tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
icingaweb2/application/controllers/AuthenticationController.php

154 lines
5.4 KiB
PHP
Raw Normal View History

Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
# namespace Icinga\Application\Controllers;
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
use Icinga\Authentication\Backend\AutoLoginBackend;
XHR: Force redirect to login if session is expired resolves #5507
2014-01-23 16:03:47 +01:00
use Icinga\Web\Controller\ActionController;
use Icinga\Form\Authentication\LoginForm;
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
use Icinga\Authentication\AuthChain;
use Icinga\Application\Config;
One more automerge issue
2014-03-04 13:45:22 +01:00
use Icinga\Logger\Logger;
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
use Icinga\Exception\AuthenticationException;
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
use Icinga\Exception\NotReadableError;
use Icinga\Exception\ConfigurationError;
use Icinga\User;
Fix layout re-rendering after login (thank you, automerge)
2014-03-06 12:07:24 +01:00
use Icinga\Web\Url;
Refactor Form-builder [WIP] Refactor Form-builder so that it is an abstract extension class of Zend_Form. refs #4355
2013-07-12 16:10:56 +02:00
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
/**
Application/Controllers: Follow our Coding Standards refs #4512
2013-08-16 14:56:23 +02:00
* Application wide controller for authentication
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
*/
class AuthenticationController extends ActionController
{
/**
XHR: Force redirect to login if session is expired resolves #5507
2014-01-23 16:03:47 +01:00
* This controller does not require authentication
Application/Controllers: Follow our Coding Standards refs #4512
2013-08-16 14:56:23 +02:00
*
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
* @var bool
*/
Fix pagination and remove ModuleController, rename handlesAuth This commit introduces the following changes: - Count is now performed after joins are added to the selection query, therefore returning the correct number - MonitoringControllerTest now needn't to mock ModuleActionController (which is now removed) - handlesAuthentication is now requiresAuthentication - Redirection to login is now directly handled in the ActionController constructor, so we don't need to overwrite the preDispatch method refs #4589 refs #4591 refs #4572
2013-08-30 15:50:49 +02:00
protected $requiresAuthentication = false;
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
/**
Application/Controllers: Follow our Coding Standards refs #4512
2013-08-16 14:56:23 +02:00
* Log into the application
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
*/
public function loginAction()
{
AuthenticationController: use Auth() helper function
2014-06-22 20:08:55 +02:00
$auth = $this->Auth();
AuthenticationController: handle redirect parameter This is a form field instead of a get parameter right now. fixes #6584
2014-08-19 10:14:46 +02:00
$this->view->form = $form = new LoginForm();
Translation: another bunch of translatable strings refs #6339
2014-05-27 23:47:13 +02:00
$this->view->title = $this->translate('Icingaweb Login');
Fix authentication error handling
2014-03-28 14:45:03 +01:00
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
try {
AuthenticationController: handle redirect parameter This is a form field instead of a get parameter right now. fixes #6584
2014-08-19 10:14:46 +02:00
$redirectUrl = $this->view->form->getValue('redirect');
if ($redirectUrl) {
$redirectUrl = Url::fromPath($redirectUrl);
} else {
$redirectUrl = Url::fromPath('dashboard');
}
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
if ($auth->isAuthenticated()) {
params/_render: replace it everywhere Cleaning up controllers and JS, using headers only and respecting history.
2014-06-22 20:06:45 +02:00
$this->rerenderLayout()->redirectNow($redirectUrl);
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
}
Fix authentication error handling
2014-03-28 14:45:03 +01:00
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
try {
$config = Config::app('authentication');
} catch (NotReadableError $e) {
throw new ConfigurationError(
Merge branch 'master' into bugfix/rebuild-form-builder-5525 Conflicts: application/controllers/AuthenticationController.php application/controllers/ConfigController.php application/forms/Authentication/LoginForm.php application/forms/Preference/GeneralForm.php modules/monitoring/application/controllers/ChartController.php
2014-08-20 13:13:50 +02:00
$this->translate('Could not read your authentiction.ini, no authentication methods are available.'),
0,
$e
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
);
}
$chain = new AuthChain($config);
Adjust LoginForm to suit the "final" form builder implementation refs #5525
2014-07-18 10:23:04 +02:00
$request = $this->getRequest();
if ($request->isPost() && $this->view->form->isValid($request->getPost())) {
Auth: Get password from form only once Before, the user's password was retrieved for every authentication backend tried for authentication.
2014-06-02 14:04:45 +02:00
$user = new User($this->view->form->getValue('username'));
$password = $this->view->form->getValue('password');
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
$backendsTried = 0;
Fix authentication error handling
2014-03-28 14:45:03 +01:00
$backendsWithError = 0;
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
AuthenticationController: handle redirect parameter This is a form field instead of a get parameter right now. fixes #6584
2014-08-19 10:14:46 +02:00
$redirectUrl = $form->getValue('redirect');
if ($redirectUrl) {
$redirectUrl = Url::fromPath($redirectUrl);
} else {
$redirectUrl = Url::fromPath('dashboard');
}
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
foreach ($chain as $backend) {
Authentication: Add backend to handle external authentication Drop external auth configuration from config.ini and move implementation into a single backend provider named 'autologin'. This provider can strip realm names from username with a custom regexp. fixes #6081
2014-06-03 17:59:22 +02:00
if ($backend instanceof AutoLoginBackend) {
continue;
}
auth: increase backends tried counter AFTER skipping autologin backends
2014-06-06 09:33:29 +02:00
++$backendsTried;
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
try {
$authenticated = $backend->authenticate($user, $password);
} catch (AuthenticationException $e) {
Logger::error($e);
++$backendsWithError;
continue;
}
Fix authentication error handling
2014-03-28 14:45:03 +01:00
if ($authenticated === true) {
$auth->setAuthenticated($user);
params/_render: replace it everywhere Cleaning up controllers and JS, using headers only and respecting history.
2014-06-22 20:06:45 +02:00
$this->rerenderLayout()->redirectNow($redirectUrl);
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
}
}
Fix error message when no authentication method available The error handling for configuration files has slightly changed (non existent files are treated as empty) so the authentication chain handling needed to be adjusted as well. fixes #6268
2014-07-09 12:53:25 +02:00
if ($backendsTried === 0) {
throw new ConfigurationError(
AuthenticationController: show friendlier hints... ...while not disclosing sensitive information. More to come once we have our setup wizard. fixes #6534
2014-08-19 18:55:58 +02:00
$this->translate(
'No authentication methods available. Did you create'
. ' authentication.ini when installing Icinga Web 2?'
)
Fix error message when no authentication method available The error handling for configuration files has slightly changed (non existent files are treated as empty) so the authentication chain handling needed to be adjusted as well. fixes #6268
2014-07-09 12:53:25 +02:00
);
}
if ($backendsTried === $backendsWithError) {
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
throw new ConfigurationError(
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
$this->translate(
AuthenticationController: show friendlier hints... ...while not disclosing sensitive information. More to come once we have our setup wizard. fixes #6534
2014-08-19 18:55:58 +02:00
'All configured authentication methods failed.'
. ' Please check the system log or Icinga Web 2 log for more information.'
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
)
Decouple authentication backend creation from Icinga\Authentication\Manager Add authentication backend type msldap with default values for user_class and user_name_attribute. Backend type ldap now logs an error when user_class and user_name_attribute ist not configured. Rename membership.ini to memberships.ini since all our INI configuration files are in the plurar where it makes sense. The AuthenticationController now handles authentication refs #5685 refs #5638 fixes #5218
2014-03-03 17:21:17 +01:00
);
}
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
if ($backendsWithError) {
Adjust Icinga\Form\Authentication\LoginForm to suit the new form builder refs #5525
2014-07-10 11:15:46 +02:00
$this->view->form->getElement('username')->addError(
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
$this->translate(
AuthenticationController: show friendlier hints... ...while not disclosing sensitive information. More to come once we have our setup wizard. fixes #6534
2014-08-19 18:55:58 +02:00
'Please note that not all authentication methods where available.'
. ' Check the system log or Icinga Web 2 log for more information.'
Auth: Log and notify user about authentication backend errors refs #5685
2014-06-02 15:47:21 +02:00
)
);
}
$this->view->form->getElement('password')->addError($this->translate('Incorrect username or password'));
Adjust LoginForm to suit the "final" form builder implementation refs #5525
2014-07-18 10:23:04 +02:00
} elseif ($request->isGet()) {
Adjust Icinga\Form\Authentication\LoginForm to suit the new form builder refs #5525
2014-07-10 11:15:46 +02:00
$user = new User('');
foreach ($chain as $backend) {
if ($backend instanceof AutoLoginBackend) {
$authenticated = $backend->authenticate($user);
if ($authenticated === true) {
$auth->setAuthenticated($user);
$this->rerenderLayout()->redirectNow($redirectUrl);
}
}
}
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
}
We should catch all Exceptions when showing errors on the login screen
2014-02-12 13:57:17 +01:00
} catch (Exception $e) {
$this->view->errorInfo = $e->getMessage();
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
}
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
}
/**
Application/Controllers: Follow our Coding Standards refs #4512
2013-08-16 14:56:23 +02:00
* Log out the current user
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
*/
public function logoutAction()
{
AuthenticationController: use Auth() helper function
2014-06-22 20:08:55 +02:00
$auth = $this->Auth();
AutoLogin/Logout: Remove own session namespace Store data in the user and implement interface to left backends store remote information. fixes #6461
2014-07-30 12:35:55 +02:00
$isRemoteUser = $auth->getUser()->isRemoteUser();
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340
2013-06-24 18:46:45 +02:00
$auth->removeAuthorization();
Add extern authentication Provide a new settings authenticationMode and delegate the authentication handling to the webserver when the external authentication mode is set. Add a new view 'logout' that will be shown after logout from external authentication as the regular redirect to login is not possible. refs #5405
2014-02-26 17:36:20 +01:00
AutoLogin/Logout: Remove own session namespace Store data in the user and implement interface to left backends store remote information. fixes #6461
2014-07-30 12:35:55 +02:00
if ($isRemoteUser === true) {
Add extern authentication Provide a new settings authenticationMode and delegate the authentication handling to the webserver when the external authentication mode is set. Add a new view 'logout' that will be shown after logout from external authentication as the regular redirect to login is not possible. refs #5405
2014-02-26 17:36:20 +01:00
$this->_helper->layout->setLayout('login');
$this->_response->setHttpResponseCode(401);
} else {
params/_render: replace it everywhere Cleaning up controllers and JS, using headers only and respecting history.
2014-06-22 20:06:45 +02:00
$this->rerenderLayout()->redirectToLogin();
Add extern authentication Provide a new settings authenticationMode and delegate the authentication handling to the webserver when the external authentication mode is set. Add a new view 'logout' that will be shown after logout from external authentication as the regular redirect to login is not possible. refs #5405
2014-02-26 17:36:20 +01:00
}
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249
2013-06-14 13:51:44 +02:00
}
}