tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-25 18:59:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Start implementing guest mode

Browse Source 
refs #11281
This commit is contained in:
Markus Frosch 2016-03-02 22:33:23 +01:00
parent 88d973ac39
commit bb03262855
4 changed files with 98 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
application/controllers/AuthenticationController.php
View File

@ -24,6 +24,12 @@ class AuthenticationController extends Controller
*/ */
protected $innerLayout = 'inline'; protected $innerLayout = 'inline';
public function init() {
parent::init();
if ($this->Auth()->canLogin() === false)
$this->redirectNow('/');
}
/** /**
* Log into the application * Log into the application
*/ */
@ -34,7 +40,7 @@ class AuthenticationController extends Controller
$this->redirectNow(Url::fromPath('setup')); $this->redirectNow(Url::fromPath('setup'));
} }
$form = new LoginForm(); $form = new LoginForm();
if ($this->Auth()->isAuthenticated()) { if ($this->Auth()->isAuthenticated() && !$this->Auth()->getUser()->isGuest()) {
$this->redirectNow($form->getRedirectUrl()); $this->redirectNow($form->getRedirectUrl());
} }
if (! $requiresSetup) { if (! $requiresSetup) {
@ -69,6 +75,9 @@ class AuthenticationController extends Controller
$auth->removeAuthorization(); $auth->removeAuthorization();
if ($isExternalUser) { if ($isExternalUser) {
$this->getResponse()->setHttpResponseCode(401); $this->getResponse()->setHttpResponseCode(401);
} elseif ($auth->isGuestLoginAllowed()) {
// redirect to guest view
$this->redirectNow('/');
} else { } else {
$this->redirectToLogin(); $this->redirectToLogin();
} }

54
library/Icinga/Application/Web.php
View File

@ -339,28 +339,44 @@ class Web extends EmbeddedWeb
'priority' => 890 'priority' => 890
) )
) )
),
'user' => array(
'cssClass' => 'user-nav-item',
'label' => $this->user->getUsername(),
'icon' => 'user',
'priority' => 900,
'children' => array(
'preferences' => array(
'label' => t('Preferences'),
'priority' => 100,
'url' => 'preference'
),
'logout' => array(
'label' => t('Logout'),
'priority' => 200,
'attributes' => array('target' => '_self'),
'url' => 'authentication/logout'
)
)
) )
); );
if ($this->user->isGuest()) {
// logged in guest can log in as a user
if (Auth::getInstance()->canLogin()) {
$menu['login'] = array(
'cssClass' => 'user-nav-item',
'label' => t('Login'),
'icon' => 'user',
'priority' => 900,
'attributes' => array('target' => '_self'),
'url' => 'authentication/login'
);
}
}
else {
$menu['user'] = array(
'cssClass' => 'user-nav-item',
'label' => $this->user->getUsername(),
'icon' => 'user',
'priority' => 900,
'children' => array(
'preferences' => array(
'label' => t('Preferences'),
'priority' => 100,
'url' => 'preference'
),
'logout' => array(
'label' => t('Logout'),
'priority' => 200,
'attributes' => array('target' => '_self'),
'url' => 'authentication/logout'
)
)
);
}
if (Logger::writesToFile()) { if (Logger::writesToFile()) {
$menu['system']['children']['application_log'] = array( $menu['system']['children']['application_log'] = array(
'label' => t('Application Log'), 'label' => t('Application Log'),

37
library/Icinga/Authentication/Auth.php
View File

@ -47,12 +47,18 @@ class Auth
*/ */
private $user; private $user;
/**
* @var Config
*/
private $config;
/** /**
* @see getInstance() * @see getInstance()
*/ */
private function __construct() private function __construct()
{ {
$this->config = Config::app();
} }
/** /**
@ -91,17 +97,27 @@ class Auth
$this->authenticateFromSession(); $this->authenticateFromSession();
} }
if ($this->user === null && ! $this->authExternal()) { if ($this->user === null && ! $this->authExternal()) {
return $this->authHttp(); $this->authHttp();
} }
return true; // guest mode
if ($this->user === null && $this->isGuestLoginAllowed()) {
$this->user = new User('_guest_');
$this->user->setGuest(true);
}
if ($this->user !== null) {
return true;
}
else return false;
} }
public function setAuthenticated(User $user, $persist = true) public function setAuthenticated(User $user, $persist = true)
{ {
$username = $user->getUsername(); $username = $user->getUsername();
// TODO: migrate to $this->config
try { try {
$config = Config::app(); $config = Config::app();
} catch (NotReadableError $e) { } catch (NotReadableError $e) {
// TODO: wrong error?
Logger::error( Logger::error(
new IcingaException( new IcingaException(
'Cannot load preferences for user "%s". An exception was thrown: %s', 'Cannot load preferences for user "%s". An exception was thrown: %s',
@ -247,7 +263,9 @@ class Auth
$username = getenv($field); // usually REMOTE_USER here $username = getenv($field); // usually REMOTE_USER here
if ( !$username || $username !== $originUsername) { if ( !$username || $username !== $originUsername) {
$this->removeAuthorization(); $this->removeAuthorization();
return false;
} }
else return true;
} }
} }
@ -365,4 +383,19 @@ class Auth
$this->user = null; $this->user = null;
Session::getSession()->purge(); Session::getSession()->purge();
} }
/**
* @return boolean
*/
public function isGuestLoginAllowed()
{
return $this->config->get('global', 'guest_allowed', false) === '1';
}
public function canLogin()
{
if (!$this->isGuestLoginAllowed()) return true;
return $this->config->get('global', 'guest_only', false) !== '1';
}
} }

18
library/Icinga/User.php
View File

@ -105,6 +105,8 @@ class User
*/ */
protected $isHttpUser = false; protected $isHttpUser = false;
protected $guest = false;
/** /**
* Creates a user object given the provided information * Creates a user object given the provided information
* *
@ -513,4 +515,20 @@ class User
return $navigation; return $navigation;
} }
/**
* @return boolean
*/
public function isGuest()
{
return $this->guest;
}
/**
* @param boolean $guest
*/
public function setGuest($guest)
{
$this->guest = $guest;
}
} }