diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-12-31 14:52:01 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-12-31 14:52:01 +0100 |
| commit | 5c9a32329ad68dc5ae8bc8a3566a0d603b80a934 (patch) | |
| tree | dea1d08894aeef6e3795ed8d2e9809d42560b9d7 /app/Controllers/indexController.php | |
| parent | 1ac09e7fe4a5408290d06116c6fb8152e018fe26 (diff) | |
Multi-utilisateur fonctionnel avec Mozilla Persona
Il faut ré-enregistrer l'adresse courriel une fois dans l'interface de
FreshRSS pour créer le fichier nécessaire.
+ Comparaison sans tenir compte de la casse pour les noms d'utilisateur.
Contribue à https://github.com/marienfressinaud/FreshRSS/issues/126
ll faudra tester la sécurité
Diffstat (limited to 'app/Controllers/indexController.php')
| -rwxr-xr-x | app/Controllers/indexController.php | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 7309169a6..5b51b3e28 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -249,14 +249,40 @@ class FreshRSS_index_Controller extends Minz_ActionController { curl_close ($ch); $res = json_decode ($result, true); - if ($res['status'] === 'okay' && $res['email'] === $this->view->conf->mail_login) { - Minz_Session::_param ('mail', $res['email']); + + $loginOk = false; + $reason = ''; + if ($res['status'] === 'okay') { + $email = filter_var($res['email'], FILTER_VALIDATE_EMAIL); + if ($email != '') { + $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; + if (($currentUser = @file_get_contents($personaFile)) !== false) { + $currentUser = trim($currentUser); + if (ctype_alnum($currentUser)) { + try { + $this->conf = new FreshRSS_Configuration($currentUser); + $loginOk = strcasecmp($email, $this->conf->mail_login) === 0; + } catch (Minz_Exception $e) { + $reason = 'Invalid configuration for user [' . $currentUser . ']! ' . $e->getMessage(); //Permission denied or conf file does not exist + } + } else { + $reason = 'Invalid username format [' . $currentUser . ']!'; + } + } + } else { + $reason = 'Invalid email format [' . $res['email'] . ']!'; + } + } + if ($loginOk) { + Minz_Session::_param('currentUser', $currentUser); + Minz_Session::_param ('mail', $email); $this->view->loginOk = true; invalidateHttpCache(); } else { $res = array (); $res['status'] = 'failure'; - $res['reason'] = Minz_Translate::t ('invalid_login'); + $res['reason'] = $reason == '' ? Minz_Translate::t ('invalid_login') : $reason; + Minz_Log::record ('Persona: ' . $res['reason'], Minz_Log::WARNING); } header('Content-Type: application/json; charset=UTF-8'); |