mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c9728a1f717045cdfa06df332b91f08a2d1fa629
librenms-librenms/html/includes/authenticate.inc.php
mcq8 c9728a1f71 refactor: Refactored authorizers to classes (#7497) 
* Refactored authorizers to classes

* Merge changes for #7335

* ! fix php 5.3 incompatibility

* Update ADAuthorizationAuthorizer.php

* Fix get_user -> getUser

* Rename AuthorizerFactory to Auth, fix interface missing functions

* Add phpdocs to all interface methods and normalize the names a bit.

* Re-work auth_test.php AD bind tests to work properly with the new class.
Reflection is not the nicest tool, but I think it is appropriate here.
Handle exceptions more nicely in auth_test.php

* Restore AD getUseList fix

Not sure how it got removed

* fix auth_test.php style
2017-11-18 10:33:03 +00:00

102 lines
3.5 KiB
PHP
Raw Blame History

<?php
use LibreNMS\Authentication\Auth;
use LibreNMS\Authentication\TwoFactor;
use LibreNMS\Exceptions\AuthenticationException;
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1); // php >= 5.5.2
ini_set('session.use_trans_sid', 0); // insecure feature, be sure it is disabled
// Pre-flight checks
if (!is_dir($config['rrd_dir'])) {
echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.</div>";
}
if (!is_dir($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is missing ({$config['temp_dir']}). Graphing may fail.</div>";
}
if (!is_writable($config['temp_dir'])) {
echo "<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.</div>";
}
// Clear up any old sessions
dbDelete('session', '`session_expiry` < ?', array(time()));
session_start();
$authorizer = Auth::get();
if ($vars['page'] == 'logout' && $authorizer->sessionAuthenticated()) {
$authorizer->logOutUser();
header('Location: ' . $config['base_url']);
exit;
}
try {
if ($authorizer->sessionAuthenticated()) {
// session authenticated already
$authorizer->logInUser();
} else {
// try authentication methods
if (isset($_POST['twofactor']) && TwoFactor::authenticate($_POST['twofactor'])) {
// process two-factor auth tokens
$authorizer->logInUser();
} elseif (isset($_COOKIE['sess_id'], $_COOKIE['token']) &&
$authorizer->reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token']))
) {
$_SESSION['remember'] = true;
$_SESSION['twofactor'] = true; // trust cookie
// cookie authentication
$authorizer->logInUser();
} else {
// collect username and password
$password = null;
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$username = clean($_REQUEST['username']);
$password = $_REQUEST['password'];
} elseif (isset($_SERVER['REMOTE_USER'])) {
$username = clean($_SERVER['REMOTE_USER']);
} elseif (isset($_SERVER['PHP_AUTH_USER']) && $config['auth_mechanism'] === 'http-auth') {
$username = clean($_SERVER['PHP_AUTH_USER']);
}
// form authentication
if (isset($username) && $authorizer->authenticate($username, $password)) {
$_SESSION['username'] = $username;
if (isset($_POST['remember'])) {
$_SESSION['remember'] = $_POST['remember'];
}
if ($authorizer->logInUser()) {
// redirect to original uri or home page.
header('Location: '.rtrim($config['base_url'], '/').$_SERVER['REQUEST_URI'], true, 303);
}
}
}
}
} catch (AuthenticationException $ae) {
$auth_message = $ae->getMessage();
if ($debug) {
$auth_message .= '<br /> ' . $ae->getFile() . ': ' . $ae->getLine();
}
dbInsert(
array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => $auth_message),
'authlog'
);
$authorizer->logOutUser($auth_message);
}
session_write_close();
// populate the permissions cache
if (isset($_SESSION['user_id'])) {
$permissions = permissions_cache($_SESSION['user_id']);
}
unset($username, $password);
Reference in New Issue View Git Blame Copy Permalink