Skip to content
Snippets Groups Projects
Commit 9d5fef5a authored by Peter Rotich's avatar Peter Rotich Committed by Peter Rotich
Browse files

Refactor/improve authtoken authentication backend.

parent 35e531ac
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 29 additions and 34 deletions
include/class.auth.php
+ 29
34
View file @ 9d5fef5a
...@@ -409,8 +409,6 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend { ...@@ -409,8 +409,6 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return null; return null;
list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']); list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']);
$bk=static::getBackend($id);
$user=$bk->validate($auth);
if (!($bk=static::getBackend($id)) //get the backend if (!($bk=static::getBackend($id)) //get the backend
|| !$bk->supportsAuthentication() //Make sure it can authenticate || !$bk->supportsAuthentication() //Make sure it can authenticate
...@@ -604,44 +602,53 @@ class osTicketAuthentication extends StaffAuthenticationBackend { ...@@ -604,44 +602,53 @@ class osTicketAuthentication extends StaffAuthenticationBackend {
} }
StaffAuthenticationBackend::register(osTicketAuthentication); StaffAuthenticationBackend::register(osTicketAuthentication);
/*
* AuthToken Authentication Backend
*
* Provides auto-login facility for end users with valid link
*
* Ticket used to loggin is tracked durring the session this is
* important in the future when auto-logins will be
* limited to single ticket view.
*/
class AuthTokenAuthentication extends UserAuthenticationBackend { class AuthTokenAuthentication extends UserAuthenticationBackend {
static $name = "Auth Token Authentication"; static $name = "Auth Token Authentication";
static $id = "authtoken"; static $id = "authtoken";
function signOn() { function signOn() {
$user = null; $user = null;
if ($_GET['auth']) if ($_GET['auth']) {
$user = self::__authtoken($_GET['auth']); if (($u = TicketUser::lookupByToken($_GET['auth'])))
$user = new ClientSession($u);
}
// Support old ticket based tokens. // Support old ticket based tokens.
elseif ($_GET['t'] && $_GET['e'] && $_GET['a']) { elseif ($_GET['t'] && $_GET['e'] && $_GET['a']) {
if (($ticket = Ticket::lookupByExtId($_GET['t'], $_GET['e'])) if (($ticket = Ticket::lookupByExtId($_GET['t'], $_GET['e']))
// Using old ticket auth code algo - hardcoded here because it // Using old ticket auth code algo - hardcoded here because it
// will be removed in ticket class in the upcoming rewrite // will be removed in ticket class in the upcoming rewrite
&& !strcasecmp($_GET['a'], md5($ticket->getId() . $_GET['e'] . SECRET_SALT)) && !strcasecmp($_GET['a'], md5($ticket->getId() . $_GET['e'] . SECRET_SALT))
&& ($client = $ticket->getClient())) && ($owner = $ticket->getOwner()))
$user = new ClientSession($client); $user = new ClientSession($owner);
} }
return $user; return $user;
} }
protected function getAuthKey($user) { protected function getAuthKey($user) {
if (!$this->supportsAuthentication() if (!$this->supportsAuthentication() || !$user)
|| !$user
|| !($user instanceof EndUser))
return null; return null;
//Generate authkey based the type of ticket user //Generate authkey based the type of ticket user
// It's required to validate users going forward. // It's required to validate users going forward.
$authkey = sprintf('%s%dt%dh%s', //XXX: Placeholder $authkey = sprintf('%s%dt%dh%s', //XXX: Placeholder
$user->isOwner() ? 'o':'c', ($user->isOwner() ? 'o':'c'),
$user->getId(), $user->getId(),
$user->getTicketID(), $user->getTicketId(),
md5($user->getUsername().$this->id)); md5($user->getId().$this->id));
return $authkey; return $authkey;
} }
...@@ -656,38 +663,26 @@ class AuthTokenAuthentication extends UserAuthenticationBackend { ...@@ -656,38 +663,26 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
$user = null; $user = null;
switch ($matches['type']) { switch ($matches['type']) {
case 'c': //Collaborator case 'c': //Collaborator
if (($c = Collaborator::lookup( $criteria = array( 'userId' => $matches['id'],
array('userId' => $matches['id'], 'ticketId' => $matches['tid']);
'ticketId' => $matches['tid']))) if (($c = Collaborator::lookup($criteria))
&& ($c->getTicketId() == $matches['tid'])) && ($c->getTicketId() == $matches['tid']))
$user = new ClientSession($c); $user = new ClientSession($c);
break; break;
case 'o': //Ticket owner case 'o': //Ticket owner
if (($ticket = Ticket::lookup($matches['tid'])) if (($ticket = Ticket::lookup($matches['tid']))
&& ($c = $ticket->getClient()) && ($o = $ticket->getOwner())
&& ($c->getId() == $matches['id'])) && ($o->getId() == $matches['id']))
$user = new ClientSession($c); $user = new ClientSession($o);
break; break;
} }
if(!$user //Make sure the authkey matches.
|| strcasecmp(md5($user->getUsername().$this->id), $matches['hash'])) if (!$user || strcmp($this->getAuthKey($user), $authkey))
return null; return null;
return $user;
}
static private function __authtoken($token) {
switch ($token[0]) { return $user;
case 'c': //Collaborator c+[token]
if (($c = Collaborator::lookupByAuthToken($token)))
return new ClientSession($c); //Decorator
break;
case 'o': //Ticket owner o+[token]
break;
}
} }
function authenticate($username, $password) { function authenticate($username, $password) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment