tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make DbUserBackend extensible 

Fix: Swap hmac secret key

refs #5151
This commit is contained in:
Marius Hein 2013-11-27 10:58:43 +01:00
parent 1c18edc4d4
commit 93d233f37d
1 changed files with 119 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
library/Icinga/Authentication/Backend/DbUserBackend.php
View File

@ -54,34 +54,6 @@ use \Icinga\Exception\ConfigurationError;
*/ */
class DbUserBackend implements UserBackend class DbUserBackend implements UserBackend
{ {
/**
* Table map for column username
*
* @var string
*/
const USER_NAME_COLUMN = 'username';
/**
* Table map for column salt
*
* @var string
*/
const SALT_COLUMN = 'salt';
/**
* Table map for column password
*
* @var string
*/
const PASSWORD_COLUMN = 'password';
/**
* Table map for column active
*
* @var string
*/
const ACTIVE_COLUMN = 'active';
/** /**
* The database connection that will be used for fetching users * The database connection that will be used for fetching users
* *
@ -96,6 +68,34 @@ class DbUserBackend implements UserBackend
*/ */
private $userTable = 'account'; private $userTable = 'account';
/**
* Column name to identify active users
*
* @var string
*/
private $activeColumnName = 'active';
/**
* Column name to fetch the password
*
* @var string
*/
private $passwordColumnName = 'password';
/**
* Column name for password salt
*
* @var string
*/
private $saltColumnName = 'salt';
/**
* Column name for user name
*
* @var string
*/
private $userColumnName = 'username';
/** /**
* Name of the backend * Name of the backend
* *
@ -130,6 +130,58 @@ class DbUserBackend implements UserBackend
$this->db->getConnection(); $this->db->getConnection();
} }
/**
* Setter for password column
*
* @param string $passwordColumnName
*/
public function setPasswordColumnName($passwordColumnName)
{
$this->passwordColumnName = $passwordColumnName;
}
/**
* Setter for password salt column
*
* @param string $saltColumnName
*/
public function setSaltColumnName($saltColumnName)
{
$this->saltColumnName = $saltColumnName;
}
/**
* Setter for usernamea column
*
* @param string $userColumnName
*/
public function setUserColumnName($userColumnName)
{
$this->userColumnName = $userColumnName;
}
/**
* Setter for database table
*
* @param String $userTable
*/
public function setUserTable($userTable)
{
$this->userTable = $userTable;
}
/**
* Setter for column identifying an active user
*
* Set this to null if no active column exists.
*
* @param string $activeColumnName
*/
public function setActiveColumnName($activeColumnName)
{
$this->activeColumnName = $activeColumnName;
}
/** /**
* Name of the backend * Name of the backend
* *
@ -172,19 +224,20 @@ class DbUserBackend implements UserBackend
); );
return null; return null;
} }
$res = $this->db $sth = $this->db
->select()->from($this->userTable) ->select()->from($this->userTable)
->where(self::USER_NAME_COLUMN . ' = ?', $credential->getUsername()) ->where($this->userColumnName . ' = ?', $credential->getUsername())
->where(self::ACTIVE_COLUMN . ' = ?', true)
->where( ->where(
self::PASSWORD_COLUMN . ' = ?', $this->passwordColumnName . ' = ?',
hash_hmac( $this->createPasswordHash($credential->getPassword(), $salt)
'sha256', );
$salt,
$credential->getPassword() if ($this->activeColumnName !== null) {
) $sth->where($this->activeColumnName . ' = ?', true);
) }
->query()->fetch();
$res = $sth->query()->fetch();
if ($res !== false) { if ($res !== false) {
return $this->createUserFromResult($res); return $this->createUserFromResult($res);
} }
@ -203,16 +256,28 @@ class DbUserBackend implements UserBackend
private function getUserSalt($username) private function getUserSalt($username)
{ {
$res = $this->db->select() $res = $this->db->select()
->from($this->userTable, self::SALT_COLUMN) ->from($this->userTable, $this->saltColumnName)
->where(self::USER_NAME_COLUMN.' = ?', $username) ->where($this->userColumnName . ' = ?', $username)
->query()->fetch(); ->query()->fetch();
if ($res !== false) { if ($res !== false) {
return $res->{self::SALT_COLUMN}; return $res->{$this->saltColumnName};
} else { } else {
throw new ProgrammingError('No Salt found for user "' . $username . '"'); throw new ProgrammingError('No Salt found for user "' . $username . '"');
} }
} }
/**
* Create password hash at this place
*
* @param string $password
* @param string $salt
*
* @return string
*/
protected function createPasswordHash($password, $salt) {
return hash_hmac('sha256', $password, $salt);
}
/** /**
* Fetch the user information from the database * Fetch the user information from the database
* *
@ -223,11 +288,16 @@ class DbUserBackend implements UserBackend
private function getUserByName($username) private function getUserByName($username)
{ {
$this->db->getConnection(); $this->db->getConnection();
$res = $this->db-> $sth = $this->db->select()
select()->from($this->userTable) ->from($this->userTable)
->where(self::USER_NAME_COLUMN .' = ?', $username) ->where($this->userColumnName .' = ?', $username);
->where(self::ACTIVE_COLUMN .' = ?', true)
->query()->fetch(); if ($this->activeColumnName !== null) {
$sth->where($this->activeColumnName .' = ?', true);
}
$res = $sth->query()->fetch();
if ($res !== false) { if ($res !== false) {
return $this->createUserFromResult($res); return $this->createUserFromResult($res);
} }
@ -245,7 +315,7 @@ class DbUserBackend implements UserBackend
private function createUserFromResult(stdClass $resultRow) private function createUserFromResult(stdClass $resultRow)
{ {
$usr = new User( $usr = new User(
$resultRow->{self::USER_NAME_COLUMN} $resultRow->{$this->userColumnName}
); );
return $usr; return $usr;
} }