aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers/authController.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controllers/authController.php')
-rw-r--r--app/Controllers/authController.php228
1 files changed, 46 insertions, 182 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 4af39cb71..1398e4e49 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -19,17 +19,18 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
*/
public function indexAction() {
if (!FreshRSS_Auth::hasAccess('admin')) {
- Minz_Error::error(403,
- array('error' => array(_t('access_denied'))));
+ Minz_Error::error(403);
}
+ Minz_View::prependTitle(_t('admin.auth.title') . ' · ');
+
if (Minz_Request::isPost()) {
$ok = true;
- $current_token = FreshRSS_Context::$conf->token;
+ $current_token = FreshRSS_Context::$user_conf->token;
$token = Minz_Request::param('token', $current_token);
- FreshRSS_Context::$conf->_token($token);
- $ok &= FreshRSS_Context::$conf->save();
+ FreshRSS_Context::$user_conf->token = $token;
+ $ok &= FreshRSS_Context::$user_conf->save();
$anon = Minz_Request::param('anon_access', false);
$anon = ((bool)$anon) && ($anon !== 'no');
@@ -38,27 +39,29 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
$auth_type = Minz_Request::param('auth_type', 'none');
$unsafe_autologin = Minz_Request::param('unsafe_autologin', false);
$api_enabled = Minz_Request::param('api_enabled', false);
- if ($anon != Minz_Configuration::allowAnonymous() ||
- $auth_type != Minz_Configuration::authType() ||
- $anon_refresh != Minz_Configuration::allowAnonymousRefresh() ||
- $unsafe_autologin != Minz_Configuration::unsafeAutologinEnabled() ||
- $api_enabled != Minz_Configuration::apiEnabled()) {
-
- Minz_Configuration::_authType($auth_type);
- Minz_Configuration::_allowAnonymous($anon);
- Minz_Configuration::_allowAnonymousRefresh($anon_refresh);
- Minz_Configuration::_enableAutologin($unsafe_autologin);
- Minz_Configuration::_enableApi($api_enabled);
- $ok &= Minz_Configuration::writeFile();
+ if ($anon != FreshRSS_Context::$system_conf->allow_anonymous ||
+ $auth_type != FreshRSS_Context::$system_conf->auth_type ||
+ $anon_refresh != FreshRSS_Context::$system_conf->allow_anonymous_refresh ||
+ $unsafe_autologin != FreshRSS_Context::$system_conf->unsafe_autologin_enabled ||
+ $api_enabled != FreshRSS_Context::$system_conf->api_enabled) {
+
+ // TODO: test values from form
+ FreshRSS_Context::$system_conf->auth_type = $auth_type;
+ FreshRSS_Context::$system_conf->allow_anonymous = $anon;
+ FreshRSS_Context::$system_conf->allow_anonymous_refresh = $anon_refresh;
+ FreshRSS_Context::$system_conf->unsafe_autologin_enabled = $unsafe_autologin;
+ FreshRSS_Context::$system_conf->api_enabled = $api_enabled;
+
+ $ok &= FreshRSS_Context::$system_conf->save();
}
invalidateHttpCache();
if ($ok) {
- Minz_Request::good('configuration_updated',
+ Minz_Request::good(_t('feedback.conf.updated'),
array('c' => 'auth', 'a' => 'index'));
} else {
- Minz_Request::bad('error_occurred',
+ Minz_Request::bad(_t('feedback.conf.error'),
array('c' => 'auth', 'a' => 'index'));
}
}
@@ -67,7 +70,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
/**
* This action handles the login page.
*
- * It forwards to the correct login page (form or Persona) or main page if
+ * It forwards to the correct login page (form) or main page if
* the user is already connected.
*/
public function loginAction() {
@@ -75,14 +78,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true);
}
- $auth_type = Minz_Configuration::authType();
+ $auth_type = FreshRSS_Context::$system_conf->auth_type;
switch ($auth_type) {
case 'form':
Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin'));
break;
- case 'persona':
- Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin'));
- break;
case 'http_auth':
case 'none':
// It should not happened!
@@ -113,17 +113,19 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
$file_mtime = @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js');
Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . $file_mtime));
+ $conf = Minz_Configuration::get('system');
+ $limits = $conf->limits;
+ $this->view->cookie_days = round($limits['cookie_duration'] / 86400, 1);
+
if (Minz_Request::isPost()) {
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$challenge = Minz_Request::param('challenge', '');
- try {
- $conf = new FreshRSS_Configuration($username);
- } catch(Minz_Exception $e) {
- // $username is not a valid user, nor the configuration file!
- Minz_Log::warning('Login failure: ' . $e->getMessage());
- Minz_Request::bad(_t('invalid_login'),
- array('c' => 'auth', 'a' => 'login'));
+
+ $conf = get_user_configuration($username);
+ if (is_null($conf)) {
+ Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
+ return;
}
$ok = FreshRSS_FormAuth::checkCredentials(
@@ -143,17 +145,16 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
}
// All is good, go back to the index.
- Minz_Request::good(_t('login'),
+ Minz_Request::good(_t('feedback.auth.login.success'),
array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Password mismatch for' .
' user=' . $username .
', nonce=' . $nonce .
', c=' . $challenge);
- Minz_Request::bad(_t('invalid_login'),
- array('c' => 'auth', 'a' => 'login'));
+ Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
- } elseif (Minz_Configuration::unsafeAutologinEnabled()) {
+ } elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
$username = Minz_Request::param('u', '');
$password = Minz_Request::param('p', '');
Minz_Request::_param('p');
@@ -162,11 +163,8 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
return;
}
- try {
- $conf = new FreshRSS_Configuration($username);
- } catch(Minz_Exception $e) {
- // $username is not a valid user, nor the configuration file!
- Minz_Log::warning('Login failure: ' . $e->getMessage());
+ $conf = get_user_configuration($username);
+ if (is_null($conf)) {
return;
}
@@ -182,89 +180,12 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
Minz_Session::_param('passwordHash', $s);
FreshRSS_Auth::giveAccess();
- Minz_Request::good(_t('login'),
+ Minz_Request::good(_t('feedback.auth.login.success'),
array('c' => 'index', 'a' => 'index'));
} else {
Minz_Log::warning('Unsafe password mismatch for user ' . $username);
- Minz_Request::bad(_t('invalid_login'),
- array('c' => 'auth', 'a' => 'login'));
- }
- }
- }
-
- /**
- * This action handles Persona login page.
- *
- * If this action is reached through a POST request, assertion from Persona
- * is verificated and user connected if all is ok.
- *
- * Parameter is:
- * - assertion (default: false)
- *
- * @todo: Persona system should be moved to a plugin
- */
- public function personaLoginAction() {
- $this->view->res = false;
-
- if (Minz_Request::isPost()) {
- $this->view->_useLayout(false);
-
- $assert = Minz_Request::param('assertion');
- $url = 'https://verifier.login.persona.org/verify';
- $params = 'assertion=' . $assert . '&audience=' .
- urlencode(Minz_Url::display(null, 'php', true));
- $ch = curl_init();
- $options = array(
- CURLOPT_URL => $url,
- CURLOPT_RETURNTRANSFER => TRUE,
- CURLOPT_POST => 2,
- CURLOPT_POSTFIELDS => $params
- );
- curl_setopt_array($ch, $options);
- $result = curl_exec($ch);
- curl_close($ch);
-
- $res = json_decode($result, true);
-
- $login_ok = false;
- $reason = '';
- if ($res['status'] === 'okay') {
- $email = filter_var($res['email'], FILTER_VALIDATE_EMAIL);
- if ($email != '') {
- $persona_file = DATA_PATH . '/persona/' . $email . '.txt';
- if (($current_user = @file_get_contents($persona_file)) !== false) {
- $current_user = trim($current_user);
- try {
- $conf = new FreshRSS_Configuration($current_user);
- $login_ok = strcasecmp($email, $conf->mail_login) === 0;
- } catch (Minz_Exception $e) {
- //Permission denied or conf file does not exist
- $reason = 'Invalid configuration for user ' .
- '[' . $current_user . '] ' . $e->getMessage();
- }
- }
- } else {
- $reason = 'Invalid email format [' . $res['email'] . ']';
- }
- } else {
- $reason = $res['reason'];
+ Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
}
-
- if ($login_ok) {
- Minz_Session::_param('currentUser', $current_user);
- Minz_Session::_param('mail', $email);
- FreshRSS_Auth::giveAccess();
- invalidateHttpCache();
- } else {
- Minz_Log::error($reason);
-
- $res = array();
- $res['status'] = 'failure';
- $res['reason'] = _t('invalid_login');
- }
-
- header('Content-Type: application/json; charset=UTF-8');
- $this->view->res = $res;
}
}
@@ -274,75 +195,18 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
public function logoutAction() {
invalidateHttpCache();
FreshRSS_Auth::removeAccess();
- Minz_Request::good(_t('disconnected'),
+ Minz_Request::good(_t('feedback.auth.logout.success'),
array('c' => 'index', 'a' => 'index'));
}
/**
- * This action resets the authentication system.
- *
- * After reseting, form auth is set by default.
+ * This action gives possibility to a user to create an account.
*/
- public function resetAction() {
- Minz_View::prependTitle(_t('auth_reset') . ' · ');
-
- Minz_View::appendScript(Minz_Url::display(
- '/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
- ));
-
- $this->view->no_form = false;
- // Enable changement of auth only if Persona!
- if (Minz_Configuration::authType() != 'persona') {
- $this->view->message = array(
- 'status' => 'bad',
- 'title' => _t('damn'),
- 'body' => _t('auth_not_persona')
- );
- $this->view->no_form = true;
- return;
+ public function registerAction() {
+ if (max_registrations_reached()) {
+ Minz_Error::error(403);
}
- $conf = new FreshRSS_Configuration(Minz_Configuration::defaultUser());
- // Admin user must have set its master password.
- if (!$conf->passwordHash) {
- $this->view->message = array(
- 'status' => 'bad',
- 'title' => _t('damn'),
- 'body' => _t('auth_no_password_set')
- );
- $this->view->no_form = true;
- return;
- }
-
- invalidateHttpCache();
-
- if (Minz_Request::isPost()) {
- $nonce = Minz_Session::param('nonce');
- $username = Minz_Request::param('username', '');
- $challenge = Minz_Request::param('challenge', '');
-
- $ok = FreshRSS_FormAuth::checkCredentials(
- $username, $conf->passwordHash, $nonce, $challenge
- );
-
- if ($ok) {
- Minz_Configuration::_authType('form');
- $ok = Minz_Configuration::writeFile();
-
- if ($ok) {
- Minz_Request::good(_t('auth_form_set'));
- } else {
- Minz_Request::bad(_t('auth_form_not_set'),
- array('c' => 'auth', 'a' => 'reset'));
- }
- } else {
- Minz_Log::warning('Password mismatch for' .
- ' user=' . $username .
- ', nonce=' . $nonce .
- ', c=' . $challenge);
- Minz_Request::bad(_t('invalid_login'),
- array('c' => 'auth', 'a' => 'reset'));
- }
- }
+ Minz_View::prependTitle(_t('gen.auth.registration.title') . ' · ');
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-13 09:18:24 +0000