diff --git a/controllers/class.Login.php b/controllers/class.Login.php index d30739bf0..18412dbe5 100644 --- a/controllers/class.Login.php +++ b/controllers/class.Login.php @@ -35,6 +35,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { $dms = $this->params['dms']; $settings = $this->params['settings']; $session = $this->params['session']; + $authenticator = $this->params['authenticator']; $source = isset($this->params['source']) ? $this->params['source'] : ''; $sesstheme = $this->getParam('sesstheme'); $referuri = $this->getParam('referuri'); @@ -98,6 +99,9 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { } } + $user = $authenticator->authenticate($login, $pwd); + + if(0) { /* Authenticate against LDAP server {{{ */ if (!is_object($user) && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { require_once("../inc/inc.ClassLdapAuthentication.php"); @@ -114,6 +118,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { $authobj = new SeedDMS_DbAuthentication($dms, $settings); $user = $authobj->authenticate($login, $pwd); } /* }}} */ + } /* If the user is still not authenticated, then exit with an error */ if(!is_object($user)) { diff --git a/inc/inc.AuthenticationInit.php b/inc/inc.AuthenticationInit.php new file mode 100644 index 000000000..f7beb05b6 --- /dev/null +++ b/inc/inc.AuthenticationInit.php @@ -0,0 +1,42 @@ + + * @copyright Copyright (C) 2002-2005 Markus Westphal, + * 2006-2008 Malcolm Cowe, 2010-2022 Uwe Steinmann + * @version Release: @package_version@ + */ + +require_once('inc.ClassAuthenticationService.php'); +require_once('inc.ClassDbAuthentication.php'); +require_once('inc.ClassLdapAuthentication.php'); + +global $logger; +$authenticator = new SeedDMS_AuthenticationService($logger, $settings); + +if(isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) { + foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authenticationObj) { + if(method_exists($authenticationObj, 'preAddService')) { + $authenticationObj->preAddService($dms, $authenticator); + } + } +} + +$authenticator->addService(new SeedDMS_DbAuthentication($dms, $settings), 'db'); +if(isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { + $authenticator->addService(new SeedDMS_LdapAuthentication($dms, $settings), 'ldap'); +} + +if(isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) { + foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authenticationObj) { + if(method_exists($authenticationObj, 'postAddService')) { + $authenticationObj->postAddService($dms, $authenticator); + } + } +} + diff --git a/inc/inc.ClassAuthenticationService.php b/inc/inc.ClassAuthenticationService.php new file mode 100644 index 000000000..41119877a --- /dev/null +++ b/inc/inc.ClassAuthenticationService.php @@ -0,0 +1,88 @@ + + * @copyright Copyright (C) 2016 Uwe Steinmann + * @version Release: @package_version@ + */ + +/** + * Implementation of authentication service + * + * @category DMS + * @package SeedDMS + * @author Uwe Steinmann + * @copyright Copyright (C) 2016 Uwe Steinmann + * @version Release: @package_version@ + */ +class SeedDMS_AuthenticationService { + /** + * List of services for authenticating user + */ + protected $services; + + /* + * List of servives with errors + */ + protected $errors; + + /* + * Service for logging + */ + protected $logger; + + /* + * Configuration + */ + protected $settings; + + public function __construct($logger = null, $settings = null) { /* {{{ */ + $this->services = array(); + $this->errors = array(); + $this->logger = $logger; + $this->settings = $settings; + } /* }}} */ + + public function addService($service, $name='') { /* {{{ */ + if(!$name) + $name = md5(uniqid()); + $this->services[$name] = $service; + $this->errors[$name] = true; + } /* }}} */ + + public function getServices() { /* {{{ */ + return $this->services; + } /* }}} */ + + public function getErrors() { /* {{{ */ + return $this->errors; + } /* }}} */ + + public function authenticate($username, $password) { /* {{{ */ + $user = null; + foreach($this->services as $name => $service) { + $this->logger->log('Authentication service \''.$name.'\'', PEAR_LOG_INFO); + $user = $service->authenticate($username, $password); + if($user === false) { + $this->errors[$name] = false; + if($this->logger) + $this->logger->log('Authentication service \''.$name.'\': Authentication of user \''.$username.'\' failed.', PEAR_LOG_ERR); + return false; + } elseif($user === null) { + if($this->logger) + $this->logger->log('Authentication service \''.$name.'\': Authentication of user \''.$username.'\' disregarded.', PEAR_LOG_ERR); + } else { + if($this->logger) + $this->logger->log('Authentication service \''.$name.'\': Authentication of user \''.$username.'\' successful.', PEAR_LOG_INFO); + $this->errors[$name] = true; + return $user; + } + } + return $user; + } /* }}} */ +} diff --git a/inc/inc.DBInit.php b/inc/inc.DBInit.php index 40a2df262..ec6036cc7 100644 --- a/inc/inc.DBInit.php +++ b/inc/inc.DBInit.php @@ -68,3 +68,4 @@ if(isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) { require_once("inc.ConversionInit.php"); require_once('inc.FulltextInit.php'); +require_once('inc.AuthenticationInit.php'); diff --git a/op/op.Login.php b/op/op.Login.php index ab3dc455d..1ea6c36af 100644 --- a/op/op.Login.php +++ b/op/op.Login.php @@ -89,6 +89,7 @@ $controller->setParam('lang', $lang); $controller->setParam('sesstheme', $sesstheme); $controller->setParam('referuri', $referuri); $controller->setParam('session', $session); +$controller->setParam('authenticator', $authenticator); if(!$controller()) { $session = null; add_log_line("login failed", PEAR_LOG_ERR);