2013-06-07 17:30:18 +02:00
|
|
|
<?php
|
2013-06-10 17:03:01 +02:00
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
2013-06-07 17:30:18 +02:00
|
|
|
|
|
|
|
namespace Icinga\Authentication;
|
|
|
|
|
|
|
|
use Icinga\Application\Logger as Logger;
|
2013-06-14 13:51:44 +02:00
|
|
|
use Icinga\Application\Config as Config;
|
2013-06-24 18:46:45 +02:00
|
|
|
use Icinga\Exception\ConfigurationError as ConfigError;
|
2013-06-07 17:30:18 +02:00
|
|
|
|
|
|
|
class Manager
|
|
|
|
{
|
|
|
|
const BACKEND_TYPE_USER = "User";
|
|
|
|
const BACKEND_TYPE_GROUP = "Group";
|
2013-06-10 13:28:54 +02:00
|
|
|
|
|
|
|
private static $instance = null;
|
|
|
|
|
2013-06-07 17:30:18 +02:00
|
|
|
private $user = null;
|
|
|
|
private $groups = array();
|
|
|
|
private $userBackend = null;
|
|
|
|
private $groupBackend = null;
|
|
|
|
private $session = null;
|
|
|
|
|
|
|
|
private function __construct($config = null, array $options = array())
|
|
|
|
{
|
|
|
|
if ($config === null) {
|
|
|
|
$config = Config::getInstance()->authentication;
|
|
|
|
}
|
|
|
|
if (isset($options["userBackendClass"])) {
|
|
|
|
$this->userBackend = $options["userBackendClass"];
|
|
|
|
} elseif ($config->users !== null) {
|
2013-06-14 13:51:44 +02:00
|
|
|
$this->userBackend = $this->initBackend(self::BACKEND_TYPE_USER, $config->users);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($options["groupBackendClass"])) {
|
2013-06-10 13:28:54 +02:00
|
|
|
$this->groupBackend = $options["groupBackendClass"];
|
2013-06-07 17:30:18 +02:00
|
|
|
} elseif ($config->groups != null) {
|
2013-06-14 13:51:44 +02:00
|
|
|
$this->groupBackend = $this->initBackend(self::BACKEND_TYPE_GROUP, $config->groups);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!isset($options["sessionClass"])) {
|
|
|
|
$this->session = new PhpSession($config->session);
|
|
|
|
} else {
|
2013-06-10 13:28:54 +02:00
|
|
|
$this->session = $options["sessionClass"];
|
|
|
|
}
|
|
|
|
if (isset($options["writeSession"]) && $options["writeSession"] === true) {
|
|
|
|
$this->session->read(true);
|
|
|
|
} else {
|
|
|
|
$this->session->read();
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function getInstance($config = null, array $options = array())
|
|
|
|
{
|
|
|
|
if (self::$instance === null) {
|
2013-06-10 13:28:54 +02:00
|
|
|
self::$instance = new Manager($config, $options);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
return self::$instance;
|
|
|
|
}
|
|
|
|
|
2013-06-10 13:28:54 +02:00
|
|
|
public static function clearInstance()
|
|
|
|
{
|
|
|
|
self::$instance = null;
|
|
|
|
}
|
|
|
|
|
2013-06-07 17:30:18 +02:00
|
|
|
private function initBackend($authenticationTarget, $authenticationSource)
|
|
|
|
{
|
2013-06-14 13:51:44 +02:00
|
|
|
$userBackend = ucwords(strtolower($authenticationSource->backend));
|
|
|
|
|
|
|
|
if (!$userBackend) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
$class = '\\Icinga\\Authentication\\Backend\\' . $userBackend . $authenticationTarget. 'Backend';
|
2013-06-07 17:30:18 +02:00
|
|
|
return new $class($authenticationSource);
|
|
|
|
}
|
|
|
|
|
2013-06-10 13:28:54 +02:00
|
|
|
public function authenticate(Credentials $credentials, $persist = true)
|
2013-06-07 17:30:18 +02:00
|
|
|
{
|
2013-06-24 18:46:45 +02:00
|
|
|
if (!$this->userBackend) {
|
|
|
|
Logger::error("No authentication backend provided, your users will never be able to login.");
|
|
|
|
throw new ConfigError(
|
|
|
|
"No authentication backend set - login will never succeed as icinga-web ".
|
|
|
|
"doesn't know how to determine your user. \n".
|
|
|
|
"To fix this error, setup your authentication.ini with a valid authentication backend."
|
|
|
|
);
|
|
|
|
return false;
|
|
|
|
}
|
2013-06-07 17:30:18 +02:00
|
|
|
if (!$this->userBackend->hasUsername($credentials)) {
|
|
|
|
Logger::info("Unknown user %s tried to log in", $credentials->getUsername());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
$this->user = $this->userBackend->authenticate($credentials);
|
|
|
|
if ($this->user == null) {
|
|
|
|
Logger::info("Invalid credentials for user %s provided", $credentials->getUsername());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-06-10 13:28:54 +02:00
|
|
|
if ($persist == true) {
|
|
|
|
$this->persistCurrentUser();
|
|
|
|
$this->session->write();
|
|
|
|
}
|
2013-06-07 17:30:18 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function persistCurrentUser()
|
|
|
|
{
|
2013-06-10 13:28:54 +02:00
|
|
|
$this->session->set("user", $this->user);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function authenticateFromSession()
|
|
|
|
{
|
2013-06-10 13:28:54 +02:00
|
|
|
$this->user = $this->session->get("user", null);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
2013-06-10 13:28:54 +02:00
|
|
|
public function isAuthenticated($ignoreSession = false)
|
2013-06-07 17:30:18 +02:00
|
|
|
{
|
2013-06-10 13:28:54 +02:00
|
|
|
if ($this->user === null && !$ignoreSession) {
|
2013-06-07 17:30:18 +02:00
|
|
|
$this->authenticateFromSession();
|
|
|
|
}
|
2013-06-10 13:28:54 +02:00
|
|
|
return is_object($this->user);
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function removeAuthorization()
|
|
|
|
{
|
|
|
|
$this->user = null;
|
2013-06-24 18:46:45 +02:00
|
|
|
$this->session->purge();
|
2013-06-07 17:30:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function getUser()
|
|
|
|
{
|
|
|
|
return $this->user;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getGroups()
|
|
|
|
{
|
|
|
|
return $this->user->getGroups();
|
|
|
|
}
|
|
|
|
}
|