refactoring

This commit is contained in:
Roland Gruber 2017-02-11 19:39:05 +01:00
parent 88050ca3f0
commit ac92e048fb
3 changed files with 71 additions and 17 deletions

View File

@ -1,6 +1,7 @@
<?php <?php
namespace LAM\LIB\TWO_FACTOR; namespace LAM\LIB\TWO_FACTOR;
use \selfServiceProfile; use \selfServiceProfile;
use \LAMConfig;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -58,15 +59,15 @@ interface TwoFactorProvider {
*/ */
class PrivacyIDEAProvider implements TwoFactorProvider { class PrivacyIDEAProvider implements TwoFactorProvider {
private $profile; private $config;
/** /**
* Constructor. * Constructor.
* *
* @param selfServiceProfile $profile profile * @param TwoFactorConfiguration $config configuration
*/ */
public function __construct(&$profile) { public function __construct(&$config) {
$this->profile = $profile; $this->config = $config;
} }
/** /**
@ -99,7 +100,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/ */
private function authenticate($user, $password) { private function authenticate($user, $password) {
$curl = $this->getCurl(); $curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/auth"; $url = $this->config->twoFactorAuthenticationURL . "/auth";
curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Accept: application/json'); $header = array('Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -137,7 +138,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/ */
private function getCurl() { private function getCurl() {
$curl = curl_init(); $curl = curl_init();
if ($this->profile->twoFactorAuthenticationInsecure) { if ($this->config->twoFactorAuthenticationInsecure) {
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
} }
@ -154,7 +155,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/ */
private function getSerialsForUser($user, $token) { private function getSerialsForUser($user, $token) {
$curl = $this->getCurl(); $curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/token/?user=" . $user; $url = $this->config->twoFactorAuthenticationURL . "/token/?user=" . $user;
curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_URL, $url);
$header = array('Authorization: ' . $token, 'Accept: application/json'); $header = array('Authorization: ' . $token, 'Accept: application/json');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
@ -192,7 +193,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
*/ */
private function verify($token, $serial, $twoFactorInput) { private function verify($token, $serial, $twoFactorInput) {
$curl = $this->getCurl(); $curl = $this->getCurl();
$url = $this->profile->twoFactorAuthenticationURL . "/validate/check"; $url = $this->config->twoFactorAuthenticationURL . "/validate/check";
curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_URL, $url);
$options = array( $options = array(
'pass' => $twoFactorInput, 'pass' => $twoFactorInput,
@ -230,15 +231,20 @@ class TwoFactorProviderService {
/** 2factor authentication via privacyIDEA */ /** 2factor authentication via privacyIDEA */
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea'; const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
private $profile; private $config;
/** /**
* Constructor. * Constructor.
* *
* @param selfServiceProfile $profile profile * @param selfServiceProfile|LAMConfig $configObj profile
*/ */
public function __construct(&$profile) { public function __construct(&$configObj) {
$this->profile = $profile; if ($configObj instanceof selfServiceProfile) {
$this->config = $this->getConfigSelfService($configObj);
}
else {
$this->config = $this->getConfigAdmin($configObj);
}
} }
/** /**
@ -249,10 +255,41 @@ class TwoFactorProviderService {
* @throws \Exception unable to get provider * @throws \Exception unable to get provider
*/ */
public function getProvider() { public function getProvider() {
if ($this->profile->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) { if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
return new PrivacyIDEAProvider($this->profile); return new PrivacyIDEAProvider($this->config);
} }
throw new \Exception('Invalid provider: ' . $this->profile->twoFactorAuthentication); throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
}
/**
* Returns the configuration from self service.
*
* @param selfServiceProfile $profile profile
* @return TwoFactorConfiguration configuration
*/
private function getConfigSelfService(&$profile) {
$config = new TwoFactorConfiguration();
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
$config->twoFactorAuthenticationCaption = $profile->twoFactorAuthenticationCaption;
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
$config->twoFactorAuthenticationLabel = $profile->twoFactorAuthenticationLabel;
$config->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
return $config;
} }
} }
/**
* Configuration settings for 2-factor authentication.
*
* @author Roland Gruber
*/
class TwoFactorConfiguration {
public $twoFactorAuthentication = null;
public $twoFactorAuthenticationURL = null;
public $twoFactorAuthenticationInsecure = false;
public $twoFactorAuthenticationLabel = null;
public $twoFactorAuthenticationOptional = false;
public $twoFactorAuthenticationCaption = '';
}

View File

@ -2068,6 +2068,9 @@ class LAMConfig {
* @return string $twoFactorAuthentication authentication type * @return string $twoFactorAuthentication authentication type
*/ */
public function getTwoFactorAuthentication() { public function getTwoFactorAuthentication() {
if (empty($this->twoFactorAuthentication)) {
return TwoFactorProviderService::TWO_FACTOR_NONE;
}
return $this->twoFactorAuthentication; return $this->twoFactorAuthentication;
} }

View File

@ -1,4 +1,6 @@
<?php <?php
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
/* /*
$Id$ $Id$
@ -636,8 +638,20 @@ if(!empty($_POST['checklogin'])) {
addSecurityTokenToSession(); addSecurityTokenToSession();
// logging // logging
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.'); logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
// Load main frame // Load main frame or 2 factor page
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
metaRefresh("./main.php"); metaRefresh("./main.php");
}
else {
$_SESSION['2factorRequired'] = true;
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
}
else {
$_SESSION['user2factor'] = $_POST['username'];
}
metaRefresh("./login2Factor.php");
}
die(); die();
} }
else { else {