mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
c9728a1f71
* Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style
171 lines
4.7 KiB
PHP
171 lines
4.7 KiB
PHP
<?php
|
|
|
|
namespace LibreNMS\Interfaces\Authentication;
|
|
|
|
use LibreNMS\Exceptions\AuthenticationException;
|
|
|
|
interface Authorizer
|
|
{
|
|
/**
|
|
* Authenticate the user and password.
|
|
* Some Authorizer methods may only check username.
|
|
*
|
|
* @param $username
|
|
* @param $password
|
|
* @return true throws an Exception on failure
|
|
* @throws AuthenticationException thrown if the username or password is invalid
|
|
*/
|
|
public function authenticate($username, $password);
|
|
|
|
/**
|
|
* Check for cookie token to see if this is a valid saved session
|
|
* Authorizers should check if the user is still valid then return checkRememberMe()
|
|
*
|
|
* @param int $sess_id
|
|
* @param string $token
|
|
* @return bool
|
|
* @throws AuthenticationException thrown if the cookie or user is invalid
|
|
*/
|
|
public function reauthenticate($sess_id, $token);
|
|
|
|
/**
|
|
* Check if a $username exists.
|
|
*
|
|
* @param string $username
|
|
* @param bool $throw_exception If this is enabled instead of returning false, this will throw an exception.
|
|
* @return bool
|
|
*/
|
|
public function userExists($username, $throw_exception = false);
|
|
|
|
/**
|
|
* Get the userlevel of $username
|
|
*
|
|
* @param string $username The username to check
|
|
* @return int
|
|
*/
|
|
public function getUserlevel($username);
|
|
|
|
/**
|
|
* Get the user_id of $username
|
|
*
|
|
* @param string $username
|
|
* @return int
|
|
*/
|
|
public function getUserid($username);
|
|
|
|
/**
|
|
* Get an array describing this $user_id.
|
|
*
|
|
* It should contain the fields:
|
|
* user_id
|
|
* username
|
|
* realname
|
|
* email
|
|
* descr
|
|
* level
|
|
* can_modify_passwd
|
|
*
|
|
* @param int $user_id
|
|
* @return array
|
|
*/
|
|
public function getUser($user_id);
|
|
|
|
/**
|
|
* Add a new user.
|
|
*
|
|
* @param string $username
|
|
* @param string $password
|
|
* @param int $level
|
|
* @param string $email
|
|
* @param string $realname
|
|
* @param int $can_modify_passwd If this user is allowed to edit their password
|
|
* @param string $description
|
|
* @return int|false Returns the added user_id or false if adding failed
|
|
*/
|
|
public function addUser($username, $password, $level = 0, $email = '', $realname = '', $can_modify_passwd = 0, $description = '');
|
|
|
|
/**
|
|
* Update the some of the fields of a user
|
|
*
|
|
* @param int $user_id The user_id to update
|
|
* @param string $realname
|
|
* @param int $level
|
|
* @param int $can_modify_passwd
|
|
* @param string $email
|
|
* @return bool If the update was successful
|
|
*/
|
|
public function updateUser($user_id, $realname, $level, $can_modify_passwd, $email);
|
|
|
|
/**
|
|
* @param string $username The $username to update
|
|
* @param string $newpassword
|
|
* @return bool If the update was successful
|
|
*/
|
|
public function changePassword($username, $newpassword);
|
|
|
|
/**
|
|
* Delete a user.
|
|
*
|
|
* @param int $user_id
|
|
* @return bool If the deletion was successful
|
|
*/
|
|
public function deleteUser($user_id);
|
|
|
|
/**
|
|
* Get a list of all users in this Authorizer
|
|
* !Warning! this could be very slow for some Authorizer types or configurations
|
|
*
|
|
* @return array
|
|
*/
|
|
public function getUserlist();
|
|
|
|
/**
|
|
* Check if this Authorizer can add or remove users.
|
|
* You must also check canUpdateUsers() to see if it can edit users.
|
|
* You must check canUpdatePasswords() to see if it can set passwords.
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function canManageUsers();
|
|
|
|
/**
|
|
* Check if this Authorizer can modify users.
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function canUpdateUsers();
|
|
|
|
/**
|
|
* Check if this Authorizer can set new passwords.
|
|
*
|
|
* @param string $username Optionally, check if $username can set their own password
|
|
* @return bool
|
|
*/
|
|
public function canUpdatePasswords($username = '');
|
|
|
|
/**
|
|
* Log out the user, unset cookies, destroy the session
|
|
*
|
|
* @param string $message The logout message.
|
|
*/
|
|
public function logOutUser($message = 'Logged Out');
|
|
|
|
/**
|
|
* Log in the user and set up a few login tasks
|
|
* $_SESSION['username'] must be set prior to calling this function
|
|
* If twofactor authentication is enabled, it will be checked here.
|
|
*
|
|
* If everything goes well, $_SESSION['authenticated'] will be true after this function completes.
|
|
* @return bool If the user was successfully logged in.
|
|
* @throws AuthenticationException if anything failed why trying to log in
|
|
*/
|
|
public function logInUser();
|
|
|
|
/**
|
|
* Check if the session is authenticated
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function sessionAuthenticated();
|
|
}
|