AutoLogin/Logout: Remove own session namespace

Store data in the user and implement interface to left backends store remote information. fixes #6461
2014-07-30 12:35:55 +02:00 · 2014-07-30 12:35:55 +02:00 · e2c761a7aa
parent 294728ac47
commit e2c761a7aa
4 changed files with 46 additions and 13 deletions
--- a/application/controllers/AuthenticationController.php
+++ b/application/controllers/AuthenticationController.php
@ -68,9 +68,6 @@ class AuthenticationController extends ActionController
                        $authenticated  = $backend->authenticate($user);
                        if ($authenticated === true) {
                            $auth->setAuthenticated($user);
-                            $session = Session::getSession()->getNamespace('authentication');
-                            $session->set('is_remote_user', true);
-                            $session->write();
                            $this->rerenderLayout()->redirectNow($redirectUrl);
                        }
                    }
@ -135,12 +132,10 @@ class AuthenticationController extends ActionController
    public function logoutAction()
    {
        $auth = $this->Auth();
-
-        $session = Session::getSession()->getNamespace('authentication');
-
+        $isRemoteUser = $auth->getUser()->isRemoteUser();
        $auth->removeAuthorization();

-        if ($session->get('is_remote_user', false) === true) {
+        if ($isRemoteUser === true) {
            $this->_helper->layout->setLayout('login');
            $this->_response->setHttpResponseCode(401);
        } else {
--- a/library/Icinga/Authentication/Backend/AutoLoginBackend.php
+++ b/library/Icinga/Authentication/Backend/AutoLoginBackend.php
@ -53,6 +53,7 @@ class AutoLoginBackend extends UserBackend
    {
        if (isset($_SERVER['REMOTE_USER'])) {
            $username = $_SERVER['REMOTE_USER'];
+            $user->setRemoteUserInformation($username, 'REMOTE_USER');
            if ($this->stripUsernameRegexp !== null) {
                $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
                if ($stripped !== false) {
--- a/library/Icinga/Authentication/Manager.php
+++ b/library/Icinga/Authentication/Manager.php
@ -30,12 +30,6 @@ class Manager
     */
    private $user;

-    /**
-     * If the user was authenticated from the REMOTE_USER server variable
-     *
-     * @var Boolean
-     */
-    private $fromRemoteUser = false;

    private function __construct()
    {
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@ -58,6 +58,18 @@ class User
     */
    protected $additionalInformation = array();

+    /**
+     * Information if the user is external authenticated
+     *
+     * Keys:
+     *
+     * 0: origin username
+     * 1: origin field name
+     *
+     * @var array
+     */
+    protected $remoteUserInformation = array();
+
    /**
     * Set of permissions
     *
@ -401,4 +413,35 @@ class User
    {
        $this->messages = null;
    }
+
+    /**
+     * Set additional remote user information
+     *
+     * @param stirng    $username
+     * @param string    $field
+     */
+    public function setRemoteUserInformation($username, $field)
+    {
+        $this->remoteUserInformation = array($username, $field);
+    }
+
+    /**
+     * Get additional remote user information
+     *
+     * @return array
+     */
+    public function getRemoteUserInformation()
+    {
+        return $this->remoteUserInformation;
+    }
+
+    /**
+     * Return true if user has remote user information set
+     *
+     * @return bool
+     */
+    public function isRemoteUser()
+    {
+        return (count($this->remoteUserInformation)) ? true : false;
+    }
 }