From cf75d8a7cce826535d626e2d7c1ad382967fabe8 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Sat, 6 May 2023 07:18:51 +0200 Subject: [PATCH] move much of code after success full auth in __finalize() --- controllers/class.Login.php | 213 +++++++++++++++++++----------------- 1 file changed, 112 insertions(+), 101 deletions(-) diff --git a/controllers/class.Login.php b/controllers/class.Login.php index 18412dbe5..691be6b7e 100644 --- a/controllers/class.Login.php +++ b/controllers/class.Login.php @@ -31,110 +31,12 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { return self::$user; } /* }}} */ - public function run() { /* {{{ */ - $dms = $this->params['dms']; + protected function _finalize($user) { /* {{{ */ $settings = $this->params['settings']; $session = $this->params['session']; - $authenticator = $this->params['authenticator']; + $sesstheme = $this->params['sesstheme']; $source = isset($this->params['source']) ? $this->params['source'] : ''; - $sesstheme = $this->getParam('sesstheme'); - $referuri = $this->getParam('referuri'); - $lang = $this->getParam('lang'); - $login = $this->params['login']; - $pwd = $this->params['pwd']; - - self::$user = null; - - /* The preLogin hook may set self::$user which will prevent any further - * authentication process. - */ - if($this->callHook('preLogin')) { - } - - $user = self::$user; - - /* The password may only be empty if the guest user tries to log in. - * There is just one guest account with id $settings->_guestID which - * is allowed to log in without a password. All other guest accounts - * are treated like regular logins - */ - if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) { - $guestUser = $dms->getUser((int) $settings->_guestID); - if($guestUser) { - if(($login != $guestUser->getLogin())) { - if ((!isset($pwd) || strlen($pwd)==0)) { - $this->setErrorMsg("login_error_text"); - return false; - } - } else { - $user = $guestUser; - } - } - } - - /* Run any additional authentication method. The hook must return a - * valid user, if the authentication succeeded. If it fails, it must - * return false and if the hook doesn't care at all, if must return null. - */ - if(!$user) { - $user = $this->callHook('authenticate', $source); - if(false === $user) { - if(empty($this->errormsg)) - $this->setErrorMsg("authentication_failed"); - return false; - } - } - - /* Deprecated: Run any additional authentication implemented in a hook */ - if(!is_object($user) && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) { - foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) { - if(!$user && method_exists($authObj, 'authenticate')) { - $user = $authObj->authenticate($dms, $settings, $login, $pwd); - if(false === $user) { - if(empty($this->errormsg)) - $this->setErrorMsg("authentication_failed"); - return false; - } - } - } - } - - $user = $authenticator->authenticate($login, $pwd); - - if(0) { - /* Authenticate against LDAP server {{{ */ - if (!is_object($user) && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { - require_once("../inc/inc.ClassLdapAuthentication.php"); - $authobj = new SeedDMS_LdapAuthentication($dms, $settings); - $user = $authobj->authenticate($login, $pwd); - if(!$user) { - add_log_line('Authentication against LDAP failed for user '.$login); - } - } /* }}} */ - - /* Authenticate against SeedDMS database {{{ */ - if(!is_object($user)) { - require_once("../inc/inc.ClassDbAuthentication.php"); - $authobj = new SeedDMS_DbAuthentication($dms, $settings); - $user = $authobj->authenticate($login, $pwd); - } /* }}} */ - } - - /* If the user is still not authenticated, then exit with an error */ - if(!is_object($user)) { - /* if counting of login failures is turned on, then increment its value */ - if($settings->_loginFailure) { - $user = $dms->getUserByLogin($login); - if($user) { - $failures = $user->addLoginFailure(); - if($failures >= $settings->_loginFailure) - $user->setDisabled(true); - } - } - $this->callHook('loginFailed'); - $this->setErrorMsg("login_error_text"); - return false; - } + $lang = $this->params['lang']; self::$user = $user; @@ -251,4 +153,113 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { return true; } /* }}} */ + + public function run() { /* {{{ */ + $dms = $this->params['dms']; + $settings = $this->params['settings']; + $session = $this->params['session']; + $authenticator = $this->params['authenticator']; + $source = isset($this->params['source']) ? $this->params['source'] : ''; + $sesstheme = $this->getParam('sesstheme'); + $referuri = $this->getParam('referuri'); + $lang = $this->getParam('lang'); + $login = $this->params['login']; + $pwd = $this->params['pwd']; + + self::$user = null; + + /* The preLogin hook may set self::$user which will prevent any further + * authentication process. + */ + if($this->callHook('preLogin')) { + } + + $user = self::$user; + + /* The password may only be empty if the guest user tries to log in. + * There is just one guest account with id $settings->_guestID which + * is allowed to log in without a password. All other guest accounts + * are treated like regular logins + */ + if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) { + $guestUser = $dms->getUser((int) $settings->_guestID); + if($guestUser) { + if(($login != $guestUser->getLogin())) { + if ((!isset($pwd) || strlen($pwd)==0)) { + $this->setErrorMsg("login_error_text"); + return false; + } + } else { + $user = $guestUser; + } + } + } + + /* Run any additional authentication method. The hook must return a + * valid user, if the authentication succeeded. If it fails, it must + * return false and if the hook doesn't care at all, if must return null. + */ + if(!$user) { + $user = $this->callHook('authenticate', $source); + if(false === $user) { + if(empty($this->errormsg)) + $this->setErrorMsg("authentication_failed"); + return false; + } + } + + /* Deprecated: Run any additional authentication implemented in a hook */ + if(!is_object($user) && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) { + foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) { + if(!$user && method_exists($authObj, 'authenticate')) { + $user = $authObj->authenticate($dms, $settings, $login, $pwd); + if(false === $user) { + if(empty($this->errormsg)) + $this->setErrorMsg("authentication_failed"); + return false; + } + } + } + } + + $user = $authenticator->authenticate($login, $pwd); + + if(0) { + /* Authenticate against LDAP server {{{ */ + if (!is_object($user) && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { + require_once("../inc/inc.ClassLdapAuthentication.php"); + $authobj = new SeedDMS_LdapAuthentication($dms, $settings); + $user = $authobj->authenticate($login, $pwd); + if(!$user) { + add_log_line('Authentication against LDAP failed for user '.$login); + } + } /* }}} */ + + /* Authenticate against SeedDMS database {{{ */ + if(!is_object($user)) { + require_once("../inc/inc.ClassDbAuthentication.php"); + $authobj = new SeedDMS_DbAuthentication($dms, $settings); + $user = $authobj->authenticate($login, $pwd); + } /* }}} */ + } + + /* If the user is still not authenticated, then exit with an error */ + if(!is_object($user)) { + /* if counting of login failures is turned on, then increment its value */ + if($settings->_loginFailure) { + $user = $dms->getUserByLogin($login); + if($user) { + $failures = $user->addLoginFailure(); + if($failures >= $settings->_loginFailure) + $user->setDisabled(true); + } + } + $this->callHook('loginFailed'); + $this->setErrorMsg("login_error_text"); + return false; + } + + return self::_finalize($user); + + } /* }}} */ }