mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-12-05 13:53:34 +00:00
move code in controller, better documentation
This commit is contained in:
Uwe Steinmann
parent
bc03ccaeea
commit
ab345d428a
|
|
@ -31,50 +31,82 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
|
|||
return self::$user;
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Create a webauthn challenge and return it as application/json
|
||||
*
|
||||
* This is called from javascript on the login page right after the
|
||||
* login button is preset. The returned challange is than passed to
|
||||
* javascript which instructs the browser to do the communication with
|
||||
* the usb key token.
|
||||
*/
|
||||
function preparelogin() { /* {{{ */
|
||||
$dms = $this->params['dms'];
|
||||
$settings = $this->params['settings'];
|
||||
$session = $this->params['session'];
|
||||
$sesstheme = $this->params['sesstheme'];
|
||||
$source = isset($this->params['source']) ? $this->params['source'] : '';
|
||||
$sesstheme = $this->getParam('sesstheme');
|
||||
$referuri = $this->getParam('referuri');
|
||||
$lang = $this->getParam('lang');
|
||||
$login = $this->params['login'];
|
||||
|
||||
if($user = $dms->getUserByLogin($login)) {
|
||||
$webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']);
|
||||
|
||||
/* Even without a public key stored for the user (user has not
|
||||
* registered yet), we will do the authentication, because an
|
||||
* error msg may reveal that the user exists.
|
||||
*/
|
||||
$j['challenge'] = $webauthn->prepareForLogin($user->getWebauthn());
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
echo 'User cannot be authenticated.';
|
||||
exit;
|
||||
}
|
||||
header('Content-type: application/json');
|
||||
echo json_encode($j);
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Alternative method to run() for authenticating with webauthn.
|
||||
*
|
||||
* Once the browser has successfully finished the communication with the
|
||||
* usb key token, this method will be called with the signature signed
|
||||
* by the usb key in 'logininfo'. That data is checked with the public
|
||||
* key store in the users profile.
|
||||
*
|
||||
* Not like run() this method is called from within javascript and
|
||||
* needs to return the uri. The calling javascript code will than
|
||||
* redirect the browser to the uri.
|
||||
*/
|
||||
function login() { /* {{{ */
|
||||
$dms = $this->params['dms'];
|
||||
$settings = $this->params['settings'];
|
||||
$login = $this->params['login'];
|
||||
$logininfo = $this->params['logininfo'];
|
||||
$referuri = $this->params['referuri'];
|
||||
|
||||
if($user = $dms->getUserByLogin($login)) {
|
||||
$webauthn = new \Davidearl\WebAuthn\WebAuthn($_SERVER['HTTP_HOST']);
|
||||
|
||||
if (! $webauthn->authenticate($logininfo, $user->getWebauthn())) {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!self::_finalize($user)) {
|
||||
if(self::_finalize($user)) {
|
||||
if (isset($referuri) && strlen($referuri)>0) {
|
||||
$j = $referuri;
|
||||
} else {
|
||||
$j = $settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID));
|
||||
}
|
||||
header('Content-type: application/json');
|
||||
echo json_encode($j);
|
||||
return true;
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
} /* }}} */
|
||||
|
||||
protected function _finalize($user) { /* {{{ */
|
||||
|
|
|
|||
|
|
@ -94,27 +94,14 @@ $controller->setParam('session', $session);
|
|||
$controller->setParam('authenticator', $authenticator);
|
||||
$action = !empty($_POST['action']) ? $_POST['action'] : '';
|
||||
switch($action) {
|
||||
/* preparelogin() and login() are both called by ajax */
|
||||
case 'preparelogin':
|
||||
$controller->preparelogin();
|
||||
exit();
|
||||
break;
|
||||
case 'login':
|
||||
if($controller->login()) {
|
||||
if (isset($referuri) && strlen($referuri)>0) {
|
||||
$j = $referuri;
|
||||
} else {
|
||||
$user = $controller->getUser();
|
||||
$j = $settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID));
|
||||
}
|
||||
header('Content-type: application/json');
|
||||
echo json_encode($j);
|
||||
exit;
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo 'failed to authenticate with that key';
|
||||
exit;
|
||||
}
|
||||
exit;
|
||||
$controller->login();
|
||||
exit();
|
||||
break;
|
||||
default:
|
||||
if(!$controller()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user