WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

refactoring

This commit is contained in:
Roland Gruber 2017-02-11 19:39:05 +01:00
parent 88050ca3f0
commit ac92e048fb
3 changed files with 71 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
lam/lib/2factor.inc
View File

@ -1,6 +1,7 @@
<?php
namespace LAM\LIB\TWO_FACTOR;
use \selfServiceProfile;
use \LAMConfig;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -58,15 +59,15 @@ interface TwoFactorProvider {
*/
class PrivacyIDEAProvider implements TwoFactorProvider {
private $profile;
private $config;
/**
* Constructor.
*
* @param selfServiceProfile $profile profile
* @param TwoFactorConfiguration $config configuration
*/
public function __construct(&$profile) {
$this->profile = $profile;
public function __construct(&$config) {
$this->config = $config;
}
/**
@ -99,7 +100,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function authenticate($user, $password) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/auth";
$url = $this->config->twoFactorAuthenticationURL . "/auth";
curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -137,7 +138,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function getCurl() {
$curl = curl_init();
if ($this->profile->twoFactorAuthenticationInsecure) {
if ($this->config->twoFactorAuthenticationInsecure) {
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
}
@ -154,7 +155,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function getSerialsForUser($user, $token) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/token/?user=" . $user;
$url = $this->config->twoFactorAuthenticationURL . "/token/?user=" . $user;
curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Authorization: ' . $token, 'Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -192,7 +193,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/
private function verify($token, $serial, $twoFactorInput) {
$curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/validate/check";
$url = $this->config->twoFactorAuthenticationURL . "/validate/check";
curl_setopt($curl, CURLOPT_URL, $url);
$options = array(
'pass' => $twoFactorInput,
@ -230,15 +231,20 @@ class TwoFactorProviderService {
/** 2factor authentication via privacyIDEA */
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
private $profile;
private $config;
/**
* Constructor.
*
* @param selfServiceProfile $profile profile
* @param selfServiceProfile|LAMConfig $configObj profile
*/
public function __construct(&$profile) {
$this->profile = $profile;
public function __construct(&$configObj) {
if ($configObj instanceof selfServiceProfile) {
$this->config = $this->getConfigSelfService($configObj);
}
else {
$this->config = $this->getConfigAdmin($configObj);
}
}
/**
@ -249,10 +255,41 @@ class TwoFactorProviderService {
* @throws \Exception unable to get provider
*/
public function getProvider() {
if ($this->profile->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
return new PrivacyIDEAProvider($this->profile);
if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
return new PrivacyIDEAProvider($this->config);
}
throw new \Exception('Invalid provider: ' . $this->profile->twoFactorAuthentication);
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
}
/**
* Returns the configuration from self service.
*
* @param selfServiceProfile $profile profile
* @return TwoFactorConfiguration configuration
*/
private function getConfigSelfService(&$profile) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
$config->twoFactorAuthenticationCaption = $profile->twoFactorAuthenticationCaption;
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
$config->twoFactorAuthenticationLabel = $profile->twoFactorAuthenticationLabel;
$config->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
return $config;
}
}
/**
* Configuration settings for 2-factor authentication.
*
* @author Roland Gruber
*/
class TwoFactorConfiguration {
public $twoFactorAuthentication = null;
public $twoFactorAuthenticationURL = null;
public $twoFactorAuthenticationInsecure = false;
public $twoFactorAuthenticationLabel = null;
public $twoFactorAuthenticationOptional = false;
public $twoFactorAuthenticationCaption = '';
}

3
lam/lib/config.inc
View File

@ -2068,6 +2068,9 @@ class LAMConfig {
* @return string $twoFactorAuthentication authentication type
*/
public function getTwoFactorAuthentication() {
if (empty($this->twoFactorAuthentication)) {
return TwoFactorProviderService::TWO_FACTOR_NONE;
}
return $this->twoFactorAuthentication;
}

18
lam/templates/login.php
View File

@ -1,4 +1,6 @@
<?php
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/*
$Id$
@ -636,8 +638,20 @@ if(!empty($_POST['checklogin'])) {
addSecurityTokenToSession();
// logging
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
// Load main frame
metaRefresh("./main.php");
// Load main frame or 2 factor page
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
metaRefresh("./main.php");
}
else {
$_SESSION['2factorRequired'] = true;
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
}
else {
$_SESSION['user2factor'] = $_POST['username'];
}
metaRefresh("./login2Factor.php");
}
die();
}
else {