LibreNMS/Authentication/RadiusAuthorizer.php

<?php

namespace LibreNMS\Authentication;

use Dapphp\Radius\Radius;
use LibreNMS\Config;
use LibreNMS\Exceptions\AuthenticationException;

class RadiusAuthorizer extends MysqlAuthorizer
{
    protected static $HAS_AUTH_USERMANAGEMENT = 1;
    protected static $CAN_UPDATE_USER = 1;
    protected static $CAN_UPDATE_PASSWORDS = 0;

    /** @var Radius $radius */
    protected $radius;

    public function __construct()
    {
        $this->radius = new Radius(Config::get('radius.hostname'), Config::get('radius.secret'), Config::get('radius.suffix'), Config::get('radius.timeout'), Config::get('radius.port'));
    }

    public function authenticate($credentials)
    {
        global $debug;

        if (empty($credentials['username'])) {
            throw new AuthenticationException('Username is required');
        }

        if ($debug) {
            $this->radius->setDebug(true);
        }

        $password = $credentials['password'] ?? null;
        if ($this->radius->accessRequest($credentials['username'], $password) === true) {
            $this->addUser($credentials['username'], $password, Config::get('radius.default_level', 1));
            return true;
        }

        throw new AuthenticationException();
    }
}
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`<?php`

			`namespace LibreNMS\Authentication;`

			`use Dapphp\Radius\Radius;`
			`use LibreNMS\Config;`
			`use LibreNMS\Exceptions\AuthenticationException;`

refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`class RadiusAuthorizer extends MysqlAuthorizer`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`{`
			`protected static $HAS_AUTH_USERMANAGEMENT = 1;`
			`protected static $CAN_UPDATE_USER = 1;`
refactor: Share code between all mysql based authorizers (#8174) * Share code between all mysql based authorizers I plan to update the mysql password encryption and this will allow the code to be changed in a single location. It also reduces a lot of duplication. * Fix tests, I suspect reauthenticate will work for these... Do not allow password updates for several authorizers 2018-02-06 15:20:34 -06:00			`protected static $CAN_UPDATE_PASSWORDS = 0;`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
			`/** @var Radius $radius */`
			`protected $radius;`

			`public function __construct()`
			`{`
			`$this->radius = new Radius(Config::get('radius.hostname'), Config::get('radius.secret'), Config::get('radius.suffix'), Config::get('radius.timeout'), Config::get('radius.port'));`
			`}`

Prevent credentials from being leaked in backtrace in some instances (#9817) * Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test 2019-03-05 00:24:14 -06:00			`public function authenticate($credentials)`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`{`
			`global $debug;`

Prevent credentials from being leaked in backtrace in some instances (#9817) * Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test 2019-03-05 00:24:14 -06:00			`if (empty($credentials['username'])) {`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`throw new AuthenticationException('Username is required');`
			`}`

			`if ($debug) {`
			`$this->radius->setDebug(true);`
			`}`

Prevent credentials from being leaked in backtrace in some instances (#9817) * Prevent credentials from being leak in backtrace in some instances Particularly before the user is authenticated * fix test 2019-03-05 00:24:14 -06:00			`$password = $credentials['password'] ?? null;`
			`if ($this->radius->accessRequest($credentials['username'], $password) === true) {`
			`$this->addUser($credentials['username'], $password, Config::get('radius.default_level', 1));`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00			`return true;`
			`}`

			`throw new AuthenticationException();`
			`}`
			`}`