentication. Not needed if using shibboleth, HTTP auth...
|
||||||
|
*/
|
||||||
public function routes ()
|
public function routes ()
|
||||||
{
|
{
|
||||||
$authObj = $this;
|
$authObj = $this;
|
||||||
@@ -288,24 +303,27 @@ class authentication
|
|||||||
$authObj->logout ();
|
$authObj->logout ();
|
||||||
});
|
});
|
||||||
|
|
||||||
$this->route->get ("authentication/{url}", function ($url) use ($authObj)
|
$this->route->get ("authentication({url})?", function ($url) use ($authObj)
|
||||||
{
|
{
|
||||||
$authObj->pageHTML ($url);
|
$authObj->pageHTML ($url);
|
||||||
|
exit;
|
||||||
});
|
});
|
||||||
|
|
||||||
$this->route->post ("authentication/{url}", function ($url) use ($authObj)
|
$this->route->post ("authentication({url})?", function ($url) use ($authObj)
|
||||||
{
|
{
|
||||||
$authObj->verifAuthLoginPage ($url);
|
$authObj->verifAuthLoginPage ($url);
|
||||||
|
exit;
|
||||||
});
|
});
|
||||||
|
$this->route->authenticationURL = "/authentication";
|
||||||
|
}
|
||||||
|
|
||||||
$this->route->get ("authentication", function () use ($authObj)
|
/** The default method to display the error messages.
|
||||||
{
|
* Do not display the debug messages, and write the errors on screen
|
||||||
$authObj->pageHTML ();
|
*/
|
||||||
});
|
private function logging ($priority, $message)
|
||||||
|
{
|
||||||
$this->route->post ("authentication", function () use ($authObj)
|
if ($priority > 4)
|
||||||
{
|
return;
|
||||||
$authObj->verifAuthLoginPage ();
|
echo "$priority : $message\n";
|
||||||
});
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user