src/common/import/import_trackers.php -text
src/common/import/import_users.php -text
src/common/include/AuthPlugin.class.php -text
-src/common/include/BuiltinAuthPlugin.class.php -text
src/common/include/Codendi_HTMLPurifier.class.php -text
src/common/include/Codendi_Request.class.php -text
src/common/include/DatabaseInstaller.class.php -text
src/packaging/links/web-apache2 -text
src/plugins/README -text
src/plugins/aselectextauth/etc/aselectextauth.ini -text
+src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php -text
+src/plugins/authbuiltin/common/authbuiltin-init.php -text
+src/plugins/authbuiltin/www/post-login.php -text
src/plugins/blocks/NAME -text
src/plugins/blocks/common/blocks-init.php -text
src/plugins/blocks/common/blocksPlugin.class.php -text
* USA
*/
-define(FORGE_AUTH_AUTHORITATIVE_ACCEPT, 1);
-define(FORGE_AUTH_AUTHORITATIVE_REJECT, 2);
-define(FORGE_AUTH_NOT_AUTHORITATIVE, 3);
+define('FORGE_AUTH_AUTHORITATIVE_ACCEPT', 1);
+define('FORGE_AUTH_AUTHORITATIVE_REJECT', 2);
+define('FORGE_AUTH_NOT_AUTHORITATIVE', 3);
abstract class AuthPlugin extends Plugin {
/**
// Default mechanisms
protected $saved_user;
- function checkAuthSession($params) {
+ function checkAuthSession(&$params) {
if (isset($params['auth_token']) && $params['auth_token'] != '') {
- $user = $this->checkSessionToken($params['auth_token']);
+ $user_id = $this->checkSessionToken($params['auth_token']);
} else {
- $user = $this->checkSessionCookie();
+ $user_id = $this->checkSessionCookie();
}
- if ($user) {
- $this->saved_user = $user;
- } else {
- $this->saved_user = NULL;
- }
- if ($user) {
+ if ($user_id) {
+ $this->saved_user = user_get_object($user_id);
$params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
} else {
+ $this->saved_user = NULL;
$params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
}
}
- function fetchAuthUser($params) {
+ function fetchAuthUser(&$params) {
$params['results'] = $this->saved_user;
}
$this->unsetSessionCookie();
}
+ function getExtraRoles(&$params) {
+ // $params['new_roles'][] = RBACEngine::getInstance()->getRoleById(123);
+ }
+
+ function restrictRoles(&$params) {
+ // $params['dropped_roles'][] = RBACEngine::getInstance()->getRoleById(123);
+ }
+
// Helper functions for individual plugins
protected $cookie_name = 'session_ser';
}
protected function setSessionCookie() {
- $cookie = session_build_session_cookie($user_id);
+ $cookie = session_build_session_cookie($this->saved_user->getID());
session_cookie($this->cookie_name, $cookie, "", forge_get_config('session_expire'));
}
}
}
+ $params = array();
+ $params['current_roles'] = $this->_cached_available_roles;
+ $params['new_roles'] = array();
+ plugin_hook_by_reference('get_extra_roles', $params);
+ foreach ($params['new_roles'] as $r) {
+ $this->addAvailableRole($r);
+ }
+
+ $params = array();
+ $params['current_roles'] = $this->_cached_available_roles;
+ $params['dropped_roles'] = array();
+ plugin_hook_by_reference('restrict_roles', $params);
+ foreach ($params['dropped_roles'] as $r) {
+ $this->dropAvailableRole($r);
+ }
+
return $this->_cached_available_roles ;
}
+ private function addAvailableRole($role) {
+ $seen = false;
+ foreach ($this->_cached_available_roles as $r) {
+ if ($r->getID() == $role->getID()) {
+ $seen = true;
+ }
+ }
+ if (!$seen) {
+ $this->_cached_available_roles[] = $role;
+ }
+ }
+
+ private function dropAvailableRole($role) {
+ $new_roles = array();
+ foreach ($this->_cached_available_roles as $r) {
+ if ($r->getID() != $role->getID()) {
+ $new_roles[] = $r;
+ }
+ }
+ $this->_cached_available_roles = $new_roles;
+ }
+
public function getGlobalRoles() {
if ($this->_cached_global_roles != NULL) {
return $this->_cached_global_roles ;
// SCM-specific plugins subsystem
require_once $gfcommon.'include/SCMPlugin.class.php' ;
+ // Authentication-specific plugins subsystem
+ require_once $gfcommon.'include/AuthPlugin.class.php' ;
+
if (getenv ('FUSIONFORGE_NO_PLUGINS') != 'true') {
setup_plugin_manager () ;
}
setup_gettext_from_context();
}
+
/*
RESERVED VARIABLES
* @return user_id if cookie is ok, false otherwise
*/
function session_check_session_cookie($session_cookie) {
+ if ($session_cookie == '') {
+ return false;
+ }
list ($session_serial, $hash) = explode('-*-', $session_cookie);
$session_serial = base64_decode($session_serial);
*
*/
function session_logout() {
-
- // delete both session and username cookies
- // NB: cookies must be deleted with the same scope parameters they were set with
- //
- session_cookie('session_ser', '');
-
+ plugin_hook('close_auth_session');
RBACEngine::getInstance()->invalidateRoleCaches() ;
return true;
}
return session_login_valid_dbonly ($loginname, $passwd, $allowpending) ;
}
-function session_login_valid_dbonly ($loginname, $passwd, $allowpending) {
+function session_login_valid_dbonly($loginname, $passwd, $allowpending=false) {
+ return session_check_credentials_in_database($loginname, $passwd, $allowpending);
+}
+
+function session_check_credentials_in_database($loginname, $passwd, $allowpending=false) {
global $feedback,$userstatus;
// Try to get the users from the database using user_id and (MD5) user_pw
$res = db_query_params ('UPDATE users SET user_pw=$1 WHERE user_id=$2',
array (md5($passwd),
$usr['user_id'])) ;
- return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
+ return session_check_credentials_in_database($loginname, $passwd, $allowpending) ;
}
} else {
// If we're here, then the user has typed a password matching the (MD5) user_pw
$res = db_query_params ('UPDATE users SET unix_pw=$1 WHERE user_id=$2',
array (account_genunixpw($passwd),
$usr['user_id'])) ;
- return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
+ return session_check_credentials_in_database($loginname, $passwd, $allowpending) ;
} else {
// Invalidate (MD5) user_pw, refuse authentication
$res = db_query_params ('UPDATE users SET user_pw=$1 WHERE user_id=$2',
$params = array();
$params['auth_token'] = $session_ser;
$params['results'] = array();
- plugin_hook('check_auth_session');
-
+ plugin_hook_by_reference('check_auth_session', $params);
+
$seen_yes = false;
$seen_no = false;
foreach ($params['results'] as $p => $r) {
$params = array();
$params['results'] = NULL;
- plugin_hook('fetch_authenticated_user');
-
+ plugin_hook_by_reference('fetch_authenticated_user', $params);
+
$G_SESSION = $params['results'];
if ($G_SESSION) {
$G_SESSION->setLoggedIn(true);
}
}
- RBACEngine::getInstance()->invalidateRoleCaches() ;
+ $re = RBACEngine::getInstance();
+ $re->invalidateRoleCaches() ;
}
//TODO - this should be generalized and used for pre.php,
* USA
*/
-abstract class BuiltinAuthPlugin extends AuthPlugin {
+class AuthBuiltinPlugin extends AuthPlugin {
/**
- * BuiltinAuthPlugin() - constructor
+ * AuthBuiltinPlugin() - constructor
*
*/
- function BuiltinAuthPlugin() {
+ function AuthBuiltinPlugin() {
$this->AuthPlugin();
+ $this->name = 'authbuiltin';
+ $this->text = 'Built-in authentication';
$this->_addHook('check_auth_session');
$this->_addHook('fetch_authenticated_user');
$this->_addHook('display_auth_form');
// restrict_roles - filter out unwanted roles
$this->_addHook('close_auth_session');
}
-
+
function displayAuthForm($params) {
$return_to = $params['return_to'];
$loginname = '';
}
function _displayAuthForm($return_to, $login_name) {
- if (session_issecure()) {
- $login_button = _('Login with SSL');
- } else {
- $login_button = _('Login');
- }
-
- echo '<form action="' . util_make_url('/plugins/builtinauth/postlogin.php'); . '" method="post">
+ echo '<form action="' . util_make_url('/plugins/authbuiltin/post-login.php') . '" method="post">
<input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
<input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
<p>';
} else {
echo _('Login name:');
}
- echo '<br /><input type="text" name="form_loginname" value="' . htmlspecialchars(stripslashes($login_name)) . '" /></p><p>' . _('Password:') . '<br /><input type="password" name="form_pw" /></p><p><input type="submit" name="login" value="' . $login_button . '" />
+ echo '<br /><input type="text" name="form_loginname" value="' . htmlspecialchars(stripslashes($login_name)) . '" /></p><p>' . _('Password:') . '<br /><input type="password" name="form_pw" /></p><p><input type="submit" name="login" value="' . _('Login') . '" />
</p>
</form>' ;
}
+ function login($user) {
+ $this->saved_user = $user;
+ $this->setSessionCookie();
+ }
+
+ function logout() {
+ $this->unsetSessionCookie();
+ }
}
// Local Variables:
--- /dev/null
+<?php
+/** FusionForge plugin for authentication
+ *
+ * Copyright 2011, Roland Mas
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
+ */
+
+global $gfplugins;
+require_once $gfplugins.'authbuiltin/common/AuthBuiltinPlugin.class.php' ;
+
+$AuthBuiltinPluginObject = new AuthBuiltinPlugin ;
+
+register_plugin ($AuthBuiltinPluginObject) ;
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
--- /dev/null
+<?php
+/**
+ * FusionForge login page
+ *
+ * This is main login page. It takes care of different account states
+ * (by disallowing logging in with non-active account, with appropriate
+ * notice).
+ *
+ * Copyright 1999-2001 (c) VA Linux Systems
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
+Header( "Cache-Control: no-cache");
+Header( "Cache-Control: must-revalidate");
+
+require_once('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+
+$plugin = plugin_get_object('authbuiltin');
+
+$return_to = getStringFromRequest('return_to');
+$login = getStringFromRequest('login');
+$form_loginname = getStringFromRequest('form_loginname');
+$form_pw = getStringFromRequest('form_pw');
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
+$warning_msg = htmlspecialchars(getStringFromRequest('warning_msg'));
+$error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
+$triggered = getIntFromRequest('triggered');
+
+//
+// Validate return_to
+//
+if ($return_to) {
+ $tmpreturn=explode('?',$return_to);
+ $rtpath = $tmpreturn[0] ;
+
+ if (@is_file(forge_get_config('url_root').$rtpath)
+ || @is_dir(forge_get_config('url_root').$rtpath)
+ || (strpos($rtpath,'/projects') == 0)
+ || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
+ $newrt = $return_to ;
+ } else {
+ $newrt = '/' ;
+ }
+ $return_to = $newrt ;
+}
+
+if (forge_get_config('use_ssl') && !session_issecure()) {
+ //force use of SSL for login
+ header('Location: https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
+}
+
+// ###### first check for valid login, if so, redirect
+
+if ($login) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
+ exit_form_double_submit();
+ }
+ $success = session_check_credentials_in_database(strtolower($form_loginname),$form_pw,false);
+ if ($success) {
+ error_log ('Login form passed OK');
+ $plugin->login(user_get_object_by_name($form_loginname));
+ if ($return_to) {
+ header ("Location: " . util_make_url($return_to));
+ exit;
+ } else {
+ header ("Location: " . util_make_url("/my"));
+ exit;
+ }
+ } else {
+ if ($form_loginname && $form_pw) {
+ $warning_msg = _('Invalid Password Or User Name');
+ } else {
+ $warning_msg = _('Missing Password Or Users Name');
+ }
+
+ }
+}
+
+if (isset($session_hash)) {
+ //nuke their old session
+ session_logout();
+}
+
+$HTML->header(array('title'=>'Login'));
+
+if ($login && !$success) {
+ form_release_key(getStringFromRequest('form_key'));
+ // Account Pending
+ if (!isset($userstatus)) {
+ if (isset ($form_loginname)) {
+ $u = user_get_object_by_name($form_loginname) ||
+ user_get_object_by_email($form_loginname) ;
+ if (!$u) {
+ $warning_msg .= '<br /><p>'. _('Your account does not exist.').'</p>';
+ }
+ }
+ } else if ($userstatus == "P") {
+ $warning_msg .= '<br />'. sprintf(_('<p>Your account is currently pending your email confirmation. Visiting the link sent to you in this email will activate your account. <p>If you need this email resent, please click below and a confirmation email will be sent to the email address you provided in registration. <p><a href="%1$s">[Resend Confirmation Email]</a> <br><hr> <p>'), util_make_url ("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)));
+ } else {
+ if ($userstatus == "D") {
+ $error_msg .= '<br />'.sprintf(_('<p>Your %1$s account has been removed by %1$s staff. This may occur for two reasons, either 1) you requested that your account be removed; or 2) some action has been performed using your account which has been seen as objectionable (i.e. you have breached the terms of service for use of your account) and your account has been revoked for administrative reasons. Should you have questions or concerns regarding this matter, please log a <a href="%2$s">support request</a>.</p><p>Thank you, <br><br>%1$s Staff</p>'), forge_get_config ('forge_name'), util_make_url ("/support/?group_id=1"));
+ }
+ }
+ html_error_top($error_msg);
+ html_warning_top($warning_msg);
+ html_feedback_top($feedback);
+}
+
+echo '<p>';
+
+echo _('Cookies must be enabled past this point.');
+
+?>
+</p>
+<form action="<?php echo util_make_url('/plugins/authbuiltin/post-login.php'); ?>" method="post">
+<input type="hidden" name="form_key" value="<?php echo form_generate_key(); ?>"/>
+<input type="hidden" name="return_to" value="<?php echo htmlspecialchars(stripslashes($return_to)); ?>" />
+<p>
+<?php if (forge_get_config('require_unique_email')) {
+ echo _('Login name or email address');
+} else {
+ echo _('Login name:');
+} ?>
+<br /><input type="text" name="form_loginname" value="<?php echo htmlspecialchars(stripslashes($form_loginname)); ?>" />
+</p>
+<p>
+<?php echo _('Password:'); ?>
+<br /><input type="password" name="form_pw" />
+</p>
+<p>
+<input type="submit" name="login" value="<?php echo _('Login'); ?>" />
+</p>
+</form>
+<p><a href="lostpw.php"><?php echo _('[Lost your password?]'); ?></a></p>
+<?php
+// hide "new account" item if restricted to admin
+if (!forge_get_config ('user_registration_restricted')) {
+ echo '<p><a href="register.php">'._('[New Account]').'</a></p>';
+}
+?>
+<p><a href="pending-resend.php"><?php echo _('[Resend confirmation email to a pending account]'); ?></a></p>
+
+<?php
+
+$HTML->footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
require_once $gfcommon.'include/pre.php';
$return_to = getStringFromRequest('return_to');
-$login = getStringFromRequest('login');
-$form_loginname = getStringFromRequest('form_loginname');
-$form_pw = getStringFromRequest('form_pw');
-$feedback = htmlspecialchars(getStringFromRequest('feedback'));
-$warning_msg = htmlspecialchars(getStringFromRequest('warning_msg'));
-$error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
$triggered = getIntFromRequest('triggered');
-//
-// Validate return_to
-//
-if ($return_to) {
- $tmpreturn=explode('?',$return_to);
- $rtpath = $tmpreturn[0] ;
-
- if (@is_file(forge_get_config('url_root').$rtpath)
- || @is_dir(forge_get_config('url_root').$rtpath)
- || (strpos($rtpath,'/projects') == 0)
- || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
- $newrt = $return_to ;
- } else {
- $newrt = '/' ;
- }
- $return_to = $newrt ;
-}
-
-if (forge_get_config('use_ssl') && !session_issecure()) {
- //force use of SSL for login
- header('Location: https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
-}
-
-// Decide login button based on session.
-if (session_issecure()) {
- $login_button = _('Login with SSL');
-} else {
- $login_button = _('Login');
-}
-
-// ###### first check for valid login, if so, redirect
-
-if ($login) {
- if (!form_key_is_valid(getStringFromRequest('form_key'))) {
- exit_form_double_submit();
- }
- $success=session_login_valid(strtolower($form_loginname),$form_pw);
- if ($success) {
- /*
- You can now optionally stay in SSL mode
- */
- if ($return_to) {
- header ("Location: " . util_make_url($return_to));
- exit;
- } else {
- header ("Location: " . util_make_url("/my"));
- exit;
- }
- }
-}
-
if (isset($session_hash)) {
//nuke their old session
session_logout();
$HTML->header(array('title'=>'Login'));
-if ($login && !$success) {
- form_release_key(getStringFromRequest('form_key'));
- // Account Pending
- if (!isset($userstatus)) {
- if (isset ($form_loginname)) {
- $u = user_get_object_by_name($form_loginname) ||
- user_get_object_by_email($form_loginname) ;
- if (!$u) {
- $warning_msg .= '<br /><p>'. _('Your account does not exist.').'</p>';
- }
- }
- } else if ($userstatus == "P") {
- $warning_msg .= '<br />'. sprintf(_('<p>Your account is currently pending your email confirmation. Visiting the link sent to you in this email will activate your account. <p>If you need this email resent, please click below and a confirmation email will be sent to the email address you provided in registration. <p><a href="%1$s">[Resend Confirmation Email]</a> <br><hr> <p>'), util_make_url ("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)));
- } else {
- if ($userstatus == "D") {
- $error_msg .= '<br />'.sprintf(_('<p>Your %1$s account has been removed by %1$s staff. This may occur for two reasons, either 1) you requested that your account be removed; or 2) some action has been performed using your account which has been seen as objectionable (i.e. you have breached the terms of service for use of your account) and your account has been revoked for administrative reasons. Should you have questions or concerns regarding this matter, please log a <a href="%2$s">support request</a>.</p><p>Thank you, <br><br>%1$s Staff</p>'), forge_get_config ('forge_name'), util_make_url ("/support/?group_id=1"));
- }
- }
- html_error_top($error_msg);
- html_warning_top($warning_msg);
- html_feedback_top($feedback);
-}
-
echo '<p>';
if ($triggered) {
echo '</div> ' ;
}
echo _('Cookies must be enabled past this point.');
+echo '</p>';
+plugin_hook('display_auth_form');
?>
-</p>
-<form action="<?php echo util_make_url('/account/login.php'); ?>" method="post">
-<input type="hidden" name="form_key" value="<?php echo form_generate_key(); ?>"/>
-<input type="hidden" name="return_to" value="<?php echo htmlspecialchars(stripslashes($return_to)); ?>" />
-<p>
-<?php if (forge_get_config('require_unique_email')) {
- echo _('Login name or email address');
-} else {
- echo _('Login name:');
-} ?>
-<br /><input type="text" name="form_loginname" value="<?php echo htmlspecialchars(stripslashes($form_loginname)); ?>" />
-</p>
-<p>
-<?php echo _('Password:'); ?>
-<br /><input type="password" name="form_pw" />
-</p>
-<p>
-<input type="submit" name="login" value="<?php echo $login_button; ?>" />
-</p>
-</form>
<p><a href="lostpw.php"><?php echo _('[Lost your password?]'); ?></a></p>
<?php
// hide "new account" item if restricted to admin
session_logout();
-plugin_hook('before_logout_redirect');
-
if ($return_to) {
header('Location: '.util_make_url ($return_to));
}else{