Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
O
osticket
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
docker
osticket
Commits
9d5fef5a
Commit
9d5fef5a
authored
11 years ago
by
Peter Rotich
Committed by
Peter Rotich
11 years ago
Browse files
Options
Downloads
Patches
Plain Diff
Refactor/improve authtoken authentication backend.
parent
35e531ac
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
include/class.auth.php
+29
-34
29 additions, 34 deletions
include/class.auth.php
with
29 additions
and
34 deletions
include/class.auth.php
+
29
−
34
View file @
9d5fef5a
...
@@ -409,8 +409,6 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
...
@@ -409,8 +409,6 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return
null
;
return
null
;
list
(
$id
,
$auth
)
=
explode
(
':'
,
$_SESSION
[
'_auth'
][
'user'
][
'key'
]);
list
(
$id
,
$auth
)
=
explode
(
':'
,
$_SESSION
[
'_auth'
][
'user'
][
'key'
]);
$bk
=
static
::
getBackend
(
$id
);
$user
=
$bk
->
validate
(
$auth
);
if
(
!
(
$bk
=
static
::
getBackend
(
$id
))
//get the backend
if
(
!
(
$bk
=
static
::
getBackend
(
$id
))
//get the backend
||
!
$bk
->
supportsAuthentication
()
//Make sure it can authenticate
||
!
$bk
->
supportsAuthentication
()
//Make sure it can authenticate
...
@@ -604,44 +602,53 @@ class osTicketAuthentication extends StaffAuthenticationBackend {
...
@@ -604,44 +602,53 @@ class osTicketAuthentication extends StaffAuthenticationBackend {
}
}
StaffAuthenticationBackend
::
register
(
osTicketAuthentication
);
StaffAuthenticationBackend
::
register
(
osTicketAuthentication
);
/*
* AuthToken Authentication Backend
*
* Provides auto-login facility for end users with valid link
*
* Ticket used to loggin is tracked durring the session this is
* important in the future when auto-logins will be
* limited to single ticket view.
*/
class
AuthTokenAuthentication
extends
UserAuthenticationBackend
{
class
AuthTokenAuthentication
extends
UserAuthenticationBackend
{
static
$name
=
"Auth Token Authentication"
;
static
$name
=
"Auth Token Authentication"
;
static
$id
=
"authtoken"
;
static
$id
=
"authtoken"
;
function
signOn
()
{
function
signOn
()
{
$user
=
null
;
$user
=
null
;
if
(
$_GET
[
'auth'
])
if
(
$_GET
[
'auth'
])
{
$user
=
self
::
__authtoken
(
$_GET
[
'auth'
]);
if
((
$u
=
TicketUser
::
lookupByToken
(
$_GET
[
'auth'
])))
$user
=
new
ClientSession
(
$u
);
}
// Support old ticket based tokens.
// Support old ticket based tokens.
elseif
(
$_GET
[
't'
]
&&
$_GET
[
'e'
]
&&
$_GET
[
'a'
])
{
elseif
(
$_GET
[
't'
]
&&
$_GET
[
'e'
]
&&
$_GET
[
'a'
])
{
if
((
$ticket
=
Ticket
::
lookupByExtId
(
$_GET
[
't'
],
$_GET
[
'e'
]))
if
((
$ticket
=
Ticket
::
lookupByExtId
(
$_GET
[
't'
],
$_GET
[
'e'
]))
// Using old ticket auth code algo - hardcoded here because it
// Using old ticket auth code algo - hardcoded here because it
// will be removed in ticket class in the upcoming rewrite
// will be removed in ticket class in the upcoming rewrite
&&
!
strcasecmp
(
$_GET
[
'a'
],
md5
(
$ticket
->
getId
()
.
$_GET
[
'e'
]
.
SECRET_SALT
))
&&
!
strcasecmp
(
$_GET
[
'a'
],
md5
(
$ticket
->
getId
()
.
$_GET
[
'e'
]
.
SECRET_SALT
))
&&
(
$
client
=
$ticket
->
get
Client
()))
&&
(
$
owner
=
$ticket
->
get
Owner
()))
$user
=
new
ClientSession
(
$
client
);
$user
=
new
ClientSession
(
$
owner
);
}
}
return
$user
;
return
$user
;
}
}
protected
function
getAuthKey
(
$user
)
{
protected
function
getAuthKey
(
$user
)
{
if
(
!
$this
->
supportsAuthentication
()
if
(
!
$this
->
supportsAuthentication
()
||
!
$user
)
||
!
$user
||
!
(
$user
instanceof
EndUser
))
return
null
;
return
null
;
//Generate authkey based the type of ticket user
//Generate authkey based the type of ticket user
// It's required to validate users going forward.
// It's required to validate users going forward.
$authkey
=
sprintf
(
'%s%dt%dh%s'
,
//XXX: Placeholder
$authkey
=
sprintf
(
'%s%dt%dh%s'
,
//XXX: Placeholder
$user
->
isOwner
()
?
'o'
:
'c'
,
(
$user
->
isOwner
()
?
'o'
:
'c'
)
,
$user
->
getId
(),
$user
->
getId
(),
$user
->
getTicketI
D
(),
$user
->
getTicketI
d
(),
md5
(
$user
->
get
Username
()
.
$this
->
id
));
md5
(
$user
->
get
Id
()
.
$this
->
id
));
return
$authkey
;
return
$authkey
;
}
}
...
@@ -656,38 +663,26 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
...
@@ -656,38 +663,26 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
$user
=
null
;
$user
=
null
;
switch
(
$matches
[
'type'
])
{
switch
(
$matches
[
'type'
])
{
case
'c'
:
//Collaborator
case
'c'
:
//Collaborator
if
((
$c
=
Collaborator
::
lookup
(
$criteria
=
array
(
'userId'
=>
$matches
[
'id'
],
array
(
'user
Id'
=>
$matches
[
'id'
]
,
'ticket
Id'
=>
$matches
[
'
t
id'
]
);
'ticketId'
=>
$matches
[
'tid'
])
))
if
((
$c
=
Collaborator
::
lookup
(
$criteria
))
&&
(
$c
->
getTicketId
()
==
$matches
[
'tid'
]))
&&
(
$c
->
getTicketId
()
==
$matches
[
'tid'
]))
$user
=
new
ClientSession
(
$c
);
$user
=
new
ClientSession
(
$c
);
break
;
break
;
case
'o'
:
//Ticket owner
case
'o'
:
//Ticket owner
if
((
$ticket
=
Ticket
::
lookup
(
$matches
[
'tid'
]))
if
((
$ticket
=
Ticket
::
lookup
(
$matches
[
'tid'
]))
&&
(
$
c
=
$ticket
->
get
Client
())
&&
(
$
o
=
$ticket
->
get
Owner
())
&&
(
$
c
->
getId
()
==
$matches
[
'id'
]))
&&
(
$
o
->
getId
()
==
$matches
[
'id'
]))
$user
=
new
ClientSession
(
$
c
);
$user
=
new
ClientSession
(
$
o
);
break
;
break
;
}
}
if
(
!
$user
//Make sure the authkey matches.
||
strcasecmp
(
md5
(
$user
->
getUsername
()
.
$this
->
id
),
$matches
[
'hash'
]
))
if
(
!
$user
||
strcmp
(
$this
->
getAuthKey
(
$user
),
$authkey
))
return
null
;
return
null
;
return
$user
;
}
static
private
function
__authtoken
(
$token
)
{
switch
(
$token
[
0
])
{
return
$user
;
case
'c'
:
//Collaborator c+[token]
if
((
$c
=
Collaborator
::
lookupByAuthToken
(
$token
)))
return
new
ClientSession
(
$c
);
//Decorator
break
;
case
'o'
:
//Ticket owner o+[token]
break
;
}
}
}
function
authenticate
(
$username
,
$password
)
{
function
authenticate
(
$username
,
$password
)
{
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment