Auth: Log and notify user about authentication backend errors
refs #5685
This commit is contained in:
parent
2274b6e11e
commit
086e2b6197
|
@ -36,6 +36,7 @@ use Icinga\Form\Authentication\LoginForm;
|
||||||
use Icinga\Authentication\AuthChain;
|
use Icinga\Authentication\AuthChain;
|
||||||
use Icinga\Application\Config;
|
use Icinga\Application\Config;
|
||||||
use Icinga\Logger\Logger;
|
use Icinga\Logger\Logger;
|
||||||
|
use Icinga\Exception\AuthenticationException;
|
||||||
use Icinga\Exception\NotReadableError;
|
use Icinga\Exception\NotReadableError;
|
||||||
use Icinga\Exception\ConfigurationError;
|
use Icinga\Exception\ConfigurationError;
|
||||||
use Icinga\User;
|
use Icinga\User;
|
||||||
|
@ -83,39 +84,45 @@ class AuthenticationController extends ActionController
|
||||||
);
|
);
|
||||||
throw new ConfigurationError(
|
throw new ConfigurationError(
|
||||||
'No authentication methods available. It seems that none authentication method has been set'
|
'No authentication methods available. It seems that none authentication method has been set'
|
||||||
. ' up. Please contact your Icinga Web administrator'
|
. ' up. Please check the system log or Icinga Web 2 log for more information'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$user = new User($this->view->form->getValue('username'));
|
$user = new User($this->view->form->getValue('username'));
|
||||||
$password = $this->view->form->getValue('password');
|
$password = $this->view->form->getValue('password');
|
||||||
|
|
||||||
// TODO(el): Currently the user is only notified about authentication backend problems when all backends
|
|
||||||
// have errors. It may be the case that the authentication backend which provides the user has errors
|
|
||||||
// but other authentication backends work. In that scenario the user is presented an error message
|
|
||||||
// saying "Incorrect username or password". We must inform the user that not all authentication methods
|
|
||||||
// are available.
|
|
||||||
$backendsTried = 0;
|
$backendsTried = 0;
|
||||||
$backendsWithError = 0;
|
$backendsWithError = 0;
|
||||||
$chain = new AuthChain($config);
|
$chain = new AuthChain($config);
|
||||||
foreach ($chain as $backend) {
|
foreach ($chain as $backend) {
|
||||||
|
++$backendsTried;
|
||||||
|
try {
|
||||||
$authenticated = $backend->authenticate($user, $password);
|
$authenticated = $backend->authenticate($user, $password);
|
||||||
|
} catch (AuthenticationException $e) {
|
||||||
|
Logger::error($e);
|
||||||
|
++$backendsWithError;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if ($authenticated === true) {
|
if ($authenticated === true) {
|
||||||
$auth->setAuthenticated($user);
|
$auth->setAuthenticated($user);
|
||||||
$this->redirectNow($redirectUrl);
|
$this->redirectNow($redirectUrl);
|
||||||
} elseif ($authenticated === null) {
|
|
||||||
$backendsWithError += 1;
|
|
||||||
}
|
}
|
||||||
$backendsTried += 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($backendsWithError === $backendsTried) {
|
if ($backendsWithError === $backendsTried) {
|
||||||
throw new ConfigurationError(
|
throw new ConfigurationError(
|
||||||
|
$this->translate(
|
||||||
'No authentication methods available. It seems that all set up authentication methods have'
|
'No authentication methods available. It seems that all set up authentication methods have'
|
||||||
. ' errors. Please contact your Icinga Web administrator'
|
. ' errors. Please check the system log or Icinga Web 2 log for more information'
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
if ($backendsWithError) {
|
||||||
$this->view->form->getElement('password')->addError(t('Incorrect username or password'));
|
$this->view->form->addNote(
|
||||||
|
$this->translate(
|
||||||
|
'Note that not all authentication backends are available for authentication because they'
|
||||||
|
. ' have errors. Please check the system log or Icinga Web 2 log for more information'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$this->view->form->getElement('password')->addError($this->translate('Incorrect username or password'));
|
||||||
}
|
}
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$this->view->errorInfo = $e->getMessage();
|
$this->view->errorInfo = $e->getMessage();
|
||||||
|
|
Loading…
Reference in New Issue