refactoring
This commit is contained in:
parent
88050ca3f0
commit
ac92e048fb
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
namespace LAM\LIB\TWO_FACTOR;
|
namespace LAM\LIB\TWO_FACTOR;
|
||||||
use \selfServiceProfile;
|
use \selfServiceProfile;
|
||||||
|
use \LAMConfig;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
|
@ -58,15 +59,15 @@ interface TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
class PrivacyIDEAProvider implements TwoFactorProvider {
|
class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
|
|
||||||
private $profile;
|
private $config;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
* @param selfServiceProfile $profile profile
|
* @param TwoFactorConfiguration $config configuration
|
||||||
*/
|
*/
|
||||||
public function __construct(&$profile) {
|
public function __construct(&$config) {
|
||||||
$this->profile = $profile;
|
$this->config = $config;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -99,7 +100,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
private function authenticate($user, $password) {
|
private function authenticate($user, $password) {
|
||||||
$curl = $this->getCurl();
|
$curl = $this->getCurl();
|
||||||
$url = $this->profile->twoFactorAuthenticationURL . "/auth";
|
$url = $this->config->twoFactorAuthenticationURL . "/auth";
|
||||||
curl_setopt($curl, CURLOPT_URL, $url);
|
curl_setopt($curl, CURLOPT_URL, $url);
|
||||||
$header = array('Accept: application/json');
|
$header = array('Accept: application/json');
|
||||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
|
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
|
||||||
|
@ -137,7 +138,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
private function getCurl() {
|
private function getCurl() {
|
||||||
$curl = curl_init();
|
$curl = curl_init();
|
||||||
if ($this->profile->twoFactorAuthenticationInsecure) {
|
if ($this->config->twoFactorAuthenticationInsecure) {
|
||||||
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
||||||
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
|
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
|
||||||
}
|
}
|
||||||
|
@ -154,7 +155,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
private function getSerialsForUser($user, $token) {
|
private function getSerialsForUser($user, $token) {
|
||||||
$curl = $this->getCurl();
|
$curl = $this->getCurl();
|
||||||
$url = $this->profile->twoFactorAuthenticationURL . "/token/?user=" . $user;
|
$url = $this->config->twoFactorAuthenticationURL . "/token/?user=" . $user;
|
||||||
curl_setopt($curl, CURLOPT_URL, $url);
|
curl_setopt($curl, CURLOPT_URL, $url);
|
||||||
$header = array('Authorization: ' . $token, 'Accept: application/json');
|
$header = array('Authorization: ' . $token, 'Accept: application/json');
|
||||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
|
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
|
||||||
|
@ -192,7 +193,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider {
|
||||||
*/
|
*/
|
||||||
private function verify($token, $serial, $twoFactorInput) {
|
private function verify($token, $serial, $twoFactorInput) {
|
||||||
$curl = $this->getCurl();
|
$curl = $this->getCurl();
|
||||||
$url = $this->profile->twoFactorAuthenticationURL . "/validate/check";
|
$url = $this->config->twoFactorAuthenticationURL . "/validate/check";
|
||||||
curl_setopt($curl, CURLOPT_URL, $url);
|
curl_setopt($curl, CURLOPT_URL, $url);
|
||||||
$options = array(
|
$options = array(
|
||||||
'pass' => $twoFactorInput,
|
'pass' => $twoFactorInput,
|
||||||
|
@ -230,15 +231,20 @@ class TwoFactorProviderService {
|
||||||
/** 2factor authentication via privacyIDEA */
|
/** 2factor authentication via privacyIDEA */
|
||||||
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
|
const TWO_FACTOR_PRIVACYIDEA = 'privacyidea';
|
||||||
|
|
||||||
private $profile;
|
private $config;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
* @param selfServiceProfile $profile profile
|
* @param selfServiceProfile|LAMConfig $configObj profile
|
||||||
*/
|
*/
|
||||||
public function __construct(&$profile) {
|
public function __construct(&$configObj) {
|
||||||
$this->profile = $profile;
|
if ($configObj instanceof selfServiceProfile) {
|
||||||
|
$this->config = $this->getConfigSelfService($configObj);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$this->config = $this->getConfigAdmin($configObj);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -249,10 +255,41 @@ class TwoFactorProviderService {
|
||||||
* @throws \Exception unable to get provider
|
* @throws \Exception unable to get provider
|
||||||
*/
|
*/
|
||||||
public function getProvider() {
|
public function getProvider() {
|
||||||
if ($this->profile->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
|
if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) {
|
||||||
return new PrivacyIDEAProvider($this->profile);
|
return new PrivacyIDEAProvider($this->config);
|
||||||
}
|
}
|
||||||
throw new \Exception('Invalid provider: ' . $this->profile->twoFactorAuthentication);
|
throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the configuration from self service.
|
||||||
|
*
|
||||||
|
* @param selfServiceProfile $profile profile
|
||||||
|
* @return TwoFactorConfiguration configuration
|
||||||
|
*/
|
||||||
|
private function getConfigSelfService(&$profile) {
|
||||||
|
$config = new TwoFactorConfiguration();
|
||||||
|
$config->twoFactorAuthentication = $profile->twoFactorAuthentication;
|
||||||
|
$config->twoFactorAuthenticationCaption = $profile->twoFactorAuthenticationCaption;
|
||||||
|
$config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure;
|
||||||
|
$config->twoFactorAuthenticationLabel = $profile->twoFactorAuthenticationLabel;
|
||||||
|
$config->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional;
|
||||||
|
$config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL;
|
||||||
|
return $config;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Configuration settings for 2-factor authentication.
|
||||||
|
*
|
||||||
|
* @author Roland Gruber
|
||||||
|
*/
|
||||||
|
class TwoFactorConfiguration {
|
||||||
|
public $twoFactorAuthentication = null;
|
||||||
|
public $twoFactorAuthenticationURL = null;
|
||||||
|
public $twoFactorAuthenticationInsecure = false;
|
||||||
|
public $twoFactorAuthenticationLabel = null;
|
||||||
|
public $twoFactorAuthenticationOptional = false;
|
||||||
|
public $twoFactorAuthenticationCaption = '';
|
||||||
|
}
|
||||||
|
|
|
@ -2068,6 +2068,9 @@ class LAMConfig {
|
||||||
* @return string $twoFactorAuthentication authentication type
|
* @return string $twoFactorAuthentication authentication type
|
||||||
*/
|
*/
|
||||||
public function getTwoFactorAuthentication() {
|
public function getTwoFactorAuthentication() {
|
||||||
|
if (empty($this->twoFactorAuthentication)) {
|
||||||
|
return TwoFactorProviderService::TWO_FACTOR_NONE;
|
||||||
|
}
|
||||||
return $this->twoFactorAuthentication;
|
return $this->twoFactorAuthentication;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
|
@ -636,8 +638,20 @@ if(!empty($_POST['checklogin'])) {
|
||||||
addSecurityTokenToSession();
|
addSecurityTokenToSession();
|
||||||
// logging
|
// logging
|
||||||
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
|
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
|
||||||
// Load main frame
|
// Load main frame or 2 factor page
|
||||||
|
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
|
||||||
metaRefresh("./main.php");
|
metaRefresh("./main.php");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$_SESSION['2factorRequired'] = true;
|
||||||
|
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
|
||||||
|
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$_SESSION['user2factor'] = $_POST['username'];
|
||||||
|
}
|
||||||
|
metaRefresh("./login2Factor.php");
|
||||||
|
}
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
Loading…
Reference in New Issue