mirror of https://tt-rss.org/git/tt-rss.git
move authentication modules to plugins/
This commit is contained in:
Andrew Dolgov
parent
61261e45b9
commit
0f28f81f89
|
|
@ -0,0 +1,5 @@
|
|||
<?php
|
||||
interface IAuthModule {
|
||||
function authenticate($login, $password);
|
||||
}
|
||||
?>
|
||||
|
|
@ -13,6 +13,7 @@ class PluginHost {
|
|||
const HOOK_PREFS_TABS = 5;
|
||||
const HOOK_FEED_PARSED = 6;
|
||||
const HOOK_UPDATE_TASK = 7;
|
||||
const HOOK_AUTH_USER = 8;
|
||||
|
||||
const KIND_ALL = 1;
|
||||
const KIND_SYSTEM = 2;
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected {
|
|||
return;
|
||||
}
|
||||
|
||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
||||
$authenticator = new $module_class($this->link);
|
||||
global $pluginhost;
|
||||
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||
|
||||
if (method_exists($authenticator, "change_password")) {
|
||||
print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
|
||||
|
|
@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected {
|
|||
|
||||
print "</form>";
|
||||
|
||||
if ($_SESSION["auth_module"]) {
|
||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
||||
$authenticator = new $module_class($this->link);
|
||||
if ($_SESSION["auth_module"]) {
|
||||
global $pluginhost;
|
||||
|
||||
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||
|
||||
} else {
|
||||
$authenticator = false;
|
||||
}
|
||||
|
|
@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected {
|
|||
|
||||
print "</form>";
|
||||
|
||||
if ($_SESSION["auth_module"] == "internal") {
|
||||
if ($_SESSION["auth_module"] == "auth_internal") {
|
||||
|
||||
print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
|
||||
|
||||
|
|
@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected {
|
|||
|
||||
function otpenable() {
|
||||
$password = db_escape_string($_REQUEST["password"]);
|
||||
|
||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
||||
$authenticator = new $module_class($this->link);
|
||||
$enable_otp = $_REQUEST["enable_otp"] == "on";
|
||||
|
||||
global $pluginhost;
|
||||
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||
|
||||
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
||||
|
||||
if ($enable_otp) {
|
||||
|
|
@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected {
|
|||
function otpdisable() {
|
||||
$password = db_escape_string($_REQUEST["password"]);
|
||||
|
||||
$module_class = "auth_" . $_SESSION["auth_module"];
|
||||
$authenticator = new $module_class($this->link);
|
||||
global $pluginhost;
|
||||
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
|
||||
|
||||
if ($authenticator->check_password($_SESSION["uid"], $password)) {
|
||||
|
||||
|
|
|
|||
|
|
@ -52,15 +52,7 @@
|
|||
// *** Authentication ***
|
||||
// **********************
|
||||
|
||||
define('AUTH_MODULES', 'internal');
|
||||
// Comma-separated list of authentication modules to use.
|
||||
// Available modules are:
|
||||
// internal - tt-rss internal user DB
|
||||
// remote - use server REMOTE_USER variable or client SSL certificate if enabled
|
||||
// imap - authenticates using an IMAP server (check classes/auth/imap.php for some
|
||||
// stuff you need to put into config.php)
|
||||
// in preferences
|
||||
//
|
||||
// Please see PLUGINS below to configure various authentication modules.
|
||||
|
||||
define('AUTH_AUTO_CREATE', true);
|
||||
// Allow authentication modules to auto-create users in tt-rss internal
|
||||
|
|
@ -173,12 +165,13 @@
|
|||
// if you experience weird errors and tt-rss failing to start, blank pages
|
||||
// after login, or content encoding errors, disable it.
|
||||
|
||||
define('PLUGINS', 'note');
|
||||
// Comma-separated list of plugins to load automatically for all users.
|
||||
// System plugins have to be specified here.
|
||||
define('PLUGINS', 'auth_remote, auth_internal, note');
|
||||
// Comma-separated list of plugins to load automatically for all users.
|
||||
// System plugins have to be specified here. Please enable at least one
|
||||
// authentication plugin here (auth_*).
|
||||
// Users may enable other user plugins from Preferences/Plugins but may not
|
||||
// disable plugins specified in this list.
|
||||
|
||||
|
||||
define('FEEDBACK_URL', '');
|
||||
// Displays an URL for users to provide feedback or comments regarding
|
||||
// this instance of tt-rss. Can lead to a forum, contact email, etc.
|
||||
|
|
|
|||
|
|
@ -547,7 +547,7 @@
|
|||
if (!SINGLE_USER_MODE) {
|
||||
|
||||
$user_id = false;
|
||||
$modules = explode(",", AUTH_MODULES);
|
||||
/* $modules = explode(",", AUTH_MODULES);
|
||||
|
||||
foreach ($modules as $module) {
|
||||
$module_class = "auth_$module";
|
||||
|
|
@ -565,6 +565,17 @@
|
|||
print T_sprintf("Fatal: authentication module %s not found.", $module);
|
||||
die;
|
||||
}
|
||||
} */
|
||||
|
||||
global $pluginhost;
|
||||
foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) {
|
||||
|
||||
$user_id = (int) $plugin->authenticate($login, $password);
|
||||
|
||||
if ($user_id) {
|
||||
$_SESSION["auth_module"] = strtolower(get_class($plugin));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($user_id && !$check_only) {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
<?php # This file has been generated at: Mon Dec 24 13:27:42 MSK 2012
|
||||
<?php # This file has been generated at: Thu Dec 27 15:13:04 MSK 2012
|
||||
define('GENERATED_CONFIG_CHECK', 26);
|
||||
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_MODULES', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
|
||||
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
|
||||
|
|
|
|||
|
|
@ -6,9 +6,27 @@
|
|||
define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
|
||||
// More about options: http://php.net/manual/ru/function.imap-open.php
|
||||
|
||||
*/
|
||||
*/
|
||||
class Auth_Imap extends Plugin implements IAuthModule {
|
||||
|
||||
class Auth_Imap extends Auth_Base {
|
||||
private $link;
|
||||
private $host;
|
||||
private $base;
|
||||
|
||||
function about() {
|
||||
return array(1.0,
|
||||
"Authenticates against an IMAP server (configured in config.php)",
|
||||
"fox",
|
||||
true);
|
||||
}
|
||||
|
||||
function init($host) {
|
||||
$this->link = $host->get_link();
|
||||
$this->host = $host;
|
||||
$this->base = new Auth_Base($this->link);
|
||||
|
||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||
}
|
||||
|
||||
function authenticate($login, $password) {
|
||||
|
||||
|
|
@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base {
|
|||
if ($imap) {
|
||||
imap_close($imap);
|
||||
|
||||
return $this->auto_create_user($login);
|
||||
return $this->base->auto_create_user($login);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -1,5 +1,22 @@
|
|||
<?php
|
||||
class Auth_Internal extends Auth_Base {
|
||||
class Auth_Internal extends Plugin implements IAuthModule {
|
||||
|
||||
private $link;
|
||||
private $host;
|
||||
|
||||
function about() {
|
||||
return array(1.0,
|
||||
"Authenticates against internal tt-rss database",
|
||||
"fox",
|
||||
true);
|
||||
}
|
||||
|
||||
function init($host) {
|
||||
$this->link = $host->get_link();
|
||||
$this->host = $host;
|
||||
|
||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||
}
|
||||
|
||||
function authenticate($login, $password) {
|
||||
|
||||
|
|
@ -1,5 +1,25 @@
|
|||
<?php
|
||||
class Auth_Remote extends Auth_Base {
|
||||
class Auth_Remote extends Plugin implements IAuthModule {
|
||||
|
||||
private $link;
|
||||
private $host;
|
||||
private $base;
|
||||
|
||||
function about() {
|
||||
return array(1.0,
|
||||
"Authenticates against remote password (e.g. supplied by Apache)",
|
||||
"fox",
|
||||
true);
|
||||
}
|
||||
|
||||
function init($host) {
|
||||
$this->link = $host->get_link();
|
||||
$this->host = $host;
|
||||
$this->base = new Auth_Base($this->link);
|
||||
|
||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||
}
|
||||
|
||||
function get_login_by_ssl_certificate() {
|
||||
$cert_serial = db_escape_string(get_ssl_certificate_id());
|
||||
|
||||
|
|
@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base {
|
|||
# if (!$try_login) $try_login = "test_qqq";
|
||||
|
||||
if ($try_login) {
|
||||
$user_id = $this->auto_create_user($try_login);
|
||||
$user_id = $this->base->auto_create_user($try_login);
|
||||
|
||||
if ($user_id) {
|
||||
$_SESSION["fake_login"] = $try_login;
|
||||
Loading…
Reference in New Issue