tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Provide a cleaner interface for the Authentication Backends 

refs #4786
This commit is contained in:
Matthias Jentsch 2013-11-06 14:49:16 +01:00
parent 59d4baff0b
commit bd38e998d7
6 changed files with 64 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
library/Icinga/Authentication/Backend/DbUserBackend.php
View File

@ -106,20 +106,27 @@ class DbUserBackend implements UserBackend
/**
* Create a new DbUserBackend
*
* @param DbConnection $resource The db connection to use for the authentication.
* @param Zend_Config $config The configuration for this authentication backend.
* 'resource' => The name of the resource to use, or an actual
* instance of Zend_Db_Adapter_Abstract
* 'name' => The name of this authentication backend
*
* @throws Exception When connection to the resource is not possible.
* @throws Exception When the connection to the resource is not possible.
*/
public function __construct(DbConnection $resource = null, Zend_Config $config)
public function __construct(Zend_Config $config)
{
if (!isset($config->resource)) {
throw new ConfigurationError('An authentication backend must provide a resource.');
}
$this->name = $config->name;
if ($config->resource instanceof Zend_Db_Adapter_Abstract) {
$this->db = $config->resource;
} else {
$resource = ResourceFactory::createResource(ResourceFactory::getResourceConfig($config->resource));
$this->db = $resource->getConnection();
}
// will throw an exception when connecting is not possible
// test the connection
$this->db->getConnection();
}

27
library/Icinga/Authentication/Backend/LdapUserBackend.php
View File

@ -29,6 +29,7 @@
namespace Icinga\Authentication\Backend;
use Icinga\Data\ResourceFactory;
use \stdClass;
use \Zend_Config;
use \Icinga\User;
@ -37,6 +38,7 @@ use \Icinga\Authentication\Credential;
use \Icinga\Protocol\Ldap;
use \Icinga\Protocol\Ldap\Connection as LdapConnection;
use \Icinga\Application\Config as IcingaConfig;
use \Icinga\Exception\ConfigurationError;
/**
* User authentication backend
@ -65,21 +67,32 @@ class LdapUserBackend implements UserBackend
private $name;
/**
* Create new Ldap User backend
* Create a new LdapUserBackend
*
* @param Zend_Config $connection Connection to use
* @param Zend_Config $config Configuration for authentication
* @param Zend_Config $config The configuration for this authentication backend.
* 'resource' => The name of the resource to use, or an actual
* instance of \Icinga\Protocol\Ldap\Connection.
* 'name' => The name of this authentication backend.
*
* @throws Exception When connection to the resource is not possible.
* @throws \Exception When the connection to the resource is not possible.
*/
public function __construct(LdapConnection $connection, Zend_Config $config)
public function __construct(Zend_Config $config)
{
$this->connection = $connection;
if (!isset($config->resource)) {
throw new ConfigurationError('An authentication backend must provide a resource.');
}
$this->config = $config;
$this->name = $config->name;
if ($config->resource instanceof LdapConnection) {
$this->connection = $config->resource;
} else {
$this->connection = ResourceFactory::createResource(
ResourceFactory::getResourceConfig($config->resource)
);
}
// will throw an exception, when the connection is not possible.
$connection->connect();
$this->connection->connect();
}
/**

21
library/Icinga/Authentication/Manager.php
View File

@ -186,7 +186,6 @@ class Manager
{
$target = ucwords(strtolower($backendConfig->target));
$name = $backendConfig->name;
// TODO: implement support for groups (#4624) and remove OR-Clause
if ((!$target || strtolower($target) != "user") && !$backendConfig->class) {
Logger::warn('AuthManager: Backend "%s" has no target configuration. (e.g. target=user|group)', $name);
@ -194,24 +193,22 @@ class Manager
}
try {
if (isset($backendConfig->class)) {
// use custom backend class, this is only useful for testing
// use a custom backend class, this is probably only useful for testing
if (!class_exists($backendConfig->class)) {
Logger::error('AuthManager: Class not found (%s) for backend %s', $backendConfig->class, $name);
return null;
}
$class = $backendConfig->class;
return new $class($backendConfig);
}
} else {
$resource = ResourceFactory::createResource(ResourceFactory::getResourceConfig($backendConfig->resource));
if ($resource instanceof DbConnection) {
return new DbUserBackend($resource, $backendConfig);
} else if ($resource instanceof LdapConnection) {
return new LdapUserBackend($resource, $backendConfig);
} else {
Logger::warn('AuthManager: Resource class ' . get_class($resource) . ' cannot be used as backend.');
}
switch (ResourceFactory::getResourceConfig($backendConfig->resource)->type) {
case 'db':
return new DbUserBackend($backendConfig);
case 'ldap':
return new LdapUserBackend($backendConfig);
default:
Logger::warn('AuthManager: Resource type ' . $backendConfig->type . ' not available.');
}
} catch (\Exception $e) {
Logger::warn('AuthManager: Not able to create backend. Exception was thrown: %s', $e->getMessage());

1
library/Icinga/Protocol/Ldap/Connection.php
View File

@ -123,7 +123,6 @@ class Connection
$this->bind_pw = $config->bind_pw;
$this->root_dn = $config->root_dn;
$this->port = $config->get('port', $this->port);
}
public function getDN()

10
test/php/library/Icinga/Authentication/DbUserBackendTest.php
View File

@ -130,7 +130,7 @@ class DbUserBackendTest extends BaseTestCase
public function testCorrectUserLoginForPgsql($db)
{
$this->setupDbProvider($db);
$backend = new DbUserBackend(null, $this->createDbBackendConfig($db));
$backend = new DbUserBackend($this->createDbBackendConfig($db));
$this->runBackendAuthentication($backend);
$this->runBackendUsername($backend);
}
@ -143,7 +143,7 @@ class DbUserBackendTest extends BaseTestCase
public function testCorrectUserLoginForMySQL($db)
{
$this->setupDbProvider($db);
$backend = new DbUserBackend(null, $this->createDbBackendConfig($db));
$backend = new DbUserBackend($this->createDbBackendConfig($db));
$this->runBackendAuthentication($backend);
$this->runBackendUsername($backend);
}
@ -280,7 +280,7 @@ class DbUserBackendTest extends BaseTestCase
$this->setupDbProvider($db);
$testName = 'test-name-123123';
$backend = new DbUserBackend(null, $this->createDbBackendConfig($db, $testName));
$backend = new DbUserBackend($this->createDbBackendConfig($db, $testName));
$this->assertSame($testName, $backend->getName());
}
@ -292,7 +292,7 @@ class DbUserBackendTest extends BaseTestCase
{
$this->setupDbProvider($db);
$testName = 'test-name-123123';
$backend = new DbUserBackend(null, $this->createDbBackendConfig($db, $testName));
$backend = new DbUserBackend($this->createDbBackendConfig($db, $testName));
$this->assertGreaterThan(0, $backend->getUserCount());
}
@ -304,7 +304,7 @@ class DbUserBackendTest extends BaseTestCase
{
$this->setupDbProvider($db);
$testName = 'test-name-123123';
$backend = new DbUserBackend(null, $this->createDbBackendConfig($db, $testName));
$backend = new DbUserBackend($this->createDbBackendConfig($db, $testName));
$this->assertGreaterThan(0, $backend->getUserCount());
}

32
test/php/library/Icinga/Authentication/LdapUserBackendTest.php
View File

@ -48,7 +48,7 @@ require_once BaseTestCase::$libDir . '/Authentication/Backend/LdapUserBackend.ph
use \Exception;
use \Zend_Config;
use Icinga\Authentication\Backend\LdapUserBackend;
use Icinga\Protocol\Ldap\Connection;
use Icinga\Protocol\Ldap\Connection as LdapConnection;
/**
*
@ -161,22 +161,31 @@ class LdapUserBackendTest extends BaseTestCase
ldap_close($conn);
}
/**
* Create a backend config and initialise the LdapConnection to the testing backend manually,
* to prevent the LdapUserBackend from calling the unitialised ResourceFactory
*
* @return Zend_Config The authentication backend configuration
*/
private function createBackendConfig()
{
$config = new Zend_Config(
$resourceConfig = new Zend_Config(
array(
'backend' => 'ldap',
'target' => 'user',
'hostname' => 'localhost',
'root_dn' => 'ou=icinga-unittest,dc=icinga,dc=org',
'bind_dn' => 'cn=admin,cn=config',
'bind_pw' => 'admin',
'bind_pw' => 'admin'
)
);
$backendConfig = new Zend_Config(
array(
'resource' => new LdapConnection($resourceConfig),
'target' => 'user',
'user_class' => 'inetOrgPerson',
'user_name_attribute' => 'uid'
)
);
return $config;
return $backendConfig;
}
/**
@ -184,8 +193,7 @@ class LdapUserBackendTest extends BaseTestCase
**/
public function testHasUsername()
{
$config = $this->createBackendConfig();
$backend = new LdapUserBackend(new Connection($config), $config);
$backend = new LdapUserBackend($this->createBackendConfig());
$this->assertTrue($backend->hasUsername(new Credential('jwoe')));
$this->assertTrue($backend->hasUsername(new Credential('rmiles')));
$this->assertFalse($backend->hasUsername(new Credential('DoesNotExist')));
@ -196,8 +204,7 @@ class LdapUserBackendTest extends BaseTestCase
*/
public function testAuthenticate()
{
$config = $this->createBackendConfig();
$backend = new LdapUserBackend(new Connection($config), $config);
$backend = new LdapUserBackend($this->createBackendConfig());
$this->assertInstanceOf(
'\Icinga\User',
@ -220,8 +227,7 @@ class LdapUserBackendTest extends BaseTestCase
*/
public function testAuthenticateUnknownUser()
{
$config = $this->createBackendConfig();
$backend = new LdapUserBackend(new Connection($config), $config);
$backend = new LdapUserBackend($this->createBackendConfig());
$this->assertFalse($backend->authenticate(new Credential('unknown123', 'passunknown123')));
}
}