Browse Source

move authentication modules to plugins/

Andrew Dolgov 7 years ago
parent
commit
0f28f81f89

+ 5 - 0
classes/iauthmodule.php

@@ -0,0 +1,5 @@
+<?php
+interface IAuthModule {
+	function authenticate($login, $password);
+}
+?>

+ 1 - 0
classes/pluginhost.php

@@ -13,6 +13,7 @@ class PluginHost {
 	const HOOK_PREFS_TABS = 5;
 	const HOOK_FEED_PARSED = 6;
 	const HOOK_UPDATE_TASK = 7;
+	const HOOK_AUTH_USER = 8;
 
 	const KIND_ALL = 1;
 	const KIND_SYSTEM = 2;

+ 13 - 11
classes/pref/prefs.php

@@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected {
 			return;
 		}
 
-		$module_class = "auth_" . $_SESSION["auth_module"];
-		$authenticator = new $module_class($this->link);
+		global $pluginhost;
+		$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
 
 		if (method_exists($authenticator, "change_password")) {
 			print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
@@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected {
 
 		print "</form>";
 
-		if  ($_SESSION["auth_module"]) {
-			$module_class = "auth_" . $_SESSION["auth_module"];
-			$authenticator = new $module_class($this->link);
+		if ($_SESSION["auth_module"]) {
+			global $pluginhost;
+
+			$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
+
 		} else {
 			$authenticator = false;
 		}
@@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected {
 
 			print "</form>";
 
-			if ($_SESSION["auth_module"] == "internal") {
+			if ($_SESSION["auth_module"] == "auth_internal") {
 
 				print "<h2>" . __("One time passwords / Authenticator") . "</h2>";
 
@@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected {
 
 	function otpenable() {
 		$password = db_escape_string($_REQUEST["password"]);
-
-		$module_class = "auth_" . $_SESSION["auth_module"];
-		$authenticator = new $module_class($this->link);
 		$enable_otp = $_REQUEST["enable_otp"] == "on";
 
+		global $pluginhost;
+		$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
+
 		if ($authenticator->check_password($_SESSION["uid"], $password)) {
 
 			if ($enable_otp) {
@@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected {
 	function otpdisable() {
 		$password = db_escape_string($_REQUEST["password"]);
 
-		$module_class = "auth_" . $_SESSION["auth_module"];
-		$authenticator = new $module_class($this->link);
+		global $pluginhost;
+		$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
 
 		if ($authenticator->check_password($_SESSION["uid"], $password)) {
 

+ 6 - 13
config.php-dist

@@ -52,15 +52,7 @@
 	// *** Authentication ***
 	// **********************
 
-	define('AUTH_MODULES', 'internal');
-	// Comma-separated list of authentication modules to use. 
-	// Available modules are:
-	// internal - tt-rss internal user DB
-	// remote - use server REMOTE_USER variable or client SSL certificate if enabled
-	// imap - authenticates using an IMAP server (check classes/auth/imap.php for some
-	// stuff you need to put into config.php)
-	// in preferences
-	//
+	// Please see PLUGINS below to configure various authentication modules.
 
 	define('AUTH_AUTO_CREATE', true);
 	// Allow authentication modules to auto-create users in tt-rss internal
@@ -173,12 +165,13 @@
 	// if you experience weird errors and tt-rss failing to start, blank pages
 	// after login, or content encoding errors, disable it.
 
-	define('PLUGINS', 'note');
-	// Comma-separated list of plugins to load automatically for all users. 
-	// System plugins have to be specified here.
+	define('PLUGINS', 'auth_remote, auth_internal, note');
+	// Comma-separated list of plugins to load automatically for all users.
+	// System plugins have to be specified here. Please enable at least one
+	// authentication plugin here (auth_*).
 	// Users may enable other user plugins from Preferences/Plugins but may not
 	// disable plugins specified in this list.
-	
+
 	define('FEEDBACK_URL', '');
 	// Displays an URL for users to provide feedback or comments regarding
 	// this instance of tt-rss. Can lead to a forum, contact email, etc.

+ 12 - 1
include/functions.php

@@ -547,7 +547,7 @@
 		if (!SINGLE_USER_MODE) {
 
 			$user_id = false;
-			$modules = explode(",", AUTH_MODULES);
+			/* $modules = explode(",", AUTH_MODULES);
 
 			foreach ($modules as $module) {
 				$module_class = "auth_$module";
@@ -565,6 +565,17 @@
 					print T_sprintf("Fatal: authentication module %s not found.", $module);
 					die;
 				}
+			} */
+
+			global $pluginhost;
+			foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) {
+
+				$user_id = (int) $plugin->authenticate($login, $password);
+
+				if ($user_id) {
+					$_SESSION["auth_module"] = strtolower(get_class($plugin));
+					break;
+				}
 			}
 
 			if ($user_id && !$check_only) {

+ 2 - 2
include/sanity_config.php

@@ -1,3 +1,3 @@
-<?php # This file has been generated at:  Mon Dec 24 13:27:42 MSK 2012
+<?php # This file has been generated at:  Thu Dec 27 15:13:04 MSK 2012
 define('GENERATED_CONFIG_CHECK', 26);
-$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_MODULES', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
+$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>

+ 22 - 3
classes/auth/imap.php → plugins/auth_imap/auth_imap.php

@@ -6,9 +6,27 @@
 	define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
 	// More about options: http://php.net/manual/ru/function.imap-open.php
 
- */
+*/
+class Auth_Imap extends Plugin implements IAuthModule {
+
+	private $link;
+	private $host;
+	private $base;
+
+	function about() {
+		return array(1.0,
+			"Authenticates against an IMAP server (configured in config.php)",
+			"fox",
+			true);
+	}
+
+	function init($host) {
+		$this->link = $host->get_link();
+		$this->host = $host;
+		$this->base = new Auth_Base($this->link);
 
-class Auth_Imap extends Auth_Base {
+		$host->add_hook($host::HOOK_AUTH_USER, $this);
+	}
 
 	function authenticate($login, $password) {
 
@@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base {
 			if ($imap) {
 				imap_close($imap);
 
-				return $this->auto_create_user($login);
+				return $this->base->auto_create_user($login);
 			}
 		}
 
@@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base {
 	}
 
 }
+
 ?>

+ 18 - 1
classes/auth/internal.php → plugins/auth_internal/auth_internal.php

@@ -1,5 +1,22 @@
 <?php
-class Auth_Internal extends Auth_Base {
+class Auth_Internal extends Plugin implements IAuthModule {
+
+	private $link;
+	private $host;
+
+	function about() {
+		return array(1.0,
+			"Authenticates against internal tt-rss database",
+			"fox",
+			true);
+	}
+
+	function init($host) {
+		$this->link = $host->get_link();
+		$this->host = $host;
+
+		$host->add_hook($host::HOOK_AUTH_USER, $this);
+	}
 
 	function authenticate($login, $password) {
 

+ 22 - 2
classes/auth/remote.php → plugins/auth_remote/auth_remote.php

@@ -1,5 +1,25 @@
 <?php
-class Auth_Remote extends Auth_Base {
+class Auth_Remote extends Plugin implements IAuthModule {
+
+	private $link;
+	private $host;
+	private $base;
+
+	function about() {
+		return array(1.0,
+			"Authenticates against remote password (e.g. supplied by Apache)",
+			"fox",
+			true);
+	}
+
+	function init($host) {
+		$this->link = $host->get_link();
+		$this->host = $host;
+		$this->base = new Auth_Base($this->link);
+
+		$host->add_hook($host::HOOK_AUTH_USER, $this);
+	}
+
 	function get_login_by_ssl_certificate() {
 		$cert_serial = db_escape_string(get_ssl_certificate_id());
 
@@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base {
 #	  	if (!$try_login) $try_login = "test_qqq";
 
 		if ($try_login) {
-			$user_id = $this->auto_create_user($try_login);
+			$user_id = $this->base->auto_create_user($try_login);
 
 			if ($user_id) {
 				$_SESSION["fake_login"] = $try_login;