tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-26 03:09:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Autologin: Remove deprecated autologin methods

Browse Source 
Remove methods from manager because autologin
is now handled with special backends (AutoLoginBackend).

The session is used to store the status about a remote
user authentication to send a 401 header to the client
upon logout.

refs #6461
This commit is contained in:
Marius Hein 2014-07-29 10:42:43 +02:00
parent a4b7204e23
commit 8b9d446d2e
2 changed files with 8 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
application/controllers/AuthenticationController.php
View File

@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException;
use Icinga\Exception\NotReadableError; use Icinga\Exception\NotReadableError;
use Icinga\Exception\ConfigurationError; use Icinga\Exception\ConfigurationError;
use Icinga\User; use Icinga\User;
use Icinga\Web\Session;
use Icinga\Web\Url; use Icinga\Web\Url;
/** /**
@ -67,6 +68,9 @@ class AuthenticationController extends ActionController
$authenticated = $backend->authenticate($user); $authenticated = $backend->authenticate($user);
if ($authenticated === true) { if ($authenticated === true) {
$auth->setAuthenticated($user); $auth->setAuthenticated($user);
$session = Session::getSession()->getNamespace('authentication');
$session->set('is_remote_user', true);
$session->write();
$this->rerenderLayout()->redirectNow($redirectUrl); $this->rerenderLayout()->redirectNow($redirectUrl);
} }
} }
@ -131,9 +135,12 @@ class AuthenticationController extends ActionController
public function logoutAction() public function logoutAction()
{ {
$auth = $this->Auth(); $auth = $this->Auth();
$session = Session::getSession()->getNamespace('authentication');
$auth->removeAuthorization(); $auth->removeAuthorization();
if ($auth->isAuthenticatedFromRemoteUser()) { if ($session->get('is_remote_user', false) === true) {
$this->_helper->layout->setLayout('login'); $this->_helper->layout->setLayout('login');
$this->_response->setHttpResponseCode(401); $this->_response->setHttpResponseCode(401);
} else { } else {

31
library/Icinga/Authentication/Manager.php
View File

@ -204,35 +204,4 @@ class Manager
{ {
return $this->user->getGroups(); return $this->user->getGroups();
} }
/**
* Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
* an external authentication provider.
*/
public function authenticateFromRemoteUser()
{
if (array_key_exists('REMOTE_USER', $_SERVER)) {
$this->fromRemoteUser = true;
}
$this->authenticateFromSession();
if ($this->user !== null) {
if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
// Remote user has changed, clear all sessions
$this->removeAuthorization();
}
return;
}
if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
$this->user = new User($_SERVER["REMOTE_USER"]);
$this->persistCurrentUser();
}
}
/**
* If the session was established from the REMOTE_USER server variable.
*/
public function isAuthenticatedFromRemoteUser()
{
return $this->fromRemoteUser;
}
} }